Privacy Policy

1. Introduction

Global Mutual Funds Pty Ltd (ABN 20090555436) ("we", "us", "our", "Company") operates the Qoney platform, a real-world asset tokenization system. We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as applicable international data protection regulations including the General Data Protection Regulation (GDPR) where relevant.

Our registered office is located at:

Global Mutual Funds Pty Ltd

Level 3 Suite 310

247 Coward Street

Mascot NSW 2020

Australia

[email protected]

+61 2 8338 8900

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

Identity Information: Full name, date of birth, government-issued identification numbers (for KYC/AML compliance)
Contact Information: Email address, phone number, residential and business addresses
Financial Information: Bank account details, transaction history, investment preferences, asset ownership records
Professional Information: Company name, job title, business registration details
Verification Documents: Passport, driver's license, utility bills, proof of address

2.2 Technical Information

IP address and geolocation data
Browser type and version
Device information and operating system
Login timestamps and session duration
Pages visited and features accessed
Cookies and similar tracking technologies

2.3 Blockchain Data

Transaction records, wallet addresses, and tokenization activities are recorded on the XRP Ledger blockchain. This data is publicly accessible and immutable once recorded.

2.4 AI-Generated Analytics

Our AI agents analyze your usage patterns, investment behavior, and risk profiles to provide personalized insights and recommendations. This analysis is performed on aggregated and pseudonymized data where possible.

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

Creating and managing your account
Processing tokenization transactions
Managing digital asset portfolios
Facilitating cap table management and reconciliation
Providing AI-powered insights and analytics
Processing payments and settlements

3.2 Compliance and Security

Verifying your identity (KYC - Know Your Customer)
Conducting anti-money laundering (AML) checks
Monitoring for suspicious activities and fraud prevention
Complying with legal and regulatory obligations
Maintaining audit trails for regulatory reporting
Responding to law enforcement requests

3.3 Communication

Sending transaction confirmations and account notifications
Providing customer support and responding to inquiries
Sending important updates about the platform
Marketing communications (with your consent)

3.4 Platform Improvement

Analyzing usage patterns to improve functionality
Training AI agents for better recommendations
Conducting research and development
Ensuring platform security and performance

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data based on:

Contractual Necessity: To fulfill our service agreement with you
Legal Obligation: To comply with KYC/AML and other regulatory requirements
Legitimate Interests: For fraud prevention, security, and platform improvement
Consent: For marketing communications and optional features (which you may withdraw at any time)

5. Data Sharing and Disclosure

We may share your personal information with:

5.1 Service Providers

Cloud hosting and data storage providers
Identity verification and KYC/AML service providers
Payment processors and financial institutions
Email and communication service providers
IT security and infrastructure providers

All service providers are contractually bound to protect your data and use it only for the specified purposes.

5.2 Regulatory Authorities

We may disclose information to regulatory bodies, law enforcement agencies, courts, and government authorities when required by law or to comply with legal processes, including but not limited to ASIC, AUSTRAC, and international equivalents.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

5.4 Blockchain Disclosure

Transaction data recorded on the XRP Ledger is publicly accessible. While wallet addresses are pseudonymous, they may be linked to your identity through on-platform activities.

6. International Data Transfers

Your personal information may be transferred to and stored on servers located outside Australia, including in jurisdictions that may not have equivalent data protection laws.

We ensure appropriate safeguards are in place for international transfers, including:

Standard Contractual Clauses approved by regulatory authorities
Adequacy decisions by relevant data protection authorities
Binding corporate rules for intra-group transfers
Your explicit consent where required

7. Data Security

We implement industry-standard security measures to protect your personal information:

Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
Access Controls: Role-based access control (RBAC) with multi-factor authentication
Monitoring: 24/7 security monitoring and intrusion detection systems
Auditing: Regular security audits and penetration testing
Blockchain Security: Leveraging XRPL's cryptographic security for transaction records
Circuit Breakers: Automated failsafes to prevent unauthorized access or data breaches

Despite our security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

8. Data Retention

We retain your personal information for as long as necessary to:

Provide our services to you
Comply with legal and regulatory obligations (typically 7 years for financial records)
Resolve disputes and enforce our agreements
Maintain business records for legitimate purposes

Once retention is no longer necessary, we will securely delete or anonymize your personal information. Blockchain records are immutable and cannot be deleted.

9. Your Privacy Rights

Subject to applicable laws, you have the following rights:

9.1 Australian Privacy Act Rights

Access: Request access to your personal information
Correction: Request correction of inaccurate or incomplete information
Complaints: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

9.2 GDPR Rights (for EEA residents)

Right to Access: Obtain a copy of your personal data
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion of your data (subject to legal retention requirements)
Right to Restriction: Limit how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent for consent-based processing

9.3 Exercising Your Rights

To exercise these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law (typically 30 days).

Please note that certain rights may be limited by legal or regulatory obligations, such as KYC/AML record-keeping requirements.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Maintain your session and authenticate your login
Remember your preferences and settings
Analyze usage patterns and improve functionality
Deliver personalized content and recommendations

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

11. Children's Privacy

The Qoney platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated policy on our website
Sending an email notification to your registered address
Displaying a prominent notice on the platform

Your continued use of the platform after such changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us:

Privacy Officer