The website https://www.goldforex.be/ (the ‘Website’)is owned and managed by GFI.
The website allows access to the following services/products:
- sale of gold, investment metals;
- purchase of gold, investment metals;
- deposit of gold and investment metals.
The processing of personal data carried out by GFI fully complies with the Belgian Data Protection Act of 30 July 2018 (the ‘Act’) and the European Regulation of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the ‘GDPR’).
The User and/or the Client consents to GFI collecting and processing the personal data he or she provides on the Website, on GFI’s social media accounts, when making a request to GFI or during the provision of services and/or products offered by GFI for the purposes referred to below.
The User and/or the Client can withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- DATA CONTROLLER
GFI, which acts as the Data Controller, determines the purposes for which, and the technical and legal means by which, the data is processed. It undertakes to take all necessary organisational measures to ensure secure processing in accordance with the aforementioned national and European legislation.
GFI’s contact details are provided in Article 15.
- PERSONAL DATA
In the course of its business, GFI collects personal data when a User and/or Client:
- Confirms, performs or completes a purchase, sale and/or deposit of gold and/or investment metals or currencies;
- Uses the contact form available on the Website;
- Subscribes to a newsletter;
- Requests an offer;
- Makes contact through GFI’s social media accounts;
- Makes a request to GFI;
- Responds to a request from GFI;
- Places an order on GFI’s Website and/or directly with GFI;
- Enters into a business collaboration with GFI;
- Performs an evaluation of GFI.
Cases directly or indirectly related to the above are also included.
- Client data: surname, first name(s), date of birth, email address, postal address, telephone number, bank details (IBAN and BIC, VAT no.), copies of bank cards and financial information, social media identifiers, all data relating to Client and User satisfaction and, more generally, any information provided by the User and/or the Client;
- Data collected when visiting the Website (including through cookies): IP address, geographical area from which the Website is accessed, date and time of access, type of browser and all information on the pages viewed by the User and/or the Client (URL, browsing time);
- Data collected at the time of the purchase, sale or deposit of gold and investment metals and currencies: all data that is necessary or useful for the completion by GFI of a purchase, sale or deposit of gold and investment metals and currencies, including: copy of proof of payment, copy of signed delivery notes, copy of payslips, copy of proof of income and, more generally, any information provided by the User and/or the Client at this time. This list is not exhaustive.
Furthermore, GFI represents and warrants to Users and/or Clients that their data is collected fairly and lawfully.
- PURPOSES OF THE PROCESSING OF PERSONAL DATA
The purposes for which GFI processes personal data are set out below.
GFI only uses personal data for the purposes described and those directly or indirectly related thereto:
5.1. Fulfilment of its legal obligations
GFI has to comply with many legal and regulatory obligations and requirements. These obligations may involve working with the relevant authorities in the broadest sense and/or with third parties and, where necessary, sending them some User and/or Client data.
These obligations fall mainly within the following legal and regulatory areas:
- Obligation to comply with all legislation applicable to GFI, including in the areas of finance, tax, accounting, employment, etc. This list is not exhaustive;
- Obligation to respond to official requests from the authorities, in the broadest sense, including financial authorities, tax authorities and legal authorities, whether local or foreign. This list is not exhaustive;
- Consumer protection obligations;
- Where applicable, identification obligations relating to anti-money-laundering regulations in the broadest sense.
As described above, the list of legal and regulatory areas that may require GFI to process User and/or Client data is not exhaustive and is subject to change.
5.2. Performance of (pre)contractual obligations
User and/or Client data is also processed in response to a request from a User and/or Client, including in connection with the conclusion, interpretation, confirmation and performance of a contract, in the broadest sense, with GFI.
In this context and by way of example, GFI processes User and/or Client data in order to:
- Respond to requests from Users and/or Clients;
- Make requests to Users and/or Clients in connection with the contract, in the broadest sense, that they have entered into or are negotiating with GFI;
- Create a database of potential clients;
- Assess the opportunities and estimate the risks of a contract;
- Determine the conditions and guarantees to which conclusion of the contract should be subject;
- Perform any contract, in the broadest sense, with GFI.
More specifically, GFI processes User and/or Client data in connection with the performance of contracts as follows (this list is not exhaustive):
- Management of requests and orders for services;
- Delivery of products;
- Performance of services;
- Monitoring of products and services;
- Central management of Clients and/or Users;
- Invoicing of products and services;
- Collection and analysis of all data relating to Client and User satisfaction;
- Data processing operations, of various kinds, including in order to take account of GFI’s general administrative and accounting obligations.
5.3. Legitimate general interests of GFI
Where the processing is not strictly necessary for one of the aforementioned purposes, GFI may also process Users’ and/or Clients’ personal data for other purposes relating to the pursuit of its legitimate interests.
However, in this case, GFI strives to maintain the right balance between the need to process the data and protecting Users’ and/or Clients’ rights and freedoms, including the right to privacy.
Under these circumstances, GFI shall inform Users and/or Clients of its legitimate interest and shall provide transparent information on the processing activities and on Users’ and/or Clients’ rights.
In this context, GFI may process personal data in order to:
- Customise GFI services and products;
- Train GFI staff;
- Plan for the monitoring of tasks, workload, services, etc.;
- Ensure and guarantee the protection of people and property, and combat fraud or attempted intrusion, abuse or other crimes;
- Preserve evidence for the period provided for by law;
- Defend and protect the rights of GFI and those it represents before the courts and any other competent authorities;
- Improve its services and ensure the monitoring of its activities;
- Analyse all data relating to Client and User satisfaction (including opinions, experience, etc.). In this context, GFI may directly or indirectly disclose this data to external service providers (including, but not limited to, Skeepers (Avis Vérifiés) to carry out surveys and take into account Clients’ and/or Users’ opinions, Mailjet and MindBaz to send emails, and AllmySMS to send text messages).
- Improve the use of its Website through cookies that enhance the User and/or Client experience, as detailed in Article 10 below;
- Analyse a past event or other historical research.
This list of the legitimate interests of GFI is not exhaustive and is subject to change.
5.4. Legitimate special interests of GFI: advertising and direct marketing
GFI may segment Users and/or Clients in order to offer relevant products and services that take into account their personal and professional situation.
For these purposes, GFI may:
- Assess behaviour when visiting the Website or at events, trade fairs and similar activities;
- Assess our data on interaction with our clients or potential clients;
- Collect some User and/or Client browsing preferences using cookies;
- With the User and/or Client’s consent, send information, advertising or customised proposals through direct marketing or newsletters.
- SENDING AND SHARING OF PERSONAL DATA
GFI does not sell or rent Users’ and/or Clients’ personal data to third parties.
Nor does GFI disclose Users’ and/or Clients’ personal data to a third party, except in the exceptional situations described in this policy.
GFI shares Users’ and/or Clients’ personal data with employees who carry out work that contributes directly or indirectly to the proper performance of our services.
GFI may share your personal data with third parties who process it according to its instructions, on its name and on its behalf (including, but not limited to, data processors for the processing of personal data and external service providers (including Skeepers (Avis Vérifiés) to carry out surveys and take into account Clients’ and/or Users’ opinions, Mailjet and MindBaz to send emails, and AllmySMS to send text messages)). GFI requires these third parties to adequately ensure the integrity of your data, in terms of both privacy and retention.
GFI also shares/discloses your data in the following cases:
- Where GFI is required to do so pursuant to a legal obligation or order, in the broadest sense, issued by a government body, a supervisory authority or in connection with an investigation relating to suspected illegal activity. This list is not exhaustive;
- Where GFI acts on behalf of business partners, it may transfer your data according to their instructions and within the limits of this policy.
Where GFI is obliged to send collected personal data to third parties, it will ensure that they comply with legal obligations and safeguards for the processing of personal data. This is only an obligation of means on the part of GFI.
6.2. Transfer of personal data outside the European Economic Area (‘EEA’)
GFI stores your data within the EEA. Should GFI be required to carry out international transfers of User and/or Client data, it shall ensure an adequate level of protection under EU standard contractual clauses.
- RIGHTS OF USERS AND/OR CLIENTS
The User and/or the Client can exercise his or her rights at any time by sending a message by email to the following address: [email protected].
Once the User and/or Client’s request has been received, GFI undertakes to respond as soon as possible. More specifically, if the User and/or the Client makes a request relating to the rights referred to below, GFI undertakes to follow the instructions given within a maximum of one (1) month of receipt of the request. GFI undertakes to inform Users and/or Clients directly of the classification of the request and the processing time if this exceeds one (1) month.
7.1. Right of access
Pursuant to Article 15 of the GDPR, the User and/or the Client can obtain from GFI the right of access to his or her personal data. In addition to the right to obtain access to this data, the User and/or Client can also obtain the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- A copy of the personal data held by GFI about him or her;
- The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients based in third countries or international organisations;
- Where possible, the intended retention period or, where this is not possible, the criteria used to determine this period;
- The existence of the right to request rectification or erasure of personal data, restriction of the processing of personal data relating to the data subject, or the right to object to this processing;
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in such a case, useful information on the rationale behind this, as well as the expected significance and consequences of this processing for the data subject.
7.2. Right to rectification
Pursuant to Article 16 of the GDPR, the User and/or the Client has the right to obtain from GFI, as soon as possible, rectification of inaccurate personal data about him or her.
The User and/or the Client also has the right to ask for incomplete personal data to be completed.
Pursuant to Article 19 of the GDPR, GFI shall notify each recipient to whom the personal data has been disclosed of any rectification of personal data, unless such notification proves impossible or requires disproportionate efforts.
The Data Controller shall provide the data subject with information on these recipients should he or she so request.
7.3. Right to erasure
Pursuant to Article 17 of the GDPR, the User and/or the Client has the right to obtain from GFI, as soon as possible, erasure of personal data about him or her.
The User and/or the Client has the right to request deletion of his or her personal data when:
- He or she withdraws consent for the processing and there is no other basis for this processing;
- The personal data is no longer necessary for the purposes of the processing;
- He or she objects to processing, direct marketing or automated decision-making;
- The personal data was processed unlawfully.
Personal data may also be deleted by GFI on its own initiative in order to comply with a legal obligation imposed on GFI, including by the applicable national law, EU law and/or the law of Member States.
The foregoing paragraphs do not apply insofar as this processing is necessary:
- For the exercise of the right to freedom of expression and information;
- To comply with a legal obligation that requires processing under EU law or the law of a Member State to which the Data Controller is subject, or to perform a task in the public interest or in the exercise of official authority vested in the Data Controller;
- For the establishment, exercise or defence of rights in court.
Pursuant to Article 19 of the GDPR, GFI shall notify each recipient to whom the personal data has been disclosed of any erasure of personal data, unless such notification proves impossible or requires disproportionate efforts. The Data Controller shall provide the data subject with information on these recipients should he or she so request.
7.4. Right to restriction of processing
Pursuant to Article 18 of the GDPR, the User and/or the Client has the right to obtain from GFI, as soon as possible, restriction of processing of personal data about him or her.
If processing is restricted, GFI may, except for storage, only process it (i) with the User’s and/or the Client’s consent; (ii) for the establishment, exercise or defence of rights in order to protect the rights of another natural or legal person; or (iii) for reasons of important public interest of the EU or a Member State
The User and/or the Client may obtain restriction of the processing of his or her personal data if:
- The accuracy of the personal data is contested by the User and/or the Client, for a period of time that allows GFI to verify the accuracy of the personal data;
- The processing is unlawful and the User and/or the Client objects to erasure of the data, asking instead for its use to be restricted;
- GFI no longer needs the personal data for the purposes of the processing but it is still necessary for the establishment, exercise or defence of rights in court;
- The User and/or the Client objects to processing while an assessment is carried out into whether the legitimate reasons cited by the Data Controller override those cited by the User and/or the Client.
Pursuant to Article 19 of the GDPR, GFI shall notify each recipient of any restriction of processing, unless such notification proves impossible or requires disproportionate efforts. The Data Controller shall provide the data subject with information on these recipients should he or she so request.
7.5. Right to data portability
Pursuant to Article 20 of the GDPR, the User and/or the Client has the right to receive from GFI personal data about him or her in a structured, commonly used and machine-readable format, i.e., a format that allows the User and/or the Client to reuse his or her data. The User and/or the Client also has the right to send this data to another data controller unimpeded by GFI in the cases provided for in the GDPR.
In exercising his or her right to data portability pursuant to the aforementioned paragraph, the User and/or the Client has the right for his or her personal data to be sent directly from one data controller to another, where this is technically feasible.
The exercise of the right to data portability shall be without prejudice to the right to erasure. This right shall not apply to processing that is necessary to perform a task in the public interest or in the exercise of official authority vested in the Data Controller.
The right to data portability shall not infringe on the rights and freedoms of third parties.
7.6. Right to object
Pursuant to Article 21 of the GDPR, the User and/or the Client has the right to object to the processing of his or her personal data on grounds relating to his or her particular situation, including profiling based on these provisions.
In such cases, GFI shall no longer process personal data, unless there are legitimate and compelling reasons for the processing that override the User’s and/or the Client’s interests, rights and freedoms, or for the establishment, exercise or defence of rights in court.
Where personal data is processed for marketing purposes, the User and/or the Client has the right to object to the processing of personal data about him or her, including profiling insofar as it relates to such marketing, at any time by contacting GFI. Where the User and/or the Client objects to processing for marketing purposes, personal data shall not be processed for these purposes.
7.7. Automated individual decision-making
Users and/or Clients have the right not to be subject to decision-making based solely on automated processing, including profiling, that produces legal or similarly significant effects.
However, this right does not exist if the automated individual decision-making (i) is necessary for the conclusion or signature of the contract between GFI and the User and/or the Client; (ii) is permitted under EU or Belgian law; or (iii) GFI has obtained the User’s and/or the Client’s explicit consent.
In any event, GFI shall put in place appropriate measures to safeguard Users’ and/or Clients’ rights, freedoms and legitimate interests.
7.8. Exercising your rights
GFI shall take all necessary steps to allow Users and/or Clients to exercise their rights freely. However, if a request proves to be manifestly unfounded or excessive (for example, due to its repetitive nature), GFI reserves the right to charge a reasonable fee or to refuse the request.
To exercise his or her rights, the User and/or the Client must send a dated and signed request to GFI’s postal address or the email address given in the preamble. This request must be accompanied by proof of identity, preferably a copy of the person’s identity card.
If the request meets all the conditions, GFI is required to fulfil it within a month of its receipt. Depending on the complexity of the request, this response time may be extended by two months.
If GFI decides not to comply with the request, it shall inform the User and/or the Client within one month, giving reasons for not fulfilling the request.
The User and/or the Client can file a complaint with a supervisory authority or appeal to the court if he or she does not agree with the decision.
7.9. Right to make a complaint
The User and/or the Client has the right to make a complaint regarding the processing of his or her personal data by GFI to the competent Data Protection Authority for Belgium. More information is available on the following website: www.privacycommission.be.
The User and/or the Client can also make a complaint to the court of first instance in his or her place of residence.
- SPECIFIC RULES ARISING FROM OBLIGATIONS TO COMBAT MONEY LAUNDERING
GFI’s business involves heightened vigilance with regard to transactions carried out by its Users and/or Clients. This heightened vigilance requires it, at its sole discretion, to report suspicions of money laundering to the Financial Information Processing Unit (the ‘CTIF ’) pursuant to Articles 47 et seq. of the law of 18 September 2017 on the prevention of money laundering and terrorist financing, and limiting the use of cash (AML/CFT law).
Article 55 of the AML/CFT law prohibits disclosing whether or not such a report has been made to the CTIF.
Article 65 of the AML/CFT law states that the User and/or the Client cannot benefit directly from his or her rights:
- of access;
- to rectification;
- to be forgotten;
- to data portability,
- to object;
- not to be profiled or to be notified of security breaches.
Users and/or Clients can only exercise their rights indirectly: they are asked to contact the Data Protection Authority (hereinafter the ‘DPA’) either by post at rue de la Presse 35, 1000 Brussels, or by email at [email protected].
The DPA shall contact the CTIF, which shall decide whether or not to endorse the exercise of rights by the User and/or the Client.
- DUTY TO INFORM THE BNB OF THE CONCLUSION OF A CONTRACT
Pursuant to the law of 8 July 2018 on the organisation of a central point of contact for accounts and financial contracts, and extending access to the central database of notifications of seizure, transfer, disposal, collective debt settlement and protest, GFI is required to inform the Central Point of Contact of the existence of your contract.
The Central Point of Contact (CPC) is a register containing bank account numbers and types of contracts held by natural and legal persons, whether or not they are resident in Belgium, with financial institutions in Belgium.
9.1. Subject of the statement of information
Within the limits provided for by law, GFI is required to disclose to the CPC and keep up to date the following information:
- Particular information identifying Users and/or Clients and their representatives;
- The existence of one or more financial transactions involving cash carried out by GFI, in which cash was paid or withdrawn by the User and/or the Client or on his or her behalf, and in the latter case, the identity of the natural person who actually paid or received the cash on behalf of this client, as well as the date thereof;
- The existence or end of a contractual relationship with the client, as well as the date thereof, in relation to each of the types of financial contracts laid down by law.
9.2. Exercising your rights
The CPC is managed by the National Bank of Belgium (BNB).
Natural persons can request a free overview of the data recorded in their name with the CPC, through a duly signed and dated written request.
The applicant’s request must include the following:
- A clearly legible photocopy of the front and back of the identity card or, failing that, a replacement document, of the person signing the request;
- The necessary identifying information: surname, official first name, date of birth, full home address.
Based on the information provided, the User and/or the Client can correct or remove any errors in information provided to GFI.
Except in cases of gross negligence or fraudulent intent, GFI cannot be held responsible for providing this information as a result of a legal obligation.
10.1. What is a cookie?
A cookie (the ‘Cookie’) is data or text installed on a computer or mobile when a User and/or Client visits a website. The cookie is made up of a unique code containing a small amount of information that recognises the browser used by the User and/or the Client visiting a website and when returning to the same website. Cookies may contain information on browsing habits or allow the User and/or Client to be recognised as a visitor on his or her next visit.
Cookies usually have an expiry date. For example, some cookies are deleted automatically when the browser is closed (session cookies) while others are stored on the device for longer, sometimes even until they are deleted manually (permanent cookies). In any case, cookies are only stored for the period necessary to achieve the intended purpose.
Cookies allow for better interaction between the visitor and the Website. The information recorded on the visitor’s device is retained for the duration of the visit to our website, which allows the chosen language to be remembered so that the Website can be tailored accordingly. The recording of some data also allows for the processing of some statistical data on Users of our Website and the compilation of a user profile, which will be used to offer our visitors a more personalised browsing experience.
10.3. What types of cookies are used on https://www.goldforex.be/?
GFI draws Users’ attention to the fact that the following cookies are used when browsing its Website:
- Technical cookies: cookies that are strictly necessary for the proper functioning of the Website. These cookies cannot be disabled and their use does not require prior consent;
- Functional cookies: cookies that improve the usability of the Website by remembering some of the choices made (for example, language or region). These cookies cannot be disabled and their use does not require prior consent;
- Analytical cookies: cookies that collect information on the use of the Website (such as pages visited/features used most often by the User and/or the Client). Use of these cookies requires prior consent:
- Targeting or advertising cookies: cookies used to provide advertising that more closely matches the User’s and/or the Client’s interests, based on analysis of his or her browsing. Use of these cookies requires prior consent:
10.4. Cookie settings
Cookie settings may vary from one browser to another. You can find out how to manage them by going to the help menu of the browser used.
The User and/or the Client can reject or delete cookies by following the steps described below according to the browser:
- Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
- Microsoft Edge: Delete cookies in Microsoft Edge
- Mozilla Firefox: Enhanced Tracking Protection in Firefox for desktop | Firefox Support (mozilla.org)
- Google Chrome: Clear, allow and manage cookies in Chrome - Desktop - Google Chrome Help
- Safari: Clear cookies in Safari on Mac - Apple Support
- Opera: Web preferences - Opera Help
If the User and/or the Client decides to disable cookies, he or she can continue browsing the Website, but GFI cannot be held responsible for any malfunctioning of the Website as a result; the User’s and/or the Client’s attention is specifically drawn to this issue.
If the User and/or the Client wishes to delete cookies, the settings or preferences controlled by these cookies will also be deleted. Deleting these cookies may be detrimental to optimal browsing and the features of the Website.
- LIMITATION OF LIABILITY OF GFI
The Website https://www.goldforex.be/ may contain some links to other websites owned by third parties not linked to GFI. In this case, GFI accepts no liability for the content of these websites and its compliance with the Act and the GDPR.
The holder of parental responsibility must give his or her express consent for a child under the age of 16 to disclose personal data on the Website. GFI cannot be held responsible for collecting and processing the personal data of children under the age of 16 whose consent is not covered by that of their legal representatives. GFI shall not under any circumstances process personal data if the User and/or the Client states that he or she is under the age of 16.
GFI cannot be held responsible for the loss, corruption or theft of data caused by the presence of a virus or following cyber attacks.
- DATA RETENTION PERIOD
GFI only stores Users’ and/or Clients’ personal data for the period reasonably necessary to achieve the purposes for which this data is processed, as referred to in Article 5 above. GFI also seeks to limit the processing of personal data to that which is strictly necessary to achieve these purposes. The same applies when data is disclosed, directly or indirectly, to external service providers (including, but not limited to, Skeepers (Avis Vérifiés) to carry out surveys and take into account Clients’ and/or Users’ opinions, Mailjet and MindBaz to send emails, and AllmySMS to send text messages).
GFI makes every reasonable effort to secure your personal data.
GFI undertakes to do everything possible to ensure the security of its Users’ and/or Clients’ personal data, seeking to limit the number of people with access to this data to that which GFI deems necessary to achieve its purposes.
GFI also undertakes to put in place the measures it deems necessary to combat intrusion by third parties or undesirable persons. GFI cannot be held responsible for the consequences that may arise from breaches and omissions caused by the User and/or the Client. If data is disclosed to business partners and/or data processors, GFI undertakes to ensure that these intermediaries take appropriate measures to guarantee the security of the data.
If, despite GFI’s efforts, there is a personal data breach that poses a high risk to rights and freedoms, GFI shall immediately inform the User and/or the Client concerned, unless:
- Appropriate technical and organisational protective measures have been taken by GFI and these measures have been applied to the personal data affected by the breach;
- Further steps have been taken by GFI to ensure that the high risk cannot happen again;
- The communication would require disproportionate efforts on the part of GFI, in which case a public communication or similar measure may be sufficient.
As soon as GFI becomes aware of a breach on its part, it shall, within a reasonable time, provide you with the following information:
- The nature of the personal data breach;
- The name and contact details of the Data Protection Officer or another point of contact;
- The likely impact of the breach;
- The measures taken or proposed to be taken to remedy the breach and mitigate the negative effects.
GFIcan be contacted for any request for information, exercise of rights or complaints:
- By telephone: +32 (0)2 513 92 40
- By email:
- [email protected], or
- By post: Rue du Midi 101, 1000 Brussels
Mr Nicolas Portello