Published on: 2026-03-06

Gate Global Limited (“Gate Bahamas”, “we”, “us”, “our”) is committed to protecting your privacy in accordance with the applicable data protection laws.This Privacy Policy (the “Privacy Policy or “Policy”) describes our current policies and practices in relation to the collection, handling, use and disclosure of personal information through our Website, pages, features, mobile applications, API, and other online products and Services that link to this Policy (collectively, the “Platform”) or when you otherwise interact with us.It also explains how you can raise a complaint regarding a breach of applicable privacy laws, as well as how you can access the personal information we hold about you and request corrections to that information.

We encourage you to read this Policy carefully before proceeding further as it forms part of our User Agreement (which is available at https://www.gate.com/en-bs/legal/user-agreement , the “User Agreement”).Unless otherwise defined in this Policy, capitalized terms used herein have the meanings given to them in the User Agreement.

By opening an account with us and accessing or using our Platform and Services, you (a) acknowledge that you have the right, capacity and authority to accept this Privacy Policy; (b) acknowledge you have read and understand this Privacy Policy; and (c) consent to the policies and practices outlined in this Privacy Policy.

1. THE DATA WE COLLECT

We collect and process various categories of personal data at the start of and throughout the duration of our relationship with you. Some categories of personal data may be retained beyond the termination of our relationship where required by applicable law or where there is a legitimate purpose for doing so. We limit the collection and processing of information to what is necessary to achieve one or more of the lawful bases identified in this Policy.

When you register an account and/or use our Platform with us, we may ask you for the information we need to verify your identity and support the Services provided on the Platform in order to facilitate the provision of buying, selling and trading Digital Assets. This can include a broad range of information such as:

(1) Personal information: This may include full name, residential address, age, gender, signature, email address, mobile number, date of birth, nationality, passport number, driver’s license details, national identity card details, photographs, employment information, utility bills, and/or financial information to help verify your identity. We may also request supporting documentation to verify your identity, including a copy of your passport or driver’s license, together with proof of residence and/or proof of income.We collect this information to comply with applicable anti-money laundering (AML) and counter-terrorist financing regulations and to help safeguard against and report suspicious activities.

(2) Logging information: We collect log information about your use of the Platform, including the type of browser you use, app version, access times, pages viewed, your IP address, any other network identifiers, and the page you visited before navigating to our Platform.

(3) Device information: We collect information about the computer or mobile device you use to access our Platform, including the hardware model, operating system and version, unique device identifiers, and mobile network information.

(4) Activities on the Platform: We collect records of your activities on our Platform, including, any content you post, your account details, the time, value and type of currency or cryptocurrency, pricing of any purchase, sale or transaction made and the payment method.

(5) Location information: In accordance with your device permissions, we may collect information about the precise location of your device.

(6) Information Collected by Cookies and Other Tracking Technologies: We use different technologies to collect information, including cookies and web beacons.

(7) Transaction Information. Transaction information as you use our Services, including deposit snapshots, account balances, trade history, order activity and distribution history, bank account number, identification data of e-wallet, amount of fiat currency or cryptocurrency involved in the transaction, and account statement.

(8) Financial Information. Your bank account, e-wallet information, credit/debit card information (including the card number, expiry date and CVC), tax identification number, transaction history and trading data.

(9) Information collected in accordance with the requirements of the laws. Results from Politically Exposed Persons (PEP) Screening & Sanction screening, any additional personal data required for proving Source of Funds (e.g. employment contract, certificate of inheritance, etc.), data on the management structure and business activity, etc.

2. HOW DATA IS COLLECTED

We collect your personal data in the following manner:

(1) Information you provide to us directly when contacting us;

(2) Information we receive from third parties, such as third-party service providers;

(3) Information acquired by us during the course of our relationship and dealings with you;

(4) Information collected through the use by you of our website, platforms and applications; and

(5) Information gathered from publicly available sources.

3. LEGAL BASES FOR THE PROCESSING OF YOUR DATA

To process personal data, we need a valid lawful basis under the applicable data protection laws which will justify the processing. The purposes for which your personal data is collected and processed include the following:

Contractual necessity

This lawful basis applies to most of our processing activities in relation to personal data belonging to our customers/clients. It applies both during the pre-contractual stages of our relationship (when you are signing up) as well as once the contractual agreement(s) are in place.

Compliance with a legal obligation to which we are subject

We are subject to other legal obligations other than the relevant data protection laws in jurisdictions where we provide Services, which may require us to process personal data. For example, we are required to retain information in accordance with recordkeeping requirements under applicable legislation. Further we may need to carry out certain investigations, customer due diligence, and reporting for the purposes of anti-money laundering (including counterterrorist and proliferation financing) legal and/or regulatory requirements.

Legitimate interests of Gate Bahamas or a third party

We may also process your personal data where it is in our legitimate interests (or the interests of a third party) to do so, provided that those interests override your interests or fundamental rights or freedoms. There may be cases where your interests and fundamental rights could override our legitimate interests. This may happen in cases where personal data are processed in circumstances where you do not reasonably expect further processing. We will always need to (i) identify a legitimate interest (ii) show that processing is necessary to achieve it, and (iii) balance it against your interests, rights and freedoms. Some non-exhaustive examples of situations where we may seek to pursue legitimate interests are:

(1) for marketing purposes;

(2) for the exercise, establishment or defense of legal claims; and

(3) to prevent fraud.

Consent

We rarely rely on your consent to process your personal data, as usually another lawful basis will be more suitable. Where we do seek to rely on your consent, we will always ensure that this consent is fairly obtained by clearly informing you about why your consent is needed. We will usually require that you provide your consent through a clear, affirmative action such as ticking a box, toggling/swiping a button or switch on our website or on a mobile application, signing your name or other suitable method that can clearly evidence your consent. Non-exhaustive examples of when we may need your consent are:

(1) to enable a feature on a mobile device application; or

(2) to enable us to place cookies and similar technologies.

4. USE OF YOUR PERSONAL DATA

We may use the personal information that you provide, or which is collected by us in accordance with this Policy and relevant laws, to:

(1) provide you with our Services;

(2) verify your identity and carry out checks that we are required to conduct by applicable laws and regulations, including without limitation, “know your client”, anti-money laundering, fraud, sanctions and politically exposed person (PEP) checks;

(3) contact you on matters related to your account, including, to request any additional information or documentation;

(4) provide you with notices related to your account, general updates, market updates and other marketing materials, including, the Services offered by Gate Bahamas - You may opt out of receiving marketing communications at any time by notifying us that you wish to unsubscribe;

(5) tailor the products and Services offered through the Platform to you, including without limitation, to perform any suitability or appropriateness assessments for using our Services and/or products;

(6) enable us to manage your ongoing requirements and our relationship with you, for example, to process transactions, troubleshoot a problem, prevent or investigate illegal or potentially illegal activities - Communications may be delivered electronically unless you tell us that you do not wish to receive electronic communications;

(7) customize and improve our Platform;

(8) assess your risk score according to parameters determined by us;

(9) assess whether you qualify as a professional client, wholesale client, institutional client or other specific category of clients;

(10) prevent criminal or fraudulent activities, including fraud, money laundering, market manipulation, or other unlawful conduct

(11) enforce/defend our rights;

(12) meet our internal policy requirements;

(13) market our products to you;

(14) maintain administrative records relating to our business;

(15) set up security measures to secure your account, including without limitation, to carry out two-factor authentication;

(16) respond to court orders, applicable laws and regulations, and requests from governmental authorities; or

(17) carry out other reasonably expected business purposes as permitted by law or when required to comply with our legal obligations.

5. INCOMPLETE AND INACCURATE INFORMATION

If you do not provide us with some or all of the information that we ask for, we may not be able to verify your identity and as such you may not be able to open an account with Gate Bahamas and use our Platform. You can provide and update your information at any time by visiting the “Account” page in our Platform. We recommend that you update your profile in your account regularly, to ensure that the functions offered to you are appropriate for your current circumstances. You may have to update such information upon our request, if we consider the information provided as untrue, incorrect, incomplete and/or inconsistent with other information provided by you at any time. You acknowledge that we may rely upon such information and that you are responsible for any damages or losses which may result from any inaccuracies, including without limitation, the inappropriateness of our Services to you.

6. SHARING OF INFORMATION

We will not share the personal information we hold about you except that such information is shared in the following circumstances:

(1) between and among our internal corporate entities and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership including their respective contractors, affiliates, employees or representatives;

(2) with professional advisors, vendors, consultants, and other service providers, such as transaction service providers, IT hosting companies, banks, other financial institutions and credit reference agencies who need access to such information to carry out work on our behalf;

(3) in connection with, or during negotiations of, corporate transactions involving Gate Bahamas, including any merger, sale of company assets, financing or acquisition of all or a portion of our business or assets by another company;

(4) in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by law enforcement agencies and authorities, officers, regulators or other third party to comply with national security, law, court order, subpoena or government requests; or

(5) if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property, and safety of us or others.

7. SECURITY AND INTEGRITY OF INFORMATION

We strive to ensure the security of your personal information and information that we collect related to you or your activities on our Platform. We protect your personal information by using data security technology and using tools such as firewalls and data encryption. We also require that you use a personal username and password every time you access your account online.As set out in our User Agreement, you must not share your password with anyone else.

Where it is necessary for us to share your personal information with a third party, we will ensure that third parties only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties on a need-to-know basis who are subject to contractual confidentiality obligations.They will only process your personal information on our instructions.

We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

8. FOR RESIDENTS WITHIN THE EUROPEAN ECONOMIC AREA (EEA)

The following provisions apply only to individuals located in the European Economic Area (EEA) or where required under applicable data protection laws such as the General Data Protection Regulation (GDPR).

For the personal data protected by General Data Protection Regulation (GDPR), you have a series of legal rights related to the personal data you keep on our Platform, including:

(1) Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

(2) Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

(3) Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

(4) Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

(5) Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

(6) Request the transfer of your personal information to another party.

9. You have a right not to be subject to a decision based solely on automated processing (i.e., by computers and without human intervention), including profiling, which produces legal effects concerning you or similarly significantly affects you.

If you reside in the EEA and have a concern about our processing of your personal data that we are not able to resolve through our internal resolution process, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: http://ec.europa.eu/justice/data-protection/article- 29/structure/data-protection-authorities/index_en.htm.

We will assess all requests and complaints we have received and provide you with responses within a reasonable timeframe. We may ask you to provide a valid copy of the identity document so that we can fulfill our security obligations and prevent unauthorized data disclosure. We have the right to charge you a reasonable administrative fee if your request for access to data is clearly unfounded or out of our obligation, or if you request us to provide additional copies of your personal data.

To facilitate with the Services provided to customers located in the EEA, we request explicit consent for the transfer of personal data from the EEA to outside of the area. If you are an individual located in the EEA and you decline to consent to such transfer, you will no longer be able to use our Platform. You will still have the ability to withdraw your Digital Assets and fiat currency from your accounts opened with us; however, all other functionalities will be disabled.

10. DATA RETENTION

We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security.

We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements. We will not retain your personal data in a form which permits the identification of the data subject for longer than needed for the legitimate purpose or purposes for which we originally collected it, including for the purpose of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we will anonymize your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.

At the end of the retention period, we will securely delete or destroy data retained, and require our sub-processors or third-party suppliers to do likewise.

11. USE OF THIRD-PARTY LINKS

Occasionally, at our discretion, we may include or offer third party products or services on our Platform. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Platform and welcome any feedback about these sites. Although certain third parties may use automated decision-making tools or software, we do not use automatic decision-making or profiling when processing personal data. If this changes, we will confirm this with you and provide meaningful information about the logic involved, as well as the significance and the envisaged consequences for you.

12. TRANSFER OF PERSONAL DATA

Data we collect from you may be transferred to, and stored at, servers outside of the jurisdiction of your residence. In such cases, you consent to the transfer of your Personal Data to such jurisdiction for purposes of providing the Services to you, where personal data protection standards may differ from those in your jurisdiction. Where such transfers occur, Gate Bahamas will implement appropriate safeguards designed to ensure that personal data remains protected in accordance with applicable data protection laws.

13. COOKIES

We use technology to collect anonymous information about the use of our platform. For example, when you browse our Platform, our service providers log your server address, the date and time of your visit, the pages and links accessed, and the type of browser used. It does not identify you personally and we only use this information for statistical purposes and to improve the content and functionality of our website, to better understand our clients and markets and to improve our Services.

14. DATA BREACHES

The accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data is known as a “data breach”.Applicable data protection laws impose certain requirements on controllers to identify, assess and report data breaches in a timely manner.

Where we have to provide a notification to the relevant data protection authority, this shall be done without undue delay and in accordance with applicable data protection laws.

We undertake to inform you, when required, if your personal data is compromised and there is a high risk to your rights and freedoms as a result.

15. MINORS

(1) Our Sites, Services, and products are not directed to persons who may be defined as minors under applicable laws. If you are under 18, you must immediately cease all access to our Sites and Services. We reserve the right (but not the obligation) to request evidence at any time to verify that you are over 18 years of age. If you are under 18, or if we reasonably suspect that you are under 18 and you are unable to prove otherwise, we will delete any Personal Data we have collected unless we are legally required to retain it, and all your use of our APIs, account registrations, access to the Sites, enrollments, subscriptions, and purchases (if any) will be immediately terminated, with no refunds of any kind provided to you.

(2) For clarity, we do not knowingly collect Personal Data from minors. However, due to the nature of the internet, we are unable to determine whether individuals accessing our Sites are minors. It is therefore the responsibility of parents or guardians to ensure that minors do not access or use our Sites and/or Services, enroll in any of our events, download or access our applications, email us, or provide us with Personal Data. If a parent or guardian becomes aware that his or her minor has accessed our Sites or provided us with Personal Data, please contact us promptly at dpo@gate.com so that we may take appropriate action.

16. QUESTIONS AND COMPLAINTS AND HOW TO CONTACT US

We welcome your questions and comments about privacy. If you have any concerns or complaints, please submit a support request from the Site or email us at dpo@gate.com. Your complaint will be considered by us through our internal complaint’s resolution process, and we will try to respond with a decision within a reasonable timeframe.

17. CONFIDENTIALITY

Employees and / or authorized persons must comply with the obligations of confidentiality and keep confidential any information relating to the personal data with which they have become aware in the course of their duties, unless such information is in public in accordance with applicable laws or regulations.

18. CHANGES TO THIS POLICY

The Policy will be reviewed and updated from time to time to take account of changes to our operations or practices and, further, to make sure it remains appropriate to any changes in law, technology and the business environment.Any personal information held will be governed by our most current Policy.Your continued access to or use of the Platform constitutes your acknowledgment and acceptance of such changes to this Privacy Policy.

19. LIMITS TO YOUR RIGHT TO INFORMATION

Your right to information is limited in certain cases. The requirements to give information do not apply insofar as:

(1) the provision of information to you proves impossible or would require disproportionate effort on our part in order to provide. This is provided that we take appropriate steps as controller to protect your rights as a data subject, your freedoms and your legitimate interests, including by making information publicly available (as this Policy intends to do);

(2) obtaining or disclosure is expressly laid down by applicable data protection laws which we are subject and which provides appropriate measures to protect your legitimate interests;

(3) the personal data must remain confidential subject to an obligation of professional secrecy regulated by applicable laws (such as statutory obligations of secrecy); or

(4) you already have the information.

20. LANGUAGES

This Privacy Policy may be posted in different languages. If there are any discrepancies, the English version shall prevail.

21. GOVERNING LAW

(1) This Privacy Policy shall be governed by and construed in accordance with the laws of the Commonwealth of The Bahamas. In the event of any disputes arising from this Privacy Policy or your use of the Platform (the “Dispute”), you must first contact us at dpo@gate.com regarding your concern and use your best endeavors to amicably settle any dispute in good faith. Both parties agree to use reasonable efforts to resolve the dispute amicably. If the Dispute cannot be resolved within thirty (30) days, it shall be finally resolved by arbitration seated in the Commonwealth of The Bahamas, in accordance with the UNCITRAL Arbitration Rules. The arbitration shall be conducted by a single arbitrator and the language of the arbitration shall be English.

(2) The parties further agree that following the commencement of arbitration, they will attempt in good faith to resolve the Dispute through mediation.

Any settlement reached in the course of the mediation shall be referred to the then-seating arbitral tribunal and maybe made a consent award on agreed terms.

(3) If you have any questions regarding this Policy or your personal data, please contact us at dpo@gate.com .