Legal Documents

International Privacy Notice

Version 1.0GDPR · CCPA · PDPAEffective from April 1, 2025

This Notice is addressed to users outside the Russian Federation and describes how the GEXCORE platform processes personal data in accordance with applicable international data protection standards, including GDPR (EU Regulation 2016/679), CCPA (California), PDPA (Thailand), and similar national legislation.

1. Data Controller

The data controller is the GEXCORE platform. For questions related to data processing, contact: privacy@gexcore.io. Where your country's law requires appointment of a local representative or a Data Protection Officer (DPO), GEXCORE commits to appointing them upon meeting the relevant thresholds.

2. Legal Bases for Processing (GDPR Art. 6)

Consent (Art. 6(1)(a))Account registration, marketing communications, optional features

Contract performance (Art. 6(1)(b))Providing platform services, transactions

Legal obligation (Art. 6(1)(c))KYC/AML verification, tax reporting

Legitimate interests (Art. 6(1)(f))Security, fraud prevention

3. International Data Transfers

Personal data may be transferred outside your country of residence because the GEXCORE platform uses cloud infrastructure and KYC services with servers in various jurisdictions. Each such transfer is carried out under one of the following mechanisms:

EU Standard Contractual Clauses (SCCs) for transfers from the EEA
European Commission adequacy decision (where applicable)
Binding Corporate Rules (BCRs) of accredited providers
Data subject's explicit consent (for one-time transfers)

4. Your Rights Under International Standards

Depending on your country of residence, you may have additional rights provided by local law:

European Union / EEA (GDPR)

Access, rectification, erasure, restriction, objection, portability, withdrawal of consent. Right to lodge a complaint with a supervisory authority. Right not to be subject to fully automated decisions.

California, USA (CCPA/CPRA)

Right to know, delete, opt out of sale of PI. Right to non-discrimination. Right to correct.

United Kingdom (UK GDPR)

Equivalent to GDPR. Supervisory authority: ICO (Information Commissioner's Office).

Thailand (PDPA)

Access, rectification, erasure, portability, objection, withdrawal of consent.

Other jurisdictions

GEXCORE endeavors to comply with applicable local requirements. Submit a request to privacy@gexcore.io.

5. Data Retention

Data is stored no longer than necessary to achieve the stated processing purposes, unless a longer period is required by applicable law (e.g., AML requirements — at least 5–7 years in most jurisdictions). For EEA users, the minimum retention period is governed by the data minimisation principle under GDPR Art. 5(1)(e).

6. Cookies and Tracking Technologies

For users from the EEA and UK, the platform operates an informed prior consent (opt-in) policy for non-functional cookies in accordance with the ePrivacy Directive. Functional cookies necessary for platform operation are set without additional consent based on legitimate interest.

7. Automated Decision-Making

KYC verification may involve automated checks against AML lists. Where such checks produce legal consequences, users have the right to request human review of the outcome by contacting privacy@gexcore.io.

8. How to Lodge a Complaint

If you believe that processing of your data violates applicable law, you have the right to contact the competent supervisory authority in your country. Examples: CNIL (France), BfDI (Germany), ICO (UK), FTC (USA). We recommend first submitting your complaint to us at privacy@gexcore.io for internal review.

9. Updates to This Notice

GEXCORE may periodically update this Notice. Material changes will be communicated to users via email and/or a platform notification at least 30 days before the changes take effect.

Privacy Contact

Email: privacy@gexcore.io

Response time: 30 business days