Privacy Policy

1. Introduction

Welcome to Goldman Fischer ("Company," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our mobile applications, contact us by phone, or otherwise interact with our services (collectively, the "Services").

This Privacy Policy is designed to comply with applicable data protection laws worldwide, including the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland; the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA); and other applicable U.S. state privacy laws.

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

2. Data Controller Information

For the purposes of applicable data protection laws, the data controller responsible for your personal data is:

3. Information We Collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("Personal Data"). The categories of Personal Data we collect depend on how you interact with our Services.

A. Personal Identifiers

This includes your name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

B. Financial Information

This includes bank account number, credit card number, debit card number, or any other financial information necessary to process transactions.

C. Commercial Information

This includes records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

D. Internet or Other Electronic Network Activity Information

This includes browsing history, search history, and information regarding your interaction with our website, application, or advertisements.

E. Geolocation Data

This includes physical location or movements, derived from your IP address or, with your consent, from your device's GPS.

F. Sensory Data

This includes audio, electronic, visual, or similar information, such as call recordings for quality assurance purposes.

G. Inferences

This includes inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

H. Sensitive Personal Data

In certain circumstances, we may collect sensitive personal data, including government-issued identification numbers (e.g., Social Security Number, passport number) for identity verification and regulatory compliance (AML/KYC).

4. How We Collect Your Information

We collect Personal Data from the following sources:

A. Directly From You

We collect information you provide directly to us when you:

• Create an account or register on our website
• Place an order to buy or sell precious metals
• Complete identity verification (KYC) processes
• Contact our customer support team
• Subscribe to our newsletter or marketing communications
• Participate in a survey, promotion, or contest

B. Automatically

We automatically collect certain information when you access or use our Services, including through the use of cookies, web beacons, pixel tags, and similar technologies. This includes your IP address, browser type, operating system, device identifiers, pages viewed, links clicked, and the date and time of your visit.

C. From Third Parties

We may receive Personal Data about you from third-party sources, including:

• Payment processors: To verify payment information and prevent fraud
• Identity verification services: To comply with AML/KYC regulations
• Marketing partners and data brokers: To enhance our marketing efforts
• Public databases: To verify information you provide

5. How We Use Your Information

We use the Personal Data we collect for the following purposes:

6. Lawful Basis for Processing (GDPR)

If you are located in the EEA, UK, or Switzerland, we process your Personal Data based on the following lawful bases under the GDPR:

• Performance of a Contract: Processing is necessary to fulfill our contractual obligations to you, such as processing your orders and delivering products.
• Legal Obligation: Processing is necessary to comply with our legal obligations, such as AML/KYC regulations and tax reporting.
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, marketing, and improving our Services, provided these interests are not overridden by your fundamental rights and freedoms.
• Consent: Where we rely on your consent for processing (e.g., for certain marketing communications or cookies), you have the right to withdraw your consent at any time.

7. How We Disclose Your Information

We may disclose your Personal Data to the following categories of recipients:

A. Service Providers

We share information with third-party vendors who perform services on our behalf, such as payment processing, order fulfillment, shipping, data analytics, email delivery, hosting, customer service, and marketing. These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

B. Financial Institutions

We share information with banks and payment processors to process transactions and prevent fraud.

C. Government and Regulatory Authorities

We may disclose information to comply with applicable laws, regulations, legal processes, or governmental requests. This includes reporting to the IRS, FinCEN, and other regulatory bodies as required by AML/CTF laws.

D. Advertising and Marketing Partners

We may share certain information with advertising networks and social media platforms to deliver targeted advertising. This may constitute a "sale" or "sharing" of Personal Data under certain state privacy laws (see Section 13).

E. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be transferred to the acquiring entity.

F. With Your Consent

We may disclose your information to other third parties with your consent or at your direction.

8. Cookies, Tracking Technologies, and Targeted Advertising

A. Cookies and Similar Technologies

We use cookies, web beacons, pixel tags, and similar technologies to collect information about your browsing activity and to personalize your experience on our Services. Cookies are small text files stored on your device that help us recognize you and remember your preferences.

B. Types of Cookies We Use

C. Your Cookie Choices

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, if you disable cookies, some features of our Services may not function properly.

We also honor the Global Privacy Control (GPC) signal as a valid request to opt-out of the sale or sharing of your Personal Data via cookies.

D. Do Not Track

Our website does not currently respond to "Do Not Track" (DNT) signals from web browsers. However, we do respond to GPC signals.

9. International Data Transfers

Your Personal Data may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our servers are located. These countries may have data protection laws that are different from the laws of your country.

If you are located in the EEA, UK, or Switzerland, we ensure that any transfer of your Personal Data to countries outside of these regions is subject to appropriate safeguards, including:

• Adequacy Decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection.
• Standard Contractual Clauses (SCCs): Transfers subject to the European Commission's Standard Contractual Clauses, which provide contractual guarantees for the protection of your Personal Data.

10. Data Security

We have implemented appropriate technical and organizational security measures designed to protect your Personal Data from unauthorized access, use, alteration, and disclosure. These measures include encryption, firewalls, access controls, and secure data storage.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

11. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means, and applicable legal requirements.

For example, we are required by AML laws to retain transaction records for a minimum of five (5) years after the date of the transaction. After the applicable retention period expires, we will securely delete or anonymize your Personal Data.

12. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your Personal Data. These rights may include:

• Right to Access: The right to request a copy of the Personal Data we hold about you.
• Right to Rectification: The right to request that we correct any inaccurate or incomplete Personal Data.
• Right to Erasure (Right to be Forgotten): The right to request that we delete your Personal Data, subject to certain exceptions.
• Right to Restriction of Processing: The right to request that we restrict the processing of your Personal Data under certain circumstances.
• Right to Data Portability: The right to receive your Personal Data in a structured, commonly used, and machine-readable format.
• Right to Object: The right to object to our processing of your Personal Data for certain purposes, such as direct marketing.
• Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw your consent at any time.
• Right to Opt-Out of Sale/Sharing: The right to opt-out of the "sale" or "sharing" of your Personal Data for targeted advertising purposes.
• Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights.

13. U.S. State Privacy Rights (CCPA/CPRA and Other State Laws)

This section provides additional information for residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia, and other states with applicable privacy laws.

A. Categories of Personal Data Collected and Disclosed

B. Your Rights Under State Privacy Laws

• Right to Know/Access: You have the right to request that we disclose the categories and specific pieces of Personal Data we have collected about you.
• Right to Delete: You have the right to request that we delete your Personal Data, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate Personal Data.
• Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the "sale" or "sharing" of your Personal Data for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Data: You have the right to limit our use and disclosure of your sensitive personal data to uses necessary to perform the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

C. How to Exercise Your Rights

You may submit a request to exercise your rights by:

• Email: [email protected]
• Phone: 888-372-6902

We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

14. European Economic Area (EEA), UK, and Swiss Privacy Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following additional rights under the GDPR:

• Right to Access: You have the right to obtain confirmation as to whether or not your Personal Data is being processed, and to access your Personal Data.
• Right to Rectification: You have the right to have inaccurate Personal Data rectified.
• Right to Erasure: You have the right to have your Personal Data erased under certain circumstances.
• Right to Restriction of Processing: You have the right to restrict the processing of your Personal Data under certain circumstances.
• Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your Personal Data for direct marketing purposes or where we are relying on a legitimate interest.
• Right to Withdraw Consent: Where we rely on your consent, you have the right to withdraw it at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

How to Exercise Your Rights

To exercise your rights, please contact us using the information in Section 18. We will respond to your request within one (1) month, which may be extended by two (2) further months where necessary.

15. Children's Privacy

Our Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect Personal Data from children under 18. If you are a parent or guardian and believe that your child has provided us with Personal Data, please contact us immediately. If we become aware that we have collected Personal Data from a child under 18 without verification of parental consent, we will take steps to delete that information from our servers.

16. Third-Party Links

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party websites you visit.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. If we make material changes, we will notify you by posting the updated Privacy Policy on our website and updating the "Last Updated" date at the top of this page. We may also notify you by email or other means. We encourage you to review this Privacy Policy periodically.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.