Privacy Policy
Last revised: June 2026
GM Data Centers AG ("we", "Green Mining") is the data controller under GDPR (EU 2016/679) and the Swiss Federal Act on Data Protection (nFADP). This Privacy Policy describes how we collect, process, and protect personal data via greenmining.io and our investment platform (Greenpact).
1. Data Controller
GM Data Centers AG
Dammstrasse 16, 6300 Zug, Switzerland
Email: [email protected]
2. Data We Collect
We collect the following personal data:
Identity data: Name, address, email, phone number, date of birth, nationality, government-issued ID (passport, national ID, driver's license).
Financial data: Source of investment funds, relevant financial documents for KYC/AML purposes.
Technical data: IP address (anonymized in Google Analytics; for server-side processing and browser-embedded third-party services the full IP address is transmitted by technical necessity, see sections 4 and 4a), browser type, operating system, page visits, clickstream data.
Communication data: Messages, survey responses, meeting notes.
3. Purposes of Processing
We process your data for the following purposes:
• Fulfillment of contractual relationships and provision of our services
• KYC, AML, and anti-terrorist financing compliance
• Fraud prevention and risk management
• Analysis of website usage and improvement of our offerings
• Sending investor updates and newsletters (with explicit consent only)
• Compliance with legal retention obligations
4. Data Sharing
Your data is not sold. Sharing occurs only with:
• Affiliated companies (within the corporate group)
• Service providers under data processing agreements, in particular:
– Google LLC (Google Analytics 4, processor; US transfer under the EU-US Data Privacy Framework (DPF), Art. 45 GDPR)
– Peec AI GmbH, Berlin (AI search analytics, processor; processed within the EU, no third-country transfer)
– Resend Inc. (confirmation and transactional email; processes email address and name; US, EU-US Data Privacy Framework (DPF) plus Standard Contractual Clauses (SCC) in the DPA)
– ActiveCampaign Inc. (CRM and newsletter management; processes email address, name and, where provided, phone number; US, DPF (EU-US and Swiss-US) plus Standard Contractual Clauses in the DPA)
– Supabase Inc. (database for chatbot enquiries; processes name and email address; data stored in Switzerland, Zurich data centre (eu-central-2), so no third-country transfer for storage; provider Supabase Inc., US, any US support access under Standard Contractual Clauses in the DPA)
– Cloudflare, Inc. (hosting, content delivery, security and bot protection (Turnstile), and country detection; processes IP address and connection data; newsletter sign-ups log IP address and email address for proof of consent; US/global, DPF (EU-US, Swiss-US and UK))
– Shopify Inc. (operation of the merchandise shop and checkout; processes name, address, email and payment data for orders; transfer under Standard Contractual Clauses (SCC, incl. Swiss amendment))
• Authorities (where required by law)
• For German investors: Bitalo AG as a registered investment intermediary
4a. Browser-embedded third-party services
When you open certain pages, content is loaded directly from third parties by your browser. Your IP address is transmitted to the respective provider by technical necessity:
• Cloudflare Turnstile (bot protection in forms; Cloudflare, Inc., US; DPF)
• Google Calendar / appointment booking (booking investor calls; Google LLC, US, as processor under the Google Cloud Data Processing Addendum; US transfer under DPF; Google's privacy policy also applies)
• Shopify (product, price and cart data in the merchandise shop and product images via cdn.shopify.com; redirect to Shopify checkout)
• DocSend (access to the investor data room; Dropbox, Inc. / DocSend, US)
• Live BTC ticker (live network and market data on several investment and information pages (incl. "How it works", "Invest"); requests to mempool.space, Coinbase, Binance and CoinGecko; no personal data other than the IP address is transmitted)
The legal basis and any consent requirement for these third-party requests are currently under legal review (likely legitimate interest under Art. 6(1)(f) GDPR, where no prior consent is required).
5. Your Rights
You have the right to:
• Access your stored data
• Rectify inaccurate data
• Erase your data (where no legal retention obligation exists)
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time with future effect, as easily as it was given (e.g. via the cookie banner)
Note: Investor data cannot be fully deleted due to legal retention requirements (5 years).
6. Cookies & Analytics
We use technically necessary cookies and optional analytics cookies. You can manage your cookie preferences at any time via our cookie banner. We do not set third-party cookies without your explicit consent.
Google Analytics 4 (GA4), provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA4 is loaded only after your explicit consent (Google Consent Mode v2). IP addresses are anonymized. Legal basis: consent (Art. 6(1)(a) GDPR). US transfer: EU-US Data Privacy Framework (DPF). More: Google Privacy Policy.
AI search referral tracking: with your consent we record the hostname of the referring AI search engine (e.g. chatgpt.com), the current page and your language setting, processed via GA4, solely to analyze which AI search engines bring visitors to our site.
Consent record: your cookie choice is stored locally in your browser. For newsletter and e-book sign-ups we additionally log the consent version, a timestamp and your IP address as proof of the consent given (Art. 7(1) GDPR).
7. Retention Periods
Customer data is retained for 5 years after the end of the business relationship. Identity verification records are kept for 5 years from the date of creation. Technical log data is deleted after 90 days.
By processor: newsletter and CRM contact data (ActiveCampaign) is retained until consent is withdrawn or you unsubscribe; email delivery logs (Resend) per the provider's terms; server, security and edge logs including IP address (Cloudflare) are retained only short-term to prevent abuse.
8. Contact & Complaints
For data protection inquiries: [email protected]. For complaints, you may contact the Swiss Federal Data Protection and Information Commissioner (FDPIC).