Privacy Policy

Version 2.0

Effective Date: March 24, 2025

Introduction
Personal Information We Collect
How We Use Personal Information
How We Share Personal Information
Retention of Personal Information
Protection of Personal Information
International Transfers of Personal Information
Personal Information Rights
Your Choices
Cookies and Web Tracking
Other Disclosures
Contact Us
Updates to this Privacy Policy

Introduction

This Privacy Policy describes how Musa Gold L.L.C-FZ, located in the Meydan Free Zone, Dubai, UAE (“Musa Gold,” “we,” “us,” “our”), collects, uses, and shares information about you, as well as your rights and choices regarding such information. This includes information collected through our website (www.musagold.com), including the Platform and back office, and related services (collectively, the “Services”), which enable users in Permitted Jurisdictions to pre-purchase physical Refined Gold via Gold Redemption Receipts (GRRs) as non-transferable digital deeds issued by Musa Gold.

Our Services are restricted to residents and legal entities in Permitted Jurisdictions and are not available in Prohibited Jurisdictions (United States of America or sanctioned countries such as Iran, North Korea, Russia, Syria, Cuba, Myanmar, Venezuela). This Privacy Policy does not apply to residents or entities in Prohibited Jurisdictions, as Musa Gold does not operate there or allow their use of our Services.

For questions, contact us at privacy@musagold.com.

1. Personal Information We Collect

We collect personal information to facilitate the pre-purchase and redemption of physical Refined Gold via GRRs in Permitted Jurisdictions only. We collect this information through:

1.1 Directly from You:

Basic Customer Information: Name, phone number, email address, physical address in a Permitted Jurisdiction.
Residence/Legal Entity Verification: Proof of residence (e.g., utility bill) or legal entity status (e.g., business license) to confirm eligibility in a Permitted Jurisdiction.
Identity Verification: Date of birth, government-issued ID (e.g., passport, ID) for CDD compliance.
Financial Information: Payment details (e.g., bank account, payment method) for pre-purchases, redemptions, or refunds related to GRRs.
Transactional Information: Details of GRR pre-purchases and redemptions (e.g., GRR quantity, timestamps, payment amounts).
Additional Information: Preferences, feedback, and support inquiries related to GRR pre-purchase or redemption.

1.2 Automatically from You:

Device Information: Device type, operating system, IP address to verify Permitted Jurisdiction residency and ensure Platform functionality.
Cookies: See Section 10 for cookies used for basic site operation and analytics.
Usage Information: Pages viewed, features accessed (e.g., back office logins), and diagnostic data to improve the Services.

1.3 From Third Parties:

Partners: Data from Payment Processors, Delivery Companies, or the Gold Supplier to process pre-purchases, redemptions, or deliveries in Permitted Jurisdictions.
Service Providers: Identity verification and compliance support (e.g., KYC/AML vendors).
Public Sources: Sanctions lists (e.g., DOJ, UAE FIU, UN) to ensure regulatory compliance.

2. How We Use Personal Information

We use personal information solely to provide and manage the pre-purchase and redemption of physical Refined Gold via GRRs in Permitted Jurisdictions:

Purpose	Personal Information Categories	Legal Basis
Provide and administer Services	Basic Information, Verification Data, Financial Data, Transaction Data	Performance of a contract
Verify residency and identity	Residence/Entity Verification, Identity Verification	Legal compliance (AML/KYC)
Process payments/refunds	Financial Data, Transaction Data	Performance of a contract
Facilitate redemption/delivery	Basic Information, Transaction Data	Performance of a contract
Improve Services	Usage Data, Additional Information	Legitimate interests
Ensure legal compliance	Verification Data, Transaction Data	Legal compliance
Enhance security/fraud prevention	Device Information, Usage Data	Legitimate interests

We do not use your information for marketing, advertising, or profit-related purposes beyond facilitating physical gold pre-purchase and redemption.

3. How We Share Personal Information

We share personal information only as necessary to provide the Services in Permitted Jurisdictions:

Partners: With Payment Processors (e.g., Stripe, PayPal), Delivery Companies, and the Supplier to process pre-purchases, payments, redemptions, and deliveries.
Service Providers: For identity verification, fraud prevention, and compliance support (e.g., KYC/AML vendors).
Regulatory Authorities: To comply with legal obligations (e.g., AML/KYC under Federal Decree-Law No. 20 of 2018).
Business Transfers: In case of a sale or merger, limited to Permitted Jurisdiction operations.
We do not share information for marketing or with entities in Prohibited Jurisdictions.

4. Retention of Personal Information

We retain personal information only as long as necessary to:

Fulfill pre-purchase and redemption of GRRs (typically until March 07, 2031, per CPPA Clause 5.1(c)).
Comply with UAE legal obligations (e.g., 5 years for AML/KYC records under Cabinet Decision No. 10 of 2019).
Protect our rights (e.g., dispute resolution).

5. Protection of Personal Information

We implement reasonable physical, technical, and organizational measures (e.g., encryption, access controls) to safeguard personal information related to GRR pre-purchases and redemptions in Permitted Jurisdictions. However, no system is entirely secure, and we cannot guarantee absolute protection against unauthorized access or breaches.

6. International Transfers of Personal Information

Your personal information may be transferred to and processed in Permitted Jurisdictions outside your residence (e.g., from Singapore to UAE). We ensure protection via contractual safeguards (e.g., standard contractual clauses) where required by laws in Permitted Jurisdictions. No data is transferred to Prohibited Jurisdictions.

7. Personal Information Rights

Depending on your Permitted Jurisdiction, you may have rights to:

Access, correct, or delete your personal information.
Restrict or object to processing.
Request data portability.
Contact privacy@musagold.com to exercise these rights, with identity verification (e.g., ID copy) required. We comply with applicable laws in Permitted Jurisdictions (e.g., UAE Federal Law No. 45 of 2021 on Personal Data Protection).

8. Your Choices

Location Information: Disable tracking via device settings (residency verification remains mandatory per CPPA Clause 2.2).
Cookies: Manage preferences per Section 9 via browser settings.

9. Cookies and Web Tracking

We use cookies solely for basic Platform functionality (e.g., navigation, residency verification) and analytics to improve Services in Permitted Jurisdictions. No advertising or third-party tracking cookies are used. You can manage preferences through your browser settings, though disabling essential cookies may limit functionality.

10. Other Disclosures

Children: Services are not intended for individuals under 18 (CPPA Clause 8.2(a)).
Third-Party Links: We are not responsible for privacy practices of linked third-party websites (e.g., Delivery Companies).
Physical Gold Focus: Services facilitate personal gold redemption, not financial speculation (CPPA Clause 3.3).

11. Contact Us

For questions or concerns:

Email: privacy@musagold.com
Address: Musa Gold L.L.C-FZ, Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, UAE

12. Updates to this Privacy Policy

We may update this Privacy Policy, effective upon posting at www.musagold.com/privacy, with the updated date noted above. Material changes will be notified via email or Platform back office, limited to Permitted Jurisdiction users.