GOLDJAXE
GOLDJAXE

Privacy Policy

Edition 3.0 · Last updated: 2026-06-07

011. General Provisions

This Privacy Policy (the "Policy") sets out how personal data of users of the goldjaxe.com website (the "Website") is processed and protected. The Policy is adopted in order to comply with applicable data protection law.

The scope of this Policy is limited to the goldjaxe.com website. Other resources and services operated under the GOLDJAXE brand on separate domains are governed by their own privacy policies.

Use of the Website and submission of the contact form constitute acceptance of this Policy. If the User does not agree with this Policy, the User shall discontinue use of the Website.

022. Data Controller

The data controller responsible for the processing of personal data collected through the Website is GOLDJAXE.

  • Brand: GOLDJAXE;
  • Contact email for personal data matters: privacy@goldjaxe.com.

All requests from data subjects, including requests to exercise their rights, to withdraw consent or to submit complaints, shall be sent to privacy@goldjaxe.com. Requests are processed within thirty (30) calendar days from receipt.

033. Categories of Data Subjects and Personal Data

The Controller processes personal data of the following categories of data subjects:

  • visitors of the Website using cookies and similar technologies;
  • users who have submitted an enquiry through the contact form (the "Contact Form").

The following categories of personal data are processed:

  • data submitted via the Contact Form: name (or any other identifier chosen by the User), company name, email address, the selected request category and the text of the message;
  • record of the User’s consent to the processing of personal data (checkbox state) and the timestamp of consent;
  • technical data automatically collected upon visiting the Website: IP address, user-agent string, country and region inferred from the IP address, interface language, visited pages and timestamps;
  • marketing attribution data, where present in the request: referral source and campaign parameters (UTM tags) and the page from which the request was submitted.

The Controller does not process special categories of personal data (such as data on racial or ethnic origin, political views, religious or philosophical beliefs, health or sexual life) and does not process biometric personal data.

055. Storage, Retention and Security of Personal Data

Personal data is processed using the Controller’s infrastructure and the infrastructure of the processors listed in Section 6. Given the international nature of these services, personal data may be processed and stored in more than one jurisdiction (see Section 7).

Retention periods are determined by the purpose of processing:

  • correspondence and enquiry data of Users — three (3) years from the date of the last interaction;
  • records required to be retained by applicable law — for the period prescribed by that law;
  • analytics cookies and identifiers, where enabled — for the period stated in Section 8;
  • data processed for marketing purposes — until the data subject withdraws consent.

Upon expiry of the retention period, achievement of the processing purpose or withdrawal of consent, the Controller ensures destruction of personal data within thirty (30) calendar days.

The Controller implements reasonable organisational and technical measures appropriate to the risk, including:

  • encryption of data in transit using TLS version 1.2 or higher;
  • encryption of data at rest at the storage infrastructure level;
  • role-based access control (RBAC) following the principle of least privilege;
  • multi-factor authentication (MFA) for administrative access;
  • regular backups with integrity verification;
  • use of firewalls and a Web Application Firewall (WAF);
  • maintenance of security event logs with access controls;
  • internal policies governing the processing and protection of personal data.

066. Recipients of Personal Data

The Controller engages third parties as processors acting on its instructions. Each such party is bound by a written agreement requiring confidentiality and a level of protection no lower than that maintained by the Controller.

The following processors are engaged:

  • Kommo Inc. (Delaware, United States of America) — provision of the customer relationship management (CRM) platform used to handle enquiries and communications with Users;
  • Gcore S.A. (Grand Duchy of Luxembourg, operating a global edge network) — content delivery network (CDN) and Web Application Firewall (WAF) services;
  • n8n workflow automation platform, self-hosted on GOLDJAXE-owned infrastructure — routing of enquiries and integration between internal systems.

The Controller does not sell personal data, does not share data with advertising networks for the purpose of building third-party profiles and does not disclose personal data to any other parties beyond those listed above.

Disclosure of personal data to competent authorities is carried out exclusively on the grounds and in the manner provided for by applicable law.

077. International Transfers of Personal Data

Because the processors listed in Section 6 operate internationally, personal data may be transferred across borders when Users interact with the Website.

In particular, enquiry data is processed by Kommo Inc. in the United States of America, and technical data is processed by Gcore S.A. across a global edge network with a point of presence in the Grand Duchy of Luxembourg.

Where the applicable data protection law requires a specific legal ground for an international transfer, the Controller relies on the consent of the data subject (provided upon submission of the Contact Form) or on another lawful transfer mechanism available under that law.

The data subject is entitled to withdraw consent to international transfers at any time by sending a request to privacy@goldjaxe.com.

088. Cookies and Web Analytics

The Website uses cookies and similar browser storage technologies. Cookies are grouped into the following categories:

  • Strictly necessary cookies — required for the Website to function and do not require consent. These include cookies storing the selected interface language (NEXT_LOCALE), the selected display theme, and technical cookies set by the content delivery network (CDN), where applicable.
  • Analytics cookies — collect aggregated information about traffic and on-site behaviour. Not currently used; if enabled in the future, set only with consent.
  • Functional cookies — enable enhanced features (such as remembering user preferences). Not currently used; if enabled, set only with consent.

No marketing cookies or advertising-network cookies are used by the Website.

Cookie management. The Website currently uses only strictly necessary cookies that do not require consent; analytics, functional and marketing cookies are not used, and therefore no consent banner is shown on the Website. The User may manage or delete cookies at any time through their browser settings or by clearing browser storage for the goldjaxe.com domain. Should analytics or functional cookies be enabled in the future, a consent mechanism will be implemented on the Website.

Refusal of analytics and functional cookies does not prevent the User from accessing the core functionality of the Website.

099. Rights of the Data Subject

Subject to the applicable data protection law, the data subject has the right to:

  • obtain information relating to the processing of their personal data (right of access);
  • request rectification, blocking or erasure of personal data that is incomplete, outdated, inaccurate, unlawfully obtained or no longer necessary for the stated purpose;
  • withdraw previously given consent to the processing of personal data;
  • object to processing for purposes other than those declared by the Controller;
  • lodge a complaint with the competent supervisory authority or seek a judicial remedy against acts or omissions of the Controller.

Rights are exercised by sending a written request to privacy@goldjaxe.com. The request must include information sufficient to identify the data subject (or their authorised representative).

The Controller will review the request and provide a reasoned response within thirty (30) calendar days from receipt. If the response cannot be provided within this period, the Controller will notify the data subject of the reasons for the extension.

1010. Changes to the Policy

The Controller may amend this Policy. Versioning follows the MAJOR.MINOR scheme, where an increase in the MAJOR number corresponds to material changes affecting the rights and obligations of data subjects, and the MINOR number reflects technical or editorial corrections.

Material changes will be communicated to Users via an information banner displayed on the Website prior to the effective date of the new version.

The current version of the Policy is always available at goldjaxe.com/privacy. The date of the latest update and the edition number are displayed at the top of the page.

Continued use of the Website after the effective date of an amended Policy constitutes acceptance of the new version. If the User does not agree with the amended Policy, the User shall discontinue use of the Website and may submit a request to withdraw consent and delete data via privacy@goldjaxe.com.

1111. Contacts

Contact details of the Controller for personal data matters:

  • Email: privacy@goldjaxe.com;
  • Brand: GOLDJAXE;
  • Website: goldjaxe.com.

1212. Governing Law and Jurisdiction

This Policy and any relations arising in connection with the processing of personal data are governed by the data protection law applicable to the Controller and to the data subject’s location.

Disputes arising in connection with the processing of personal data shall be resolved in accordance with the rules of jurisdiction established by the applicable procedural law. A User who qualifies as a consumer may bring a claim before the courts of their place of residence where the applicable law so provides.

If any provision of this Policy is held invalid by a competent authority, the remaining provisions shall remain in full force and effect.