Privacy Policy

1. General Provisions

1.1. This Privacy Policy governs the procedure for processing personal and other data of users of the G2R Platform.
1.2. The G2R Platform is a digital system for organizing and supporting trade and business operations involving operators and other performance participants.
1.3. This Policy applies in conjunction with:
• Platform Terms of Use
• Execution Terms

2. Data Processing Model

2.1. Data processing is carried out within a multi-stage interaction model:
• Stage 1 — Platform access and request submission (Entry Stage)
• Stage 2 — Request processing and communication (Processing Stage)
• Stage 3 — Transaction execution (Execution Stage)

2.2. Data processing is carried out taking into account the transaction structure, the participants involved, and applicable law.

3. Data Controller (Multi-Operator Model)

3.1. After a request is submitted, an operator is assigned to the user to carry out:
• request processing
• interaction with the user
• transaction support

3.2. The operator is determined based on:
• region and country of delivery
• interface language
• request parameters
• internal platform logic

3.3. The assigned operator:
typically supports the user at all stages, including transaction execution

3.4. If necessary, the operator may be changed:
• taking into account the transaction structure
• legal requirements
• logistical or compliance factors

3.5. In the event of a change of operator:
the user is notified before the relevant stage begins

3.6. Information about the operator is provided to the user:
• through the platform interface
• through communications (including chat)
• before the transaction execution begins

4. Operator Representatives

4.1. Data processing may be carried out by authorized representatives of the operator (including managers).
4.2. Such representatives:
• act on behalf of the operator
• process data within the scope of their authority
• have limited access according to roles

5. Categories of Data

Depending on the stage of interaction, the following data may be processed:

Stage 1 (Entry Stage):
• name
• contact details
• request information

Stage 2 (Processing Stage):
• clarifying information
• business data
• transaction parameters

Stage 3 (Execution Stage):
• identification data
• corporate documents
• data for compliance and verification
• payment information
• logistical information
• other data necessary for execution

6. Purposes of Processing

Data is processed for:
• processing requests
• communicating with the user
• preparing offers
• organizing and supporting transactions
• complying with legal requirements
• conducting checks (including compliance)
• risk management
• service improvement

7. Legal Grounds for Processing

Data processing is carried out (depending on jurisdiction and stage):
• based on the user’s consent (where applicable)
• for the purpose of processing the request
• for the purpose of executing the transaction
• to comply with legal requirements
• on other legal grounds

8. Data Transfer

8.1. Data may be transferred to performance participants, including:
• operators
• suppliers
• trading houses
• logistics companies
• banks and payment organizations
• payment agents
• compliance and service providers

8.2. Transfer is carried out:
to the extent necessary to achieve the purposes of processing

8.3. Access to data is based on roles and is limited by necessity.

9. Cross-Border Data Transfer

9.1. Data may be transferred between different jurisdictions solely when necessary for:
• request processing
• transaction execution
• compliance with legal requirements

9.2. Such transfer is carried out:
• in accordance with applicable law
• taking into account the requirements of specific jurisdictions
• applying necessary safeguards

9.3. In certain cases, the following may apply:
• additional notices
• consents
• special processing conditions

10. Data Retention

10.1. The retention period is determined considering:
• the purposes of processing
• the transaction lifecycle
• legal and regulatory requirements
• the necessity for dispute resolution

10.2. Data is not stored longer than necessary, unless otherwise provided by law.

11. Data Security

11.1. Organizational and technical data protection measures are applied.
11.2. The following are ensured:
• access control
• protection against unauthorized access
• internal control procedures
• data transfer minimization

12. User Rights

Depending on applicable law, the user has the right to:
• receive information about their data
• request access to their data
• request rectification or updating
• request deletion (in specified cases)
• restrict processing (where applicable)
• withdraw consent (where applicable)
• submit requests and complaints

13. Communication

13.1. The user interacts with the operator via:
• platform chat
• phone
• other communication channels

13.2. Communication may include:
• clarifying the request
• transaction support
• providing information

14. Contacts and Inquiries

14.1. The user may submit requests:
• through the platform interface
• via the operator’s contact details

14.2. Requests are processed:
by the relevant operator within a reasonable time

15. Jurisdiction-Specific Features

15.1. Depending on:
• the user’s country
• the assigned operator
• the transaction structure
additional data processing conditions may apply

15.2. Such conditions may be formalized as:
• local supplements
• separate notices
• special policies

15.3. This Policy has a modular structure and allows for:
the addition of new jurisdictions (including Vietnam and other Asian countries)
without changing the main part

16. Use of Technologies

The Platform may use:
• technical data
• analytical tools
• cookies

17. Updates

17.1. This Policy may be updated.
17.2. The current version is available on the platform.