1. GENERAL 

1.1 At Gate (“Gate”, “we”, “our”, “us” or “Site”), we value privacy of our users and are dedicated to protecting your personal information. Before using or accessing websites operated by us including www.gate.com, associated application interface (“API”) located at https://www.gate.com/gate-api and any services made available through the websites, any associated mobile applications and APIs such as https://gate.com/zendesk (collectively, the “Services”), any related software, forum, blog, social media page and other relevant platform operated or maintained by Gate (collectively, the “Sites”), you must read this Privacy Policy carefully to familiarize with how we collect, use and disclose your data.

1.2 All natural persons or other subjects who access our Sites and/or use our Services shall be users of the Sites. For the convenience of wording in this Privacy Policy, the users are referred to as 'you' or any other applicable forms of the second-person pronouns whereas you and we are referred to as both parties, and individually as a party or one party.

1.3 Unless otherwise defined herein, all capitalised terms used shall have the same meanings ascribed to them in the User Agreement.

2. PURPOSES OF THE PRIVACY POLICY 

2.1 The Privacy Policy stipulates the types of data we may collect through your log in to the Sites, your registration with the Sites, and/or your use of the Services we offer. This data includes personal information provided by you, information we obtain from third parties and information which is collected about you automatically, which identifies a natural person or relates to an identifiable natural person (“Personal Data”).

3. YOUR CONSENT AND BASIS FOR PROCESSING

3.1 To ensure that you have full confidence in our handling of Personal Data, you are advised to read and understand the terms and conditions of this Privacy Policy in detail. In particular, upon accessing our Sites, regardless of whether you have registered or logged in, you acknowledge and understand the following:

3.1.1 You, on the basis of your own free will and your requisite consent, agree to disclose your Personal Data to us;

3.1.2 You will comply with all the terms and conditions of this Privacy Policy;

3.1.3 You agree that we may collect your information through your log into any of the Sites, your registration with the Sites, and/or your use of the Services offered by us;

3.1.4 You agree to any changes and modifications that we may make to our Privacy Policy from time to time;

3.1.5 You agree that our branches, affiliates and employees may contact you in connection with the products and Services that in our reasonable opinion you may be interested in (unless you have indicated in writing to us that you do not want to receive such information).

3.2 In accordance with applicable data protection laws, we will only process your Personal Data where we have a valid legal basis to do so. Depending on the context, this may include (i) the performance of a contract with you or to take steps at your request prior to entering into a contract; (ii) compliance with legal or regulatory obligations (including anti-money laundering, counter-terrorism financing, sanctions, tax and bookkeeping obligations); (iii) our legitimate interests, provided that your interests and fundamental rights do not override those interests; and/or (iv) your consent, where we have requested it and you have provided it.

3.3 Depending on your country or region of residence, you may have certain rights under applicable data-protection laws in relation to your Personal Data. These may include the right to request access to and correction of your Personal Data, the right to request deletion of your Personal Data (subject to our obligations to retain certain information under applicable laws), the right to restrict or object to certain processing, and (where processing is based on consent) the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal and may affect our ability to provide some or all of the Services to you. To exercise any such rights, you may contact us using the details set out in Section 14 below.

4. INFORMATION COLLECTED 

4.1 When you use the Sites, we and our third-party service providers may use cookies and similar technologies to automatically collect certain technical and usage information about your interactions with the Sites. This may include your Internet Protocol (IP) address, device identifiers, browser type and version, operating system, time zone setting, approximate location derived from your IP address and other log and diagnostic information. For more details regarding our use of cookies, please refer to Section 7: Cookies Policy.

4.2 We collect, process and store Personal Data via your use of the Services or where you have given your consent. If you use any of the Services offered by the Sites, we may actively or automatically collect, use, store or transfer your Personal Data, which may include the following categories of information:

4.2.1 Identification Information. Identification information includes but is not limited to your name, residence address, mailing address, date of birth, phone number, nationality, government-issued identification numbers and copies of identification documents (such as passports, identity cards, driving licences, residence permits), and, where permitted by applicable law, biometric identifiers and images used for identity verification (for example, facial images or video recordings), as well as all other information that can help us to verify your identity (“Identification information”). Such information is necessary for us to verify whether you are eligible to be registered as a user of our Sites and to comply with our customer due diligence, anti-money laundering and other legal or regulatory obligations.

4.2.2. Institutional Information. If you are an institutional user, information such as corporate legal name, corporate registration information, proof of identity and legal formation, address, business description, and personal identification information on beneficial owners, controllers and directors.

4.2.3 Financial Information. Information including but not limited to your credit/debit card numbers and/or other financial institution accounts, payment instrument details and payment channel information,and, where reasonably necessary, information relating to the source of funds or source of wealth used in connection with the Services..

4.2.4 Service Information. Information we automatically collect when you use our Services, including but not limited to browsing information and usage data such as IP address, login data, operator and carrier data, or other information stored on or available with regards to devices you allow us access to when you access our Sites.

4.2.5 Transaction and Wallet Information. Information in relation to transactions carried out by you on the Sites, including but not limited to public blockchain data, wallet addresses.

4.2.6 Correspondence Information. Information which arises from your survey responses, information contained in the survey, and your communications with us or our customer support team.

4.2.7 Artificial Intelligence (“AI”) Interaction Information. Information contained in your prompts, queries, instructions, uploaded content, attachments, screenshots, messages, feedback, correction requests and other materials that you submit when using any AI-assisted feature, as well as the corresponding outputs, responses, summaries, recommendations, metadata, logs and related usage information generated in connection with such feature.

4.3 When you use any of the Sites or the Services, or when you contact or otherwise interact with us, we may collect additional information that you choose to provide through our dedicated contact channels (such as support mailboxes, complaint forms or feedback mechanisms), participation in our surveys, campaigns or events, or our official social media accounts, or through any AI-assisted interface, for the purpose of improving the functions of the Sites, enhancing our experience of using our Sites and Services as well as the security thereof, or as is required by any court order, any applicable laws, administrative regulations or any order of any competent government agency or authorities.

4.4 If you visit any links to third-party websites, pages, contents or platforms which may be accessible through links from the Sites or any link of any of our third-party partners, your use of such websites, pages, contents or platforms will be governed by the separate privacy policies and terms of those third parties. This Privacy Policy does not apply to any third-party websites, and we will not bear any liability for the contents and activities of such sites operated by third parties.

5. HOW WE COLLECT PERSONAL DATA 

We collect your personal data in the following manner:

5.1 We collect your Personal Data in the following manners:

5.1.1 Information you provide to us directly when contacting us;

5.1.2 Information we receive from third parties, such as our affiliates, subsidiaries, vendors and service providers;

5.1.3 Information acquired by us during the course of our relationship and dealings with you;

5.1.4 Information collected automatically through your use of our Sites and Services such as using cookies and other tracking technologies; and

5.1.5 Information gathered from publicly available sources.

5.1.6 Information generated or inferred through your use of AI-assisted features, including prompts, responses, interaction history, model outputs, feedback signals, quality-review annotations and system logs.

6. TRANSFER OF PERSONAL DATA 

6.1 Data we collect from you may be transferred to, and stored at, servers outside of the jurisdiction of your residence. Depending on your location, such transfers may be carried out on the basis of:

6.1.1 an adequacy decision or similar recognition by a competent authority that the recipient jurisdiction provides an adequate level of data protection;

6.1.2 appropriate safeguards such as standard contractual clauses or other similar contractual protections; and/or

6.1.3 other lawful transfer mechanisms or derogations permitted under applicable data-protection laws (for example, where the transfer is necessary for the performance of a contract with you or to comply with legal obligations).

We will take appropriate technical and organisational measures to ensure that your Personal Data is protected to a standard that is substantially equivalent to that afforded under the laws of your jurisdiction of residence.

7. COOKIES POLICY 

7.1 Cookies are small text files and/or identifiers that are placed in your device browsers when you visit a website. Cookies store information about the user’s visit, which may include browsing history, preferences, time and duration of each visit and advertisement accessed for facilitation and enhancement of user’s experience.

7.2 Cookies are classified into two categories, namely session cookies and persistent cookies. Session cookies exist only during an online session on our Sites and these cookies will disappear once the browser is closed. We use session cookies to allow our cookies to identify you uniquely during a session or while you are logged into the Sites. Persistent cookies are added when you start to browse our Sites or interact with a specific feature but may remain stored on your device after you have closed your browser. We use persistent cookies to track statistical and aggregate information about your activity. Please note that we do not respond to or honor Do Not Track signals or similar mechanisms transmitted by browsers.

7.3 We may use cookies to record the habits and preferences of visitors accessing our Sites. The information collected by cookies may include both Personal Data (such as online identifiers and IP addresses) and non-personal data. We use cookies to improve our Sites and enhance your user experience based on your profile, to the extent legally permissible in certain jurisdictions. We may also use information collected to ensure compliance with our Anti-Money Laundering requirements, and to detect irregular, suspicious activities to ensure your account has not been compromised. Some cookies, web beacons and other tracking and storage technologies that we use are from third party service providers to provide us with web analytics and intelligence about our Sites which may also be used to provide measurement services and target ads.

7.4 Most browsers are designed to accept cookies automatically. You may opt to stop or restrict the placement of cookies on your devices or remove them by adjusting your preferences as your browser or device permits. However, if you set your browser to disable cookies, it is possible that you may not be able to access and/or use certain functions of our Sites and/or Services.

8. USE OF INFORMATION 

8.1 We will use your Personal Data that we collect for the following purposes or in the following ways:

8.1.1 to provide you with our Services through our Sites pursuant to our User Agreement;

8.1.2 to identify and confirm your identity when you use our Sites and/or Services;

8.1.3 to improve and enhance the Services and/or Sites (your information and feedback received by us can help us improve the Services and the functions and performances of the Sites, so that we can more effectively respond to your enquiries and other needs);

8.1.4 to keep statistics relating to the use of our Sites and to be used for data analysis carried out in cooperation with government agencies and/or public affairs institutions;

8.1.5 to better understand how users access and use the Sites in order to personalize your experience (your information will help us to better respond to your personalized needs);

8.1.6 to facilitate transactions (your information, whether public or private, will not be sold, exchanged, transferred, or otherwise provided to any other company on any grounds without your consent, except for where doing so is expressly for the purpose of completing the transaction you require);

8.1.7 to carry out product marketing including newsletters, updates, related products or Services information (you can opt out at anytime if you do not wish to receive marketing communications from us);

8.1.8 to communicate with you about your account, activities on our Services, and policy changes including but not limited to requesting for any additional information or documentation;

8.1.9 to maintain the security of your account and the Sites, including without limitation, to carry out two-factor authentication;

8.1.10 to assess your credit risk;

8.1.11 to assess your risk score according to parameters determined by us;

8.1.12 to detect and reduce risks of fraud;

8.1.13 to enforce/defend our rights, agreements and/or policies;

8.1.14 to satisfy additional purposes with your consent;

8.1.15 to comply with applicable laws, regulations and/or orders required by competent authorities; 

8.1.16 to meet other purposes as specified in the User Agreement of the Sites, or other reasonably expected business purposes as permitted by law or when required to comply with legal obligations; and

8.1.17 to provide, operate, maintain, secure, review and improve AI-assisted features and other automated functionalities made available on or through the Sites, and, where permitted by applicable law and subject to appropriate safeguards, to process Personal Data and related records generated in connection with such features for safety, compliance, quality assurance, fraud prevention, risk control, analytics and service improvement purposes.

8.2 We do not sell, trade, or otherwise transfer your Personal Data or allow third parties to collect, access or use your Personal Data; however, you agree that we may disclose and transfer your Personal Data in the following circumstances:

8.2.1 To our affiliates (including subsidiaries, holding companies and companies under common control including their respective contractors, affiliates, employees or representatives);

8.2.2 To service providers and other trusted third parties who assist us in operating our Sites, manage our business, or provide Services to you, provided that such parties agree and have adopted appropriate measures to keep such information confidential;

8.2.3 To our professional advisors, including accounting, legal or other consulting services for purposes of complying with our legal obligations or audits;

8.2.4 To entities in connection with any corporate financing, merger, acquisition, due diligence, reorganization, receivership, or dissolution proceedings which involve disclosing certain portion or all of our business or assets;

8.2.5 When we believe that relevant information disclosure is appropriate, or it is required by any applicable laws, regulations, rules, requests, subpoenas or order of courts, law enforcement agencies or other competent authorities, and is necessary for executing the strategy of our Sites and ensuring the proper functioning of the Sites, or as may be necessary to provide Services, or for the protection of the rights, property or safety of us or other persons.

8.3 If we disclose your Personal Data to service providers or third parties that perform business activities for us, they may only use your Personal Data for the specific purpose for which we supply it.

8.4 Your information will not be provided to other parties for their own marketing, advertising or other similar purposes. We do, however, use certain third-party service providers (for example, analytics and communications providers) to deliver or measure our own marketing, where permitted by applicable law. We have implemented international standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions, which requires us to undertake due diligence on our customers. This may include the use of third-party data and services providers which we will cross-reference with your Personal Data for detecting fraud, verifying identity, verifying credit risk and monitoring transactions.

8.5 We may conduct automated decision-making, including profiling. An automated decision can be made based on an assessment carried out automatically using technology.Where we make decisions about you based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you, you have the rights set out in Section 12.3.8. Additionally, we may use AI technologies to assist with extracting and analysing data, including to help verify the accuracy and consistency of information and to identify potential errors, omissions or mismatches; to support general information or customer-support content made available through the Services. Unless expressly stated otherwise, any AI-assisted output is provided for general informational or support purposes only and does not constitute financial, investment, trading, legal or tax advice, or any representation, warranty or guarantee by Gate. While we seek to use reliable tools, such technologies are not infallible and Gate does not guarantee that any AI-supported processing or outputs will be accurate, complete, up to date, uninterrupted or error-free.

9. PROTECTION OF PERSONAL DATA 

9.1 We adopt appropriate physical, electronic, management and technical measures to protect and safeguard the security of your Personal Data. We will, to the greatest extent possible, ensure that any Personal Data collected through our Sites shall not be subject to nuisance by any third party unrelated to us. The security measures that we may implement include but are not limited to:

9.1.1 Physical measures: Records of your Personal Data will be stored in a properly locked and secure place.

9.1.2 Electronic measures: Electronic data that contains your Personal Data will be stored in computer s and storage medias that are subject to strict login restrictions.

9.1.3 Management measures: Only employees and vendors on a need-to-know basis duly authorized by us can access your Personal Data, and these employee and vendors shall be subject to strict contractual confidentiality obligations.

9.1.4 Technical measures: Encryption techniques such as Secure Socket Layer Encryption may be used to convey your Personal Data.

9.1.5 Other measures: “Firewalls” are in place to protect our network servers.

9.2 If you are aware of any security flaws in our Sites, please contact us immediately so that we can take appropriate actions as soon as possible.

9.3 Despite the above-mentioned technical and security measures, since no method is 100% secure, we cannot guarantee that the information transmitted via the Sites is absolutely secure, so we cannot guarantee nor warrant that the Personal Data that you provide to us through our Sites will be safe at all times. To the fullest extent permitted by applicable laws, we will not be held liable for any losses or damages arising from or caused by any event that may occur in connection with unauthorized access to your Personal Data, and we shall not be held liable for compensation for such losses or damages.

10. DATA RETENTION 

10.1 We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security.

10.2 We keep Personal Data only for as long as is reasonably necessary to provide Services to you, to fulfil the purpose(s) for which it was collected, to comply with any applicable legal or ethical reporting or document retention requirements, pursue legitimate business purposes, (including maintaining the quality, security and integrity of our Sites, Services and related features), enforce our agreements and resolve disputes. In particular, we are subject to anti-money laundering, counter-terrorism financing, sanctions, tax and other regulatory requirements, which generally require us to retain certain customer due-diligence, transaction and related records for a minimum period after our business relationship with you has ended. We will not retain your Personal Data in a form which permits the identification of the data subject for longer than needed for the legitimate purpose or purposes for which we originally collected it, including for the purpose of satisfying any legal, accounting or reporting requirements.

10.3 To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we will anonymize your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.

10.4 At the end of the retention period, we will securely delete or destroy Personal Data retained, and require our sub-processors or third-party suppliers to do likewise, unless we are legally required or permitted to retain such Personal Data for a longer period (for example, to comply with our anti-money laundering or sanctions obligations or to establish, exercise or defend legal claims)

11. MINORS 

11.1 Our Sites, Services and our products are not directed to persons who may be defined as minors under applicable laws. As such, if you are below 18, please terminate all access to our Sites and Services immediately. We reserve the right (but not the obligation) to demand at any time evidence for our review to verify that you are above 18 years of age. In the event that you are under 18 years of age, or we reasonably suspect that you are under 18 years of age and you are unable to prove otherwise, we shall delete any Personal Data we have collected, unless we have a legal obligation to retain it, and all your use of our APIs, account registrations, access to the Sites, enrolments, subscriptions and purchases with us (if any) shall be immediately terminated and no refunds of any kind shall be provided to you.

11.2 To clarify, we do not knowingly collect Personal Data from minors, however, through the internet, we are unable to ascertain on our end whether such individuals are minors. It is thus the responsibility of parents or guardians to ensure that their minors do not access or use our Sites and/or Services, enrol for any of our events, download or access our related applications, email us, or provide us with Personal Data. If a parent or guardian becomes aware that his or her minor has accessed our Sites or provided us with Personal Data, please contact us at dpo@gate.com promptly so we can take appropriate action.

12. RESIDENTS WITHIN THE EUROPEAN ECONOMIC AREA (EEA) 

12.1 If you are a resident of the EEA, you may have certain data protection rights. “GDPR” means the European Union General Data Protection Regulation (EU) 2016/679. Information that you provide may be transferred or accessed by entities around the world as described in this Privacy Policy. In cases where we intend to transfer personal data to third countries or international organisations outside of your country of residence that are not subject to an adequacy decision and further safeguards are required, Gate puts in place appropriate technical, organizational and contractual safeguards, to ensure that such transfer is carried out in compliance with applicable data protection rules.

12.2 We process Personal Data subject to the GDPR on one or more of the following legal bases:

12.2.1 Contractual necessity: To comply with our contractual obligations to you under our User Agreement, including to provide you with our Services and customer support services, and to optimize and enhance the Sites.

12.2.2 Legitimate interest: Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. This may specifically involve research and development, direct marketing, personalizing your user experience, fraud prevention, network and information security or creating aggregated, de-identified and/or anonymized data.

12.2.3 Consent: Where we have your specific consent to carry out the processing for the purpose in question.

12.2.4 Compliance with legal and regulatory obligations: Including “know your customer” obligations based on applicable anti-money laundering and anti-terrorism requirements, suspicious activity reporting, financial crime and fraud prevention, responding to requests from public authorities, complying with economic and trade sanctions requirements, performing customer due diligence, performing audit and risk assessments, preparing tax reports, fulfilling our retention obligations and handling legal claims.

12.3 If you are accessing or using the Sites and/or Services from within the EEA, you may have the following rights under the GDPR, subject to certain exceptions:

12.3.1 Right of Access: You have the right to obtain confirmation from us as to whether or not we process Personal Data from you and you also have the right to at any time obtain access to your Personal Data stored by us.

12.3.2 Right to Correction: If we process your Personal Data, we use reasonable measures to ensure that your Personal Data is accurate and up-to-date for the purposes for which your Personal Data was collected. If your Personal Data is inaccurate or incomplete, you have the right to require us to correct it.

12.3.3 Right to Deletion: In some cases, you may request us to delete your Personal Data. Please note that under certain circumstances (such as for the purposes of compliance with a legal obligation to which we are subject,  public interest, public health or scientific and historical research), we have the right to retain your Personal Data even if you ask us to delete it.

12.3.4 Right to Restriction of Processing and Right to Object: In some cases, you can lodge an objection to the processing of your Personal Data and ask us to limit the processing of your Personal Data. Similarly, in some cases, we have the right to refuse your request even if you raise objections or ask us to restrict the processing of your Personal Data.

12.3.5 Right to withdraw Consent: In some cases, you may withdraw your consent in respect of collection and processing of your Personal Data. If there are other legitimate reasons, we also have the right to continue using or processing without your permission. Withdrawal of consent does not affect lawfulness of processing based on consent before such withdrawal.

12.3.6 Right to Data portability: You may have the right to receive the personal information concerning you and which you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another controller.

12.3.7 Right to lodge Complaint: If you reside in the EEA and have a concern about our processing of your Personal Data that we are not able to resolve through our internal resolution process, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

12.3.8 Right relating to automated decision-making: Where we make decisions about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, you have the right to request human intervention, to express your point of view and to contest the decision, as further described in Section 8.5.

12.4 We will assess all requests and complaints we have received and provide you with timely responses. We may ask you to provide a valid copy of the identity document so that we can fulfill our security obligations and prevent unauthorized data disclosure. We have the right to charge you a reasonable administrative fee if your request for access to data is clearly unfounded or out of our obligation, or if you request us to provide additional copies of your Personal Data.

12.5 To facilitate with the Services provided to users located in the EEA, we request explicit consent for the transfer of Personal Data from the EEA to countries outside of the EEA where the transfers are necessary to provision of Services to you and/or to optimize and enhance our Sites. If you are an individual located in the EEA and you decline to consent to such transfer, you will no longer be able to use our Sites and Services. You will still retain the ability to withdraw assets in your Accounts opened with us however, all other functionalities will be disabled.

13. MODIFICATION TO THE PRIVACY POLICY 

13.1 For expediency and for compliance with any changes in applicable laws, we reserve the right to amend this Privacy Policy from time to time in our sole discretion without prior notice to you. We may inform you of the modifications made to the Privacy Policy by updating and publishing the modified version on the Sites. We may issue a notice to inform you of the modifications made to the Privacy Policy, which, however, is not an obligation for us. You shall regularly review the Privacy Policy, and if you do not agree to such updates, you shall immediately stop accessing the Sites. Your continued access to or use of the Sites and/or the Services constitutes your acknowledgment and acceptance of such changes to this Privacy Policy.

14. COMMUNICATION WITH US 

14.1 If you have any questions regarding this Privacy Policy or your Personal Data, please contact us at dpo@gate.com which is the only valid and official email through which we communicate with you.

14.2 All announcements and information regarding our Privacy Policy shall be made and published on the Sites. We shall not be held liable for any losses arising from your trust in information that has not been obtained through our designated email and the Sites.

15. LANGUAGES 

15.1 This Privacy Policy may be published in different languages. If there are any discrepancies between different languages, the English version shall prevail.