SIMODI GOLD Privacy Policy

1. Introduction

This Privacy Policy explains how SIMODI GOLD FZCO ("SIMODI GOLD", "we", "us", or "our") collects, uses, stores, shares, and protects personal data when users access or use the SIMODI GOLD mobile application, website, platform, products, and related services.

This Privacy Policy should be read together with any applicable terms, customer agreements, risk disclosures, compliance notices, and other legal documents made available through the platform.

2. Information We Collect

We may collect and process personal data needed to operate the platform, comply with legal obligations, process transactions, provide services, prevent fraud, and support customers. This information may include:

• Identity information, such as name, date of birth, nationality, identity documents, and verification records.
• Contact information, such as address, email address, and phone number.
• Verification information, such as selfie images, biometric verification data where required, KYC records, AML/CFT/CPF screening results, source of funds, source of wealth, and tax information.
• Financial and payment information, such as bank details, payment information, transaction history, order records, settlement records, and redemption records.
• Technical information, such as device information, IP address, app usage data, login activity, cookies or similar technologies, and security logs.
• Communications information, such as support requests, complaints, customer service records, compliance correspondence, and other messages sent to or received from us.

3. How We Use Personal Data

SIMODI GOLD may use personal data for the following purposes:

• To create, verify, administer, and secure user accounts.
• To perform KYC verification, AML/CFT/CPF screening, sanctions checks, fraud monitoring, risk assessment, and compliance reviews.
• To process orders, payments, purchases, sales, transfers, storage instructions, redemption requests, deliveries, refunds, and customer transactions.
• To support custody, storage, audit, reconciliation, and operational processes related to gold, silver, and other services made available on the platform.
• To provide customer support, handle complaints, respond to inquiries, and send service-related notices.
• To protect SIMODI GOLD, users, the platform, and third parties from fraud, abuse, unauthorized access, cyber threats, errors, and unlawful activity.
• To comply with applicable laws, regulatory requirements, court orders, tax obligations, audit requirements, reporting obligations, and lawful requests from authorities.
• To improve the platform, develop services, troubleshoot issues, analyze usage, and maintain platform performance.
• To send marketing or promotional communications where permitted by law and where the user has not opted out.

4. Legal and Compliance Basis

We process personal data where necessary to provide services, perform customer agreements, meet legal and regulatory obligations, protect our legitimate business interests, prevent financial crime, safeguard the platform, respond to user requests, and obtain user consent where consent is required by applicable law.

5. Sharing of Personal Data

SIMODI GOLD may share personal data with third parties where required or permitted by law, or where necessary to deliver services. These recipients may include:

• Regulators, courts, law enforcement authorities, government bodies, tax authorities, and other competent authorities.
• Banks, payment providers, card schemes, settlement providers, and financial service providers.
• KYC vendors, AML vendors, sanctions-screening providers, fraud prevention providers, identity verification providers, and compliance service providers.
• Vault providers, logistics providers, delivery providers, insurers, auditors, legal advisers, tax advisers, compliance advisers, and professional consultants.
• Cloud hosting providers, technology vendors, cybersecurity vendors, analytics providers, customer support tools, affiliates, and other operational service providers.

We require service providers to handle personal data only for authorized purposes and to apply appropriate confidentiality, security, and data protection measures.

6. Identity Verification (KYC)

We use the Sumsub SDK to perform identity verification. During the verification process, Sumsub may collect images of your face and government-issued identity documents directly through its SDK. This information is used solely for identity verification, fraud prevention, liveness detection, and compliance with applicable legal and regulatory requirements.

Our application does not directly collect or store these face images. The information is processed by Sumsub in accordance with its Privacy Notice and retained according to applicable legal and regulatory requirements and our configuration with Sumsub.

7. International Data Transfers

Personal data may be transferred outside the United Arab Emirates where necessary for cloud hosting, payment processing, compliance screening, customer support, audit, logistics, legal, regulatory, or operational purposes. SIMODI GOLD will take steps required by applicable law for cross-border transfers of personal data.

8. Data Retention

SIMODI GOLD may retain personal data for as long as required or permitted for legal, regulatory, AML, tax, audit, security, dispute, enforcement, operational, and business purposes. Retention periods may vary depending on the type of information, the reason for processing, and applicable legal or regulatory requirements.

Where data is no longer required, SIMODI GOLD may delete, anonymize, restrict, or securely archive the information in accordance with applicable law and internal retention procedures.

9. Data Security

SIMODI GOLD uses reasonable technical, organizational, and administrative safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction. No electronic transmission or storage method is completely secure, and users are responsible for keeping their login credentials and devices secure.

10. User Rights and Requests

Subject to applicable law, users may request access to, correction of, deletion of, restriction of, or information about the processing of their personal data. Users may also request to update account information or withdraw consent where processing is based on consent.

SIMODI GOLD may refuse or limit a request where retention or processing is required or permitted for legal, compliance, AML, audit, dispute, regulatory, security, tax, fraud prevention, or enforcement purposes.

11. Marketing Communications

SIMODI GOLD may send marketing communications where permitted by law. Users may opt out of marketing communications by using the unsubscribe method provided in the communication or by contacting SIMODI GOLD. Service, security, compliance, and transaction-related messages may still be sent even if a user opts out of marketing communications.

12. Contact and Legal Notices

All privacy, legal, compliance, support, complaints, and official correspondence should be sent to:

13. Customer Acceptance