Privacy Policy

KW Investments Limited, trading as GXM Trading (hereinafter referred to as "the Company", "we", "us", or "our"), is a company authorized and regulated by the Seychelles Financial Services Authority (FSA) under Securities Dealer License number SD020. The Company operates the website gxmtrading.com and all associated platforms, mobile applications, and client portals.

This Privacy Policy explains how we collect, use, store, share, and protect the personal data of individuals who visit our website, register for an account, use our trading services, or otherwise interact with us. It applies to all current, former, and prospective clients, as well as visitors to our website and recipients of our communications.

By accessing our website, opening an account, or using any of our services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of our services and contact us to discuss your concerns.

We are committed to protecting the privacy and confidentiality of every individual whose personal data we process. We adhere to applicable data protection laws, including the EU General Data Protection Regulation (GDPR) where it applies, and the relevant legislation of the Republic of Seychelles. This policy is supplementary to, and should be read together with, the terms and conditions of our Client Service Agreement.

We collect personal data that is necessary to provide you with our services, comply with our legal and regulatory obligations, and improve your experience. The categories of personal data we may collect include:

Registration and Identity Data

• Full legal name, date of birth, nationality, and country of residence.
• Government-issued identification documents such as passport, national identity card, or driver's license.
• Proof of address documents such as utility bills, bank statements, or official correspondence dated within the last three months.
• Tax identification number and tax residency information where required by applicable regulations.

Financial and Transactional Data

• Bank account details, credit or debit card information, and electronic wallet identifiers used for deposits and withdrawals.
• Source of funds documentation and proof of income or wealth where required by anti-money laundering regulations.
• Trading history, account balances, transaction records, and order activity within our platforms.
• Information gathered through appropriateness and suitability assessments, including your investment experience, financial knowledge, and risk tolerance.

Contact and Communication Data

• Email address, telephone number, and mailing address.
• Records of correspondence between you and the Company, including emails, live chat transcripts, telephone call recordings, and support tickets.
• Communication preferences and marketing consent records.

Device, Technical, and Usage Data

• IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Pages visited on our website, time spent on each page, click patterns, referral URLs, and navigation paths.
• Login timestamps, session duration, platform usage patterns, and feature interaction data.
• Information collected through cookies, pixel tags, web beacons, and similar tracking technologies as described in Section 9 of this policy.

Data from Third-Party Sources

• Credit reference and fraud prevention agency reports.
• Information from identity verification and electronic Know Your Customer (eKYC) service providers.
• Publicly available data from official registers, databases, and sanctions lists.

We process your personal data for the following purposes:

Account Administration and Service Delivery

• To verify your identity, open and manage your trading account, and process your applications.
• To execute your transactions, process deposits and withdrawals, and maintain accurate financial records.
• To communicate with you regarding your account, including sending confirmations, statements, technical notices, and service updates.
• To provide customer support and respond to your inquiries, complaints, and requests.

Regulatory Compliance and Legal Obligations

• To conduct Know Your Customer (KYC) and Customer Due Diligence (CDD) checks as required by anti-money laundering and counter-terrorism financing regulations.
• To monitor transactions for suspicious activity and file reports with relevant authorities where required by law.
• To comply with tax reporting obligations, including the Common Reporting Standard (CRS) and the Foreign Account Tax Compliance Act (FATCA).
• To respond to lawful requests from regulatory bodies, law enforcement agencies, and courts of competent jurisdiction.

Marketing and Communications

• To inform you about new products, services, promotions, educational content, and market analysis that may be of interest to you, subject to your consent or where otherwise permitted by law.
• To personalize and tailor marketing communications based on your profile, trading activity, and stated preferences.
• To conduct surveys and collect feedback to improve our offerings.

Analytics, Research, and Service Improvement

• To analyze usage patterns and trends in order to improve the functionality, performance, and security of our platforms.
• To conduct statistical and actuarial analysis for risk management and business planning purposes.
• To develop new features, tools, and services based on aggregated and anonymized usage data.

Security and Fraud Prevention

• To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity on our platforms.
• To protect the security and integrity of our information technology systems, networks, and infrastructure.
• To enforce our terms of service and protect the rights, property, and safety of the Company, our clients, and third parties.

We process your personal data on one or more of the following legal grounds, depending on the specific purpose:

Contractual Necessity. Processing is necessary for the performance of the Client Service Agreement between you and the Company, or to take steps at your request prior to entering into such an agreement. This includes account opening, transaction execution, and the provision of our core trading services.

Legal Obligation. Processing is necessary for compliance with a legal or regulatory obligation to which the Company is subject. This includes obligations under anti-money laundering legislation, financial services regulations, tax reporting requirements, and any binding order or request from a competent authority.

Legitimate Interest. Processing is necessary for the legitimate interests pursued by the Company or a third party, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include fraud prevention, network and information security, business development, internal administration, and the improvement of our products and services.

Consent. In certain circumstances, we rely on your freely given, specific, informed, and unambiguous consent to process your personal data. This applies primarily to the sending of direct marketing communications and the use of non-essential cookies. Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal. You may withdraw consent by contacting us at support@gxmtrading.com or by using the unsubscribe mechanism provided in our communications.

Vital Interests. In rare and exceptional circumstances, processing may be necessary to protect the vital interests of the data subject or another natural person.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients, solely for the purposes described in this policy:

• Affiliated Companies. Companies within the same corporate group as KW Investments Limited that assist in the provision of services, administration of accounts, or compliance with regulatory obligations.
• Payment Service Providers. Banks, electronic payment processors, card networks, and e-wallet providers that facilitate deposits, withdrawals, and the settlement of transactions on your account.
• Regulatory and Supervisory Authorities. The Seychelles Financial Services Authority (FSA) and any other regulatory body, government agency, or law enforcement authority entitled to receive personal data under applicable laws.
• Identity Verification and KYC Providers. Third-party service providers that perform identity verification, document authentication, credit checks, sanctions screening, and politically exposed person (PEP) screening on our behalf.
• Professional Advisors. External auditors, legal counsel, tax advisors, and compliance consultants engaged by the Company, who are bound by professional duties of confidentiality.
• Technology and Infrastructure Providers. Cloud hosting providers, data center operators, IT support companies, and software vendors that supply and maintain the technical infrastructure used to deliver our services.
• Analytics and Marketing Platforms. Third-party analytics providers and advertising networks that help us measure website performance and deliver targeted communications, using pseudonymized or aggregated data wherever possible.

All third-party recipients are contractually obligated to process your personal data only for the specified purposes, to maintain appropriate confidentiality and security measures, and to comply with applicable data protection laws. We conduct due diligence on our third-party processors and require them to enter into data processing agreements that provide adequate safeguards for your personal data.

The Company reserves the right to disclose your personal data without your prior consent where required to do so by law, regulation, court order, or binding request from a competent authority.

As a globally operating financial services provider, we may transfer your personal data to countries outside your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction. Such transfers may occur when we share data with affiliated companies, third-party service providers, or regulatory authorities located in other jurisdictions.

Where personal data is transferred internationally, we take appropriate measures to ensure that your data remains protected in accordance with applicable data protection laws. These measures may include:

• Transferring data to countries that have been recognized as providing an adequate level of data protection.
• Implementing Standard Contractual Clauses approved by relevant data protection authorities.
• Relying on binding corporate rules within our corporate group.
• Obtaining your explicit consent for specific transfers where appropriate.
• Ensuring that recipient organizations maintain certifications or adhere to codes of conduct that guarantee adequate protection.

You may request further information about the specific safeguards applied to transfers of your data by contacting us at support@gxmtrading.com.

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements. The specific retention period depends on the nature of the data and the purpose of processing:

• Account and Transaction Records. Retained for a minimum of five (5) years following the closure of your account or the completion of the last transaction, whichever is later, in accordance with anti-money laundering regulations and financial services record-keeping requirements.
• KYC and Identity Verification Documents. Retained for at least five (5) years after the termination of the business relationship, or longer if required by applicable law.
• Communication Records. Telephone recordings, emails, and chat logs are retained for a minimum of five (5) years from the date of the communication, in compliance with regulatory requirements.
• Marketing and Consent Records. Records of your consent or objection to marketing are retained for as long as we conduct marketing activities, plus a reasonable period thereafter to demonstrate compliance.
• Website Usage and Cookie Data. Typically retained for up to twenty-four (24) months from the date of collection, unless a shorter retention period applies to a specific cookie category.

When personal data is no longer required, we will securely delete or anonymize it so that it can no longer be associated with you. Anonymized data, which cannot be used to identify any individual, may be retained indefinitely for statistical, analytical, and research purposes.

Subject to applicable law and certain exemptions, you may have the following rights in relation to your personal data:

• Right of Access. You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data together with information about how it is processed.
• Right to Rectification. You have the right to request that we correct any inaccurate personal data and complete any incomplete personal data we hold about you.
• Right to Erasure. You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where there is no other legal basis for continued processing. This right is subject to our legal and regulatory retention obligations.
• Right to Restriction of Processing. You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interests.
• Right to Data Portability. You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
• Right to Object. You have the right to object to the processing of your personal data where processing is based on our legitimate interests. You also have the absolute right to object to processing for direct marketing purposes at any time.
• Right to Withdraw Consent. Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
• Right to Lodge a Complaint. If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Seychelles Financial Services Authority or any other competent supervisory authority in your jurisdiction.

To exercise any of these rights, please submit a written request to support@gxmtrading.com. We may need to verify your identity before processing your request. We will respond to all legitimate requests within thirty (30) days, though we may require additional time for particularly complex requests, in which case we will notify you of the extension and the reasons for it.

Please note that certain rights may be limited where we have an overriding legitimate interest, a legal obligation, or a regulatory requirement to continue processing your data.

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and personalize content. A cookie is a small text file placed on your device by your web browser when you visit a website.

We use the following categories of cookies:

• Strictly Necessary Cookies. These cookies are essential for the operation of our website and enable core functionality such as page navigation, secure login, and access to protected areas. They cannot be disabled without impairing the basic functions of the site.
• Performance and Analytics Cookies. These cookies collect aggregated and anonymous information about how visitors use our website, including which pages are visited most frequently, time spent on pages, and any error messages encountered. We use this data to improve site performance and user experience.
• Functionality Cookies. These cookies allow the website to remember choices you have made, such as your preferred language, region, or display settings, and to provide enhanced, more personalized features.
• Marketing and Advertising Cookies. These cookies are used to deliver advertisements that are relevant to your interests. They may also be used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns. These cookies are placed by third-party advertising networks with our permission.

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies, though doing so may affect the functionality of certain features on our website. You may also opt out of targeted advertising by visiting the opt-out pages of major advertising networks.

In addition to cookies, we may use web beacons, pixel tags, and similar technologies in our emails and on our website to track open rates, click-through rates, and user interactions for analytics and marketing optimization purposes.

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, destruction, or accidental loss. These measures include, but are not limited to:

• Encryption of personal data in transit using Transport Layer Security (TLS/SSL) and encryption of sensitive data at rest using industry-standard cryptographic algorithms.
• Strict access controls, including role-based permissions, multi-factor authentication, and the principle of least privilege, ensuring that only authorized personnel can access personal data on a need-to-know basis.
• Regular security assessments, vulnerability scans, and penetration testing of our systems and infrastructure.
• Firewalls, intrusion detection and prevention systems, and continuous monitoring of network activity for anomalous behavior.
• Comprehensive employee training on data protection, information security, and the handling of confidential client information.
• Incident response procedures to promptly identify, contain, and remediate any personal data breach, and to notify affected individuals and relevant authorities in accordance with applicable law.

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is entirely secure. We cannot guarantee absolute security, but we continuously review and enhance our security measures to maintain a high standard of data protection.

You also play an important role in keeping your data safe. We encourage you to use strong, unique passwords for your account, to enable two-factor authentication where available, and to notify us immediately if you suspect any unauthorized access to your account.

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal or regulatory requirements, or business operations. When we make material changes, we will update the policy on our website and, where appropriate, notify you directly by email or through a prominent notice on our platform.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our services following the posting of any changes constitutes your acceptance of those changes. If you do not agree with a revised policy, you should discontinue use of our services and contact us to discuss your options.

The date on which this Privacy Policy was last updated will be indicated at the top of the page. Previous versions of this policy are available upon request by contacting our support team.

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to contact us using the details below:

• Company Name: KW Investments Limited, trading as GXM Trading.
• Regulatory Authority: Seychelles Financial Services Authority (FSA), License Number SD020.
• Website: gxmtrading.com
• Email: support@gxmtrading.com

We are committed to resolving any concerns about your privacy and the handling of your personal data. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.