Goldtree ReserveGoldtree Reserve
Back to home

Privacy Policy

Goldtree Reserve Ltd · Version 1.0 · Last updated: 15 June 2026

01Introduction

Goldtree Reserve Ltd ("Goldtree Reserve," "we," "us," "our") is committed to protecting your privacy and handling your personal data with care, transparency, and in accordance with applicable data protection laws.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you:

  • Visit our website at goldtreereserve.com
  • Use our investment platform Goldtree Vault at goldtreevault.com
  • Engage with us as a client, prospective investor, partner, or other contact
  • Communicate with us by any means

This policy applies to all personal data we process and forms part of our commitment to compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

02Data Controller

The data controller responsible for your personal data is:

Goldtree Reserve Ltd

Registered Company No. 14705549

20 Wenlock Road, London N1 7GU, United Kingdom

Email: info@goldtreereserve.com

Phone: +44 (0) 207 183 0821

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

03What We Collect

We collect and process the following categories of personal data:

Identity Information

  • Full name
  • Date of birth
  • Nationality
  • Government-issued identification (passport, national ID, driving licence)
  • Photograph (where required for identity verification)

Contact Information

  • Email address
  • Phone number
  • Residential address
  • Correspondence address (if different)

Financial Information

  • Source of funds documentation
  • Investment amounts and history
  • Bank account details (for transfers and payments)
  • Tax residency information

Verification and Compliance Information

  • Anti-Money Laundering (AML) verification data
  • Know Your Customer (KYC) documentation
  • Sanctions and Politically Exposed Persons (PEP) screening results
  • Self-certification of high net worth or sophisticated investor status

Platform Usage Data

  • Account login and activity records
  • Investment platform usage and interactions
  • Documents accessed, signed, or downloaded
  • Communications with our team or AI assistant
  • Voice recordings and transcripts (when using voice features)
  • Time, date, and IP address of platform access

Technical Information

  • IP address
  • Browser type and version
  • Operating system and device information
  • Cookie data (see Section 12)

Communications

  • Correspondence with us by email, phone, in-platform messaging, or other means
  • AI assistant interaction logs (text and voice)
  • Recordings of voice calls (where applicable, with appropriate notice)

Marketing Preferences

  • Communication preferences
  • Subscription status for newsletters or updates

We may also collect data from third parties, including identity verification services, AML and sanctions screening providers, credit reference agencies (where applicable), settlement partners (regarding your investments), and publicly available sources (where appropriate for due diligence).

04Legal Basis

We process your personal data only when we have a lawful basis to do so under the UK GDPR. The legal bases we rely on include:

Contract Performance

To enter into and perform an investment agreement with you, including account registration and management, processing investments and returns, generating and delivering investment documents, communicating about your investments, and facilitating settlement through partners.

Legal Obligation

To comply with our legal and regulatory obligations, including AML regulations, KYC requirements, sanctions and counter-terrorism financing laws, tax reporting requirements, company law and accounting obligations, and responding to legal requests and court orders.

Legitimate Interests

For our legitimate business interests, where these are not overridden by your rights and interests, including operating and improving our platform and services, preventing fraud and protecting platform security, conducting due diligence on prospective clients and partners, maintaining audit trails and business records, and conducting business analytics.

Consent

For specific activities where we ask for your explicit consent, including marketing communications (where required by law), recording and using voice interactions with our AI assistant, optional features that require consent, and cookies and similar technologies (see Section 12). You can withdraw your consent at any time by contacting us.

05Processing Activities

Identity and Compliance Verification

To meet our legal obligations and protect against fraud, we verify your identity using government-issued identification documents, third-party verification services, AML and sanctions screening, and PEP screening. This processing is necessary for compliance with our regulatory obligations.

Investment Management

We process your personal data to set up and maintain your investment account, process your investments and capital, generate investment documents (investment agreements, certificates, banking instructions), track your investments and returns, calculate and distribute returns, and provide investment statements and reports.

Settlement Partner Sharing

To execute physical gold trading on your behalf, we share necessary information with our licensed settlement partners (currently Astrea Limited and GTR Global Precious Metal FZCO). This sharing is limited to information necessary for trade execution and includes deal-specific information (deal amount, certificate number, payment reference) and limited identification information (where required). Settlement partners do not see your full personal data; they receive only the information necessary to execute their settlement role.

Independent Verification

Trade activities are independently verified by Opgard & Partners (UK law firm regulated by SRA, registration No. 8013109). For each verified trade, Opgard & Partners may receive trade reference, date, and closing value, settlement partner identity, and bank statement evidence (where applicable). Opgard & Partners do not see your personal identity or deal-level details; they verify the trade activity itself.

AI Assistant Interactions

When you use our AI assistant feature, your messages (text and voice) are processed to generate responses. Conversation logs are retained for service improvement and audit purposes. Voice recordings may be temporarily processed for speech-to-text conversion and AI response generation. Aggregated and anonymized data may be used to improve the AI's accuracy. Sensitive personal data shared with the AI is handled with the same protections as other personal data. AI conversations are not shared with third parties for marketing purposes and are subject to the same access controls as other personal data.

06How We Share

We share your personal data only with parties who need it for legitimate purposes related to your investment and our services.

Service Providers and Processors

  • Identity verification providers — for KYC and AML compliance
  • Cloud service providers — for hosting and data storage (with appropriate data processing agreements)
  • AI service providers — for AI assistant functionality
  • Document signing services — for electronic signature capabilities
  • Email and communications providers — for transactional and authorized communications
  • Payment processors — for handling financial transactions

Business Partners

  • Settlement partners (Astrea Limited, GTR Global Precious Metal FZCO, and others) — limited information necessary for trade execution
  • Independent legal counsel (Opgard & Partners) — for trade verification (limited information only)

Professional Advisors

  • Auditors, accountants, and tax advisors — as required for business operations
  • Legal advisors — for legal matters and compliance

Regulatory and Government Bodies

  • Regulators and authorities — where required by law
  • Tax authorities — for tax reporting obligations
  • Law enforcement — in response to lawful requests
  • Courts and tribunals — where required by legal process

In the event of a business sale, merger, restructuring, or similar transaction, your personal data may be transferred to the relevant party. We will notify you of such transfers where required. We do not sell your personal data to third parties for marketing purposes.

07International Transfers

Some of our service providers, settlement partners, or other recipients of your personal data may be located outside the United Kingdom and the European Economic Area (EEA). Specifically, our settlement partners include entities based in the United Arab Emirates (Astrea Limited and GTR Global Precious Metal FZCO).

Where personal data is transferred outside the UK/EEA, we implement appropriate safeguards in accordance with UK GDPR, including transfers to countries deemed adequate by the UK government, Standard Contractual Clauses approved by the UK Information Commissioner, and other lawful transfer mechanisms as appropriate.

You can request more information about our international transfer arrangements by contacting us using the details in Section 2.

08Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, including legal, regulatory, and business retention obligations.

Active client data

For the duration of your investment relationship and for at least 7 years after the relationship ends (to comply with AML, tax, and business record retention obligations).

KYC and AML records

Minimum 5 years from the end of the business relationship, as required by law.

Investment documents and contracts

At least 7 years after the investment matures or is redeemed.

Verification letters and trade records

Permanently (legal and audit requirements).

Communications records

At least 7 years.

AI assistant interaction logs

Typically 12 months unless required longer for compliance.

Marketing data

Until you withdraw consent or as required.

After applicable retention periods expire, we securely delete or anonymize personal data unless ongoing legal obligations require continued retention.

09Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances. Note that we may need to retain certain data for legal, regulatory, or contractual reasons (such as AML records or active investment agreements).

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You can request a copy of your personal data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have rights regarding automated decision-making and profiling. We do not currently make solely automated decisions that have significant effects on you without human involvement.

Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details in Section 2. We will respond within one month of receiving your request (extendable in complex cases). We may need to verify your identity before fulfilling requests to protect your data.

Right to Complain

If you believe we have not handled your personal data properly, you have the right to complain to the UK Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Phone: 0303 123 1113

Website: ico.org.uk

We would, however, appreciate the opportunity to address your concerns first — please contact us before lodging a complaint.

10Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it, including:

  • End-to-end encryption for sensitive data
  • Secure access controls and authentication
  • Role-based access permissions (Row Level Security)
  • Audit trails of data access and modifications
  • Regular security reviews and updates
  • Staff training on data protection
  • Vetting of service providers and partners
  • Incident response procedures

Despite our security measures, no system is completely secure. We cannot guarantee the absolute security of your personal data, but we work continuously to protect it to the highest standards possible.

If a data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant authorities as required by law.

11Children's Privacy

Our services are not directed at children, and we do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete it.

12Cookies

Our website and platform use cookies and similar technologies to function correctly and to improve your experience. These include:

  • Essential Cookies — Necessary for the website and platform to function. These cannot be disabled.
  • Analytics Cookies — Help us understand how visitors use our website to improve our services.
  • Functional Cookies — Remember your preferences and settings.
  • Marketing Cookies — Used for marketing purposes (only with your consent).

You can manage your cookie preferences through your browser settings or our cookie consent tool. For full details, please see our separate Cookie Policy.

13Marketing

We may send you marketing communications about our services, new offerings, or updates only where we have a lawful basis to do so (either your consent or legitimate interests, depending on context).

You can opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Contacting us at info@goldtreereserve.com
  • Updating your communication preferences in your account

Opting out of marketing does not affect transactional communications related to your account and investments.

14Third-Party Links

Our website and platform may contain links to third-party websites. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this policy and notify you through the platform or by email where appropriate.

We encourage you to review this policy periodically to stay informed about how we protect your personal data.

16Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

Goldtree Reserve Ltd

20 Wenlock Road, London N1 7GU, United Kingdom

Email: info@goldtreereserve.com

Phone: +44 (0) 207 183 0821

We will respond to your inquiry promptly and work to resolve any concerns.

Goldtree Reserve Ltd · Registered Company No. 14705549 · 20 Wenlock Road, London N1 7GU, United Kingdom