This Privacy Policy explains how SMARTFINSERVICE LLC (Identification Number 405607400, Registration Number 0018-9404), a limited liability company incorporated in Georgia and licensed by the National Bank of Georgia (the "Company," "we," "us" or "our"), collects, uses, shares and protects personal data when you visit https://gecrypto.com/ (the "Website") or use any of our products and services (the "Services"). It should be read together with our Terms of Use and our AML/KYC Policy.

1. Introduction

The Company values the trust you place in us. Protecting your personal data is important to us. This Privacy Policy describes the categories of personal data we process, why we process them, on what legal basis, with whom we share them and what rights you have. We process personal data in accordance with the Law of Georgia on Personal Data Protection and other Applicable Law.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

  • Identification data — full name, date and place of birth, nationality, gender, photograph, signature, identification number, passport or national ID details.

  • Contact data — postal address, email address, telephone number.

  • Verification and AML data — copies of identity documents, proof of address, selfies and liveness checks, sanctions and PEP screening results, source-of-funds and source-of-wealth information, beneficial-ownership information.

  • Financial and transactional data — bank account details, payment card details (tokenised where possible), wallet addresses, transaction amounts, dates, counterparties and references.

  • Account data — username, password (hashed), Account preferences, communication history with us.

  • Technical data — IP address, device identifiers, browser type and version, operating system, language settings, time-zone, referring URLs.

  • Usage data — pages visited, features used, session timestamps, clickstream and similar interaction data.

  • Video monitoring data — CCTV footage captured at the entrance to our office (see Section 12).

  • Marketing and preferences data — your consent or objection to marketing communications and your preferences for receiving them.

We do not deliberately collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs or health data). If such data is incidentally provided to us, we will process it only to the extent strictly necessary and in accordance with Applicable Law.

4. How We Collect Personal Data

We collect personal data from the following sources:

  • Directly from you — when you register an Account, complete KYC verification, place an Order, contact our support team, subscribe to communications or otherwise interact with us.

  • Automatically — through cookies and similar technologies when you use the Website (see Section 11).

  • From third parties — from identity-verification providers, sanctions and PEP screening providers, blockchain analytics providers, payment-service providers, banks, public registers, fraud-prevention agencies and government or regulatory authorities.

5. Purposes and Legal Bases of Processing

We process your personal data only where we have a lawful basis to do so. The table below summarises the main purposes and corresponding legal bases under the Law of Georgia on Personal Data Protection:

  • Providing the Services — to open and operate your Account, execute Orders, process payments and provide customer support. Legal basis: performance of a contract with you.

  • Identity verification and AML/CFT compliance — to verify your identity, screen against sanctions and PEP lists, monitor transactions, detect and report suspicious activity. Legal basis: compliance with legal obligations.

  • Fraud prevention and security — to prevent, detect and investigate fraud, abuse and security incidents, and to protect the rights, property and safety of the Company, our Users and third parties. Legal basis: legitimate interests and compliance with legal obligations.

  • Service improvement and analytics — to understand how our Services are used and to improve and develop them. Legal basis: legitimate interests.

  • Marketing communications — to send you information about products, services, news and promotions. Legal basis: your consent (or legitimate interests for existing Users in respect of similar products), which you may withdraw at any time.

  • Legal claims and regulatory cooperation — to establish, exercise or defend legal claims and to respond to lawful requests from public authorities. Legal basis: legitimate interests and compliance with legal obligations.

6. Disclosure of Personal Data

We do not sell your personal data. We may disclose your personal data to:

  • Service providers and processors acting on our behalf, including identity-verification providers, blockchain analytics providers, cloud and hosting providers, payment-service providers, customer-support and communications platforms, marketing platforms and IT-security vendors. Such providers are bound by written agreements requiring confidentiality and an adequate level of protection.

  • Banks and counterparties involved in the settlement of your transactions.

  • Public authorities, including the National Bank of Georgia, the Financial Monitoring Service of Georgia, the Personal Data Protection Service of Georgia, tax authorities, courts and law-enforcement agencies, where required by Applicable Law or pursuant to a lawful request.

  • Professional advisers such as lawyers, auditors and consultants, under appropriate confidentiality obligations.

  • Successors in connection with a merger, acquisition, reorganisation or sale of all or part of our business, subject to standard confidentiality protections.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside of Georgia. When we transfer personal data internationally, we do so only to jurisdictions that provide an adequate level of data protection or on the basis of appropriate safeguards permitted by the Law of Georgia on Personal Data Protection, such as written agreements containing standard data-protection clauses or your explicit consent. You may obtain further information about the safeguards in place by contacting us at [email protected].

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting or reporting requirements. The main retention periods are:

  • KYC, AML and transaction records — at least five (5) years following the termination of the business relationship or the date of an occasional transaction, as required by Applicable Law.

  • Account and communications data — for the duration of the business relationship and a reasonable period thereafter to handle queries, complaints and legal claims.

  • Marketing data — until you withdraw your consent or object to processing.

  • Technical, usage and cookie data — in accordance with the cookie durations described in Section 11.

  • Video monitoring data — no more than one (1) month, after which it is destroyed by software (see Section 12).

When personal data is no longer needed, we securely delete or anonymise it.

9. Your Rights as a Data Subject

Subject to the conditions and exceptions provided by Applicable Law, you have the following rights in relation to your personal data:

  • Right to be informed about the processing of your personal data.

  • Right of access — to obtain confirmation of whether we process your personal data and, where we do, a copy of the data.

  • Right to rectification — to have inaccurate or incomplete personal data corrected or completed.

  • Right to erasure — to have your personal data deleted where there is no overriding legal basis for us to retain it.

  • Right to restriction of processing in defined circumstances.

  • Right to object to processing carried out on the basis of our legitimate interests or for direct marketing purposes.

  • Right to data portability — to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, where technically feasible.

  • Right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before such withdrawal.

  • Right to lodge a complaint with the Personal Data Protection Service of Georgia (see Section 16).

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before responding. We will respond to your request without undue delay and in any event within the time limits required by Applicable Law.

10. Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. These measures include access controls, encryption of data in transit, segregation of duties, secure development practices, employee training, vendor due diligence and regular review of our security posture. No system, however, can be guaranteed to be completely secure; in the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the competent authorities as required by Applicable Law.

11. Cookies and Similar Technologies

The Website uses cookies and similar technologies (such as pixels and local storage) to enable the Website to function, to remember your preferences, to analyse traffic, to enhance security and, with your consent, to deliver marketing and personalised content. We use the following categories of cookies:

  • Strictly necessary cookies — required for the operation of the Website and the Services; you cannot opt out of these.

  • Functional cookies — remember choices you make (such as language) to provide a more personalised experience.

  • Analytics cookies — help us understand how visitors interact with the Website so we can improve it.

  • Marketing cookies — used to deliver advertising that is relevant to you and to measure its effectiveness.

You can manage cookie preferences through the cookie banner on the Website and through your browser settings. Disabling certain cookies may affect the functionality of the Website.

12. Video Monitoring

Video monitoring is carried out at the entrance to our office. Monitoring is conducted for the purposes of crime prevention and detection, public safety, the protection of personal safety and property, and the protection of minors, including from harmful influence. Signage indicates the presence of video monitoring at the relevant locations. Personal data collected by video monitoring is stored for no longer than one (1) month, after which it is destroyed by software, except where it is required as evidence in legal or regulatory proceedings.

13. Children's Privacy

The Services are not directed to, and may not be used by, persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a minor without appropriate consent, we will delete that data without undue delay.

14. Marketing Communications

Where permitted by Applicable Law, we may send you marketing communications about our products, services, news and promotions. You can opt out of marketing communications at any time by using the unsubscribe link in our emails, by adjusting your communication preferences in your Account, or by contacting us at [email protected]. Opting out of marketing communications will not affect transactional or service-related communications, which are necessary for the operation of your Account.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when it was most recently revised. Material changes will be communicated to you by posting a prominent notice on the Website, by email or through your Account before they take effect. We encourage you to review this Privacy Policy periodically.

16. Contact Us and Complaints

If you have any questions, comments or concerns about this Privacy Policy or the way we process your personal data, please contact us:

If you believe that our processing of your personal data infringes Applicable Law, you have the right to lodge a complaint with the Personal Data Protection Service of Georgia. We would, however, appreciate the opportunity to address your concerns directly before you approach the supervisory authority, so we encourage you to contact us first.