Gold Principles Group Privacy Policy

Who are we?

1.1 The Gold Principles Group website is owned and operated by the World Gold Council, which acts as the primary controller of the personal data processed under this privacy policy.

1.2 The members of the Gold Principles Group may also, from time to time, act as data controllers of the personal data processed under this privacy policy. The list of current members can be found on the declaration on https://www.goldprinciples.org/.

1.3 The following policy guidelines let you know how World Gold Council and the members of the Gold Principles Group ("GPG", “we” and “us”) collect and use your personal data when you visit this website.

About this privacy policy

2.1 Our website may contain links to other third-party websites or applications. Please be aware that these websites and applications may collect personal data. This privacy policy does not apply to the practices of such other websites. These websites and applications may have their own privacy notices or policies which we encourage you to read.

2.2 To the extent any linked websites or applications visited are not owned or operated by us please be aware that we are not responsible or liable for the website's or application's content, any use of the websites or applications, or the privacy and security practices and policies of those websites or applications.

2.3 Please also note that certain coordination and support in respect of the GPG is provided by One Planet Limited, which also acts as a controller of your personal data. One Planet Limited’s processing of personal data is not covered by this privacy policy. One Planet Limited’s privacy policy can be found at https://oneplanet.biz/privacy-policy

What personal data do we collect?

3.1 We may collect the following personal data. Please note that we may combine personal data collected from one source with personal data that we have collected from other sources.

(a) Your biographical and contact details

This personal data may include name, email address, other contact details, business information, address, marketing preferences, usernames and other information, including information provided through the forms on our website.

(b) Correspondence and interactions with us

We collect personal data where you contact us or we contact you, and we will typically keep a record of such correspondence. This personal data may include your name and contact information, account information, your queries, and other personal data you may choose to provide to us. We also collect personal data provided to us through feedback, reviews or comments.

(c) Social media information

We maintain presences on social media platforms including, but not limited to LinkedIn. We collect personal data when you interact with us on social media. Please note that these social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social medial platforms). These social media platforms will also be data controllers of your personal data. Information about how they collect and use your personal data (and how they use cookies and other technologies, including instructions on how you can disable these) can usually be found in their respective privacy policies and cookies policies on their respective websites.

(d) Information stored on a device

We may access metadata and other information associated with other files stored on your computer, tablet, mobile phone, or any other device such as IP address, domain name, browser version and operating system, traffic data, web logs and other communication data, and device identifiers. To the extent required by applicable law, we will ask for your consent prior to collecting device information.

(e) Collection and use of public information

We may also collect, use, store, transfer, share, and disclose your personal data that is publicly available for the purposes set out in this privacy policy.

Why do we use personal data?

We may use your personal data for a variety of purposes, which we have set out below. Under various data protection laws, the use of personal data must be based on one of a number of lawful bases which we have also set out below.

(a) To manage the Gold Principles Group

To manage the GPG, including to enable use of our website to respond to queries, to carry out our obligations arising from any agreements entered into and to contact you in connection with the foregoing.

Lawful basis: Contract performance (if our contract is entered into with an individual) and in all other cases, legitimate interests (to enable us to perform our obligations and provide our website and wider services to you).

(b) To provide communications (about updates and changes) and to provide technical support

To communicate about updates to the GPG website and to provide technical support and to respond to requests, comments, questions, or concerns, and to contact you if we have any issues with respect to same.

Such communications may be provided by various means, including emails and telephone. Calls may be recorded for training and monitoring purposes.

(c) To allow use of the interactive features of our website

To allow comments via our “Contact Us” function. Please note that such comments may be read, collected and used by anyone involved in the management of the GPG.

Lawful basis: Legitimate interests (to enable us to promote and develop the GPG based on feedback).

(d) To ensure our website’s/application’s content is relevant and to maintain the security of our website

To ensure that content from our websites/applications are presented in the most effective and secure manner.

Lawful basis: Legitimate interests (to allow us to improve our services).

(e) For analytics and business development purposes, including feedback

To analyse personal data in order to better understand our organisation and marketing requirements, and to develop our website.

This may include aggregating and/or de-identifying your personal data.

Lawful basis: Legitimate interests (to allow us to improve our services).

(f) To provide marketing materials

To provide updates regarding the GPG where you have chosen to receive these. We may also use personal data for marketing our own and our selected business partners’ and GPG voluntary signatories’ products and services by mail, email, SMS, phone and fax. We may also use personal data to market via social media. Where required by law, we will ask for consent at the time we collect the personal data to conduct these types of marketing. Where required by law, we will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent or you may opt-out/change your marketing settings by contacting us.

Please note that even if you opt-out of receiving marketing emails, you may still receive communications from us that are important and/or related to your interactions with us, or otherwise as required by law.

Lawful basis: Consent, legitimate interest (where we are not required to rely on consent) to keep you updated with news in relation to our products and services.

(g) In connection with legal or regulatory obligations and to manage claims

We may process personal data to comply with our legal and regulatory requirements or dialogue with regulators/judicial proceedings/court orders and manage claims and litigation (as applicable) which may include disclosing personal data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.

Lawful basis: Legal obligations, legitimate interests (to cooperate with law enforcement and regulatory authorities). With respect to special categories of personal data, we will usually rely on legal claims, substantial public interests (processing for the prevention and detection of fraud/crime) or very rarely where necessary, explicit consent.

(h) To reorganise or make changes to our organisation

In the event that the GPG undergoes a change in management or a re-organisation we may need to transfer personal data to third parties (and their advisors) as part of any due diligence process for the purpose of analysing any proposed management change or re-organisation. We may also need to transfer personal data to the re-organised entity or third party after the change in management or reorganisation.

Lawful basis: Legitimate interests (in order to allow us to change our organisation).

Cookies and similar technologies

We use cookies and similar technologies. For more information, please refer to our cookies policy available on this website at www.goldprinciples.org/cookies.

Who do we share personal data with and why?

6.1 We may share or disclose personal data for the purposes and lawful bases set out in section 4 above to third parties. These third parties include service providers, business partners, signatories to the GPG and our advisors. We may share your personal data we collect and process across our subsidiaries and affiliates.

6.2 We may disclose personal data as required by law, regulation and other binding requests (such as subpoenas and court orders), and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on us.

6.3 As per section 4(h) above, we may also need to transfer personal data in the context of a change in management or reorganisation of the GPG.

How do we protect personal data?

7.1 We take commercially reasonable efforts to protect the personal data under our control.

7.2 Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect personal data, we cannot guarantee the security of it transmitted to our websites, applications or through communications.

7.3 If you are given user credentials (such as username and passwords), please keep these safe and do not disclose these to third parties.

International transfers of personal data

8.1 Personal data may be accessed by staff or third parties in, transferred to, and/or stored at, a destination outside the country in which you are located. These countries may not provide the same level of data protection as your home country; however, we will take steps to ensure that personal data that is transferred outside a home country is safeguarded as in line with this privacy policy and applicable laws.

8.2 If transfers are made to other countries that are not deemed to provide adequate protections under EEA or UK law, we will ensure that such transfer is subject to appropriate safeguards in accordance with applicable data protection laws such as approved standard contractual clauses.

8.3 You can contact the relevant data controller as per Section 11 of this privacy policy for further information about the safeguards applied to your personal data.

How long do we keep your personal data?

9.1 Our retention periods for personal data are based on business needs and legal requirements.

9.2 We will retain personal data while we are using it, for purposes described in section 4 above. We may continue to retain it after we have ceased such uses for certain legitimate business purposes. We may also continue to retain personal data to meet our legal requirements or to defend or exercise our legal rights.

9.3 The length of time for which we will retain personal data will depend on the purposes for which we need to retain it. After we no longer need to retain personal data, we will delete it, anonymise it, or securely destroy it.

What are your rights

10.1 When a request to exercise certain rights in relation to personal data is made, we will need to check the entitlement prior to answering a request. You have the right to:

(a) be provided with details about what personal data we hold about you and to be provided with a copy of your personal data;

(b) require us to update any inaccuracies in the personal data we hold. In order to assist us with this, please keep the relevant information up to date;

(d) be provided with a copy of the information you have provided to us in a machine-readable format so that you can transfer it to another provider or ask us to transfer this to another data controller (where our processing activity is based on contract performance or consent);

(e) require us to delete personal data (including where our processing activity is based on your consent or our legitimate interests);

(f) restrict how we use your personal data whilst a complaint is being investigated;

(g) object to our processing of your personal data (where our processing is based on our legitimate interests); and

(h) ask us not to reach decisions affecting you using automated processing or profiling.

10.2 You also have the right to stop receiving marketing communications.

10.3 To submit a request regarding personal data by email, please contact us as per section 11 below.

10.4 Your exercise of these rights is subject to certain exemptions (for example, to safeguard the public interest (e.g. the prevention or detection of crime)) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

Contacting us

11.1 If you have any queries or complaints about our use of personal data, please contact us as follows: info@goldprinciples.org.

11.2 If you are still not satisfied with how we have addressed your complaint or concerns, you can contact the UK’s Data Protection Authority (DPA), the Information Commissioner’s Office (https://www.ico.org.uk). The contact details of EEA DPAs are available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Updates to this privacy policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. We therefore encourage you to review it periodically.

Last update

The privacy policy was last updated and become effective on 16 February 2026.