Privacy Policy
GEM Enterprise ("GEM Enterprise," "we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information obtained through our platform, services, and related digital properties (collectively, the "Platform"). By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Policy. This Policy applies to all users of the Platform, including prospective clients, registered clients, and authorized personnel accessing the Platform on behalf of an institutional entity.
1. Information We Collect
We collect several categories of information in order to deliver and improve our services, maintain regulatory compliance, and protect the security of our Platform and clients.
1.1 Personal Information
We collect personally identifiable information that you voluntarily provide when registering for or using our Platform. This includes, but is not limited to: full legal name, email address, phone number, mailing address, date of birth, government-issued identification numbers, and professional credentials or affiliations. We may also collect information about authorized representatives acting on behalf of institutional clients.
1.2 Usage Data
When you access or interact with the Platform, we automatically collect certain technical and behavioral data. This includes IP addresses, browser type and version, operating system, device identifiers, pages visited, time spent on pages, links clicked, referring URLs, session timestamps, and interaction logs. This data is used to maintain platform security, monitor for anomalous behavior, and improve service quality.
1.3 KYC and Verification Data
As part of our regulatory obligations, we collect Know Your Customer (KYC) and identity verification information. This includes copies of government-issued identification documents (passport, national ID, driver's license), proof of address documentation, biometric verification data where applicable, accreditation or qualification documentation, source of funds and wealth information, and beneficial ownership declarations for institutional clients. This data is processed in strict accordance with applicable anti-money laundering (AML) regulations.
1.4 Financial Information
To facilitate service delivery, we may collect financial information including banking institution details, account numbers (stored in tokenized format), investment history and portfolio information, transaction records, net worth and income declarations relevant to accreditation verification, and tax identification numbers where required by law. Financial data is handled with the highest level of security controls and is subject to strict access restrictions.
2. How We Use Your Data
GEM Enterprise processes personal information for specific, defined purposes. We do not process data beyond what is necessary to fulfill these purposes.
2.1 Service Delivery
We use collected information to create and manage your account, provide access to platform features and services, process transactions and requests, respond to inquiries and support requests, and personalize your experience within the Platform. Service delivery represents the primary lawful basis for our data processing activities.
2.2 KYC/AML Verification
We process identity and verification data to satisfy our legal obligations under applicable KYC and AML regulations, verify that clients meet eligibility requirements (including accreditation standards), screen against sanctions and watchlists maintained by regulatory authorities, and conduct ongoing due diligence as required by law.
2.3 Compliance and Legal Obligations
We process and retain information as necessary to comply with applicable laws, regulations, and regulatory directives; respond to legal process and government requests; maintain records as required by financial services regulations; and cooperate with law enforcement and regulatory investigations.
2.4 Platform Security
Usage data and access logs are processed to detect and prevent fraud, unauthorized access, and other security threats; monitor platform integrity and system health; investigate security incidents; and enforce our Terms of Service and acceptable use policies.
2.5 Communications
We use contact information to send transactional communications related to your account, provide notices of material changes to our policies or services, deliver security alerts and notifications, and — where you have provided consent — send service-related updates and information relevant to your client relationship.
3. Data Sharing
GEM Enterprise does not sell, rent, or trade your personal information to third parties for commercial purposes. We do not engage in data brokerage activities. Disclosure of your information is limited to the circumstances described below.
3.1 Regulatory Bodies
We are required by law to share information with relevant regulatory and governmental authorities. This includes disclosures to financial regulators, tax authorities, law enforcement agencies acting pursuant to valid legal process, and any other governmental body with lawful authority to request such information. Such disclosures are made only to the extent required by applicable law.
3.2 KYC Verification Partners
We engage accredited third-party identity verification and KYC service providers to assist in fulfilling our compliance obligations. These providers operate under strict non-disclosure agreements (NDAs) and data processing agreements that prohibit them from using your information for any purpose other than providing services to GEM Enterprise. All KYC partners are vetted for compliance with applicable data protection standards.
3.3 Security Monitoring Partners
To maintain the security of the Platform and protect client assets, we may share technical and usage data with security operations and threat intelligence partners. Such sharing is limited to data necessary for security purposes and is governed by appropriate contractual protections. Security partners are prohibited from using data for any commercial purpose.
3.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your personal information may be transferred to the acquiring entity. We will provide notice of such transfer and require the recipient to comply with this Privacy Policy or provide you with an opportunity to opt out of material changes to data handling practices.
4. Data Security
We implement a comprehensive, defense-in-depth security program to protect your information against unauthorized access, disclosure, alteration, and destruction.
Encryption Standards: All data in transit is protected using TLS 1.3 or higher. Data at rest is encrypted using AES-256 encryption. Sensitive credentials and authentication tokens are stored using industry-standard cryptographic hashing algorithms.
Access Controls: Access to personal data is restricted on a strict need-to-know basis. We employ role-based access control (RBAC), multi-factor authentication for all administrative access, privileged access management (PAM) controls, and regular access reviews and certifications.
Security Monitoring: We maintain continuous security monitoring through a Security Operations Center (SOC), including intrusion detection and prevention systems, security information and event management (SIEM), and regular third-party penetration testing and security audits.
Incident Response: We maintain a documented incident response plan tested on a regular basis. In the event of a data breach that affects your rights and freedoms, we will notify affected individuals and relevant supervisory authorities in accordance with applicable law, within the timeframes required by applicable data protection regulations.
No method of data transmission or storage can be guaranteed to be 100% secure. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.
5. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data category:
- Account Data:Retained for the duration of the client relationship and for a minimum of seven (7) years following account closure, in accordance with financial services recordkeeping requirements.
- KYC/AML Records:Retained for a minimum of five (5) to ten (10) years following the conclusion of the business relationship, as required by applicable anti-money laundering regulations.
- Transaction Records:Retained for a minimum of seven (7) years as required by financial regulations and applicable tax laws.
- Usage & Access Logs:Retained for up to twelve (12) months for security monitoring purposes, and longer where required for active legal proceedings or regulatory investigations.
- Communications:Retained for a period determined by the nature of the communication and applicable legal requirements, typically three (3) to seven (7) years.
Upon expiration of the applicable retention period, data is securely deleted or anonymized in accordance with our data destruction procedures, which comply with recognized standards for secure data disposal.
6. Your Rights
Subject to applicable law and regulatory requirements, you may have certain rights with respect to your personal information. Please note that these rights may be limited or restricted where we are required to retain data to comply with legal obligations.
Right of Access: You may request a copy of the personal information we hold about you, along with information about how we process that data, the purposes of processing, and the categories of recipients to whom data is disclosed.
Right to Correction: You may request that we correct inaccurate or incomplete personal information. We will take reasonable steps to verify the accuracy of requested corrections before implementing them.
Right to Deletion: You may request deletion of your personal information. This right is subject to our legal and regulatory retention obligations, which may require us to retain certain data regardless of deletion requests.
Right to Portability: Where technically feasible and legally permissible, you may request that we provide your personal data in a structured, commonly used, machine-readable format suitable for transmission to another controller.
Right to Object: You may object to the processing of your personal information where we are relying on a legitimate interest as the legal basis for processing. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
To exercise any of these rights, please submit a written request to compliance@gemcybersecurityassist.com. We will respond within the timeframe required by applicable law, typically within thirty (30) days of receipt. We may require verification of your identity before processing a rights request.
8. International Data Transfers
GEM Enterprise operates globally and may transfer personal information across international borders in connection with the delivery of our services. We take appropriate safeguards to ensure that such transfers comply with applicable data protection laws.
Where personal data is transferred from the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions to countries that have not been determined to provide an adequate level of data protection, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by relevant data protection authorities, binding corporate rules where applicable, or other lawful transfer mechanisms recognized under applicable law. By using the Platform, you acknowledge that your information may be transferred to and processed in countries outside your jurisdiction of residence.
9. Children's Privacy
The GEM Enterprise Platform is intended exclusively for adult users who meet our eligibility requirements, including accreditation and qualification standards. The Platform is not directed to, and we do not knowingly collect personal information from, individuals under the age of eighteen (18). If we become aware that we have inadvertently collected personal information from a minor, we will take prompt steps to delete such information from our systems. If you believe we have collected information from a minor, please contact us immediately at compliance@gemcybersecurityassist.com.
10. Contact for Privacy Matters
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact our compliance team. We are committed to resolving privacy concerns in a timely and transparent manner.
GEM Enterprise Compliance & Privacy Team
Privacy Rights Requests
privacy@gemcybersecurityassist.comResponse time: We aim to respond to all privacy inquiries within five (5) business days. Rights requests will be processed within the timeframe required by applicable law.
This policy is subject to change with notice. Material changes will be communicated to registered users via email or prominent notice on the Platform no less than thirty (30) days prior to the effective date of such changes. Your continued use of the Platform following notice of changes constitutes acceptance of the revised Policy.