Privacy Policy
This Privacy Policy (hereinafter - “Policy”) explains how GTT Technologies Limited, a private company limited by shares incorporated under the laws of the British Virgin Islands with its registered office at Intershore Chambers, Road Town, Tortola, British Virgin Islands, registered under number: 2180362 (hereinafter - “GTT”, “Company”, “we”, “us”, or “our”), collects, uses, stores, and protects your personal data when you access and use our web-based gamified trading simulation platform available at https://gtt.trade (hereinafter - “Platform”).
We are committed to protecting your privacy and handling your personal data in a lawful, fair, and transparent manner.
This Policy has been developed in accordance with the Virgin Islands Data Protection Act, 2021 (hereinafter - “DPA”), which governs the processing of personal data in the British Virgin Islands.
This Policy applies to all Users of the Platform, including those who register an account, participate in Tournaments, submit entry fees, claim rewards, or interact with the Platform in any other way (hereinafter - “User”, “you”, “your”). It also governs the data practices applicable to all visitors of the Platform, regardless of their country of residence or legal status as a User.
We encourage you to read this Policy carefully and in full. By accessing or using the Platform, you confirm that you have read, understood, and accepted the practices described herein. If you do not agree with any provision of this Policy, you should refrain from accessing or using the Platform or any related services. For any questions or concerns regarding this Policy or our data handling practices, please contact us at support@gtt.trade.
1. Definitions
For the purposes of this Policy, the following terms shall have the meanings set out below:
- “Platform” means the website operated by GTT that enables Users to register, participate in gamified trading Tournaments, and access other services provided by the Company.
- “User” means any natural person who visits, accesses, registers on, or otherwise interacts with the Platform.
- “Personal Data” means any information relating to an identified or identifiable natural person, as defined under applicable data protection law, including but not limited to name, email address, identification documents, device information, IP address, and payment details.
- “Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, storage, use, disclosure, transfer, or deletion.
- “Data Controller” means a person who either alone or jointly or in common with other persons processes any Personal Data, or has control over, or authorises the processing of any Personal Data, but does not include a data processor.
- “Applicable Law” means all data protection and privacy laws that apply to the Processing of Personal Data under this Policy, including the DPA and other applicable legal acts.
- “Services” means all features, functions, Tournaments and Challenges, content, and technologies made available to Users through the Platform.
2. Scope and applicability
This Privacy Policy applies to all Users who access, browse, register on, or otherwise use the Platform, including those who create or maintain a User Account, participate in trading Tournaments or Challenges, make Entry Fees or claim rewards, interact with customer support or submit data via contact forms, or otherwise engage with the services and features offered by the Company.
This Policy also applies to Users of the Platform who may not have registered an account, but whose data may be collected through cookies, analytics tools, or other technical means.
This Policy forms an integral part of the Company’s Terms of Use Agreement and should be read together with it. Capitalized terms not otherwise defined in this Policy shall have the meaning given to them in the Terms of Use Agreement.
Your Personal Data will only be processed in accordance with this Policy where there is a valid legal basis for such processing. In cases where consent is required by law (e.g., for marketing communications or non-essential cookies), we will seek your explicit consent through a clear affirmative action, such as ticking a checkbox or clicking “I Agree”.
By ticking the relevant checkbox during registration or other interactions with the Platform, you confirm that you have read and agree to this Privacy Policy.
3. Principles of Personal Data processing
GTT Ltd is committed to processing all personal data lawfully, fairly, securely, and in full compliance with the principles set out in the DPA. The following principles guide our approach:
- Lawfulness, fairness and consent. We only process Personal Data: with the express consent of the data subject; or where the processing is necessary for the performance of a contract, to comply with legal obligations, protect vital interests, or for any other lawful basis as provided by law.
- Purpose limitation. Personal Data is collected for specified, explicit, and legitimate purposes and shall not be further processed in a way incompatible with those purposes.
- Data minimisation. We ensure that all Personal Data collected is adequate, relevant, and not excessive in relation to the purposes for which it is processed.
- Notice and transparency. Users are informed, prior to or at the time of collection, about: the purpose and legal basis of processing; whether providing data is mandatory or voluntary; their rights to access, correct, or delete data; the categories of third parties to whom their data may be disclosed.
- Right to withdraw consent. Where processing is based on consent, Users may withdraw their consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Use and disclosure limitation. Personal Data will not be disclosed to any third party without the User’s consent, except: where required or permitted by law; where the disclosure is directly related to the original purpose of collection.
- Security and confidentiality. We adopt appropriate technical and organisational measures to safeguard Personal Data against loss, misuse, unauthorized access, alteration, or destruction. These include: secure data storage systems; access controls; reliability and training of staff; secure data transfer protocols.
- Processor Due Diligence. When engaging third-party processors, we ensure they: provide adequate technical and organisational safeguards; are contractually bound to process data only under our instruction.
- Retention limitation. Personal Data will not be kept longer than necessary. Once no longer required, data will be securely deleted or anonymised unless retention is required by law.
- Data accuracy. We take reasonable steps to ensure that Personal Data is accurate, complete, and up-to-date, especially before it is used or disclosed.
- Access and correction. Users have the right to: access their Personal Data; request correction of any inaccurate or outdated data, unless a legal exemption applies.
4. Legal basis for processing Personal Data
We process your Personal Data only where such processing is lawful, necessary, and proportionate, in accordance with the DPA.
Depending on the context, we rely on one or more of the following legal bases:
- Performance of a contract. We process your Personal Data as necessary to enter into and perform a contract with you. This includes: registering and maintaining your User Account; processing your Entry Fee and enabling participation in Tournaments; calculating scores, rankings, and prize eligibility; communicating Tournament outcomes and fulfilling prize distributions. Without this data, we would not be able to provide our services via the Platform.
- Compliance with legal obligations. We may process your data to comply with legal requirements under BVI law or other applicable laws, including: anti-money laundering (AML) and counter-terrorism financing (CTF) compliance; identity verification (KYC) for prize withdrawals; accounting, tax, and audit obligations; cooperation with law enforcement or competent authorities.
- Legitimate interests. We may process Personal Data where it is necessary for the purposes of our legitimate interests, provided such interests are not overridden by your fundamental rights and freedoms. These purposes may include: ensuring the security, functionality, and integrity of the Platform; detecting and preventing fraud, abuse, or cheating; analyzing usage trends and improving our services; managing internal operations and reporting. You have the right to object to such processing if it affects your fundamental rights (see Section “Your Data Protection Rights”).
- Consent. Where required by law, especially for non-essential cookies, marketing communications, and optional analytics, we will process your Personal Data only after obtaining your explicit consent. You may withdraw your consent at any time via Platform settings or by contacting us. The withdrawal of consent does not affect the lawfulness of any processing carried out prior to such withdrawal.
5. Types of Personal Data we collect
We collect and process different categories of Personal Data depending on how you interact with the Platform. These include:
We collect Personal Data that you voluntarily provide to us when registering an Account, entering a Tournament, contacting support, or otherwise interacting with the Platform. This data is used to maintain Platform functionality, improve performance, detect fraud, and provide a better user experience. This may include:
| Identification data | First name, last name, date of birth, country of residence, username or nickname |
| Contact details | Email address, phone number (if requested) |
| Payment and transaction data | Transaction identifiers, payment method, wallet address (if applicable), payout details (crypto wallet) |
| KYC and verification data (if applicable) | Where legally required (for example, for prize withdrawal compliance), we or our third-party service provider may request – scans or photos of your government-issued ID, proof of address, selfie or biometric verification, source of funds information |
When you access or use the Platform, we may automatically collect certain technical and usage data through cookies, server logs, and other tracking technologies. This includes:
| Technical data | IP address, device type and operating system, browser type and version, language and time zone, access times and referring URLs |
| Usage data | Login and logout timestamps, session duration and navigation behaviour, interactions with features (for instance, participation in Tournaments, score submissions) |
| Cookies and tracking technologies | Information collected through cookies, pixel tags, or similar technologies (see our Cookies Policy for more details) |
We may also receive Personal Data about you from third-party sources, including:
| Payment processors | We may receive confirmation of payment, payment method, or fraud risk scores from third-party payment gateways. |
| Identity verification providers | If we use external KYC/AML services, we may receive verification results, PEP/sanctions screening data, and document authenticity checks. |
| Affiliates or partners | In some cases, we may receive referral or attribution data when you access the Platform via affiliate links, partner campaigns, or third-party advertisements. |
The Company does not knowingly collect or process the following categories of Personal Data:
- Personal Data of individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor without the verified consent of a parent or legal guardian, we will take immediate steps to delete such data.
- Special categories of Personal Data, including, but not limited to: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data used for uniquely identifying an individual, data concerning health, and data regarding sex life or sexual orientation.
- Data relating to criminal convictions and offences, unless explicitly required by Applicable Law for compliance, background screening, or due diligence purposes.
- Personal Data obtained from unlawful, unauthorized, or non-transparent sources, unless the User has been duly informed and the processing is based on a valid legal basis under Applicable Law (e.g., performance of a contract, compliance with a legal obligation, or legitimate interest).
If you believe that we have collected or are processing any such categories of Personal Data in breach of Applicable Law, please contact us at support@gtt.trade, and we will promptly investigate and take appropriate remedial action, including erasure where warranted.
Should we be required to process any of the aforementioned categories of Personal Data in the future, we will do so only with your explicit, informed consent, in accordance with Applicable Law.
6. Purposes of using Personal Data
We use your Personal Data only for specified, explicit, and legitimate purposes. The legal bases for such processing are described in Section "Types of Personal Data we collect" above.
Below is a comprehensive description of the purposes for which we process your data:
| To register and manage your User Account | We use your Personal Data to:
This processing is necessary to perform our contract with you and ensure the proper functioning of your account. |
| To enable participation in Tournaments | We process Personal Data to:
This is essential to deliver the core functionality of the Platform and operate the skill-based competitions. |
| To process payments and distribute prizes | We use your data to:
This processing is necessary for contract performance and to comply with financial regulations. |
| To verify identity and comply with AML/CFT requirements | We process Personal Data for:
This processing is based on our legitimate interest in ensuring a compliant and secure Platform. AML/CTF verification is carried out for withdrawal. |
| To prevent fraud and ensure Platform security | We use Personal Data to:
This is based on our legitimate interest in safeguarding Platform operations and User trust. |
| To provide customer support and resolve disputes | We may process your data when you:
This processing helps us respond appropriately and document interactions for quality and legal purposes. |
| To conduct analytics and improve the Platform | We use technical and behavioural data to:
This is based on our legitimate interest in improving and developing our Services. |
| To send marketing communications (with consent) | With your explicit consent, we may use your contact details to:
You may withdraw your consent at any time by using the unsubscribe link in our emails or by contacting us directly. Withdrawal will not affect the lawfulness of processing carried out prior to withdrawal. |
7. Data sharing and disclosure
We do not sell, rent, or otherwise commercially exploit your Personal Data under any circumstances.
However, to operate the Platform and provide you with Services, we may share your Personal Data with carefully selected third parties strictly on a need-to-know basis and in accordance with the DPA.
Such disclosures are limited to the following categories:
- Service Providers acting on our behalf, including: cloud hosting and infrastructure providers (to securely host and operate the Platform); communication service providers (to send you essential emails and updates); analytics partners (to understand user behaviour and improve Platform functionality); These service providers are bound by strict contractual and confidentiality obligations and act solely under our instructions. They are not permitted to use your data for their own purposes.
- Regulated third-party providers, including: payment processors (to facilitate deposits, Entry Fees, and prize disbursement); identity verification and compliance providers (to conduct KYC/AML screening when necessary for lawful purposes); These parties process your Personal Data under separate legal regimes and privacy standards. We only engage providers that demonstrate sufficient guarantees of data protection in line with BVI law.
- Legal disclosures. We may disclose your Personal Data when: required by law, regulation, subpoena, or court order; in response to a legitimate request from a government authority, regulatory agency, or law enforcement body; necessary to exercise, establish, or defend our legal rights or to protect the safety of our Users and the integrity of the Platform.
- Corporate transactions. In the event of a merger, acquisition, sale of assets, or corporate restructuring, your Personal Data may be transferred to the successor entity, provided that appropriate safeguards are implemented and the receiving party agrees to uphold privacy protections equivalent to those set out in this Policy.
Any such disclosures will be made only
- for the same or directly related purpose for which the data was initially collected;
- where the class of recipient has been disclosed to you in advance; and
- with your consent, where required by law.
We ensure that all such data sharing complies with the DPA, and we maintain records of all such disclosures where required.
8. International transfers
As a global digital platform, we may transfer your Personal Data to jurisdictions outside the British Virgin Islands, including but not limited to countries that are not subject to an adequacy decision by the local regulator.
Such transfers may occur, for example, when we engage infrastructure or cloud service providers (e.g., for data hosting or storage), communication platforms, compliance and verification tools, business partners operating outside the BVI.
We only transfer Personal Data outside the Virgin Islands when appropriate data protection safeguards are in place, or we have received valid, informed consent from the data subject.
Where no adequacy determination exists for the destination country, we ensure that appropriate safeguards are implemented, which may include:
- Standard Contractual Clauses (SCCs) or equivalent data protection agreements;
- technical and organisational security measures (encryption, access control, etc.);
- prior assessments of the local data protection and surveillance framework.
All transfers are carried out in compliance with the privacy and data protection principles (Section 3 of this Policy), and we take all reasonable steps to ensure that your Personal Data remains secure, it is processed lawfully and fairly, your rights are preserved, and you have access to effective remedies in the event of a breach.
You may contact us at support@gtt.trade for more information about specific safeguards used for international transfers or to obtain a copy of applicable contractual protections, where legally permissible.
9. Data retention
We retain your Personal Data only for as long as it is reasonably necessary to fulfil the purposes for which it was collected, or as required to comply with legal, regulatory, or contractual obligations.
The specific retention periods are determined based on the nature and sensitivity of the data, the purposes for which it was collected, the applicable legal obligations and limitation periods.
General retention periods:
- Account and profile data is retained as long as your account remains active. If you request account deletion or remain inactive for a prolonged period, we will delete or anonymise your data unless retention is required by law.
- Tournament participation, performance, and prize payout records may be retained for up to 3 years for audit, dispute resolution, and accounting purposes, unless a longer period is legally required.
- KYC/AML-related data will be retained for a minimum of 5 years from the date of termination of the business relationship or last transaction, in accordance with AML/CFT obligations under BVI law.
- Data used for analytics, fraud detection, or security monitoring may be kept for up to 12 months, unless extended retention is required due to an ongoing investigation or platform abuse.
You may request the erasure of your Personal Data, subject to exceptions (e.g., legal or regulatory obligations), request a restriction on the processing of your data, request access, correction, or withdrawal of consent, where applicable.
But please note that in some cases we may be legally obligated to retain certain information, for example: to comply with anti-money laundering rules, for defence of legal claims, or to prevent fraud or misuse of the Platform.
To exercise your rights or request account deletion, please contact us using the details provided in the “Contact information” section of this Policy.
10. Your data protection rights
You have certain rights under applicable data protection laws. These rights allow you to maintain control over your Personal Data and how it is used.
You may exercise these rights at any time by contacting us using the details provided in Section “Contact information”. We will respond to your request without undue delay and, in any case, within the time limits prescribed by law. We are committed to upholding these rights and ensuring that your Personal Data is processed fairly, transparently, and lawfully.
Right of access:
- If you believe that any of your Personal Data is inaccurate, incomplete, misleading, excessive, or irrelevant, you may request that it be corrected or amended.
- Such requests must: be in writing; specify the data concerned and the amendment requested; include the reasons for the amendment.
- We will respond to your request with a decision. If we deny the request, we will explain the reasons in writing and inform you of your right to lodge a complaint with the Information Commissioner.
Right to erasure and restriction:
- You may request that we: delete your Personal Data (where it is no longer necessary for the purposes collected, or where you withdraw consent and no other legal basis exists); restrict processing under specific conditions (e.g., pending a rectification request or where you contest the lawfulness of processing).
- Please note that certain legal or regulatory obligations may require us to retain some data even after a deletion request.
Right to object to processing for direct marketing:
- You may, at any time, instruct us in writing not to process your Personal Data for direct marketing purposes. We will comply within three business days and confirm in writing that such processing has ceased.
Right to data portability:
- Where processing is based on your consent or on the performance of a contract, and carried out by automated means, you may request to receive your Personal Data in a structured, commonly used, and machine-readable format, or to have it transmitted directly to another controller where technically feasible.
Right to withdraw consent:
- Where we rely on your consent to process your Personal Data (e.g., for optional features or marketing), you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out prior to withdrawal.
Right to lodge a complaint:
- If you believe that your rights have been violated or your Personal Data has been processed unlawfully, you have the right to lodge a complaint with the Information Commissioner in the British Virgin Islands. We encourage you to contact us first to resolve any issue informally before contacting a supervisory authority.
To protect your privacy and ensure the security of Personal Data, we are legally required to verify your identity before fulfilling any request related to your data protection rights.
Depending on the nature of your request, we may ask you to confirm basic account information (for instance, full name, email address, or date of last Platform activity), provide a signed declaration confirming your identity, or complete identity verification via secure means, such as a phone call or email validation.
We will use reasonable efforts to process your request promptly and in accordance with Applicable Laws, provided we are able to verify your identity.
11. Cookies and tracking technologies
We use cookies and similar tracking technologies to enhance your experience on the Platform, provide essential functionality, analyse usage patterns, and support our marketing efforts.
Cookies are small text files stored on your device when you visit the Platform. They help us recognize your device and remember your preferences over time.
For more detailed information about the specific cookies we use, their purpose, duration, and management options, please refer to our Cookies Policy.
12. Children’s privacy
The Platform is not intended for use by individuals under the age of 18, and we do not knowingly collect or process personal data from persons who are under this age threshold.
By using the Platform, you confirm that you are at least 18 years old or have reached the legal age of majority in your country of residence, whichever is higher.
We take children’s privacy seriously. If we become aware that personal data has been collected from a user who is under 18, we will take reasonable steps to:
- delete such data from our records;
- close the related account;
- prevent further access to the Platform by the minor.
If you are a parent or legal guardian and believe that your child has provided us with personal data, please contact us immediately at support@gtt.trade so that we can take appropriate action.
13. Security measures
We are committed to protecting your Personal Data and have implemented appropriate technical and organisational measures to ensure a level of security that is proportionate to the risks associated with our processing activities. These measures are designed to ensure the confidentiality, integrity, availability, and resilience of your Personal Data and to safeguard it against unauthorised access, accidental loss, destruction, or disclosure.
The security measures we maintain include, but are not limited to:
- Access control: User Accounts are protected by password-based authentication and, where applicable, multi-factor authentication. Administrative access is restricted to authorized personnel only.
- Data encryption: Personal Data is encrypted both in transit and at rest where technically appropriate.
- Pseudonymisation and minimisation: we minimise the amount of Personal Data collected and, where feasible, replace identifying data with pseudonyms or anonymised identifiers.
- Monitoring and logging: we maintain logs of user activity and system events for auditing, fraud detection, and security analysis.
- Business continuity and disaster recovery: we implement backup systems and business continuity procedures to ensure the availability and recoverability of data in the event of technical failure or attack.
- Internal access restrictions: access to Personal Data within our organization is strictly limited to employees or contractors who need such access to perform their job duties. All such persons are bound by strict confidentiality obligations.
In accordance with Applicable Law, we ensure that, by default, only the minimum amount of Personal Data necessary for each specific purpose is processed, stored, or made accessible.
Also we ensure that all third-party service providers who process Personal Data on our behalf implement equivalent security standards and enter into data processing agreements that meet the legal requirements.
In the event of a Personal Data breach, we will:
- notify the competent supervisory authority within 72 hours of becoming aware of the breach, if the breach is likely to result in a risk to your rights and freedoms;
- inform affected data subjects (Users) without undue delay, where the breach is likely to result in a high risk;
- document all data breaches regardless of their severity, including the facts, impact, and remedial actions taken.
The Platform may contain links to third-party websites or services that are not owned, operated, or controlled by GTT. These external websites may have their own privacy policies, terms of use, and data processing practices, which may differ from ours. We are not responsible for the content, privacy practices, or activities of any third-party websites. We encourage you to carefully review the privacy policy of each website you visit before submitting any personal data. The inclusion of a link to a third-party website does not imply endorsement or affiliation by the Company.
14. Amendments to this Privacy Policy
We may update or amend this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technological advancements. All changes will be published on the Platform with an updated “Last Updated” date at the top of the document.
If we make material changes that significantly affect your rights or the way we process your Personal Data, we will provide additional notice, such as by email or a prominent notice on the Platform.
We encourage you to review this Policy regularly to stay informed about how we protect your data.
Your continued use of the Platform after the effective date of the updated Policy constitutes your acceptance of the revised terms.
15. Contact information
If you have any questions, concerns, or complaints regarding this Privacy Policy or your Personal Data, or if you wish to exercise your data protection rights, please contact us:
Controller: GTT Technologies Limited.
Address of Controller: Intershore Chambers, Road Town, Tortola, British Virgin Islands.
Registry number: 2180362.
Email: support@gtt.trade