Last Updated: February, 2020
Global Currency Organization LLC ("
Global Currency Organization") understands the importance of privacy, especially
when it comes to your Personal Information. Data privacy and your trust are our top
Services (collectively, the "
GCO Services"), including operation of https://www.gcodigital.com, any associated
APIs and any mobile applications (collectively, the “
Website”), which is our platform dedicated to the mint and redemption of
stablecoin digital assets and the provision of related services, how we will use this
information, and the very limited ways that we may share your information. This Privacy
Policy does not apply to any Third Party websites, marketplaces or applications, even if
they are accessible through our GCO Services.
Please read this policy carefully to understand our
policies and practices regarding your information, as you consent to the collection,
use, and disclosure of Personal Information (as defined below). If you do not agree with
our policies and practices, do not use GCO Services.
2. Who May Use our Services.
GCO Services are only intended for adults eighteen (18)
years of age and older. We do not knowingly collect Personal Information from persons
under the age of 18. If we learn that we have collected any Personal Information from
persons under the age of 18, we will promptly take steps to delete such information and
terminate their account.
is Processed (as defined below) by GCO through your use of or logging into the Website,
your registration with this Website, and/or use GCO Services we offer, as well our
practices for collecting, using, maintaining, protecting, and disclosing such
email, text, and other electronic messages between you and this Website and through
mobile and desktop applications you download from this Website, which provides dedicated
non-browser-based interaction between you and this Website.
4. Personal Information We Collect and How We Use It.
We collect several types of information from and about
customers, users and visitors (collectively "Individuals") depending on how they are
using the GCO Services, including:
(a) Types of Personal Information We Collect
Information You Provide Directly to Us.
When you use the GCO Services or engage in certain activities, such as registering for a
GCO account with us, requesting information, or contacting us directly, we may ask you
to provide the following types of information:
If you create an
account, we may collect certain information that can be used to identify you. The
requested information may include:
(i) for individuals, certain personal information, including your name,
last name, address, telephone number, e-mail address, gender, date of birth,
username, and encrypted password which enables you to utilize certain features
of the GCO Services; and
(ii) for entities, information about its business, financial condition,
corporate structure, shareholders, directors, officers, ultimate beneficial
owners, agents and other representatives. We may also collect additional
information about you that is needed to complete Know Your Customer ("KYC") and
Anti-Money Laundering ("AML") checks, such as address, birthdate, tax ID number,
government issued ID, bank account information and cryptocurrency wallet
Communications with Us. We may collect
Personal Information from you such as name, phone number, email address, or mailing
address when you choose to request information about the GCO Services, request to
receive customer or technical support, or otherwise communicate with us.
Automatic Data Collection. We may collect
certain information automatically through the GCO Services or other methods of web
analysis, such as your Internet protocol (IP) address, cookie identifiers, and other
device identifiers that are automatically assigned to your computer or device when you
access the Internet, browser type and language, geo-location information, hardware type,
operating system, user settings, location information, mobile carrier, Internet service
provider, pages that you visit before and after using the GCO Services, the date and
time of your visit, the amount of time you spend on each page, information about the
links you click within the Website, and other actions taken through use of the Website
such as preferences. Although we do not correlate tracking information to Individuals,
some information collected, such as IP addresses, will be unique.
Information from Other Sources. We may
receive information about you from other sources, including through our service
providers who perform the KYC and AML checks. These service providers may collect
information from other sources in order to supplement information provided by you.
Information we collect through our service providers may include your name, government
issued identification number, location, gender, birth date, and email address. This
supplemental information allows us to verify information that you have provided to us
and to enhance our ability to provide you with information about our business, products,
and GCO Services.
Do Not Track Settings. Do Not Track
("DNT") is a privacy preference that Individuals can set in certain web browsers. DNT is
a privacy preference that Individuals can set in certain browsers to inform websites
that they do not want certain information about their webpage visits collected over time
and across websites. We do not track, plant cookies, or use advertising when a DNT
browser mechanism is in place.
(b) How We Use Your Information
We collect the Personal Information in an effort to provide you with secure and
efficient customer experience, to protect you from risks of improper use and fraud and
to improve, develop and improve GCO Services. We use information that we collect about
you or that you provide to us, including Personal Information:
To provide you with information, products, or
services that you request from us. We may use information about you to:
- Generally manage customer information and accounts;
- To provide you with information, products, or services that you request from us;
- Provide access to certain areas, functionalities, and features of our Website; and
- Contact you to answer requests for customer support or technical support.
Administrative Purposes. We may use
Personal Information about you for administrative purposes, including to:
- Measure interest in GCO Services;
- Ensure internal quality control;
- Verify Individual identity;
- Communicate about Individual accounts and activities on our Website and systems,
and, in our discretion, changes to GCO Services or any of our policies;
- Send email to the email address you provide to us to verify your account and for
informational and operational purposes, such as account management, customer
service, or system maintenance;
- Verify the information that you provide to use and validate you through the KYC/AML
process required by our fiduciary partners;
- Meet the requirements to make disclosures under the requirements of any law binding
on the Website under and for the purposes of any guidelines issued by regulatory or
other authorities with which the Website is expected to comply;
- Process payment for products or the GCO Services purchased;
- Provide you with notices about your account and payments;
- Process applications and transactions;
- Prevent potentially prohibited or illegal activities;
- Carry out our obligations and enforce our rights arising from any contracts entered
into between you and us, including for billing and collection; and
- Enforce our Terms.
Limiting Use, Disclosure and Retention.
We will not use your Personal Information Data for any purpose that you have not
consented to. GCO will NOT sell or trade Personal Information Data for commercial
purposes. We will only use Personal Information to provide you with important messages
about our GCO Services and transactional communications regarding your activity on our
website, such as deposit and withdrawal notifications.
Anonymous and Aggregated Information Use.
We may use Personal Information and other information about you to create anonymized and
aggregated information, such as de-identified demographic information, de-identified
location information, information about the computer or device from which you access
GCOServices, or other analyses we create. Anonymized and aggregated information is used
for a variety of functions, including the measurement of visitors' interest in and use
of various portions or features of the GCO Services. Anonymized or aggregated
information is not Personal Information, and we may use such information in a number of
ways, including research, internal analysis, analytics, and any other legally
permissible purposes. We may share this information within us and with Third Parties for
our or their purposes in an anonymized or aggregated form designed to prevent anyone
from identifying you.
Other Uses. We may use Personal
Information for which we have a legitimate interest, such as direct marketing,
individual or market research, anti-fraud protection, or any other purpose disclosed to
you at the time you provide Personal Information or with your consent.
(c) Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based
We, as well as Third Parties that provide content or other
technologies ("Technologies") to automatically collect information through the GCO
Services. We use Technologies that are essentially small data files placed on your
computer, tablet, mobile phone, or other devices (referred to collectively as a
"device") that allow us to record certain pieces of information whenever you visit or
interact with the GCO Services, applications, messaging, and tools, and to recognize you
across all relevant devices.
Cookies. Cookies are small text files
placed in visitors' devices to store their preferences. Most browsers allow you to block
and delete cookies. However, if you do that, some features of the GCO Services may not
Pixel Tags/Web Beacons. A pixel tag (also
known as a web beacon) is a piece of code embedded on the Website that collects
information about Individuals' engagement on the Website. The use of a pixel allows us
to record, for example, that a user has visited a particular web page or clicked on a
Our uses of such Technologies fall into the following
technologies that are necessary to the operation of GCO Services, applications, and
tools. This includes technologies that allow you access to GCO Services,
applications, and tools; that are required to identify irregular GCO Service
behavior, prevent fraudulent activity and improve security; or that allow you to
make use of our functions such as shopping-carts, saved search, or similar
technologies to assess the performance of our applications, GCO Services, and tools,
including as part of our analytic practices to help us understand how our visitors
useGCO Services, determine if you have interacted with our messaging, determine
whether you have viewed an item or link, or to improve our website content,
applications, GCO Services, or tools;
technologies that allow us to offer you enhanced functionality when accessing or
using GCO Services. This may include identifying you when you sign into your account
or keeping track of your specified preferences, interests, or past items viewed so
that we may enhance the presentation of content; and
- Advertising or Targeting Related. We may use first-party or Third Party cookies
and web beacons to deliver content, including ads relevant to your interests, on
Website, or on Third Party websites. This includes using Technologies to understand
the usefulness to you of the advertisements and content that has been delivered to
you, such as whether you have clicked on an advertisement.
If you would like to opt out of the Technologies we employ through GCO Services,
applications, or tools, you may do so by blocking, deleting, or disabling them as your
browser or device permits. Please note however that certain functionality of the GCO
Services may not be available or function properly if you opt out of certain Technology
5. Information for European Economic Area Data Subjects
If you are a resident of the European Economic Area, United Kingdom or Switzerland
"EEA"), you may have additional rights under the EU General Data Protection
"GDPR") with respect to your Personal Information, as outlined below. To the
extent applicable to us, we adhere to relevant EEA data protection laws. For purposes of
this section, terms of
"Personal Information" and
"processing/processed" have the meanings provided in the GDPR.
(i) Processing Based on Lawful Basis Only
We only process your Personal Information if we have a
lawful basis for doing so. Below are the legal bases we process the Personal Information
subject to GDPR:
(a) Consent: To enhance your user experience, to engage in third party marketing
activities, direct marketing activities and any other purposes to be indicated to you in
order to receive your consent.
We will clearly and expressly indicate to you if we process Personal Information based on your
consent, at the time of collection. You may withdraw your consent at any time without affecting
the lawfulness of processing based on consent before consent is withdrawn.
(b) Contractual necessity: To carry out our obligations and enforce our rights
arising from any contracts entered into between you and us, including for billing and
collection, to provide GCO Services, customer support service and service communications
and to improve GCO Services and ensure internal quality control.
(c) Legitimate interest: To conduct research and development of new products, to
monitor the usage of GCO Services, to facilitate corporate acquisitions, mergers or
transactions, to engage in direct marketing activities, to protect our rights.
When we process Personal Information based on our legitimate interests, we always
and balance any potential impact on you and your rights under data protection laws.
(d) Legal obligation, Public Interest or in your Vital Interest: To conduct
anti-fraud, anti-money laundering and identity verification/authentication checks, to
comply with legal and regulatory applications binding on GCO, to satisfy retention
obligations and to ensure network and information security.
(ii) Collection and Use of Special Categories of
Some of the Personal Information we collect is considered
sensitive by applicable law and referred to as Special Categories of Personal
Data. We may collect and process the special categories of Personal Information when you
voluntarily provide them for us to comply with our legal obligations, or as applicable
law otherwise permits. For example, we may collect your biometric data and racial or
ethnic origin to conduct anti-fraud, anti-money laundering and identity
verification/authentication checks, to comply with legal and regulatory applications
binding on GCO.
Direct Marketing: We may, from time to time, send direct marketing materials to
you that are only based on advertising our products, services, facilities or activities.
We will only communicate to you based on our legitimate interests, subject to the
applicable laws and regulations, or with your consent. You may opt-out of such
communications by following the directions provided in any marketing communication.
Third Party Marketing: We will not provide your Personal Information for any
third parties for third party marketing purposes without obtaining your consent.
(iv) Contact Us
If you would like to contact us about our privacy
practices, or exercise any of your data subject rights, please send a written request to
us by emailing [email protected]
Data Protection Officer and contact
- Data Protection Officer
- Global Currency Organization LLC.,
- 353 Sacramento Street,
- 8th Floor San Francisco,
- CA 94111, United States
- [email protected]
6. How We Share Your Personal Information.
We only collect Personal Information that we believe to be
relevant and required to conduct our business. We may share your Personal Information
with our GCO Service providers, but only to the extent that they each need to know
specific information to continue to provide GCO Services to you. This includes:
(i) Vendors and Service Providers.
We may share any information we receive with vendors and
service providers. The types of service providers (processors) to whom we entrust
Personal Information include service providers for: (i) provision of IT and related
services; (ii) provision of information you have requested; (iii) payment processing;
(iv) customer service activities; (v) fraud prevention; and (vi) in connection with the
provision of the services, including KYC/AML checks. We have executed appropriate
contracts with the service providers that prohibit them from using or sharing Personal
Information except as necessary to perform the contracted Website on our behalf or to
comply with applicable legal requirements.
(ii) Disclosures to Protect Us or Others (e.g., as required by law and similar
We may access, preserve, and disclose your Personal
Information, other account information, and content if we believe doing so is required
or appropriate to: (i) comply with law enforcement or national security requests and
legal process, such as a court order or subpoena; (ii) respond to your requests; (iii)
protect your, our or others' rights, property, or safety; (iv) enforce our policies or
contracts; (v) collect amounts owed to us; (vi) prevent physical harm or financial loss
or in connection with an investigation or prosecution of suspected or actual illegal
activity; or (vii) disclose your Personal Information in good faith where it is
otherwise necessary or advisable.
(iii) Security Reasons.
In addition, from time to time, server logs may be reviewed
for security purposes - e.g., to detect unauthorized activity on the Website. In such
cases, server log data containing IP addresses may be shared with law enforcement bodies
in order that they may identify Individuals in connection with their investigation of
the unauthorized activities.
(iv) Merger, Sale, or Other Asset Transfers.
If we are involved in a merger, acquisition, financing due
diligence, reorganization, bankruptcy, receivership, sale of company assets, or
transition of service to another provider, then your information may be sold or
transferred as part of such a transaction as permitted by law and/or contract. In such
event, we will endeavor to direct the transferee to use Personal Information in a manner
Information was collected.
(v) For any other purpose disclosed by us when you provide the information.
We may disclose aggregated information about our users,
which means information that does not identify any individual, without restriction. As
an example, we may include in our marketing materials that a certain percentage of our
users are female, but we will not share a list of the female users in these materials.
7. Data Transfers
(i) International Data Transfers.
You agree that all Personal Information collected via or by us may be transferred,
Processed, and stored anywhere in the world, including but not limited to the United
States, in the cloud, on our servers, on the servers of our affiliates or the servers of
our service providers. Your Personal Information may be accessible to law enforcement or
other authorities pursuant to a lawful request. By providing information to us, you
explicitly consent to the storage of your Personal Information in these locations.
(ii) Collection and Transfer of Data outside the EEA
GCO operates globally with many of its systems based in the United States. Therefore, we
may need to transfer your Personal Information outside of the country from which it was
originally provided, and which have no data protection laws or laws that are less strict
in comparison to those in EEA. You agree that all Personal Information collected via or
by us may be transferred, Processed, and stored anywhere in the world, including but not
limited to the United States, in the cloud, on our servers, on the servers of our
affiliates or the servers of our service providers. Your Personal Information may be
accessible to law enforcement or other authorities pursuant to a lawful request.
When we transfer Personal Information outside of the EEA, we take steps to ensure
appropriate safeguards are in place to protect your Personal Data. We contractually
obligate recipients of your Personal Information to agree to at least the same level of
privacy safeguards as required under applicable data protection laws. By communicating
electronically with GCO, you explicitly consent to the storage of your Personal
Information in these locations.
When we transfer your Personal Information based on your consent, you may withdraw your
consent at any time. In the event of withdrawal of consent and thus we are being unable
to transfer Personal Information to third countries, GCO Services may become unavailable
8. Your Privacy Rights
Subject to applicable law of where you reside, you may be
able to exercise certain rights regarding your Personal Information, as explained below.
These rights may not be available to all users, depending on the local law applicable to
you based on the jurisdiction in which you reside. If you are a resident of the EEA, you
have such rights pursuant to GDPR.
We may not accommodate a request to change information if
we believe the change would violate any law or legal requirement or cause the
information to be incorrect. Although we make good faith efforts to provide Individuals
with access to their Personal Information, there may be circumstances in which we are
unable to provide access, including but not limited to: where the information contains
legal privilege, would compromise others' privacy or other legitimate rights, where the
burden or expense of providing access would be disproportionate to the risks to the
Individual's privacy in the case in question or where it is commercially proprietary. If
we determine that access should be restricted in any particular instance, we will
provide you with an explanation of why that determination has been made and a contact
point for any further inquiries. To protect your privacy, we will take commercially
reasonable steps to verify your identity before granting access to or making any changes
to your Personal Information.
While you are exercising any of the rights mentioned
below, please include your full name, email address associated with your account, and a
detailed description of your data request. You may submit your requests by emailing us
at [email protected]
or [email protected]
Such requests will be Processed in line
with local and applicable laws. GCO has absolute discretion in providing you with those
rights if any of the rights mentioned below are not provided under the applicable local
laws of the jurisdiction in which you reside.
(i) Rights of Access
You can review and change your Personal Information by
logging into the Marketplace and visiting your account page. You may also inquire as to
whether we are Processing Personal Information about you or request access to your
You have the right to request the rectification of
inaccurate personal data and to have incomplete data completed.
You have the right to object to the processing of your
personal data for compelling and legitimate reasons relating to your particular
situation, except in cases where legal provisions expressly provide for that processing.
(iv) Right to Refuse or Withdraw Consent
To the extent the processing of your Personal Information or sensitive
Personal Information is based on your consent, you may withdraw your consent and opt
out of further Processing by contacting us as described below, at any time. Your
withdrawal will not affect the lawfulness of GCO's Processing based on consent
before your withdrawal.
and Telephone Communications. If you receive an unwanted email from us,
you can use the unsubscribe link found at the bottom of the email to opt out of
receiving future emails. We will process your request within a reasonable time after
receipt. Note that you will continue to receive transaction-related emails regarding
products or Marketplace you have requested. We may also send you certain
non-promotional communications regarding us and our Website and you will not be able
to opt out of those communications (e.g., communications regarding updates to our
We maintain telephone “do-not-call” lists as mandated by law. We process requests to
be placed on do-not-phone and do-not-contact lists within 60 days after receipt, or
such shorter time as may be required by law.
You may request to erase your Personal Information if (i) it is no longer necessary for
the purposes for which we have collected it, (ii) you have withdrawn your consent and no
other legal ground for the processing exists, (iii) you objected and no overriding
legitimate grounds for the processing exist, (iv) the processing is unlawful, or erasure
is required to comply with a legal obligation. Upon complying with your erasure request,
we may still keep certain account information in our database for a certain amount of
time in order to satisfy our legal obligations.
Subject applicable law, you may have the right to restrict or object us to Process your
Personal Information under certain conditions.
You may receive your Personal Information that you have provided to us, in a structured,
commonly used and machine-readable format and have the right to transmit it to other
data controllers without hindrance. This right only exists if the processing is based on
your consent or a contract and the processing is carried out by automated means.
(viii) Right to lodge a complaint
EEA data subjects also have the right to lodge a complaint with a supervisory authority,
in particular in the EEA Member State of their residence or the location where the issue
that is the subject of the complaint occurred. Further to such complaint right, EEA data
subjects have right to an effective judicial remedy.
9. Data Retention.
We retain the Personal Information we receive as described
purpose(s) for which it was collected, provide GCO Services, resolve disputes, establish
legal defenses, conduct audits, pursue legitimate business purposes, enforce our
agreements, and comply with applicable laws.
10. Security of Your Information.
We take steps to ensure that your information is treated
designed to secure your Personal Information from accidental loss and from unauthorized
access. All user information is encrypted through the Website with Secure Socket Layer
technology (SSL) and is also encrypted when it is stored by us to prevent unauthorized
parties from viewing such information. Also, we perform regular malware scanning of the
Website and all servers and computers used by us to support the Website. All Company
employees are required to adhere to our security and confidentiality procedures and
undergo training related to maintaining the security of user Personal Information. The
safety and security of your information also depends on you. Where you have chosen a
password for access to certain parts of the Website, you are responsible for keeping
this password confidential. We ask you not to share your password with anyone and be
careful about giving out information to other Individuals on the Website if requested.
Unfortunately, the transmission of information via the internet is not completely
secure. Although we do our best to protect your Personal Information, we cannot
guarantee the security of your Personal Information transmitted to the Website. Any
transmission of Personal Information is at your own risk. We are not responsible for
circumvention of any privacy settings or security measures contained on the Website, and
we do not accept liability for unintentional disclosure.
By using GCO Services or providing Personal Information to
us, you agree that we may communicate with you electronically regarding security,
privacy, and administrative issues relating to your use of GCO Services. If we learn of
a security system's breach, we may attempt to notify you electronically by making a
notice available to you through the Website or sending an e-mail to you. You may have a
legal right to receive this notice in writing.
11. International Users.
By using the Website, we will transfer data to the United States and other global
jurisdictions. By choosing to use the Website or otherwise provide information to us,
and the adjudication of any disputes arising in connection with the Website will be in
12. Third Party Links.
Website may contain links that lead to other websites, and
GCO is not responsible for the privacy practices, content, and/or activities of these
linked websites. Nonetheless, we seek to protect the integrity of GCO Services and
welcome any feedback about these external websites.
13. Redress/Compliance and Accountability.
If you have any questions about our privacy practices, this
contact us as described below. We will address your concerns and attempt to resolve any
privacy issues in a timely manner.
14. Other Rights and Important Information.
time. You understand and agree that you will be deemed to have accepted the updated
effect, you must immediately stop using the Website.
so review it periodically. If you continue to access or use the Website made available
to you after such changes have been made, you are deemed to have provided your consent
to the changes.
we will notify you by email or as otherwise required by applicable law. We will post any
effective immediately when it is posted (or upon notice as applicable).
(iii) New Uses of Personal Information.
Additionally, before we use Personal Information for any
new purpose not originally authorized by you, we will endeavor to provide information
regarding the new purpose and give you the opportunity to opt out. Where consent of the
Individual for the Processing of Personal Information is otherwise required by law or
contract, we will endeavor to comply with the law or contract.
The following capitalized terms will have the meanings herein as set forth below.
“Agent” means any Third Party that Processes Personal Information pursuant to
the instructions of, and solely for, us or to which we disclose Personal Information
for use on its behalf.
“Personal Information” is any information relating to an identified or
identifiable natural person.
“Processing” means any operation which is performed upon Personal
Information, whether or not by automatic means, such as collection, recording,
organization, structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or otherwise making
available, alignment or combination, restriction, erasure, or destruction.
“Sensitive Data” or
“Sensitive Personal Information” is a subset of Personal Information which,
due to its nature, has been classified by law or by policy as deserving additional
privacy and security protections. Sensitive Personal Information includes Personal
Information consisting of the following data elements: (1) race or ethnic origin;
(2) political opinions; (3) religious or philosophical beliefs; (4) trade union
membership; (5) genetic data; (6) biometric data where Processed to uniquely
identify a person; (6) health information; (7) sexual orientation or information
about the Individual's sex life; or (8) information relating to the commission of a
“Third Party” is any company, natural or legal person, public authority,
agency, or body other than you, us or our Agents.
16. Contact Us.
If you would like to contact us about our privacy practices, or exercise any of your
data subject rights, please send a written request to us at