Important Documentation

Terms & Conditions
Privacy Policy
Cookie Policy

Contact

contact@gildedgroupservices.com

Legal Documents

Privacy Policy

Last updated: 23/04/2026

Introduction

Gilded Group Services Ltd. (“we”, “us”, “our”) is committed to protecting the privacy and personal information of all individuals with whom we interact, including clients, users of our services, and visitors to our website (“you”, “your”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

By using our services or providing personal information to us, you agree to the practices described in this Privacy Policy.

Respect for Your Sphere of Privacy

We recognise that all individuals are entitled to a personal “sphere of privacy”. When we collect and process personal information, we do so in a manner that respects your dignity, autonomy, and fundamental rights. We limit collection to what is necessary and proportionate for the purposes described in this Privacy Policy or as otherwise communicated to you at the time of collection.

Personal Information We Collect

Depending on how you interact with us, we may collect:

  • Identification data (for example, name, identification number, company details).
  • Contact details (for example, email address, telephone number, postal address).
  • Transaction-related data (for example, payment references, transaction identifiers, limited payment information as necessary for our services).
  • Technical data (for example, IP address, device identifiers, log files, browser type).
  • Communication records (for example, emails, support requests, meeting notes).

We collect this information directly from you, from your organisation, from your use of our services, and in some cases from third parties (for example, our clients, service providers, or public sources), always in accordance with applicable law.

Consent Requirements

When required by applicable law, we obtain your prior, unequivocal, express, and valid consent before collecting or processing your personal information.

  • Such consent will be obtained in written form, either handwritten or electronic (including through electronic forms, digital signatures, or other verifiable electronic means).
  • Where consent is provided by a representative, we may request documentation to confirm the representative’s authority.
  • You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide certain services.

In other situations (for example, where processing is necessary to perform a contract with you, comply with a legal obligation, or pursue legitimate interests), we will rely on the lawful bases permitted by applicable data protection law.

Accuracy, Completeness, and Truthfulness of Data

Companies that maintain personal information about others in their databases must ensure that such information is:

  • Materially truthful
  • Complete and
  • Accurate

We take reasonable steps to keep personal information up to date and relevant to the purposes for which it is processed. This includes:

  • Data validation processes at the time of collection where appropriate.
  • Periodic reviews of key records.
  • Mechanisms for you to update or correct your information (see Section 5).

We also rely on you to help us keep your information accurate by informing us promptly of any changes.

Your Rights: Access, Rectification, and Objections

Data subjects must be given access to their personal information and are entitled to dispute erroneous or misleading information at any time.

Subject to applicable law and certain limitations, you have the right to:

  • Access: Request confirmation of whether we process your personal information and obtain a copy of such information.
  • Rectification: Request correction or updating of any personal information that is inaccurate, incomplete, or misleading.
  • Deletion or restriction: In certain circumstances, request the deletion or restriction of processing of your personal information.
  • Objection: Object to certain types of processing, including direct marketing.
  • Portability: Where applicable, request a copy of your personal information in a structured, commonly used, and machine-readable format.

To exercise your rights, please contact us using the details in Section 13. We may need to verify your identity before responding to your request.

How We Use Personal Information

We use personal information for purposes such as:

  • Providing, operating, and improving our payment-related services.
  • Managing our client and supplier relationships, including billing and contract management.
  • Ensuring the security and integrity of our systems, services, and data.
  • Meeting legal, regulatory, and compliance obligations (for example, anti-fraud, anti-money laundering, and reporting requirements).
  • Communicating with you about our services, events, and updates (where permitted and subject to your preferences).

We do not sell your personal information.

Transfers Within the Same Economic Interest Group and to Service Providers

The transfer of personal information from the person responsible for a database to a service supplier, technological intermediary, or entities in the same economic interest group is not considered a transfer of personal information requiring authorisation from the data subject, provided it complies with applicable law.

Accordingly:

  • We may share personal information with our affiliates within the same economic interest group for internal administrative and service-related purposes.
  • We may share personal information with service providers and technological intermediaries who process data on our behalf (for example, hosting providers, IT support, security services, professional advisors).

In all such cases:

  • We retain responsibility for the personal information.
  • We require such parties to process personal information solely on our instructions and in line with appropriate confidentiality, security, and data protection obligations.

If personal information is transferred to other third parties or across borders in ways that require additional safeguards or consents, we will comply with all applicable requirements and, where necessary, seek your consent.

Security Measures and Internal Protocols

Any company or individual using and/or managing personal information must take all necessary technical and organisational steps to guarantee that the information is kept in a secure environment.

We implement appropriate technical and organisational measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, including:

  • Encryption of data in transit and, where appropriate, at rest.
  • Role-based access controls and authentication procedures.
  • Segregation of environments and secure network architecture.
  • Regular security testing, monitoring, and vulnerability management.
  • Staff training on data protection and information security.

We also maintain an internal protocol (policies, procedures, and guidelines) describing:

  • How personal information is collected, stored, used, and retained.
  • How access is granted, reviewed, and revoked.
  • How incidents and breaches are detected, reported, and managed.

All employees and relevant contractors are required to follow these internal protocols.

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, regulation, or contractual obligations. When personal information is no longer needed, we take steps to delete, anonymise, or securely archive it in accordance with our internal protocols and legal requirements.

Personal Data Breaches and Notification

Any entity managing personal data must inform PRODHAB and affected data subjects about any breach of personal information (such as loss, destruction, or misplacement), within five business days after the time of the breach, in accordance with applicable law.

Where a personal data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, we will:

  • Assess the nature and impact of the incident.
  • Notify the relevant authority (including PRODHAB, where applicable) within the legally required time frame.
  • Notify affected data subjects within five business days after the breach, or within any shorter period required by law, providing clear information about:
    • The nature of the breach;
    • The types of data affected;
    • Possible consequences; and
    • The measures we have taken or will take to address the breach and mitigate harm.

We will also document all breaches and remedial actions as part of our internal protocol.

Children’s Data

Our services are not directed at children, and we do not knowingly collect personal information from children without appropriate consent, where required. If we become aware that we have collected personal information from a child inappropriately, we will take steps to delete such information as soon as reasonably practicable.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide appropriate notice (for example, by posting an updated version on our website and/or contacting you directly). Your continued use of our services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

Contact Details

If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of personal information, please contact us:

Gilded Group Services Ltd. contact@gildedgroupservices.com Province 01 San Jose, Canton 01 San Jose, Mata Redonda, Neighborhood Las Vegas, Blue, Building Of Two Floors, Diagonal To La Salle Highschool, Costa Rica Reg. No: 3-102-959974

If you are located in a jurisdiction where PRODHAB or another data protection authority is competent, you also have the right to lodge a complaint with that authority.