Alpaca Cryptocurrency Required Disclosures


Cryptocurrency trading and exchange services are offered by Alpaca Crypto LLC.

Account Funding and Regulatory Treatment

Gembroker NZ Limited will be able to fund the Account with United States Dollars (“USD” or “Cash”). Funds are treated differently and are subject to different regulatory regimes depending on where they are held. Alpaca maintains the Account at a bank which is a member of the Federal Deposit Insurance Corporation (“FDIC”). USD or Cash held in the Account are insured up to $250,000 per depositor against the failure of the FDIC member bank. FDIC insurance does not protect against the failure of Alpaca or malfeasance by any Alpaca employee. Alpaca and the bank at which Customer Accounts are held are not members of FINRA or the SIPC and therefore Customer funds held in the Customer Accounts are not SIPC protected. Account Funding and Regulatory Treatment.

Holding Customer Funds 

Alpaca may hold Customer cryptocurrency together with the cryptocurrency of other Alpaca Customers in omnibus accounts or wallets. In addition, Customers will authorise Alpaca to delegate some or all custody functions to one or more affiliates or third parties (which may include, but not be limited to exchanges and custodians) at Alpaca’s discretion (each, a “ Custodian”). Some or all custody functions provided by a Custodian may be performed, supported, or conducted in foreign jurisdictions, or conducted by Custodians domiciled, registered, or subject to the laws and regulations of foreign jurisdictions.

Gembroker Privacy Policy

Effective Date: 31 0CTOBER 2023

Gembroker New Zealand Limited  ("us", "we", or "our") operates the Gembroker Service via (the “Gembroker Site” or the "Service").

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We utilise your data to offer and enhance our Service, including personalised marketing tailored to your preferences and interests. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use, accessible from



Cookies are small pieces of data stored on a User’s device.

Data Controller

Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

For the purpose of this Privacy Policy, we are a Data Controller of your data.

Data Processor (or Service Providers)

Data Processor (or Service Provider) means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.

We may use the services of various Service Providers in order to process your data more effectively.

Data Subject

Data Subject is any living individual who is the subject of Personal Data.

Personal Data

Personal Data means data about a living individual who can be identified from that data (or from those and other information either in our possession or likely to come into our possession).

Privacy Act

Privacy Act refers to the New Zealand  Privacy Act 2020 ( ) 


GDPR means the General Data Protection Regulation, being Regulation 2016/679 of the European Parliament and of the Council.


The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).  As part of our support and customer communication process, if we do any video or voice calls they may be recorded for compliance and quality assurance.

Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you. The types of data we collect are listed below.

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Date of Birth
  • Physical Address
  • Usage Data
  • Asset List, Portfolio Data or Brokerage Information (these can include transactions)

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Usage Data

We may also collect and record information on how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Location Data

We may use information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customise our Service.

You can enable or disable location services when you use our Service at any time, through your device settings.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies: We use Session Cookies to operate our Service.
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes.

Use of Data

Gembot uses the collected data for various purposes. These Include:

  • To provide and maintain our Service;
  • To notify you about changes or updates to our Service;
  • To allow you to participate in interactive features of our Service when you choose to do so;
  • To provide customer support and administrative purposes;
  • To gather analysis or valuable information so that we can improve our Service;
  • To monitor the usage of our Service;
  • To detect, prevent and address technical issues;
  • To provide updates on the status of any application you may have submitted;
  • To contact you regarding any information or other content that you have posted to the Gembroker website;
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.

Your Choice

You may, of course, decline to share your personally-identifiable information with Gembroker in which case Gembroker will not be able to provide to you some of the features and functionality found on the Gembroker Service. If you are a Registered User (as defined in the Terms of Use) with a registered account on the Gembroker Service, you may update or correct your account information and preferences at any time by going to Should you wish to delete your account you may need to email our support team at [email protected] 

To protect your privacy and security, we take reasonable steps to verify your identity before granting your account access or making corrections to your information. You are responsible for maintaining the secrecy of your unique password and account information at all times.

Retention of Data

Gembroker will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Gembroker will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Transfer Of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Gembroker will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure Of Data

Gembroker does not share your personally identifiable information with other organisations for their marketing or promotional uses without your express consent.

Gembroker may disclose automatically collected and other aggregate non-personally-identifiable information with interested third parties to, among other things, assist such parties in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the Gemboroker Service.

Gembroker  may disclose User information to affiliated companies or other businesses or persons to: provide website hosting, maintenance, and security services; conduct data analysis and create reports; offer certain functionality; and assist Gembot in improving the Gembroker Service and creating new services features. We require that these parties process such information in compliance with this Privacy Policy, we authorise only a limited use of such information, and we require these parties to use reasonable confidentiality measures.

Disclosure for Law Enforcement

Under certain circumstances, Gembroker may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

Gembot may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation;
  • To protect and defend the rights or property of Gembroker New Zealand Limited (Gembroker);
  • To prevent or investigate possible wrongdoing in connection with the Service;
  • To protect the personal safety of users of the Service or the public;
  • To protect against legal liability.

Security Of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

If Gembroker learns of a security system breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Gembroker Service or providing personal information to us, you agree that we can communicate with you electronically regarding security and privacy issues relating to your use of the Gembroker Service. Gembroker  may post a notice on the Gembroker Site if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

"Do Not Track" Signals

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Your Rights

Gembroker aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the right:

  • To access and receive a copy of the Personal Data we hold about you;
  • To rectify any Personal Data held about you that is inaccurate;
  • To request the deletion of Personal Data held about you.

You have the right to data portability for the information you provide to Gembroker. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it.

Please note that we may ask you to verify your identity before responding to such requests.

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.


We may use third-party Service Providers to monitor and analyse the use of our Service. These include but are not limited to:

  • Google Analytics;
  • Tawk and
  • OpenReplay

Behavioural Remarketing

Gembroker does not use remarketing services to advertise on third party websites to you after you visited our Service.


We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processor we work with is Stripe. Their Privacy Policy can be viewed at:

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Protecting the privacy of young children is especially important. Our Service does not address anyone under the age of 18 ("Children"). For that reason, Gembroker does not knowingly collect or maintain personally identifiable information from persons under 18 years of age, and no part of the Gembroker Service is directed to persons under 18. If you are under 18 years of age, then please do not use or access the Gembroker Service at any time or in any manner. Any person who provides their personal information to Gembroker through the Gembroker Service represents that they are 18 years of age or older. If Gembroker learns that personally identifiable information of persons less than 18 years of age has been collected without verifiable parental consent, then Gembroker will take the appropriate steps to delete this information from our servers.

In the Event of Merger, Sale or Bankruptcy

In the event that Gembroker should ever be acquired by or merged with a third-party entity, we reserve the right, in any of these circumstances, to transfer or assign the information that we have collected from Users as part of such merger, acquisition, sale, or other change of control. In the event of Gembroker’s bankruptcy, insolvency, or assignment for the benefit of creditors, we may not be able to control how information that we have collected from Users is transferred or used.

European Union

Gembroker is a data controller and processor for the purposes of the GDPR and by your consenting to this Privacy Statement Gembroker is able to process your Personal Data in accordance with this Privacy Statement.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We may let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Feedback and Complaints

If you have any complaints about our dealings with your Personal Information including any breaches by us of any New Zealand Privacy Principles or any questions regarding this Privacy Statement you are able to submit that complaint or query by contacting us using the methods detailed in the “Contact Us” paragraph below.

Any complaints received by us will be referred to our compliance team for prompt investigation and a written response will be provided to you as soon as possible.

Should you not be satisfied with the resolution of any complaints made, you are able to further redress through the Office of the New Zealand Privacy Commissioner (see further information).

Contact Us

If you have any questions about this Privacy Policy, please contact us by email: [email protected] or post Level 8 23 Custom Street East, Auckland, 1010, Aotearoa New Zealand.