Privacy Policy

Overview and Scope

This privacy policy explains how GPT trade Investments (“we”, “the platform”) collects, uses, shares, and stores personal data when you use the website https://gpt-trade-investments.org and its related services.

This document is prepared in the context of the Estonian (EU) data protection framework and describes our standard operating procedures. This is not legal advice.

Data Controller and Contact Information

Data Controller

GPT trade Investments
Address: Rävala pst 5, 10143 Tallinn, Estonia
Phone: +372 601 4827

Contact for Privacy Matters

Email: [email protected]

If you wish to submit a privacy request, please use the same email and add “Privacy Request” to the subject line.

What Data We Collect

We collect data based on the principle of minimization, limited to what is necessary for service provision, security, and fulfilling legal obligations.

Data You Provide

  • Personal and Contact Data: name, email, phone (if provided)
  • Account Data: username, password hash (not the password itself), account preferences
  • Communication Data: support inquiries, emails, chat content, complaints, and feedback

Data Generated Through Service Use

  • Device and Technical Data: IP address, browser type, device identifiers, logs, cookies (where used)
  • Usage Analytics: page views, clicks and feature usage, error messages
  • Trading/Service Activity Metadata: views of signals or analytics, settings, risk profile selections, session time (without implying the platform holds assets)

Verification and Payment-Related Data (where applicable)

If identity verification or payment is required for your specific service flow, we may process verification data and payment-related details (e.g., transaction reference, payment status). We do not describe specific methods here or promise that all functionalities will always be available.

Why We Use Data

Service Provision and Account Management

  • account creation, authentication, and access management
  • applying user settings and customizing user experience

Security and Fraud Prevention

  • monitoring logins, detecting anomalies, preventing abuse
  • service reliability and incident investigation (e.g., security logs)

Service Development and Quality

  • performance measurement, bug fixes, aggregated analysis of usage patterns

Customer Support and Communication

  • responding to inquiries, solving problems, service-related notifications

Fulfilling Legal Requirements and Obligations

  • fulfilling legal obligations and protecting legitimate interests (e.g., dispute resolution)

Legal Basis (GDPR)

We process personal data on the following grounds (depending on the situation):

  • Contract Performance: account and service provision
  • Legitimate Interest: security, fraud prevention, service development and quality
  • Consent: for example, optional cookies or marketing preferences (where you use them)
  • Legal Obligation: statutory retention or reporting obligations (if applicable)

Cookies and similar technologies

We may use cookies and similar technologies to:

  • maintain session and security settings
  • remember preferences
  • measure site usage as aggregated statistics

If we use non-essential cookies, we offer the option to manage preferences. You can restrict cookies in your browser settings; this may affect functionality.

Data sharing and recipients

We do not sell personal data. We only share data on a need-to-know basis and with contractual safeguards with the following categories:

  • IT and hosting service providers (servers, backup, monitoring)
  • analytics and performance tools (aggregated metrics, error logs)
  • customer support tools (ticketing systems, communication channels)
  • verification or payment service providers (where applicable)
  • legal and consulting service providers (disputes, claims)

Partners and third parties

If the platform allows access to market instruments through partners, certain activities may require data transfer to the partner (e.g., account linking or technical authentication). In such cases, we only share minimal data and notify you during the process, if appropriate.

International transfers

If service providers are located outside the European Economic Area, we generally use appropriate safeguards (e.g., European Commission standard contractual clauses) and implement reasonable additional security controls.

Data retention

We retain personal data only as long as necessary to fulfill the purposes:

  • account data: until the account is closed and then for a reasonable period to protect rights and retain audit trails
  • security logs: typically for a limited period to detect and investigate incidents
  • support communication: until the query is resolved and for a short period for follow-up actions

Statutory retention periods may differ for certain data categories.

Security measures

We implement technical and organizational measures that are reasonable given the nature of the service:

  • encrypted connections (TLS)
  • access control and role-based access
  • logging and monitoring
  • backup and recovery procedures
  • confidentiality obligations of employees/service providers

Your role in account security

  • use a strong and unique password
  • do not share login credentials
  • report suspicious activity as soon as possible

We cannot guarantee absolute security, but we work to reduce risks.

Your rights

Depending on the situation, you have the right to:

  • access your data
  • rectify inaccurate data
  • request erasure (if not conflicting with statutory obligations)
  • restrict processing
  • object to processing based on legitimate interest
  • data portability (where applicable)
  • withdraw consent (if processing is based on consent)

How to submit a privacy request

Steps

  • Send an email to [email protected] with the subject line “Privacy Request”.
  • Describe which right you wish to exercise (e.g., access, erasure).
  • Include necessary information to identify your account (e.g., registration email).

Identity verification

For security purposes, we may request additional verification to prevent unauthorized access.

Response Time

We typically respond within a reasonable timeframe; more complex inquiries may take longer, but we will notify you.

Children's Privacy

Services are intended only for 18+ users. We do not knowingly collect data from individuals under 18.

Changes to the Privacy Policy

We may update the policy as our service or legal requirements change. We will publish updates on the website, and in the case of significant changes, we may notify you via your account or email. By continuing to use the service after the changes come into effect, you agree to the updated terms to the extent permitted by law.

Complaints and Supervision

If you have a concern, please contact us first. You also have the right to contact the Data Protection Inspectorate in Estonia.

🇬🇧 English
🇪🇪 Estonian 🇷🇺 Russian