GTR Privacy Notice
Last updated: January 2026
We are Infozone Technologies PTE, Ltd (
"we"
) ("us"
), a company registered in Singapore with registration number 202218672D, and we are the data controller for the processing of your information. This Privacy Notice describes how we collect and use information about you when you use our website (our "Website"
), applications, services, tools and features, or otherwise interact with us (collectively, the "GTR Services"
).Our customers are virtual asset service providers (
"VASPs"
) (businesses that facilitate the exchange of virtual assets including cryptocurrency) or other travel rule service providers ("TRSPs"
). This Privacy Notice does not govern the processing of any personal information relating to end user data that is transmitted via our GTR Services by our customers (the "End User Data"
) in order to facilitate their compliance with the Financial Action Task Force Recommendation 16 and any local implementations applicable (the "Travel Rule"
). We act as a data processor (or data intermediary) in respect of End User Data to facilitate the transfer of information between VASPs (who act as the data controllers) to satisfy their Travel Rule requirements. End User Data is sent via our GTR Services using encryption and we have no access to, and will not seek access to, this information, nor do we have the capability to decrypt such encrypted data. If you are an end user and would like to exercise your rights or obtain information about how your personal information is processed, please contact the VASP that you engaged with to facilitate your transfer.This Privacy Notice applies in addition to any applicable terms of business and other contractual documents, including any order forms and arrangements that we may have with you. By using any of our GTR Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not use or access our GTR Services.
We may revise this Privacy Notice from time to time in our sole discretion. If there are any material changes to this Privacy Notice we will do our best efforts to notify you to the extent required by applicable laws. By continuing to access and use our GTR Services, you are deemed to have agreed to these changes.
1. PERSONAL INFORMATION WE COLLECT AND PROCESS
We collect information that you provide to us, information we obtain automatically when you use our GTR Services, and information from other sources such as third-party services and organisations, as described below.
1.1 Information you provide to us
Account Creation
We may collect personal information when you create an account with us, such as name, email address and professional details (such as job title).
Contact Data
We may collect personal information, such as email address, phone number, social media or messaging platform contact or mailing address when you request information about our GTR Services, register for our newsletters, request customer or technical support, or otherwise communicate with us.
Identity Data
We may collect personal information related to business contact personal information and information related to your company such as company name, company type, company registration number, registration authority, certificate of incorporation or registration, company address and business type; and in some cases name and identity details of your company's directors, shareholders, ultimate beneficiaries or authorised users.
Business Development and Strategic Partnerships
We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Financial Data
We may collect personal information and details associated with your purchases, including payment information. Any payments made via our GTR Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our GTR Services, but we may receive information associated with your payment.
1.2 Information we collect from you automatically
To the extent permitted under the applicable laws, we may collect certain types of information automatically, whenever you interact with our Website and applications or use our GTR Services. This information helps us address customer support issues, improve the performance of our products and our GTR Services, improve our performance and protect you and your account from fraud and help us to detect unauthorised access.
Online identifiers
The Internet protocol (IP), browser fingerprint, operating system, browser name and version, geolocation and tracking data, mobile carrier, mobile advertising and other unique identifiers, and Internet service provider.
Usage data and server logs data
Information regarding your use of our GTR Services, such as pages that you visit before, during and after using our GTR Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our GTR Services.
Cookies
We use first-party and third-party cookies. First-party cookies are set directly by us whereas third-party cookies are set by a third party (such as analytics providers or our advertiser and business partners).
We use cookies that perform the following functions:
| Cookie Name | Type of Cookie | First- or Third-party | Purpose | Retention Period |
|---|---|---|---|---|
| _ga | Functionality/ Analytics | Third-party | Used to distinguish users | 2 years |
| _ga_M495847REV | Functionality/ Analytics | Third-party | Used to persist session state | 2 years |
1.3 Personal Information we collect from third parties
From time to time, we may obtain information about you from our affiliates, TRSPs, or other third-party sources as required or permitted by applicable laws. These sources may include the group of companies related to us by common control or ownership.
2. HOW YOUR PERSONAL INFORMATION IS USED
We process your information in order to perform our contract with you, such as:
- Provide you with our GTR Services;
- Provide functionality of our Website and applications; and
- Register and maintain your account with us when using our GTR Services.
In order to be responsive to you, to provide effective GTR Services to you, and to maintain our business relationship, as a matter of our legitimate interests, we will use your information to:
- Administer our Website, applications and GTR Services, and for internal operations, in order to conduct troubleshooting, data analysis, testing and research;
- Maintain the safety and security of our customers, our Website and applications, our GTR Services and business;
- Send you announcements in relation to security, privacy or administrative related communications (these communications are not marketing orientated, and we do not rely on consent, so you may not opt-out);
- Personalize our Website, applications and our GTR Services to ensure content is presented in the most effective manner for you and your devices; and
- Improve and develop our products.
In addition, we will use some or all of the above information to comply with legal obligations that we are subject to, including those relating to "Know your Customer", Anti Money Laundering and Countering Financing Terrorism (
"Background Checks"
). We may also process your personal information to enforce our contractual arrangements and our policies, and to protect or defend our GTR Services, our rights, the rights of our customers, or others.In specific situations, from time to time and as required under applicable laws, we may ask for your consent to process your personal information. In such situations you may opt out of having your personal information shared with third parties, or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorisation. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
3. SHARING INFORMATION WITH THIRD PARTIES
- With service providers and vendors(including data analytics vendors, payment processors, security vendors and website hosting vendors), that assist us to provide our Website, applications and our GTR Services to you;
- With credit reference agencies, for the purpose of conducting Background Checks;
- When you request us to share certain information with third parties, with your consent or to perform a contract with you;
- With professional advisors(including auditors, law firms, or accounting firms), in our legitimate interests or as required or permitted by applicable laws;
- For legal and security reasons and to protect our GTR Services and business, in our legitimate interests or as required or permitted by applicable laws. We will share your information with regulators, law enforcement agencies, public authorities, or any other relevant organisations to comply with applicable laws or obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries, to protect the interests of, and ensure the safety and security, of us, our customers, a third party or the public, to exercise or defend legal claims and to enforce our terms and conditions or other agreements;
- With our affiliates or otherwise within our corporate group, in our legitimate interests or otherwise permitted by applicable laws; and
- With a prospective buyer, seller, new owner, or other relevant third partyin connection with or anticipation of an asset sale or purchase, a share sale, purchase or merger, bankruptcy, or other business transaction or re-organisation (including while negotiating or in relation to a change of corporate control), in our legitimate interests or otherwise permitted by applicable laws.
4. SECURITY
We design our systems with your security and privacy in mind. We have appropriate security measures in place to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We work to protect the security of information during transmission and while stored by using encryption protocols and software.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your personal information. In addition, we limit access to your personal information to those employees, agents and other third parties on a "need-to-know" basis and these individuals are subject to appropriate duties of confidentiality.
5. DATA RETENTION
We keep your personal information to enable your use of our GTR Services, for as long as it is required in order to fulfil the relevant purposes described in this Privacy Notice, and as may be required by applicable laws such as for tax and accounting purposes, compliance with laws, to resolve disputes and/or legal claims or as otherwise communicated to you.
We have processes in place to delete personal information when it is no longer necessary for the purposes for which we have described in this Privacy Notice, unless we are required by applicable laws to keep the information for a longer period. When determining the retention period, we take into account several factors, such as the type of information, the reason for which we are processing the information, any other possible business or legal purposes and the mandatory retention periods provided by any applicable laws.
6. YOUR RIGHTS
Subject to applicable laws, as outlined below, you may have a number of rights in relation to your privacy and the protection of your personal information. For example, the rights to request access to, correct, and delete your personal information and to ask for data portability. You may also object to our processing of your personal information or ask that we restrict the processing of your personal information in certain instances. In addition, when you consent to our processing of your personal information for a specified purpose, you may withdraw your consent at any time. If you want to exercise any of your rights, please contact us. These rights may be limited in some situations - for example, where we can demonstrate we have a legal requirement to process your personal information.
Right to access:
you have the right to obtain confirmation that your personal information is processed and to obtain a copy of it as well as certain information related to its processing;Right to rectify:
you can request the rectification of your personal information which is inaccurate, and also add to it. You can also change your personal information in your account at any time;Right to delete:
you can, in some cases, have your personal information deleted;Right to object:
you can object, for reasons relating to your particular situation, to the processing of your personal information. For instance, you have the right to object where we rely on legitimate interests or where we process your personal information for direct marketing purposes;Right to restrict processing:
you have the right, in certain cases, to temporarily restrict the processing of your personal information by us, provided there are valid grounds for doing so. We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable laws;Right to portability:
in some cases, you can ask to receive your personal information which you have provided to us in a structured, commonly used and machine-readable format, or, when this is possible, that we communicate your personal information on your behalf directly to another data controller;Right to withdraw your consent:
for processing requiring your consent, you have the right to withdraw your consent at any time. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter; andRight to lodge a complaint with the relevant data protection authority:
we hope that we can satisfy any queries you may have about the way in which we process your personal information. However, if you have unresolved concerns, you have the right to complain to the data protection authority in the location in which you live, work or believe a data protection breach has occurred.If you have any questions or objections as to how we collect and process your personal information, please contact us.
7. INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
Individuals who reside in the European Economic Area (
"EEA"
), UK or other jurisdictions where there are requirements under applicable laws for the cross-border transfer or access of personal information should be aware that the personal information will be processed in Singapore and other jurisdictions, which may not be subject to equivalent data protection laws as in the EEA, UK or the relevant jurisdiction that you reside in. If you are located in the EU, UK or other relevant jurisdiction and would like to obtain further information about the protections put in place to transfer your personal information outside of the relevant jurisdiction you reside in, please contact us.8. CONTACT INFORMATION
You can contact us via customerservice@globaltravelrule.com, and we will work to address any questions or issues that you have with respect to the collection and processing of your personal information.