Privacy Policy
How GSS Legal collects, uses, and protects your personal data. Last updated 1 January 2026.
1. Who we are
GSS Legal operates under the trading name Gofaizen & Sherle and provides regulatory, licensing, and legal consulting services to clients across the financial services, digital assets, and iGaming sectors. Our principal office is in Singapore, with operational presence in Lithuania, the UAE, and Malaysia.
References to "GSS Legal", "we", "us", or "our" in this policy refer to the GSS Legal group of entities. The data controller for your personal data is the GSS Legal entity that you engage with directly.
2. Data we collect
We collect and process the following categories of personal data:
- Identity data — full name, date of birth, passport or national ID number.
- Contact data — email address, telephone number, business address.
- Business data — company name, registration number, jurisdiction, ownership structure.
- KYC/AML data — source-of-funds documentation, beneficial ownership declarations, sanctions screening results.
- Usage data — IP address, browser type, pages visited, session duration, referral source.
- Communications data — emails, messages, and meeting notes exchanged in the course of an engagement.
3. How we use your data
We use personal data to: deliver licensing and regulatory services; conduct mandatory AML/KYC checks; comply with legal and regulatory obligations; respond to enquiries; improve our website and services; and send relevant updates where you have consented.
We do not sell, rent, or trade personal data to third parties for marketing purposes.
4. Legal basis for processing
We process personal data on one or more of the following legal bases: performance of a contract; compliance with a legal obligation; our legitimate interests (providing professional services, preventing fraud, maintaining security); or your explicit consent where required.
5. Retention
We retain personal data for as long as necessary to fulfil the purpose for which it was collected. AML and KYC records are retained for a minimum of five years from the end of a client relationship in accordance with applicable regulations. Website analytics data is retained for 26 months.
6. Your rights
Depending on your jurisdiction, you may have the right to: access your personal data; request correction or erasure; restrict or object to processing; withdraw consent; data portability; and lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at [email protected].
7. Cookies
We use essential, analytics, and preference cookies on this website. See our Cookie Policy for full details and opt-out options.
8. Third-party service providers
We share data only with trusted sub-processors who assist us in delivering services (e.g., cloud storage, email, video conferencing). All processors are bound by data processing agreements and are required to implement appropriate technical and organisational measures.
9. International transfers
Where personal data is transferred outside the EEA or Singapore, we rely on approved transfer mechanisms including Standard Contractual Clauses or adequacy decisions issued by the relevant supervisory authority.
10. Contact us
Questions about this policy or your personal data should be directed to our Data Protection Officer at [email protected] or by post to the registered office of the relevant GSS Legal entity.
We aim to respond to all requests within 30 days.
Tell us where
you want to
operate.
Forty-five minutes with a partner. Jurisdiction memo within seven days. No retainer required to start.
No retainer required.