GMTX.EXCHANGE
GDPR Privacy Statement

Effective Date: September 13, 2025

MANDATORY NOTICE: GMTX.EXCHANGE processes personal data in accordance with the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and equivalent data-protection laws where applicable. This statement explains how we collect, use, share, and protect personal data of users located in the European Economic Area (EEA) or otherwise subject to the GDPR.

1. Data Controller

For the purposes of GDPR, the data controller is GMTX.EXCHANGE (and any designated affiliates). Contact details for data-protection inquiries will be provided upon request through the secure support channel.

2. Categories of Personal Data

We may collect and process the following categories of personal data:

• Identification data (name, date of birth, nationality, government-issued identification numbers);
• Contact data (address, email, telephone number);
• Financial data (bank account details, transaction history, blockchain wallet addresses where required for compliance);
• Verification documents submitted under KYC/KYB/AML obligations;
• Technical data (IP address, browser type, access logs, device identifiers).

3. Legal Bases for Processing

Processing of personal data is based on one or more of the following legal grounds:

• Performance of a contract (user agreement, trading relationship);
• Compliance with legal obligations (KYC/KYB/AML requirements, tax reporting, regulatory disclosures);
• Legitimate interests (security, fraud prevention, platform operation and improvement);
• User consent where expressly required (for example, marketing communications).

4. Purposes of Processing

Personal data is processed to:

• Verify identity and maintain regulatory compliance;
• Provide and improve Exchange services;
• Monitor for suspicious activity and prevent fraud, money laundering, or terrorist financing;
• Communicate important service updates or legal notices;
• Protect the rights, property, and safety of users and GMTX.EXCHANGE.

5. Data Sharing

We may share personal data with:

• Regulators, law-enforcement agencies, and Financial Intelligence Units as required by law;
• Third-party service providers performing compliance checks, identity verification, secure hosting, and technical support;
• Affiliates or successors for operational continuity, subject to equivalent data-protection safeguards.

Data will not be sold for marketing purposes.

6. International Transfers

Where personal data is transferred outside the EEA, GMTX.EXCHANGE implements appropriate safeguards such as EU Standard Contractual Clauses, adequacy decisions, or other lawful mechanisms to ensure adequate protection.

7. Data Retention

Personal data is retained for as long as necessary to fulfill the purposes set forth above and to comply with legal obligations, including AML record-keeping requirements (generally a minimum of five (5) years), unless a longer period is mandated by law.

8. Data Subject Rights

Individuals subject to GDPR have the following rights, subject to applicable limitations:

• Right of access to personal data;
• Right to rectification of inaccurate or incomplete data;
• Right to erasure (“right to be forgotten”) where legally permissible;
• Right to restriction of processing;
• Right to data portability;
• Right to object to processing based on legitimate interests;
• Right to lodge a complaint with a competent supervisory authority.

To exercise these rights, contact GMTX.EXCHANGE through the secure support channel. Requests will be verified and processed within the timeframes required by GDPR.

9. Security Measures

GMTX.EXCHANGE employs technical and organizational measures—including encryption, access controls, multi-factor authentication, and continuous monitoring—to protect personal data against unauthorized access, alteration, or destruction.

10. Confidentiality

All personal data and compliance information are treated as Confidential Information under the GMTX Terms of Service & Non-Disclosure Agreement. Unauthorized disclosure or misuse of such data by Members is strictly prohibited and may result in immediate expulsion and legal action.

11. Updates

GMTX.EXCHANGE may update this GDPR Privacy Statement to reflect legal, regulatory, or operational changes. Significant updates will be posted on the Exchange website, and continued use of the platform constitutes acceptance of any changes.

FINAL NOTICE: GDPR rights coexist with legal obligations under AML and other financial regulations. Requests for erasure or restriction may be denied where data retention is required by law or necessary to protect the rights or safety of GMTX.EXCHANGE or others.