Privacy Policy

This Privacy Policy explains how the Company ("Company", "Platform", "we", "us", "our") collects, uses, and protects personal data when you use: • MyGold platform and website • Related services • Marketplace features We are the data controller for purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

We may collect and process the following categories of personal data: Account Information: • Full name • Email address • Username • Country of residence • IP address • Account login activity Transaction Information: • Order history • Payment confirmations • Billing country • Transaction IDs Note: We do not store full payment card details. Payments are processed by third-party providers (e.g., Stripe). Seller Information (Service Providers): • Legal name • Date of birth (if required for verification) • Government ID (via Stripe verification) • Payout information • Tax identification details (if required) Communication Data: • Support messages • Dispute communications • Internal platform messaging Technical Data: • Browser type • Device type • Cookies • Analytics data

We do not intentionally collect special category data (such as health data, religious beliefs, etc.). If such data is provided voluntarily, it will be processed only as necessary to resolve user requests.

We process personal data for the following purposes: • Creating and managing accounts • Facilitating marketplace transactions • Processing payments • Preventing fraud • Resolving disputes • Providing customer support • Complying with legal obligations • Improving platform security

We process data under the following lawful bases: Contractual Necessity: To perform our agreement with you. Legitimate Interests: To prevent fraud, maintain platform security, improve services, and enforce platform policies. Legal Obligation: To comply with tax, regulatory, and anti-fraud requirements. Consent: Where required (e.g., marketing communications).

We share necessary information with trusted third parties including: • Stripe (payment processing & KYC verification) • Hosting providers • Fraud prevention services • Analytics providers • Legal and compliance advisors Stripe acts as an independent data controller for payment processing and identity verification. We do not sell personal data.

Because the Platform operates globally, personal data may be transferred outside the UK. Where this occurs, we ensure: • Adequacy decisions; or • Standard Contractual Clauses; or • Equivalent safeguards to protect personal data.

We retain personal data only as long as necessary to: • Provide services • Resolve disputes • Comply with legal obligations • Prevent fraud Transaction data may be retained for up to 6 years for accounting and regulatory purposes.

You have the right to: • Access your data • Rectify inaccurate data • Request erasure • Restrict processing • Object to processing • Data portability • Withdraw consent (where applicable) To exercise your rights, contact our support team. You may lodge a complaint with the UK Information Commissioner's Office (ICO).

Users are responsible for safeguarding login credentials. We implement reasonable technical and organizational measures to protect data. However, no system is completely secure.

For Service Providers: • Identity verification may be conducted via Stripe Connect • We may retain payout history and dispute records • We may process fraud-related data to protect the Platform Failure to provide required verification data may result in suspension.

We use cookies for: • Essential platform functionality • Security • Analytics • Fraud detection You may manage cookie preferences via your browser settings.

We may send service-related communications. Marketing emails will only be sent where: • You have opted in; or • Legitimate interest applies under applicable law You may unsubscribe at any time.

The Platform is not intended for individuals under 18. We do not knowingly collect data from minors.

We may use automated systems for: • Fraud detection • Risk scoring • Transaction monitoring These systems are used to protect the Platform and users.

We may process personal data for: • Sanctions compliance • Anti-money laundering screening • Risk mitigation This may involve identity verification and transaction review.

We may update this Privacy Policy periodically. Continued use of the Platform constitutes acceptance of updates.

Data Controller: MyGold For any privacy-related inquiries, please contact our support team through the Platform or via the Help Center.