General data protection regulation






You have signed or are considering signing an agreement relating to our activity with us or one of our employees. In this context, you are entitled to know the conditions under which your personal data are processed and to monitor their use. The concept of personal data is broad and includes any type of information about you, as a directly or indirectly identifiable individual. This policy is intended to provide you with the necessary information on this subject.

In this document, "G.F.I." or "we" refers to the public limited company GOLD AND FOREX INTERNATIONAL having its registered office at Rue du Midi 101 at 1000 Brussels, Belgium. This company is legally responsible for the processing of your personal data and includes all our employees and agencies active on Belgian territory.

G.F.I. wishes to provide you with clear and transparent information on its practices and rules for the protection of data collected about its prospects and customers ("you"), in accordance with applicable legislation, including European Regulation 2016/679 of 27 April 2016 on the protection of personal data ("GDPR") and any other national laws or regulations applicable to the processing of personal data or the protection of privacy.

1.         The role of G.F.I. as controller

The entity responsible for processing your data is GOLD AND FOREX INTERNATIONAL, a public limited company with its registered office at Rue du Midi 101 at 1000 Brussels, Belgium, acting through its employees and office.

You can contact us at the following postal address: Rue du Midi 101 at 1000 Brussels (Belgium) or via

As the controller, we independently and autonomously determine the means and purposes of processing your data.

2.          What data do we process and use?

We collect and process your personal data solely for the purposes described in this policy. As part of our contractual or pre-contractual relationship, or when you visit our website, we may collect the following personal data from you:

Categories of data

Examples of data processed

How do we collect this data?

Contact details

Name, first name, physical and virtual address, telephone number, email address, date of birth

Directly from you

Identification data

Identification number (internal)

This is a code that we assign to you and which allows you to be identified in our database.

Electronic data

IP address; data relating to the use of the G.F.I. website

Cookies and contact forms




CCTV surveillance camera data

Surveillance camera data

CCTV surveillance cameras at the headquarters site


When we process sensitive personal data concerning you, we ask for your specific and explicit prior consent, unless we are otherwise authorised to process such data without your consent, in particular in order to comply with the legal and regulatory obligations and requirements to which we are subject.

3.          On what legal basis and for what purposes do we process your data?

We always process your personal data in accordance with and within the limits of the legal bases as defined by the applicable law. We also ensure that the processing of your personal data is limited to what is strictly necessary for the fulfilment and pursuit of these purposes.

  3.1.          Fulfilling our legal obligations

We must comply with numerous regulatory obligations and legal requirements. These obligations may require us to cooperate with the competent authorities and/or third parties and, where applicable, to forward some of your data to them.

These obligations lie mainly in the following legal and regulatory areas:

-          The obligation to comply with applicable tax and accounting legislation, etc.;

-          The obligation to respond to official requests from local or foreign tax and judicial authorities;

-          Obligations relating to consumer protection;

-          Where applicable, the identification obligation linked to anti-money laundering regulations.

The list of legal and regulatory areas under which we may process your data is non-exhaustive and subject to change.

  3.2.          Performance of (pre)contractual obligations

The processing of your data is carried out for the purpose of following up on a request to conclude a contract with a new customer and to carry out the contract concluded. In this context, we process your data in order to:

-          Follow up on and respond to your requests;

-          Create a prospect file;

-          Assess the opportunity and estimate the risks associated with a possible contract;

-          Determine the conditions and guarantees under which the conclusion of the contract must be conditioned.

In the context of ongoing contracts or the management of past contracts, we must implement a number of data processing processes and operations of various kinds, including to take into account G.F.I.'s general administrative and accounting obligations.

More specifically, we process your data in the context of the execution of contracts as follows:

-          The management of your requests and orders for our services;

-          The delivery of our related services;

-          The follow-up of our services;

-          Central customer management;

-          The invoicing of our services.

We may process your data for additional purposes in the context of the execution of the contract concluded.

  3.3.          Legitimate interest of G.F.I.

When the processing is not strictly necessary for one of the abovementioned purposes, G.F.I. may also process your personal data for other purposes, relating to the fulfilment and pursuit of its legitimate interests. However, in this case, G.F.I. strives to maintain a fair balance between the need to process your data and the preservation of your rights and freedoms, including the right to the protection of your privacy. In this case, G.F.I. will keep you informed of the legitimate interest we are pursuing and provide you with transparent information on processing activities and your rights.

In this context, we may process your personal data in order to:

-          Customize G.F.I. services ;

-          Train G.F.I. employees ;

-          Plan the follow-up of tasks, workload, services, etc... ;

-          Ensure and guarantee the protection of property and persons, fight fraud or attempts at intrusion, abuse or other offences;

-          Keep evidence for the legally prescribed period;

-          Defend and preserve the rights of H.S.H. and the persons it represents before the courts and tribunals and other authorities that may have jurisdiction;

-          Improve our services and monitor our activities;

-          Analyze potential competitors and business partners;

-          Improve the use of our website through the use of cookies to enhance your user experience;

-          Analyze a past event or other historical research.

This list of G.F.I.'s legitimate interests is non-exhaustive and subject to change.

  3.4.          Legitimate special interest of G.F.I. : advertising and direct marketing

We segment our clients in order to offer you appropriate services that correspond to your professional and personal situation and the services you already use.

For these purposes, we may:

-          Evaluate your visiting behaviour on our websites or at events, trade fairs and other similar activities;

-          Evaluate our interaction data with our prospects or customers;

-          Collect some of your browsing preferences via cookies.

  3.5.          Your consent to send electronic communications

Finally, we may use your personal electronic contact data, namely your mobile phone number and email address to send you information, advertisements or personalised proposals, through direct marketing actions or newsletters. In this case, G.F.I. will first request your specific consent.

4.          With whom and how do we share your data?

G.F.I. does not sell or rent its customers' personal data to third parties. We also do not disclose your personal data to any third party, except in the situations described in this policy.

We share your personal data with the employees who perform actions that allow us to perform our services properly.

We may share your personal data with third parties who process it according to our instructions, in our name and on our behalf. We require these third parties to treat and commit to guarantee the integrity of your data in an appropriate manner, both in terms of confidentiality and storage.

We also share/disclose your data in the following cases:

  1.        When we are required to do so by a legal obligation or injunction, whether from a government agency, a regulatory authority or in the course of an investigation into suspected illegal activity;
  2.        When we act on behalf of business partners, for example, under insurance contracts, we may transfer your data in accordance with their instructions. 

In all cases, we always ensure that the third party only has limited access to the personal data necessary to perform the required tasks.

5.          Transfer of personal data outside the European Economic Area (EEA)

We store your data within the EEA.

If we need to transfer your data internationally, we will guarantee your data an adequate level of protection by applying European clauses and standards.

6.          What are your rights?

  6.1.          Within the limits provided by applicable legislation, the GDPR provides that you have the following rights:

-          the right to ask us to provide you with copies of the personal data we hold about you at any time, including the right to ask us: whether we process your personal data, for what purposes, the categories of data, the recipients with whom your data is shared;

-          the right to ask us to update and correct any obsolete or incorrect personal data we hold about you;

-          when we seek your consent, the right to withdraw your consent if such consent has been given;

-          the right to delete your personal data when the conditions of Article 17 of the GDPR have been met;

-          the right to restrict processing when the conditions of Article 18 of the GDPR have been met;

-          the right to data portability to the extent that the conditions of Article 20 of the GDPR apply to you;

-          the right to object to the processing of personal data concerning you, provided that the conditions set out in Article 21 of the GDPR have been met;

-          the right to opt out of any direct marketing communication we may send you (with your consent);

-          the right to submit a complaint to the Data Protection Authority either by post at Rue de la Presse 35 in 1000 Brussels, or by e-mail to or by telephone to +32 2 274 48 00.

  6.2.          G.F.I.'s activity involves increased vigilance with regard to the transactions carried out by our clients. This increased vigilance requires us to report suspicions to the Financial Intelligence Processing Unit (C.T.I.F.) at our sole discretion, in accordance with articles 47 et seq. of the law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the limitation of the use of cash (BC/FT law).

Article 55 of the BC/FT law prohibits us from disclosing to you whether or not such a declaration has been made with regard to C.T.I.F.

Article 65 of the BC/FT Act specifies that you cannot directly benefit from your rights of access, rectification, forgetting, data portability, objection or your right not to be profiled or to be notified of security breaches.

Your rights are exercised indirectly: G.F.I. invites you to contact the Data Protection Authority (D.P.A.) either by post at rue de la Presse 35 in 1000 Brussels, by e-mail at or by telephone at +32 2 274 48 00.

The A.P.D. will contact the C.T.I.F., which may or may not approve the exercise of your rights.

If you would like further information on the exercise of one of your rights mentioned above, you can contact us as follows:

  •          by phone on +32(0)2/ 550.21.58
  •          by email

 6.3.          As from 1 January 2020, G.F.I. is required, in accordance with the law of July 8 2018 relating to the organisation of a central contact point for financial accounts and contracts and relating to extending access to the central file of notices of seizure, delegation, assignment, collective debt settlement and protest, to inform the Central Point of Contact of the existence of your contract.

The Central Point of Contact (CPC) is a register of the bank account numbers and all types of contracts held at financial institutions in Belgium by both resident and non-resident natural or legal persons.

                Purpose of the information record

Within the limits provided by law, G.F.I. is obliged to communicate and update the following data to the CPC:

1° the identification data of the client and his representatives;

2° the existence of one or more financial transactions involving cash carried out by G.F.I., by which cash has been deposited or withdrawn by or on behalf of the client and, in the latter case, the identity of the natural person who actually deposited or received the cash on behalf of the client, as well as the date;

3° the existence or termination of a contractual relationship with the client, as well as its date, with respect to each type of financial contract listed by law.

                Purpose pursued

The data communicated to the CPC may, inter alia, be used for tax investigations, the investigation of criminally punishable offences and the fight against money laundering and the financing of terrorism and serious crime, subject to the conditions imposed by law. The National Bank of Belgium keeps records for two calendar years of the requests for information sent to it for these purposes.

                Retention period

The law imposes an extended retention period of 10 years following the communication of the data.

                Exercising your rights

The CPC is managed by the National Bank of Belgium (NBB).

Natural persons may request a free overview of the data registered in their name with the CPC, by means of a written request, duly dated and signed, which must be addressed to:

National Bank of Belgium

Central Point of Contact

Boulevard de Berlaimont 14

1000 Brussels


The applicant's file must contain the following elements :

§1 a clearly legible two-sided photocopy of the identity card or, by lack of identity card, of a replacement document, of the person signing the application;

§2 the necessary identification data: official surname and first name, date of birth, full address of domicile.

On the basis of the information provided, the customer has the possibility to have any errors communicated to G.F.I. corrected or eliminated.

Except in the case of gross negligence or fraudulent intent, G.F.I. cannot be held responsible for having provided this information, as this is a legal obligation.

7.          Right to object to direct marketing

We ask for your consent to send you commercial information, advertising or personalised proposals (through direct marketing or electronic newsletters).

You have the right, if you do not wish to receive or no longer want us to send you such communications, to oppose the processing of your data for direct marketing purposes. In this case, we will stop processing your data for direct marketing purposes. Your request will be processed as soon as possible.

If you wish to exercise the abovementioned rights, you can contact us as follows:

  •          by phone at +32(0)2/ 481.10.65
  •          by email to :

8.          How long do we store your personal data?

We will not store your personal data beyond the time necessary to achieve the purposes for which the data are processed.

In accordance with the principles set out below, we will delete personal data as soon as it is no longer necessary to fulfil the purposes described in this privacy policy, unless its retention is necessary for other fundamental purposes, including but not limited to fulfilling our legal obligations, handling complaints or settling disputes.

The personal data of customers are kept by G.F.I. for at least the duration of the contract we have with you and a period of 10 (ten) years after the end of the contractual relationship. The end of the contractual relationship is presumed to begin the day after the last operation/order placed with G.F.I.

The data storage period is suspended as long as the defence and enforcement of G.F.I.'s rights is necessary in the context of legal proceedings.

9.          How do we protect your personal data?

We take appropriate technical and organisational measures to guarantee and protect your personal data against any unauthorised or illegal processing and against accidental destruction, loss, access, abuse, damage and any other illegal form of processing of the personal data in our possession.




                                                                                                                              Last updated on 08.10.2019