1. Important information
1.1 Data controller
1.2 M2 Global Wealth Limited is an international business company incorporated in and pursuant to the laws of Commonwealth of The Bahamas with registration number 209993 B.
1.3 "Data Protection Law" means Bahamas’ Data Protection (Privacy of Personal Information) Act 2003 and the data protection and privacy laws of any other jurisdiction applicable to Our Services.
1.4 "Personal Data" refers to information that enables someone to identify or contact you, including, for instance, your name, address, phone number, email address, an identification number, location data, an online identifier, or one or more elements specific to your physical, physiological, genetic, mental, financial, cultural, or social identity.
1.5 "Processing" signifies any action or series of actions carried out on Personal Data, whether by automated means or not, such as collecting, recording, organizing, storing, modifying, altering, retrieving, consulting, using, disclosing through transmission, distributing, or making available in any other way, aligning or combining, blocking, erasing, or destroying. "Processed", "Processes", and "Process" shall be interpreted accordingly.
1.6 "Services" means the services provided by M2.
1.7 Our obligations as Data Controller
As the Data Controller, subject to the Data Protection Law, We must guarantee that any Personal Data We Process are:
(a) Processed in a fair, lawful, and secure manner;
(b) used for specified, explicit, and legitimate purposes in compliance with the Data Subject's rights, and not further Processed in a manner incompatible with those purposes or rights;
(c) adequate, relevant and limited to the purposes for which they were gathered or further Processed;
(d) accurate and, if necessary, updated;
(e) stored in a format that allows Data Subjects' identification for a duration no longer than necessary for the purposes of collecting or further Processing the Personal Data; and
(f) Processed in a manner that ensures appropriate security of the Personal Data.
1.8 We are also obligated to ensure that Personal Data that is inaccurate or incomplete, considering the purposes for which they were collected or further Processed, be erased or corrected.
1.9 Data Protection Contact ("DPC")
You may contact Our DPC by email at [email protected].
1.10 Additional Supervisory Authorities
While We are located in and operate from Bahamas, We provide Our Services worldwide. As a result, We must also adhere to compliance requirements concerning the Processing of Personal Data in jurisdictions other than Bahamas. For instance, if you are situated within the European Union or European Economic Area, you may have the right to file a complaint at any time with the Supervisory Authority established under the European General Data Protection Regulation (GDPR) in your country of residence. If you are located in the United Kingdom, you may also (or alternatively) lodge a complaint with the Information Commissioner's Office (ICO) (the UK supervisory authority for data protection matters under UK GDPR ( www.ico.org.uk)).
3. What information do we gather?
3.1 We collect and Process Personal Data as outlined below.
3.1.1 We may gather Personal Data from you, such as:
(a) Full name;
(b) Home address;
(c) Contact information (phone number, email address);
(d) Birthdate and location, citizenship place, country of residence;
(e) Bank account details and/or credit card information;
(f) Your status as a politically exposed person;
(g) Source of funds & proof of residence;
(h) Passport and/or national driver's license or government-issued ID card for identity verification;
(i) Second nationality and Passport, if relevant;
(k) Transaction history and account balances related to your use of Our Services.
3.1.2 We gather information about the device you use to access your account, including hardware model, operating system and version, and unique device identifiers.
3.1.3 We record technical data about your usage of the Services, such as browser type and version, wallet identifier, wallet's last access time, the IP address used to create the wallet, and the most recent IP address used to access the wallet.
3.1.4 We may also obtain other Personal Data from third-party identity verification, market surveillance providers, sanctions screening services, service providers, regulators, or social networking sites.
3.1.5 In relation to Our Services, We may collect and maintain information about transactions you conduct in your wallet.
3.1.6 If you create a wallet through Our Services, you will generate a public and private key pair. We collect an encrypted file upon logging out of the wallet, which, if decrypted, would contain these keys and your transaction history. If you enable notifications in your Account Settings, We will collect the unencrypted public key to provide such notifications. We will not collect an unencrypted private key from you, nor can We decrypt any wallet file data.
3.2 If you give Us feedback or contact Us via email, We will collect your name and email address, as well as any other content included in the email, in order to send you a response.
3.2.1 We may collect referral URLs, your location, and blockchain analytics data related to blockchain addresses you supply. Some Personal Data used by the blockchain and Virtual Asset exchange services is public and can be viewed by others, including your public address and the type and amount of digital assets transferred. Furthermore, certain technologies, like blockchain, are immutable, meaning information, including Personal Data, cannot be removed from the ledger. If you have concerns about this use of your Personal Data, refrain from using the Services.
3.2.2 We also gather other types of Personal Data that you voluntarily provide to Us when seeking support and other Services, such as email, chat name and logs, information submitted through online forms, video conferencing service information, other contact information, or other information provided to support services personnel.
3.3 Information automatically collected by Our servers:
3.3.1 We gather certain information automatically, store it in log files, which includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data.
3.3.3 We retain information on your behalf, such as transactional data including records for trades, deposits, and withdrawals for you and the counterparty to the transaction, and other session data linked to your Account.
3.4 Information collected from third parties:
We may obtain Personal Data about you from other sources, including through third-party services like sanctions screening services and other organizations to supplement the information you provide to Us. This additional information allows Us to verify the information you have given Us and to enhance Our ability to provide you with information about Our business, products, and Services.
3.5 Failure to provide Personal Data
Where We need to collect Personal Data by law, or under the terms of a contract We have with you and you fail to provide that data when requested, We may not be able to perform the contract We have or are trying to enter with you. In this case, We may have to close your Account but We will notify you if this is the case at the time.
4. Legal basis for collecting and processing personal data
4.1 To create and secure an Account and access Our Services, you need to give Us Personal Data about yourself or other individuals. You may also give Us Personal Data about yourself or other individuals to help Us provide or improve the Services you have requested from Us.
4.2 We can only Process and use your Personal Data under Data Protection Law if We have a lawful basis to do so. We will use Personal Data when one or more of the following lawful bases apply:
4.2.1 Processing is necessary for the performance of a task carried out in the interests of the Bahamas regulator, the Board's, the Court's, or the regulator's functions or powers vested in the Data Controller or a Third Party to whom the Personal Data are disclosed;
4.2.2 Processing is required for the performance of a contract to which you are a party or to take steps at your request before entering into a contract;
4.2.3 You or the relevant Data Subject have given written consent to the Processing of that Personal Data as applicable;
4.2.4 Processing is necessary for compliance with any regulatory or legal obligation to which We are subject as Data Controller;
4.2.5 Processing is necessary for the legitimate interests pursued by Us as Data Controller or by a Third Party to whom the Personal Data are disclosed, except when such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation;
4.3 Note that where Processing is based upon your consent, then you have the right to withdraw that consent at any time, although the lawfulness of any Procesing based upon consent prior to that withdrawal will not be affected by your withdrawal of that consent.
4.3 A "legitimate interest" is when We have a business or commercial reason to use your Personal Data, provided that this is not overridden by your own rights and interests. We will consider and balance any potential impact on you (both positive and negative) and your rights before We Process your Personal Data for Our legitimate interests.
4.4 Sensitive Personal Data and conditions for processing
Personal Data revealing or concerning (directly or indirectly) is considered Sensitive Personal Data. We will only Process Sensitive Personal Data when:
4.5.1 Processing is necessary for carrying out the obligations and specific rights of the Data Controller;
4.5.2 The Data Subject has given additional written consent to the Processing of this type of Personal Data;
4.5.3 Processing relates to Personal Data which are manifestly made public by the Data Subject, or is necessary for the establishment, exercise, or defense of legal claims;
4.5.4 Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject;
4.5.5 Processing is necessary to uphold the legitimate interests of the Data Controller recognized in the international financial markets, provided the Processing is undertaken following applicable standards and except when such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation; or
4.5.6 Processing is necessary to comply with any regulatory, auditing, accounting, anti‐money laundering, or counter-terrorist financing obligations that apply to a Data Controller or for the prevention or detection of any crime.
5. How is the collected information utilized?
5.1 Be aware that we may process your Personal Data without your knowledge or consent when the law requires or allows us to do so.
5.2 Generally, the Personal Data you provide us is used to address your requests or to help us serve you better. Your Personal Data is used for the following purposes:
5.2.1 to identify you and perform identity verification via a service provider;
5.2.2 to send a welcome email verifying the email address provided during account creation;
5.2.3 to enable and secure your account creation;
5.2.4 to enhance our Site and Services administration;
5.2.5 to send administrative email notifications, such as account activity, transaction processing, security updates, or support and maintenance advisories;
5.2.6 to improve your interaction experience with our Site and Services;
5.2.7 to identify, prevent, and report potentially suspicious, fraudulent, or illegal activities;
5.2.8 to inform you of significant changes to our Client Agreement; and
5.2.9 to address your inquiries or other requests.
5.4 We may generate aggregated or de-identified records from Personal Data by omitting information (like your name) that renders the data personally identifiable to you. This is used to examine request and usage patterns, enabling us to enrich our Services' content and enhance Site navigation. We reserve the right to utilize and disclose aggregated and other de-identified information for any purpose, as well as to disclose it to third parties at our sole discretion.
5.5 We employ IP addresses to improve our Site and Services and to perform identity verification.
5.6 Data collected automatically will be utilized for administering or enhancing our Services and for other lawful purposes.
5.7 We use log file information to analyze trends, manage the Site, monitor users' movements on the Site, gather demographic data about our user base, and tailor our Services to users' needs more effectively. Except as stated in this Privacy Statement, we do not link this automatically-collected data to Personal Data.
6.1 We might offer you choices regarding the use of certain Personal Data, primarily related to marketing and advertising, subject to these Personal Data control mechanisms:
6.1.1 Our promotional offers: We may utilize your Personal Data to determine your interests according to the applicable law. This helps us identify relevant products, services, and offers for you.
6.1.2 Marketing by third parties: Following the applicable law, we may seek your explicit consent (opt-in) before sharing your Personal Data with any external company for their independent marketing purposes.
6.1.3 Opting out: In all cases (i.e., whether you opt-in to receipt of marketing, or whether we rely upon legitimate interests to provide you with marketing materia), you can request that we or third parties cease sending you marketing messages at any time by clicking the opt-out links in any marketing message or by contacting our DPC at [email protected] or our support team at [email protected].
7. How is your Personal Data shared by us?
7.1 We disclose your Personal Data as outlined below and elsewhere in this Privacy Statement.
7.1.1 Your Personal Data may need to be disclosed to law enforcement agencies, regulators, government/public officials, or other relevant third parties to comply with laws, subpoenas, court orders, or government requests, defend against claims, investigate or initiate legal action against potentially illegal or suspected illegal activities, enforce our Terms, or protect the safety, rights, and security of us, our users, or the public.
7.1.2 We may share Personal Data with our affiliated companies.
7.1.3 To provide you with the Services available through our Site, we may share your Personal Data with third-party service providers; for conducting quality assurance testing; for account creation assistance; for technical support; for identity verification; and/or for rendering other services to us. These third-party service providers are obligated not to use your Personal Data for purposes other than providing the services requested by us.
7.1.4 We may share Personal Data with business partners with whom we offer joint products or services, as permitted by law. In these cases, our business partner's name will be displayed alongside ours.
7.1.5 In connection with or during negotiations of any merger, financing, acquisition, or dissolution transaction, or proceeding involving the sale, transfer, divestiture, or disclosure of all or part of our business or assets, we may share some or all of your Personal Data with third parties. Personal Data may also be transferred as a business asset in the case of insolvency, bankruptcy, or receivership. If another company acquires our company, business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Statement.
7.1.6 Our Site may include links to third-party websites, which are governed by their respective privacy policies. We are not responsible for the privacy policies of these third-party websites, even if they were accessed using the links from our Site.
7.2 Except as stated in this Privacy Statement, we do not disclose any of your Personal Data to third parties unless required by law enforcement, court order, or to comply with legal reporting obligations.
8. Transfers outside The Bahamas
8.1 Your Personal Data may be shared within our affiliated group of companies, which are located in various global locations. This might involve transferring your Personal Data outside of the Bahamas.
8.2 Furthermore, many of our external third parties are also located outside the Bahamas, so their processing of your Personal Data will involve data transfers outside of the Bahamas.
8.3 When transferring your Personal Data out of the Bahamas, we ensure that it is afforded a similar level of protection by implementing appropriate safeguards as required by applicable Data Protection Law.
8.4 For further information on the specific mechanism used by us when transferring your Personal Data out of the Bahamas, please contact our DPC at [email protected] or our support team at [email protected].
9. Transfers outside the EEA for European-based individuals
9.1 We share your Personal Data within our affiliated group of companies, which are situated in various global locations. If you are based in Europe, this involves transferring your data outside the European Economic Area (EEA).
9.2 Additionally, many of our external third parties are located outside the EEA, so their processing of your Personal Data will involve data transfers outside the EEA. We ensure a similar degree of protection is provided to your Personal Data when transferred out of the EEA by implementing appropriate safeguards, as required by applicable law.
9.3 Please contact us if you would like more information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
10. Updating your information
11. Retention of your information
11.1 We retain your Personal Data for as long as it is needed for the purposes outlined in this Privacy Statement. The retention period will vary depending on the nature of the information and your interactions with our Site and Services. We will retain your information as long as your Account remains open or as needed to provide you access to your Account.
11.2 If you unsubscribe from our marketing communications, we will maintain a record of your email address to ensure we do not send you marketing emails in the future.
11.3 After closing your Account, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms. For example, we keep a record of transactions on our site for up to seven years to protect us from legal claims, and we will retain information associated with your Account for up to seven years after it has been closed, unless there are other legal needs to retain it for a longer period.
12. Usage of cookies, social media, advertising, and other technologies
12.2 We may also employ third-party service providers to collect information regarding visitor behaviour and demographics on our Services.
12.4 We may use third-party application program interfaces (APIs) and software development kits (SDKs) as part of our Services' functionality. APIs and SDKs may allow third parties, including analytics and advertising partners, to collect your Personal Data for various purposes, including providing analytics services and more relevant content. For more information about our use of APIs and SDKs, please contact us.
12.5 At this time, we do not respond to Do Not Track (DNT) signals, an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties.
13 Security measures taken by us
13.1 We take the protection of your Personal Data seriously and implement appropriate physical, technological, and organizational safeguards and security measures. We employ industry-standard data encryption technology and have instituted restrictions related to the storage of and access to your Personal Data.
13.2 We require sufficient guarantees from any third party processing your Personal Data on our behalf, in respect of the technical security measures and organizational measures governing the processing to be carried out. We also ensure compliance with those measures.
13.3 Please be aware that no method of electronic storage or transmission over the internet can be guaranteed to be 100% secure.
14. Your legal rights
14.1 Under certain circumstances, you have rights under data protection laws in relation to your Personal Data, as detailed below:
14.1.1 Right to access, rectify, erase, or restrict the Processing of, your Personal Data:
Upon written request and at reasonable intervals, you have the right to require and obtain from us without excessive delay or expense:
(a) written confirmation as to whether or not Personal Data relating to you are being Processed, including at least the purposes of the Processing, the categories of Personal Data involved, and the Recipients or categories of Recipients to whom the Personal Data are disclosed;
(b) an intelligible form of the Personal Data undergoing Processing and any available information regarding their source; and
(c) when appropriate, the rectification, erasure, or restriction of Processsing of Personal Data that does not comply with these Regulations.
14.1.2 Right to object to Processing:
You have the right:
(a) to object, at any time on reasonable grounds relating to your specific situation, to the Processing of Personal Data concerning you; and
(b) to be informed before Personal Data are disclosed for the first time to Third Parties or used on their behalf for direct marketing purposes, and to be explicitly offered the right to object to such disclosures or uses.
If there is a justified objection, the Processing shall no longer include those Personal Data.
14.2 To exercise any of the rights mentioned above, please contact us.
14.3 Accessing your Personal Data (or exercising any of your other rights) will not require a fee. However, we may charge a reasonable fee for requests that are clearly unfounded, repetitive, or excessive. In such cases, we may also refuse to comply with your request.
15. Information we may require from you
To confirm your identity and ensure your rights to access your Personal Data (or exercise any of your other rights), we may need to request specific information from you. This security measure ensures that Personal Data is not disclosed to anyone without the right to receive it. We may also contact you for additional information in relation to your request to expedite our response.
16. Response time
We aim to respond to all legitimate requests within 40 days.
17. Children's privacy
We do not knowingly collect or solicit information from individuals under 18 years old. If we become aware that someone under 18 has provided us with Personal Data, we will promptly delete it.
18. Inquiries and complaints
18.2 If you wish to file a complaint about how we Process your Personal Data, please contact us initially at [email protected], and we will attempt to address your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country where you live or work if you believe we have violated Data Protection Law.