Privacy Policy

We collect or obtain data relatingto you in a variety of ways when you access, interact with, or use the Site. Such data may include “personal data” or “personal information”, meaning information that identifies you or can reasonably be linked to your identity, whether directly or indirectly. The types of data we collect depend on how you engage with us and the features of the Site that you use.

‍

Depending on how you interact with the Site, we may collect or receive the following categories of data:

• Identification and contact data: This includes information such as your name, job title, company name, role or function, postal address, email address, telephone number, country of residence, and your preferred method of contact. We typically collect this data when you submit enquiries, request information, create an account, or otherwise communicate with us through the Site.
• Account and interaction data: We collect data you provide through the Site’sinteractive features, including web forms and input fields used to submit questions, request product or service information, download materials, register for events or webinars, subscribe to newsletters, participate in surveys, or provide feedback. We also collect data associated with requests you make to exercise your individual rights under applicable privacy laws and maintain related records for operational, legal, and audit purposes.
• Marketing and preference data: This includes information about your communication preferences, areas of interest, subscription status, consent choices, and records of marketing communications sent to you. We also process data about your interactions with such communications, such as whether you opened, clicked, or engaged with them.
• Technical and usage data: When you visit or interact with the Site, we automatically collect certain technical information from your device and browser. This may include your IP address, unique device identifiers, browser type and version, operating system, language preferences, session timestamps, the pages you visit, links you click, the referring website, download activity, and your interactions with Site content such as videos, media, or embedded widgets. We collect this data through cookies, pixel tags, analytics tools, and similar tracking technologies, as described in the Cookies and Other Internet Technologies section.
• Applicant data (when using our Career Center): If you submit a job application throughthe Site or Career Center, we may collect information such as your CV or résumé, education and qualifications, employment history, skills,certifications, cover letters, and any other data you choose to provide in connection with the recruitment process. Additional details relating to the processing of applicant data are provided in this Privacy Policy, which governs recruitment-related processing.
• Social media data: When you engage with G10X content on third-party social media platforms or use social media plug-ins available on the Site, we may receive certain information from your social media profile and interactions. Such data may include your name, username, profile information, and engagement activities, subject to your privacy settings on the respective platform.
• Sensitive or special categories of personal data: We do not intentionally collect sensitive or special categories of personal data through general use of the Site. These categories may include, for example: health-related information, biometric identifiers, racial or ethnic origin, religious or philosophical beliefs, trade union membership, precise geolocation data, government-issued identification numbers, criminal background information; or other data that is considered sensitive under applicable privacy laws. We ask that you do not provide such data in free-text fields, uploads, or other submissions on the Site. If we require sensitive or special category data for a specific and legitimate purpose, we will do so in accordance with applicable law and, where required, seek your explicit consent or rely on another lawful basis permitted by the relevant jurisdiction. If you voluntarily submit sensitive or special category data through the Site for any purpose not expressly requested, such data may be processed only to the extent permitted by applicable law and solely for the purposes described in this Policy.

You may also make requests through this Site to exercise your individual rights under applicable privacy laws. We will collect and maintain data related to such requests in order to respond to you and for our audit and legal compliance purposes.

‍

Please note that any information or materials you post or disclose on this Site via message boards, chats, profile pages, blogs, and other services (including social media services) are publicly available and will be seen by other visitors to this Site. Please keep this in mind before disclosing any personal data or any other information on this Site.

‍

We use cookies and similar technologies to operate and secure the Site, analyse usage, and enhance functionality. Information collected through these technologies’ forms part of our technical and usage data. For more information about how we use cookies,the types of cookies we use, and how you can manage your preferences, please see the “Cookies and “Other Internet Technologies” section below.

‍

Information collected through these technologies may include your IP address, device type, browser information, pages visited, time spent, referring URLs, links clicked, content viewed, and interactions with emails or forms.

‍

‍

Data processing purpose

‍

G10X collects and uses Personal Information for the purposes described below. Where required by applicable laws including those in the European Economic Area (EEA), United Kingdom, Switzerland, Singapore, India, the United Arab Emirates, and other jurisdictions we rely on lawful bases such as consent, contractual necessity, legitimate interests, compliance with legal obligations, protection of vital interests, or performance of a public interest task. We use Personal Information for the following purposes:

‍

• Operating and securing our Site and services: To operate, administer, monitor, and improve the Site; respond to enquiries or requests; provide products or services you request; manage user interactions; and ensure Site integrity and security.
• Managing business relationships: To maintain relationships with prospects,customers, suppliers, partners, and employees; support onboarding, accountmanagement, invoicing, dispute resolution, and other routine business operations.
• Marketing and communications: To send marketing communications, newsletters, promotional materials, event invitations, product updates, and other messages about G10X products and services. These communications may be tailored based on your interests, preferences, job role, business profile, or region. Consent is obtained where required by applicable law. You may unsubscribe or opt out at any time.
• Analytics, research, and service improvement: To analyse Site usage, understand user behaviour, measure performance of communications and advertising, personalise user experiences, conduct research, and develop and enhance our services. Consent is obtained where required for analytics cookies or similar technologies.
• Recruitment and talent management: For job applicants using our Career Center, to process applications, assess suitability, arrange interviews, and manage recruitment activities, as described in this Policy.
• Fraud prevention, security, and legal compliance: To protect G10X, ouraffiliates, users, customers, and partners; detect, prevent, and investigate fraud, misuse, security incidents, and other unlawful activities; and comply with legal, regulatory, tax, audit, and law-enforcement requirements.
• Service personalisation and preferences: To tailor content, language, settings, or recommendations based on your preferences or interactions, improving your experience across our digital services.
• Information from third-party sources: To supplement or verify information from public sources, professional and social media platforms, event partners, lead providers, or recruiters for recruitment, sales, marketing, and business development purposes. We use such information only where permitted by applicable law and in accordance with the privacy settings and permissions available on the relevant platform.
• Record-keeping and business operations: To maintain records for internal reporting, compliance, auditing, tax requirements, legal claims, and statutory retention obligations.

Where the processing involves cross-border transfers, we implement appropriate safeguards such as Standard Contractual Clauses or adequacy decisions in accordance with applicable law.

‍

Personal Data is processed only for the purposes described in this Policy and retained in accordance with the “Data Retention” section below.

‍

‍

Your personal information rights

‍

Depending on your location and the applicable privacy laws, you may have certain rights regarding your Personal Information. G10X respects and enables these rights and will respond to requests in accordance with applicable law. We maintain internal records of all data rights requests to ensure transparency and compliance. Requests will be handled within the time frames described in the response timelines in this section.

‍

‍

Right to know

‍

You may request information about our data practices, including the categories of Personal Information we collect, the purposes of collection, the sources from which the data was obtained, the categories of recipients with whom we share the data, and the period for which the data is retained. Residents of certain jurisdictions (such as California) may request information about how their Personal Information has been used or disclosed in the preceding twelve (12)months.

‍

Right to access

‍

You may request access to the Personal Information we hold about you. Where we act as a data controller (or “data fiduciary” under India’s DPDP Act), we will provide a copy of your Personal Information in a commonly used format, subject to lawful restrictions.

‍

Right to correction

‍

You may request that inaccurate, incomplete or outdated Personal Information be corrected or updated. G10X will take reasonable steps to ensure the accuracy of Personal Information and will update records as required.

‍

Right to erasure

‍

You may request the deletion of Personal Information that is no longer necessary, that has been collected unlawfully, or where you have withdrawn consent (where consent was the legal basis). We will honour such requests except where retention is required for legal, regulatory, contractual, security, fraud-prevention or other legitimate business purposes.

‍

Right to withdraw consent

‍

Where we rely on your consent to process Personal Information (e.g., certain marketing or optional data collection), you may withdraw your consent at any time. Withdrawal of consent does not affect the legality of prior processing.

‍

Right to object or opt out

‍

Where permitted by law,you may object to processing based on G10X’s legitimate interests, including certain types of profiling or direct marketing. Residents of certain jurisdictions (e.g., California) may have the right to opt out of the “sale” or “sharing” of Personal Information for targeted advertising purposes.

‍

Right to restrict processing

‍

In some jurisdictions,you may request that we restrict the processing of your Personal Information for example, while verifying its accuracy, or where you have objected to processing.

‍

Right to data portability

‍

Where applicable, you may request a structured, commonly used and machine-readable copy of certain Personal Information and, where feasible, request that we transmit it to another organisation.

‍

Rights relating to automated decision-making and profiling

‍

Where our processing involves automated decision-making that has legal or similarly significant effects, you may have the right to request human review, to express your point of view, and to contest the decision (subject to local law).

‍

Right to lodge a complaint

‍

You may lodge a complaint with a supervisory authority, regulatory body or data protection authority in your region if you believe your rights have been violated. G10X encourages you to contact us first so that we may address your concerns directly. We handle privacy-related complaints and grievances in a timely, structured and transparent manner, including acknowledging receipt, reviewing the matter, and providing a response within the time frames required by applicable law. We will keep you informed of the outcome of your complaint and, where appropriate, provide updates on progress.

‍

We will acknowledge and respond to requests to exercise your data protection rights within the time frames required by applicable law. In most cases, this means:

• Acknowledgement: We will acknowledge receipt of your request within a reasonable period after submission.
• Substantive response: We will respond within one month of receiving a verifiable request. This period may be extended by up to two additional months where the request is complex or multiple requests are submitted, in which case we will inform you of the extension and the reasons for it.

Where no specific statutory response period applies, we will respond within a reasonable period, taking into account the nature of the request and our legal obligations.

‍

If we are unable to fulfil a request in whole or in part, we will explain the reasons for our decision, subject to applicable law.

‍

Data subjects may request the erasure of inaccurate or unnecessary Personal Data, subject to applicable legal, regulatory or contractual retention obligations, as described in the“Data Retention” section of this Policy.
‍

We will acknowledge and respond to requests to exercise your data protection rights within the time frames required by applicable law. Where laws such as the EU or UK data protection laws apply, this generally means we will provide a substantive response within one month of receiving a verifiable request, which may be extended by up to two further months where the request is complex or numerous. If an extension is required, we will inform you of the extension and the reasons for it in accordance with applicable law.

‍

‍

Data use

‍

We use Personal Information only for the purposes for which it was collected or provided to us, as described in this Policy or otherwise made clear at the point of collection.

‍

In addition to the uses outlined in the Data Processing and Use of Information section, G10X may use Personal Information for the following purposes:

• To operate, maintain and manage the Site; communicate with you about your use of the Site; process requests for information; provide support; and complete transactions or services you request or authorise.
• To tailor and personalise your experience on the Site, including by displaying content, recommendations, or features that are relevant to your interests, preferences, location or prior interactions with G10X.
• To contact you about G10X products, services, events and updates and to provide promotional materials or offers. These communications may be delivered via email, postal mail, online channels, social media, SMS, or other methods, and may be tailored based on your interests, business profile, or region. Where required by applicable law, we will send electronic marketing communications to you only with your consent. In other cases, and to the extent permitted by applicable law, we may rely on our legitimate interests to contact you about G10X products, services, events, or updates. You may opt out of receiving marketing communications from us at any time by following the unsubscribe instructions in the communication or by contacting us using the details provided in this Privacy Policy. Please note that opting out of marketing communications will not affect service-related or non-marketing messages that are necessary for the performance of a contract with you, the operation of our services, or ongoing transactions you have requested (such as important transactional, service, or security notices). It may take a short period of time for your opt-out request to be fully processed, and you may continue to receive marketing communications during this period. G10X does not:(i) sell Personal Information to third parties; (ii) use Personal Information to advertise, promote, or market third-party products or services; or (iii)license or publish Personal Information for commercial purposes.
• To support G10X’s internal operations, including conducting audits, analysing data,improving our Site and services, developing new offerings, enhancing user experience, assessing the performance of advertisements, optimising marketing campaigns, identifying usage trends, and supporting corporate governance,compliance reporting, and strategic planning.
• To protect the rights, property, operations, and safety of G10X, our affiliates, users, customers, and partners, including detecting, investigating, and helping prevent fraud, misuse, security incidents, or other harmful or unlawful activity.
• To comply with applicable laws, regulations, legal obligations, enforcement requests, and government communications, and to respond to court orders, subpoenas, or other lawful processes.

‍

Sensitive information and unintended submissions

‍

This Site, including its contact forms and Careers pages, is not intended to collect sensitive or special categories of personal data unless expressly requested. We ask that you do not submit sensitive information through the Site, including but not limited to information relating to health or medical conditions, biometric or genetic data, racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, criminal history, government-issued identification numbers, financial account information, or precise location data.

‍

Where you voluntarily or inadvertently submit sensitive information through the Site (including through general enquiry forms or job application materials), G10X will process such information only to the extent reasonably necessary to address the purpose for which it was submitted or to comply with applicable legal obligations. We will apply appropriate safeguards to protect such information and, where it is not required or permitted to be retained, will take reasonable steps to restrict access, delete or anonymise it in accordance with applicable law and our internal data handling practices.

‍

Submission of sensitive information through general website forms or application materials is at your discretion, and G10X cannot guarantee that such forms are suitable for the collection of sensitive personal data.

‍

Applicant data security and confidentiality

‍

When you use our Career Center or submit a job application through the Site, we collect and process the Applicant Data described in the Data Collection section of this Privacy Policy. This may include your name, contact details, CV or résumé, education and qualifications, employment history, skills, certifications, cover letters, portfolio materials, and any other documents or information you choose to upload or provide as part of the recruitment process.

‍

We use Applicant Data to: (i) assess your suitability for current or future roles; (ii) manage and administer the recruitment and selection process; (iii) communicate with you about your application; (iv) schedule interviews, evaluations and assessments; (v) conduct reference or background checks where legally permitted; and (vi) comply with applicable legal, regulatory and corporate governance requirements.

‍

G10X uses strict organisational, technical and administrative safeguards to protect Applicant Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. This includes encrypted transmission of files, secure storage environments, role-based access controls, monitoring tools, and other measures described in the Data Security section of this Privacy Policy. Access to Applicant Data is limited to authorised HR personnel, recruitment teams and hiring managers involved in evaluating your application, all of whom are bound by confidentiality and data protection obligations.

‍

We do not sell, rent or share Applicant Data with third parties for their own independent purposes. Applicant Data may be shared only with trusted third-party service providers who support our recruitment process (such as applicant tracking systems, assessment partners or background verification providers) and only under strict contractual obligations requiring them to process the data on our instructions and maintain appropriate security measures.

‍

Your CV, documents and other Applicant Data are retained only for as long as necessary to fulfil the recruitment purposes described above or as required by applicable law. If you are not selected, we may retain your information for a limited period, typically not exceeding 12 months, unless a longer retention period is required or permitted by applicable law, from the date of the recruitment decision, to consider you for future opportunities, unless you request deletion or applicable laws require otherwise.

‍

If you believe your Applicant Data has been handled improperly, or if you wish to exercise your data protection rights (including access, correction or deletion) with respect to your recruitment information, you may contact our Data Protection Officer at privacy.compliance@g10x.com.

‍

‍

Basis for processing personal data

‍

Certain privacy laws, including those in the European Economic Area (EEA), United Kingdom, Switzerland, Singapore, India, the United Arab Emirates, and other jurisdictions, require us to identify the legal bases on which we process Personal Data.

‍

G10X relies on one or more of the following legal bases, depending on the processing activity and applicable law:

‍

Consent: We may process Personal Data where you have provided clear and affirmative consent for a specific purpose. Consent may be obtained at the point of data collection or through your voluntary submission of information. You may withdraw your consent at any time, where permitted by law, without affecting the lawfulness of processing carried out prior to withdrawal.

‍

Performance of a Contract or Pre-Contractual Steps: We may process Personal Data when necessary to enter into or perform a contract with you or your organisation, or to take steps at your request prior to entering into such a contract (e.g., responding to enquiries, processing orders, or providing services).

‍

Legitimate Interests: We may process Personal Data where it is necessary for our legitimate business interests and where those interests are not overridden by your interests, fundamental rights, or freedoms. These legitimate interests may include: (i) operating, securing, and improving our Site, platforms, and services; (ii) managing our business relationships; (iii) communicating with users; (iv) optimising user experience and internal operations; and (v) preventing fraud, misuse, and security incidents. Where required, we will explain our specific legitimate interests at the time of collection.

‍

Compliance with Legal Obligations: We may process Personal Data where necessary to comply with laws, regulations, legal processes, tax obligations, employment obligations, record-keeping requirements, or lawful requests from authorities.

‍

Protection of Vital Interests: We may process Personal Data where necessary to protect the vital interests of you or another individual, for example, in emergency situations or matters relating to health and safety.

‍

Public Interest (where applicable): In limited circumstances, and only where permitted by law, we may process Personal Data to perform a task carried out in the public interest.

‍

We do not routinely collect sensitive or special categories of Personal Data through this Site. If such processing becomes necessary, we will only do so under one or more of the following conditions: (i) explicit consent: you have clearly and expressly agreed to the processing; (ii) legal claims: the processing is necessary for the establishment, exercise, or defence of legal claims; (iii) data made public by you: you have manifestly made the data public; or (iv) other lawful bases permitted under applicable local laws.

‍

If you have questions or concerns about the legal basis upon which we collect and use your Personal Data, you can contact us at privacy.compliance@g10x.com.

‍

‍

Disclosure of personal data

‍

In connection with the purposes described in this Policy, G10X may disclose Personal Data to the following categories of recipients:

‍

Other entities within the G10X group of companies; Third parties that provide services to us, such as system hosting, management, and support; data analysis; facilitation of advertisements; data backup; and data security and storage services. These service providers are bound by contractual obligations to process Personal Data only on G10X’s instructions and to implement appropriate security measures.

‍

Relevant third parties as part of a corporate transaction, such as a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with a bankruptcy or similar proceeding). Such third parties may receive Personal Data as part of the transaction process, subject to appropriate confidentiality and legal safeguards.

‍

Competent governmental and public authorities, in each case to comply with legal or regulatory obligations or requests; and Other third parties as we believe necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to enforce our terms and conditions; (d) to protect our operations and those of any of our affiliates; (e) to protect our rights, privacy, safety, or property, and/or those of our affiliates, you, or others; and (f) to allow us to pursue available remedies or limit damages that we may sustain.

‍

In addition, this Site may contain content and plugins from social media platforms, like Facebook (“Like” button), Twitter (“Share to Twitter”), LinkedIn, and others. These plugins allow you to share information from this Site to your timeline or account. When you connect to these services, the third parties may store and/or access data (including through the use of cookies and other similar technologies) over which we do not have control. If you are logged into one of your social media accounts while visiting a webpage on this Site that contains a social media plugin, the social media plugin may allow the relevant social media platform to receive information that you visited this Site and link it to your social media account. We do not control these third-party platforms, and information collected is governed by the privacy statement of the third party that provides the relevant platform. We encourage you to review these platforms’ privacy statements for more information.

‍

The disclosures described in this section may result in the transfer of your data to countries or regions with data protection laws that differ from those in your country of residence. By providing us with your data and using this Site, you are acknowledging that your data may be transferred to countries outside of your country of residence.

‍

In cases where your data is transferred outside of your country of residence, we take steps to ensure that appropriate safeguards are in place to protect such data. Based on your presence of jurisdiction the safeguards may include a data transfer agreement with the data recipient based on standard contractual clauses or such other mechanism as is approved by the relevant jurisdiction for transfers of personal data to third countries. The UK International Data Transfer Addendum, the UK International Data Transfer Agreement, or other mechanisms approved by the UK Government. The Swiss Addendum or other mechanisms recognised under Swiss data protection law. Additional contractual, organisational and technical measures required by relevant authorities or recommended through transfer impact assessments; and other legally recognised transfer mechanisms permitted under the laws applicable to your jurisdiction. These safeguards are implemented whenever we transfer Personal Data from the EEA, UK or Switzerland to a country that has not been formally recognised as providing an adequate level of protection for Personal Data. For further details relating to the transfers described above and the adequate safeguards used with respect to such transfers, please contact us at privacy.compliance@g10x.com.

‍

To re-iterate, we don't share your Personal Information without your prior consent, except when legally required. For projects, data may be transferred internationally based on customer needs. If legally obligated to share, we ensure third parties protect your data. G10X does not sell Personal Data, and we do not allow third parties to use Personal Data for their own independent marketing purposes without your consent. We disclose Personal Data only as described in this clause or as required or permitted by law.

‍

For residents of certain U.S. states such as California, Virginia, Colorado, Connecticut, and Utah additional rights and disclosures apply under applicable state privacy laws. These laws may require us to explain whether we “sell” or “share” Personal Information or engage in “targeted advertising” (also known as cross-context behavioural advertising). G10X does not sell Personal Information for monetary consideration. However, under some state privacy laws, our use of third-party analytics tools, advertising technologies, cookies or similar tracking technologies may be considered “sharing” or “processing for targeted advertising.” Where these laws apply, residents of such states may have additional rights, including the right to: (i) opt out of the sale or sharing of Personal Information; (ii) opt out of targeted advertising or certain types of automated decision-making; (iii) request information about the categories of Personal Information we have disclosed to third parties; (iv) request access, deletion, correction or portability of their Personal Information; and (v) appeal a decision if a privacy request is denied. Where these laws require it, we provide a ‘Do Not Sell or Share My Personal Information’ or equivalent link and honour valid browser‑based opt‑out signals, such as Global Privacy Control, for targeted advertising and ‘sharing’.

‍

‍

Cookies and other internet technology

‍

This Site uses cookies (small text files placed on your device) and similar technologies such as pixels, tags, clear GIFs, SDKs and JavaScript—including technologies provided by third-party service providers—to enable certain features and functionality, support security, and collect information that helps us improve the Site and our services. We may use session cookies, which expire when you close your browser, and persistent cookies, which remain on your device until you delete them or they expire.

We use these technologies for purposes including: (i) ensuring the technical functionality, security and accessibility of the Site; (ii) helping you navigate the Site, remember your preferences and enhance your overall user experience; (iii) analysing how visitors use the Site such as pages visited, time spent, errors encountered and interaction patterns—to improve performance and usability; and (iv) tailoring content and, in some regions, measuring or delivering online advertising or understanding interactions with our communications.

This Site uses the CookieYes Consent Management Platform to provide you with clear choices regarding the use of cookies. The cookies used on this Site fall into the following categories:

• Necessary (Always Active): Essential for core site functionality such as secure login, accessibility, and managing consent preferences. These cookies do not store personally identifiable information and cannot be disabled.
• Functional: Enable enhanced functionalities such as social media sharing, third-party integrations, and collection of user feedback.
• Analytics: Help us understand how visitors interact with the Site by providing information on metrics such as visitor numbers, bounce rate and traffic sources.
• Performance: Allow us to measure and analyse key performance indicators to improve the user experience.
• Advertisement: Used to deliver personalised advertisements based on your browsing behaviour and analyse the effectiveness of advertising campaigns.
  

Where required by applicable law (for example, in the European Economic Area, United Kingdom, and other jurisdictions with consent requirements), we obtain your consent before placing non-essential cookies such as functional, analytics, performance or advertising cookies on your device. You can manage or change your cookie preferences at any time through the CookieYes consent banner, the site’s cookie settings tool (where available), or your browser settings.

If you disable or decline certain cookies, some features of the Site may not function properly. Most browsers allow you to refuse, accept or delete cookies through their settings. For more information about cookies generally, you may visit: https://www.allaboutcookies.org.

For details about specific cookies used on this Site, including their purpose and retention period, please refer to our Cookie Policy or the cookie details displayed within the CookieYes banner.

Some cookies and similar technologies used on the Site may be provided by third parties, such as analytics providers, advertising networks or social media platforms, which may collect information about your online activities across different websites in accordance with their own privacy notices.

Depending on your location, you may have additional rights or choices regarding cookies and similar technologies, as described in the Regional Supplements section of this Privacy Policy. The Site does not currently respond to “Do Not Track” or similar browser signals; however, you may manage your cookie preferences using the CookieYes consent banner, site settings tools, or your browser controls.

‍

‍

Third-party websites and social media

‍

This Policy does not apply to, and G10X is not responsible for, the privacy, information handling or security practices of any third parties, including those that operate websites, applications, products or services that may link to, integrate with, or be accessible from this Site, or that host social media plugins or tools used on this Site. The inclusion of any link, integration or feature on the Site does not constitute an endorsement by G10X of the content, policies or practices of such third parties.

Your interactions with third-party websites, social media platforms, applications, plugins or tools (including features such as “share,” “like,” login integrations or embedded content) are governed by the privacy statements and terms of those third-parties. These third parties may independently collect information about you through cookies, pixels, SDKs or similar technologies, including when you are logged into their services while interacting with our Site. G10X does not control how these third parties collect, use or share your data, and their data practices are governed solely by their own privacy policies.

We encourage you to review the privacy statements, settings and controls of each third-party service you use to understand their data collection practices and your available choices. To the extent permitted by applicable law, G10X disclaims responsibility for the actions, omissions or practices of such third-parties.

‍

‍

Data security

‍

We use reasonable organisational, technical and administrative measures to protect Personal Data under our control against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures are designed to safeguard Personal Data throughout its lifecycle and include, as appropriate: (i) firewalls and network security controls; (ii) encryption of data in transit and at rest; (iii) VPN/VDI-based secure remote access; (iv) email and endpoint security tools; (v) role-based access controls and authentication measures; (vi) Data Loss Prevention (DLP) monitoring; (vii) data masking and pseudonymisation where applicable; (viii) periodic backup and data restoration procedures; (ix) Security Information and Event Management (SIEM) systems for monitoring and detection; (x) secure development and change-management processes; and (xi) periodic review and testing of our security controls.

Staff members who handle Personal Data receive training on privacy, information security and data protection obligations, and are required to follow G10X’s internal policies and procedures.

We conduct Data Privacy Impact Assessments (or similar risk assessments) where required by law or where processing activities may result in higher privacy risks, and we implement appropriate controls based on the outcome of those assessments.

While we take reasonable steps to protect Personal Data, no data storage system or transmission of data over the internet can be guaranteed to be 100% secure. If you believe that the security of data, we hold about you has been compromised, please notify us immediately using the contact details provided in the Contact Us section of this Policy.

‍

‍

Exercising your rights

‍

You have choices regarding how your Personal Data is collected, used and processed, and G10X is committed to enabling these rights in accordance with applicable privacy and data protection laws. Depending on your country or U.S. state of residence, you may have some or all of the following rights: (i) Right to Know / Confirmation: to request confirmation as to whether we process your Personal Data and to obtain information about our data practices. (ii) Right of Access: to request a copy of the Personal Data we hold about you. (iii) Right to Correction / Rectification: to request that we update, correct or complete inaccurate or incomplete Personal Data. (iv) Right to Deletion / Erasure: to request that we delete your Personal Data, subject to legal or contractual exceptions. (v) Right to Restrict or Limit Processing: to request that we restrict or limit the way in which we process your Personal Data, for example while accuracy or legal grounds are being verified. (vi) Right to Object: to object to certain processing activities, including processing based on legitimate interests or to opt out of direct marketing. (vii) Right to Withdraw Consent: where we process Personal Data based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing. (viii) Right to Data Portability: to request a structured, commonly used and machine-readable copy of certain Personal Data and, where technically feasible, request that we transmit it to another organisation. (ix) Additional U.S. State Rights: in certain jurisdictions (such as California, Virginia, Colorado, Connecticut and others), you may also have the right to opt out of the “sale” or “sharing” of Personal Information, targeted advertising, or certain types of automated decision-making. Details are provided in our U.S. regional supplement clause below.

You may exercise these rights by contacting the G10X Data Privacy Officer at: privacy.compliance@g10x.com or by following any instructions provided within our communications (for example, clicking “unsubscribe” in marketing emails).

We may need to verify your identity before responding to your request to help ensure the security of Personal Data. Verification may include matching the information you provide in your request with information we already maintain. If we are unable to verify your identity or authority, we will inform you.

We will not discriminate against you for exercising any of your rights under applicable law. This includes refusing to provide goods or services, charging different prices, or providing a different level or quality of service. If you have concerns, grievances or questions regarding our data handling practices, data breaches or potential violations of this Policy, you may contact our Data Privacy Officer at the email address above. We will review your request or concern and respond within the timelines required by applicable law.\

As we want to avoid taking action regarding your Personal Data at the direction of someone other than you, only you or an Authorized Agent permitted by law to act on your behalf may submit a request. An “Authorized Agent” means a natural person or a business entity you have authorized to act on your behalf by providing your written permission. Please note, we may deny a request from an Authorized Agent if they do not submit proof that they have been authorized by you to act on your behalf.

Your request must: Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an Authorized Agent; and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data we maintain relates to you. To verify your identity, we will seek to match any personal data you provide when you (or an Authorized Agent) submit your request to any personal data we already maintain. If we are unable to verify your identity based on the data we maintain, we will let you know.

‍

‍

Unsubscribing from marketing communications

‍

If you no longer wish to receive newsletters, promotional emails or other marketing communications from G10X, you may unsubscribe at any time by clicking the “unsubscribe” link included in those communications or by contacting us using the details provided in this Policy. Once you unsubscribe, we will stop sending you marketing communications. However, we may still contact you for transactional, service-related or administrative purposes, such as information relating to services you have requested, account notices, security updates or other essential communications.

‍

‍

Automated decision-making and profiling

‍

We do not use Personal Data collected through this Site to make decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on you. If we introduce such processing in the future, we will notify you separately and provide all information, safeguards and rights required under applicable law.

We may use certain information, such as your role, industry, location, or interaction history with G10X, to segment our audience, improve user experience, and tailor or personalise our marketing communications. This type of segmentation does not have legal or similarly significant effects. You may object to this processing or opt out of marketing at any time by following the instructions provided in our communications or by contacting us through the details provided in this Policy.

‍

‍

Do Not Track signals

‍

Some web browsers offer a “Do Not Track” (“DNT”) setting or similar technologies that allow you to signal your preference not to have online activity tracked across websites. At this time, this Site does not respond to DNT signals or similar browser-based mechanisms, because there is currently no consistent industry standard for how such signals should be interpreted.

While we do not act on DNT signals, users can manage tracking technologies and cookie preferences through the methods described in the Cookies and Other Internet Technologies section of this Policy, including: (i) granting or withdrawing consent for non-essential cookies (where required by law); (ii) using browser settings to block or delete cookies; and (iii) opting out of certain analytics or advertising cookies as described in our Cookie Policy.

Residents of certain U.S. states (such as California, Colorado and Connecticut) may have additional rights to opt out of “sharing” or “targeted advertising” under applicable law. These options are described in the U.S. State Privacy Supplement.

‍

Data retention

‍

G10X retains Personal Data for as long as necessary to fulfil the purposes for which it was collected, as outlined in this Policy, unless a longer retention period is required or permitted by applicable law. Retention periods may vary depending on the nature of the data, the context in which it was collected, legal obligations, and operational needs. In determining how long to keep Personal Data, we consider factors including: (i) the purpose for which the data was collected and whether that purpose has been fulfilled; (ii) the type and sensitivity of the data; (iii) legal, regulatory, tax, accounting or reporting obligations that require longer retention; (iv) the need to maintain appropriate business and administrative records; (v) ongoing or potential legal claims, audits, investigations or disputes; (vi) contractual obligations with customers, partners or service providers; and (vii) applicable statutory limitation periods. Where Personal Data is no longer required, we will take reasonable steps to delete, anonymise or securely destroy it in accordance with applicable laws and G10X’s internal data retention schedules.

If you have questions about specific retention periods for particular categories of Personal Data, you may contact us using the details provided in the Contact Us section of this Policy.

‍

‍

Data Protection Officer

‍

G10X has appointed a Data Protection Officer (DPO) to oversee our compliance with applicable data protection and privacy laws, and to act as a point of contact for individuals and regulators regarding the handling of Personal Data.

‍

The DPO’s responsibilities include:

• Compliance Oversight: Monitoring G10X’s compliance with applicable data protection laws, including GDPR/UK-GDPR, Swiss FADP, Singapore PDPA, India’s DPDP Act, UAE PDPL, and relevant U.S. state privacy laws.
• Policies and Governance: Developing, implementing and reviewing G10X’s data protection policies, procedures and internal governance frameworks.
• Training and Awareness: Conducting regular employee training and raising awareness on privacy, data protection obligations and safe data-handling practices.
• Individual Rights Requests: Facilitating the exercise of individual rights (such as access, correction, deletion, restriction, objection, portability and withdrawal of consent) and ensuring appropriate and timely responses.
• Breach Management: Overseeing G10X’s response to actual or suspected data breaches, including investigation, mitigation, documentation and, where required by law, notification to affected individuals and supervisory authorities.
• Regulatory Liaison: Serving as the primary contact point for data protection authorities and managing regulatory communications, audits or investigations.
• Risk Assessment and DPIAs: Advising on and monitoring data protection impact assessments (DPIAs), privacy risk assessments and new processing activities involving Personal Data.
• Vendor and Third-Party Oversight: Reviewing and advising on data protection measures in contracts with vendors, service providers and partners to ensure appropriate safeguards are in place.
• Record-Keeping and Reporting: Maintaining records of G10X’s processing activities and providing regular reports on privacy risks and compliance to senior management.
• Continuous Improvement: Monitoring legal developments and best practices to ensure G10X’s privacy program remains current, effective and aligned with regulatory expectations.

For any questions, concerns, or to exercise your data protection rights, you may contact the G10X Data Protection Officer at: privacy.compliance@g10x.com.

‍

‍

Use of this Site by minors

‍

Our Site is not intended for use by individuals under the age of 16 (or the minimum age of digital consent required by local law in your jurisdiction, but never below 13). We do not knowingly collect personal information from minors below these ages.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy.compliance@g10x.com. We will take reasonable steps to delete such information in accordance with applicable laws.

Where applicable laws require parental or guardian consent for the collection, use, or disclosure of personal information of minors (such as COPPA in the United States for children under 13), we implement procedures to obtain verifiable consent before collecting or processing such personal data. We also take appropriate measures to protect children’s data and do not use it for marketing or profiling purposes without consent. Information and communication relating to our collection and use of children’s personal data are provided in a clear and accessible manner to parents and guardians. For more information about your rights or how we handle children’s personal data, you may contact our Data Protection Officer at privacy.compliance@g10x.com.

‍

‍

Regional supplements

‍

Additional terms may apply depending on where you are located. These Regional Supplements form part of this Policy.

European Economic Area (EEA), United Kingdom and Switzerland (GDPR / UK GDPR / FADP): If you are located in the EEA, UK or Switzerland, you have the rights described in the Exercising Your Rights section of this Policy, as well as the right to lodge a complaint with your local data protection authority. Where we rely on legitimate interests as a legal basis for processing, such interests may include: operating, maintaining and improving the Site and our services; communicating with users and customers; ensuring network and information security; preventing fraud and misuse; and protecting our rights and interests. Where processing is based on your consent, including for certain cookies or electronic marketing, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

U.S. State Privacy Supplement (Including California): If you are a resident of California or another U.S. state with comprehensive privacy laws, you may have additional rights regarding your Personal Information, including the rights to know, access, delete, correct, port your information, opt out of certain disclosures, and, where applicable, limit the use or disclosure of sensitive Personal Information. G10X does not sell Personal Information in exchange for monetary consideration. However, certain activities such as the use of analytics or advertising technologies may be considered “sharing” Personal Information for cross-context behavioural advertising under state laws such as the California Consumer Privacy Act (as amended by the CPRA). Where such laws apply, we will provide appropriate notice and a mechanism to opt out, including through a “Do Not Sell or Share My Personal Information” link and by recognising valid opt-out preference signals where required. Further details are provided in our U.S. State Privacy Supplement, which forms part of this Policy.

Singapore (PDPA): If you are located in Singapore, we collect, use and disclose your personal data for the purposes described in this Policy and will obtain your consent where required under the Personal Data Protection Act, 2012 (PDPA), or rely on other lawful grounds permitted by the PDPA. You may request access to and correction of your Personal Data, and may withdraw your consent at any time, subject to applicable exceptions under the PDPA. Withdrawal of consent may affect our ability to provide services to you.

India (Digital Personal Data Protection Act, 2023): If you are located in India, we will process your Personal Data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) once in force. This includes providing notice describing the categories of Personal Data and the purposes of processing, and obtaining your consent where required, or relying on other lawful grounds permitted under the DPDPA. You may have rights to access, correct and erase your Personal Data, as well as the right to seek grievance redressal through our designated Data Protection Officer. Certain obligations and rights may vary depending on when implementing rules under the DPDPA come into effect.

United Arab Emirates (UAE, Including Free Zones): If you are located in the UAE, including jurisdictions with their own data protection regulations such as the DIFC or ADGM, we will process your Personal Data in accordance with applicable UAE data protection laws. You may have rights similar to those described in the Exercising Your Rights section of this Policy, subject to the specific requirements of the relevant UAE jurisdiction. You may contact us for additional information regarding your rights under UAE data protection laws.

For all other countries not specifically listed above, G10X will handle Personal Data in accordance with applicable local laws and the principles described in this Policy and will honour any rights or obligations provided under those local regulations.

‍

Updates to this Policy

‍

We may update or modify this Policy from time to time to reflect changes in our practices, technologies, legal requirements or other operational needs. The “Effective Date” at the top of this page indicates when this Policy was last revised. Any changes will become effective when the updated Policy is posted on this Site. Your continued use of this Site after the revised Policy has been posted signifies that you acknowledge and accept the updated terms. We encourage you to review this Policy periodically to stay informed about how we handle and protect your Personal Data.

‍

‍

Governing terms

‍

Nothing in this Privacy Policy is intended to, or shall be interpreted to, modify the terms of any agreement between you and G10X, including our Website Terms of Use (the “Terms”). All issues relating to liability, disclaimers, indemnities, governing law and dispute resolution concerning your use of this Site are governed by the Terms, which shall prevail in the event of any inconsistency between this Privacy Policy and the Terms, except where applicable law expressly provides otherwise.

This Privacy Policy is for informational purposes only and does not create any additional contractual rights, warranties or obligations on the part of G10X beyond those required under applicable law or expressly set out in the Terms or in a separate written agreement with you.

‍

‍

Contact us

‍

If you have any comments or questions about this Policy or our data handling practices, or if you wish to exercise any of your data protection rights, you may contact us using the email ID privacy.compliance@g10x.com.