Privacy Policy
GR Reserve Privacy Policy
Last updated: June 30, 2025
Quick Summary
We respect your privacy. GR Reserve collects personal information to provide you with exceptional service, comply with precious-metals industry regulations, and protect against fraud. We never sell your personal data to third parties. You have control over your information and can opt out of marketing communications at any time.
Key Points:
- We collect information to process orders, verify identity (as required by law), and improve your experience.
- We use industry-leading security measures to protect your data.
- We comply with all applicable privacy laws (GDPR, CCPA, and precious-metals regulations).
- You can access, correct, or delete your personal information.
- We only share data with trusted service providers who help us serve you better.
About This Privacy Policy
Glines & Rhodes Inc. d/b/a GR Reserve (“GR Reserve,” “we,” “our,” or “us”) is committed to protecting the privacy of every visitor, customer, and wholesale partner who interacts with GRReserve.com (the “Site”) or our offline services. This Privacy Policy explains what Personal Data we collect, why we collect it, who receives it, and the rights you have over that information.
Our commitment: We will never willfully disclose individually identifiable information about our customers to any third party, except in the limited circumstances permitted by this Privacy Policy.
This Policy is drafted to satisfy:
- the EU/UK General Data Protection Regulation (GDPR)
- the California Consumer Privacy Act (CCPA/CPRA), Virginia CDPA, Colorado Privacy Act
- the U.S. Gramm-Leach-Bliley Act (GLBA) record-retention rules for precious-metals dealers
- the FinCEN/IRS Bank Secrecy Act “Know-Your-Customer” (KYC) requirements that apply to bullion transactions
If you are a resident of another jurisdiction, we will handle your data in a manner consistent with the principles set out below unless applicable law provides greater protections, in which case we will comply with that law.
Scope of this Policy
This Policy applies to:
- all Personal Data collected on the Site (including the WooCommerce storefront, knowledge-base articles, blog, and contact forms)
- orders placed by telephone, e-mail, trade-show, or other offline channel
- marketing platforms operated by us (e.g., Mailchimp and Twilio SMS)
- any physical documentation you provide to satisfy our AML/KYC obligations
This Policy does not apply to third-party websites that we merely link to or to Personal Data that is fully anonymized.
Key Definitions
Personal Data/Personal Information: Any information relating to an identified or identifiable natural person. This includes names, addresses, email addresses, phone numbers, payment information, and online identifiers.
Processing: Any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, transmission, alignment, combination, restriction, erasure, or destruction.
Controller: The entity (GR Reserve) that determines the purposes and means of processing personal data.
Processor: An entity that processes personal data on behalf of the controller (such as our payment processors or shipping companies).
Sensitive Personal Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.
Data Subject: The individual to whom personal data relates (you, our customer or website visitor).
Consent: Freely given, specific, informed, and unambiguous indication of your agreement to the processing of your personal data.
Third Party: Any natural or legal person, public authority, agency, or body other than you, GR Reserve, or our authorized processors.
Sale/Sell: The sharing, disclosing, or transferring of personal information to a third party for monetary or other valuable consideration.
Share/Sharing: The sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information to a third party for cross-context behavioral advertising.
What Personal Data We Collect
We collect personal information to provide you with exceptional service, comply with legal requirements, and enhance your shopping experience. Below are the categories of personal information we may collect:
Categories of Personal Information
Identifiers
Examples include real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s-license number, passport number, or other similar identifiers.
Financial Information
Examples include bank-account number, credit-card number, debit-card number, payment history, credit information, or other financial information.
Characteristics of Protected Classifications
Examples include age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, or veteran or military status.
Commercial Information
Products or services purchased, obtained, or considered; purchasing or consuming histories or tendencies; product preferences; and shopping behavior.
Internet or Electronic Network Activity
Browsing history, search history, information on your interaction with our website, application, or advertisements, device information, and technical data about your visits.
Geolocation Data
Physical-location information such as shipping and billing addresses and general location data derived from IP addresses.
Audio, Electronic, Visual, or Similar Information
Photographs for identity verification, customer-service call recordings, and security-camera footage at trade shows or events.
Professional or Employment-Related Information
Current or past job history, professional licenses, and business contact information (primarily for wholesale customers).
Education Information
Information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act.
Inferences and Profiles
Inferences drawn from any of the information identified above to create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sensitive Personal Data
Important: Sensitive Personal Data is collected only when required by law (e.g., for transactions over $10,000 cash or suspicious-activity reporting). We do not intentionally collect racial/ethnic origin, religious beliefs, education records, or biometric identifiers unless specifically required for legal compliance. If such information is provided inadvertently, it will be processed solely to fulfill your request and then deleted or redacted where feasible.
How We Collect Personal Data
We collect personal information through various methods to serve you better:
Directly from you:
- E-commerce checkout and account registration
- Wholesale application forms
- Customer-service calls and live chat
- Email communications and contact forms
- Identity-verification uploads for large transactions
- Trade-show interactions and in-person events
- Social-media messages and interactions
- Newsletter subscriptions and preference updates
Automatically through technology:
- Cookies, pixels, and similar tracking technologies
- Server logs recording website usage and performance
- Email open- and click-tracking
- Device and browser information
- IP address and general location data
From service providers and partners:
- Payment processors (PayPal, credit-card companies) for transaction status
- Shipping companies (FedEx, UPS) for delivery tracking
- Tax-calculation services for sales-tax determinations
- Fraud-prevention services for security screening
- Marketing platforms for campaign performance
From publicly available sources:
- Address verification through USPS and Google Maps
- IP-address screening against fraud databases
- Business information for wholesale-customer verification
- Public records for identity verification when required by law
From referrals and social interactions:
- Refer-a-friend program submissions
- Social-media plugin interactions (Facebook Like, Twitter Share)
- Customer reviews and testimonials
Why We Process Personal Data & How It Benefits You
To Provide Exceptional Service
- Process your orders quickly and accurately
- Ship products to your preferred address
- Handle returns and exchanges efficiently
- Provide customer support for your questions and concerns
- Maintain your account and order history for easy reordering
To Enhance Your Experience
- Personalize product recommendations based on your interests
- Remember your preferences for faster checkout
- Provide relevant content about products you might enjoy
- Offer exclusive deals on items in your areas of interest
- Improve website functionality based on usage patterns
To Protect You and Our Business
- Prevent fraud and unauthorized transactions
- Verify your identity for large transactions (as required by law)
- Secure your account against unauthorized access
- Detect suspicious activity that might indicate fraud
- Comply with anti-money-laundering regulations that protect the financial system
To Communicate Effectively
- Send order confirmations and shipping updates
- Provide important account and security notifications
- Share product updates and new releases you’ve requested
- Respond to your inquiries promptly and accurately
- Gather feedback to improve our products and services
To Meet Legal Requirements
- Report large cash transactions to FinCEN as required by law
- Maintain transaction records per Gramm-Leach-Bliley Act requirements
- Verify customer identity for Know Your Customer (KYC) compliance
- Respond to law-enforcement requests when legally required
- Fulfill tax obligations including sales-tax collection and reporting
Legal Bases for Processing (GDPR)
- Contract performance: Processing necessary to fulfill our agreement with you
- Legal obligation: Processing required by applicable laws and regulations
- Legitimate interests: Processing for fraud prevention, security, and business operations
- Consent: Processing based on your explicit permission (which you may withdraw at any time)
How We Share & Disclose Personal Data
We Do Not Sell Your Personal Data
Important: We do not sell your personal information to third parties and have not done so in the preceding 12 months. We do not rent, trade, or otherwise transfer your personal information to outside parties for their marketing purposes.
Limited Sharing for Your Benefit
We only share your personal information in the following limited circumstances:
Service Providers (Processors)
We share information with trusted companies that help us operate our business and serve you better:
- Payment processors (PayPal, Stripe) to process your transactions securely
- Shipping companies (FedEx, UPS, USPS) to deliver your orders
- Customer-service platforms to provide support and live chat
- Email service providers (Mailchimp) to send you requested communications
- Website hosting and security providers to keep our site running safely
- Tax-calculation services to ensure accurate sales-tax collection
- Fraud-prevention services to protect against unauthorized transactions
All processors are bound by written contracts that:
- Restrict use of your data to specified services only
- Require equivalent security measures
- Prohibit use for their own marketing purposes
- Require data deletion when services end
Legal Requirements
We may disclose personal information when required by law:
- Government agencies for tax reporting and compliance
- Law-enforcement in response to valid legal requests
- Regulatory authorities for precious-metals industry compliance
- Courts in response to subpoenas or court orders
- FinCEN for required large-transaction reporting
Business Operations
In limited business circumstances:
- Business transfers if we sell or merge our company (with equivalent privacy protections)
- Professional advisors (lawyers, accountants) under confidentiality agreements
- Insurance providers for claims processing when necessary
With Your Consent
We may share information for other purposes with your explicit consent.
Cross-Context Behavioral Advertising
We share limited online identifiers with Google Ads for advertising purposes. This helps us show you relevant ads on other websites. You can opt out of this sharing at any time using the methods described in Section 9.
International Data Transfers
GR Reserve is located in the United States. When we transfer personal data from the UK/EEA or Switzerland to the United States or other countries not deemed “adequate” by the European Commission, we rely on:
- Standard Contractual Clauses (2021/914/EU)
- the UK International Data Transfer Addendum
- other lawful transfer mechanisms under GDPR Article 49
A copy of applicable transfer safeguards can be requested at [email protected].
Nevada Residents
We do not sell personal data as defined under Nevada SB 220. Nevertheless, Nevada consumers may submit a verified request to [email protected] with “Nevada Opt-Out” in the subject line to record their preference.
Cookies & Tracking Technologies
What Are Cookies?
Cookies are small text files stored on your device that help us provide you with a better experience. We use different types of cookies for various purposes:
Categories of Cookies We Use
Strictly Necessary Cookies
Essential for our website to function properly:
- Shopping-cart functionality
- Secure-checkout process
- Account login and authentication
- Security protection (Wordfence)
Performance & Analytics Cookies
Help us understand how visitors use our website:
- Google Analytics (
_ga
,_gid
) for website-usage statistics - Page-load performance monitoring
- Error tracking and debugging
Advertising Cookies
Enable us to show you relevant advertisements:
- Google Ads remarketing (
_gcl_au
) - Conversion tracking for marketing campaigns
Functionality Cookies
Remember your preferences and choices:
- Language and region settings
- Wishlist and product preferences
- Newsletter-subscription preferences
- Mailchimp popup settings
Managing Your Cookie Preferences
Cookie Banner: First-time visitors from the EEA/UK will see an opt-in banner for non-essential cookies.
Cookie Settings: U.S. visitors and others can click “Cookie Settings” in our website footer to disable non-essential cookies.
Browser Controls: You can also manage cookies through your browser settings, though this may affect website functionality.
Social Media Plugins
Social-media plugins (Facebook Like, Twitter Share) may set their own cookies when you’re logged in to those services. Their use of data is governed by their respective privacy policies.
Opting Out of Advertising
Do Not Sell or Share: Click “Do Not Sell or Share My Personal Information” in our footer or visit https://grreserve.com/ccpa-optout
Global Privacy Control: We honor Global Privacy Control (GPC) signals from your browser.
Google Analytics: Install the GA Opt-out Browser Add-On to prevent Google Analytics tracking.
Do Not Track
Our website is not configured to respond to browser “Do Not Track” (DNT) signals. Please use the controls above to manage your tracking preferences.
Your Rights & Choices
You have important rights regarding your personal information. Here’s how to exercise them:
How to Contact Us
Email: [email protected]
Phone: +1 (508) 226-2000 (M-F, 8 a.m.–5 p.m. ET)
Web Form: Use the “Privacy Request” form linked in our website footer
Mail: Privacy Office, GR Reserve, 189 East St, Unit 1, Attleboro, MA 02703 USA
We will verify your identity and respond within the required timeframe (typically 30 days for GDPR, 45 days for CCPA).
Your Privacy Rights
Right to Know (Access)
- Request a copy of the personal information we have about you.
- Learn what categories of data we collect and how we use it.
- Understand who we share your information with.
Right to Correct (Rectification)
- Update incorrect or incomplete personal information.
- Ensure your account details are accurate and current.
Right to Delete (Erasure)
- Request deletion of your personal information.
- Subject to legal-retention requirements and legitimate business needs.
Right to Restrict Processing
- Limit how we use your personal information in certain circumstances.
- Temporarily suspend processing while we verify accuracy.
Right to Data Portability
- Receive your personal information in a structured, machine-readable format.
- Transfer your data to another service provider.
Right to Object
- Object to processing based on legitimate interests.
- Opt out of direct marketing at any time.
Right to Withdraw Consent
- Withdraw consent for processing based on your permission.
- Does not affect the lawfulness of processing before withdrawal.
Marketing Communication Choices
Email Marketing:
- Click “Unsubscribe” in any marketing email.
- Update preferences in your account settings.
- Email [email protected] with “Email Opt-Out” in the subject.
SMS Marketing:
- Reply “STOP” to any marketing text message.
- Contact customer service to update SMS preferences.
Phone Marketing:
- Request to be added to our Do Not Call list.
- Update preferences in your account or contact customer service.
Postal Mail:
- Email [email protected] with “Mail Opt-Out” in the subject.
- Call customer service to update mailing preferences.
California-Specific Rights
Shine the Light Law: California residents may request a list of third parties to whom we disclosed personal information for their direct-marketing purposes in the preceding calendar year. Send requests to [email protected] with “Shine the Light” in the subject; we will respond within 45 days.
Minor’s Eraser Law: If you are a California resident under 18 and a registered user, you may request removal of content you posted by emailing [email protected]. Removal is subject to statutory exemptions.
Authorized Agents
You may designate an authorized agent to make privacy requests on your behalf. We will verify both your identity and the agent’s authority before processing the request.
Data Security
We take the security of your personal information seriously and implement industry-leading measures to protect it:
Technical Safeguards
- TLS 1.2+ encryption for all data transmission across our website.
- PCI-DSS SAQ-A compliance with card data tokenized by PayPal (no raw card numbers stored).
- ISO/IEC 27001-aligned hosting provider with enterprise-grade security.
- Wordfence web-application firewall and rate-limiting protection.
- AES-256 encrypted storage for sensitive documents in segregated systems.
Operational Security
- Access controls and multi-factor authentication for all staff.
- Least-privilege policies ensuring employees access only necessary data.
- Regular security training for all personnel handling personal data.
- Quarterly vulnerability scans and annual penetration testing.
- Incident-response procedures for rapid threat containment.
Physical Security
- Secure data centers with 24/7 monitoring and access controls.
- Encrypted backup systems with geographic redundancy.
- Secure document destruction for physical records.
Important: While we implement strong security measures, no system is 100 % secure. We continuously monitor and improve our security practices to protect your information.
Data Retention
We retain personal information only as long as necessary for the purposes outlined in this policy:
Standard Retention Periods
Account Information: Retained while your account is active, plus 7 years after closure for business records.
Transaction Records: 7 years from transaction date (required by Gramm-Leach-Bliley Act).
KYC/Identity Verification: 5 years from last transaction (required by Bank Secrecy Act).
Marketing Communications: Until you unsubscribe or 3 years of inactivity.
Website Analytics: 26 months (Google Analytics default).
Customer-Service Records: 3 years from last interaction.
Security Logs: 1 year for routine logs, 7 years for incident-related logs.
Legal Hold Data: Retained until legal-matter resolution plus applicable statute of limitations.
Deletion Process
When retention periods expire, we securely delete or anonymize personal information using industry-standard methods. Some information may be retained in anonymized form for statistical analysis.
Note: Periods may be extended for legal holds, ongoing investigations, or enforcement actions.
Children’s Privacy
Our website and services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16.
If you believe we have inadvertently collected information from a child under 16, please contact us immediately at [email protected] and we will promptly delete such information.
Parents and guardians have the right to review, delete, or refuse further collection of their child’s personal information.
Third-Party Websites & Social Media
Our website may contain links to third-party websites, social-media platforms, and other online services. This Privacy Policy does not apply to those external sites.
Important: We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing any personal information.
Social Media: When you interact with our social-media pages or use social-sharing features, your interactions are governed by the privacy policies of those platforms (Facebook, Twitter, Instagram, etc.).
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.
How We Notify You of Changes
Material Changes: We will highlight significant changes on our website and notify you by email at least 30 days before they take effect (where required by law).
Minor Updates: Routine updates will be posted on our website with an updated “Last updated” date.
Your Continued Use: By continuing to use our services after changes take effect, you accept the updated policy.
Staying Informed
We encourage you to review this policy periodically. You can also subscribe to our newsletter to receive notifications about important policy updates.
Contact Information
Customer Service
GR Reserve
189 East St, Unit 1
Attleboro, MA 02703 USA
Email: [email protected]
Phone: +1 (508) 226-2000 (M-F, 8 a.m.–5 p.m. ET)
Live Chat: Available on our website during business hours
Governing Law & Dispute Resolution
This Privacy Policy is governed by the laws of the Commonwealth of Massachusetts, United States, without regard to conflict-of-law principles.
Jurisdiction: Any disputes arising from this Privacy Policy shall be resolved exclusively in the state or federal courts of Bristol County, Massachusetts, USA.
Severability: If any provision of this policy is found to be unenforceable, the remaining provisions will continue in full force and effect.
Industry-Specific Compliance
Anti-Money Laundering (AML)
We are required to verify customer identity and report certain transactions to prevent money laundering and terrorist financing.
Know Your Customer (KYC)
For transactions over certain thresholds, we must collect and verify additional identification information as required by federal law.
Large Transaction Reporting
Cash transactions over $10,000 must be reported to FinCEN (Financial Crimes Enforcement Network) as required by the Bank Secrecy Act.
Record Keeping
The Gramm-Leach-Bliley Act requires us to maintain transaction records for specified periods to support regulatory oversight.
Your Benefit: These regulations help protect the integrity of the precious-metals market and prevent illegal activities that could harm legitimate customers.
Effective Date: This Privacy Policy is effective as of the “Last updated” date shown at the top of this document.