Last updated: 7 July 2026
This policy uses placeholder company details. Before publishing, replace the bracketed [ ] fields below with your registered business name, address, and any data protection contact required in your jurisdiction.
⬇ Download as PDF
1. Who We Are
This Privacy Policy applies to GoldPenthouse ("we", "us", "our"), operated by [Insert registered legal entity name], [Insert registered business address]. We are the data controller responsible for your personal data collected through this website.
2. What Personal Data We Collect
Depending on how you use our website, we may collect:
- Account details — name, email address, phone number, date of birth, and password.
- Order and shipping information — billing and delivery address, order history, and products purchased.
- Payment information — bank account details for wire transfers, or payment confirmation data from our payment providers (we do not store full card numbers).
- Verification documents — for larger transactions or sell-back requests, we may request proof of identity, proof of address, or proof of ownership, in line with anti-money laundering (AML) and know-your-customer (KYC) obligations.
- Contact form and support communications — any information you provide when contacting our customer service team.
- Marketing preferences — whether you have opted in to receive marketing communications.
- Technical data — your cart and watchlist are stored locally in your browser (local storage), not through tracking cookies.
3. How We Use Your Data (Purposes of Processing)
We process your personal data to:
- Create and manage your account.
- Process and fulfil your orders, including payment processing and shipping.
- Verify your identity and comply with AML/KYC obligations, particularly for sell-back transactions.
- Respond to enquiries submitted through our contact form or customer service channels.
- Send order confirmations, invoices, and status updates.
- Send marketing communications, but only where you have opted in.
- Comply with our legal and regulatory obligations.
- Detect and prevent fraud.
4. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:
- Performance of a contract — to process and deliver your orders and manage your account.
- Legal obligation — to comply with AML/KYC, tax, and other regulatory requirements.
- Legitimate interest — to prevent fraud and keep our services secure.
- Consent — for marketing communications, which you may withdraw at any time.
5. Sharing Your Personal Data
We may share your personal data with:
- Payment service providers, to process payments securely.
- Shipping and logistics carriers, to deliver your order.
- IT and hosting service providers, who process data on our behalf.
- Regulatory or law enforcement authorities, where required by law.
We do not sell your personal data to third parties.
6. Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this policy, including any legal, accounting, or reporting requirements (for example, financial and AML records may need to be retained for a statutory minimum period after your last transaction).
7. Cookies and Local Storage
We use browser local storage — not tracking cookies — to remember items in your cart and watchlist between visits. This data stays on your device and is not used for advertising or cross-site tracking.
8. Your Rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data, where applicable.
- Restrict or object to certain processing.
- Request a copy of your data in a portable format.
- Withdraw consent for marketing at any time.
- Lodge a complaint with your local data protection supervisory authority.
To exercise any of these rights, please contact us.
9. Data Security
We use appropriate technical and organisational measures, including encryption, to protect your personal data against unauthorised access, loss, or misuse.
10. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact our customer service team.