CashGOATBook Strategy Call
Skip to content

Legal / Privacy Policy

Privacy Policy

Effective: Aug 20, 2025Last updated: Oct 02, 2025
Contact

This Privacy Policy explains how Everything Is Possible Limited trading as CashGOAT collects, uses, and protects personal information through our website and our business development activities.

Controller Information

Controller: Everything Is Possible Limited

Unique Business Identifier: 77018266

Registered address: Unit B, 11/F, 23 Thomson Road, Wan Chai, Hong Kong SAR China

Contact: hello@cashgoat.xyz

If you are a CashGOAT client, additional terms are set out in your Master Services Agreement and our Data Processing Addendum. This policy covers our public website, inquiries, and our own sales and marketing activities.

1. Information we collect

We collect information in three ways: you provide it to us, we obtain it automatically from website usage, or we receive it from third parties and public sources.

Information you provide

  • Name and contact details
  • Company information such as company name, role, business website
  • Messages you send via forms or email
  • Billing and contractual information when you contract with us

Information we collect automatically

  • Log and device data such as IP address, browser type, referring pages, timestamps
  • Cookie and analytics data that helps us understand website performance

Information from third parties or public sources

  • B2B contact and company data sourced from public websites and professional directories
  • Data provided by our clients so we can perform contracted services

We do not intentionally collect information about children. Our services are for business users who are at least 18 years old.

2. How we use information

We process personal information for the purposes below. Where the GDPR or UK GDPR applies, we rely on the listed legal bases.

Respond to inquiries and provide our services

  • Communicate with you, send proposals, and deliver services you request
  • Legal bases: contract performance, legitimate interests

B2B sales and marketing

  • Identify potential business customers, send relevant outreach, and manage follow ups
  • We only contact business addresses or publicly available contacts and always offer an opt out
  • Legal bases: legitimate interests in developing our business and promoting relevant services

Improve and secure our website and systems

  • Operate, maintain, and improve usability and security
  • Legal bases: legitimate interests

Compliance and enforcement

  • Comply with laws, tax and accounting obligations, and defend legal claims
  • Legal bases: legal obligation, legitimate interests

Consent

  • We rely on consent where required by local law such as for certain cookies. You can withdraw consent at any time.

We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

3. Lawful bases (GDPR)

Where the GDPR or UK GDPR applies, we process personal information under the following lawful bases: contract performance (to fulfill services you request), legitimate interests (to operate and improve our business, conduct B2B marketing, and ensure security), legal obligation (to comply with laws and regulations), and consent (where required by law, such as for certain cookies). You have the right to object to processing based on legitimate interests and to withdraw consent at any time.

4. Cookies and analytics

We use cookies and similar technologies to operate our website and understand usage. You can control cookies through your browser settings. If we use a consent banner in your region, your choices there will apply.

5. Sharing & processors

We do not sell personal information. We share information only with:

  • Service providers who host, store, analyze, or support our systems
  • Professional advisers such as accountants and lawyers
  • Authorities where required by law or to protect our rights

Service providers may be located outside your country. We require them to protect your information and use it only to provide services to us. A current list of principal service categories is available upon request.

6. International transfers

We are based in Hong Kong and work with service providers in several countries including the EEA, the United Kingdom, and the United States. Where the GDPR or UK GDPR applies and data is transferred outside the EEA or UK, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses or the UK International Data Transfer Agreement.

7. Data retention

We keep personal information only as long as necessary for the purposes set out in this policy and to meet legal and accounting requirements. Typical retention periods are:

  • Website inquiries and sales correspondence: up to 24 months from last interaction
  • Prospect and outreach records: up to 24 months from last interaction or until you opt out
  • Client and billing records: up to 7 years to meet tax and accounting obligations

When information is no longer needed, we delete or de identify it.

8. Your rights

Your rights depend on where you live. We will honor all applicable rights requests.

EEA and UK residents

  • Right of access, rectification, erasure, restriction, and portability
  • Right to object to processing based on legitimate interests including direct marketing
  • Right to withdraw consent where processing is based on consent

To exercise your rights, email hello@cashgoat.xyz. You also have the right to complain to your local data protection authority.

Hong Kong residents

Rights to access and correct personal data under the Personal Data Privacy Ordinance. Contact us at hello@cashgoat.xyz or the Office of the Privacy Commissioner for Personal Data.

California residents

  • Rights to know, delete, and correct personal information
  • Rights to opt out of "sale" or "sharing" for cross-context behavioral advertising. We do not sell or share personal information as these terms are defined by the CPRA
  • Right to non discrimination for exercising your rights

Submit requests at hello@cashgoat.xyz. You may use an authorized agent by providing written authorization.

We may need to verify your identity before acting on a request. We will respond within the time required by law.

9. Security

We apply technical and organizational measures appropriate to the risk. These include access controls, encryption in transit, secure configuration, and vendor due diligence. No method of transmission or storage is completely secure. We continuously review and improve our safeguards.

10. Marketing choices

You can opt out of marketing emails at any time by using the unsubscribe link or emailing hello@cashgoat.xyz. If we contact you as part of B2B outreach, you can reply with "unsubscribe" and we will suppress future messages.

11. Processing on behalf of clients

When clients provide us with personal data to carry out services such as outbound campaigns, we process that data as a processor under their instructions. Our Data Processing Addendum governs those activities and includes confidentiality, security, and international transfer provisions. Clients are responsible for ensuring a lawful basis and providing any required notices to their contacts.

12. Third party links

Our website may link to third party sites and services. Their privacy practices are not covered by this policy. Review their policies before providing personal information.

13. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We will post the updated version with a new "Last updated" date. Material changes will be highlighted on this page.

14. How to contact us

Questions or requests regarding this policy or your personal information

Email: hello@cashgoat.xyz

Postal address: Everything Is Possible Limited, Unit B, 11/F, 23 Thomson Road, Wan Chai, Hong Kong SAR China