Privacy Policy
SOVRAE Privacy Policy
SOVRAE Privacy Policy
This Privacy Policy (the “Privacy Policy”) governs the collection, processing, use, retention and disclosure of your personal data by SOVRAE. and its Affiliates (defined hereinafter) (collectively “SOVRAE”, “We” or “us”) in connection to your use of the service(s) (the “Services”) and/or product(s) (the “Products”) we provide.
This Privacy Policy applies only to our Services and/or Products provided. By using the Services and the Products, you agree to be bound by this Privacy Policy and any amendments, modifications, updates and supplementations hereto and agree to the collection, processing, use and disclosure of your personal data as set out in this Privacy Policy. You represent and warrant that you have the valid consent and authority from you for us to collect, use, disclose and/or process your personal data as described herein. Nevertheless, you are advised to check the latest version of this Privacy Policy on our website on a regular basis.
1. DEFINITIONS
Unless the context otherwise requires, the following terms when used in this Privacy Policy shall have the meanings ascribed thereto as follows:
“Affiliates” means a person, entity or company directly or indirectly, controlling, controlled by or under direct or indirect common control with another person, entity or company.
“Applicable Laws” means, in relation to any person and any property, agreement, arrangement, transaction, activity or any other matter, any law, rule, statute, subsidiary legislation, regulation, by-law, order, ordinance, protocol, code, guideline, treaty, policy, notice, direction or judicial, arbitral, administrative, ministerial or departmental judgment, award, decree, treaty, directive, or other requirement or guideline published or in force at any time which applies to or is otherwise intended to govern or regulate such person, property, agreement, arrangement, transaction, activity or other matter.
“AML/CTF” means anti-money laundering and counter-terrorist financing.
“Personal Data” has the meaning given in the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) (the “PDPO”) and includes without limitation any information which may, in itself or together with any other information, identify a user or any of its Relevant Person(s) (defined hereinafter) as an individual, such as name, address, e-mail address, mobile phone number and banking details, but does not include anonymised and/or aggregated data that does not identify a specific user.
“Personal Information” has the meaning given in Section 2(1).
“You” or “User” means: (i) the person reading or accessing this Privacy Policy, or using or accessing our Services and/or Products; and (ii) where applicable or appropriate, each of your or the User’s beneficial owners, directors, officers, authorised signatories, employees, representatives, guarantee/security providers and other natural persons related to you (“Relevant Persons”).
2. COLLECTION OF PERSONAL INFORMATION
(1) In order to provide our Services in compliance with the Applicable Laws, we must ask you to provide certain Personal Data and other information, which, not being Personal Data, nevertheless relates to you or your activities (collectively, “Personal Information”). Such Personal Information may include, without limitation, identification information (such as national identification number, passport number and/or tax identification number, together with copies of the corresponding identification documents), your residential address and correspondence address, financial information (such as your source(s) of income, source(s) of funds and source(s) of wealth, employment status, as well as your bank account details) and other information/documents as from time to time required by the Applicable Laws, our internal policies and procedures designed to ensure compliance with such Applicable Laws. Please note that if you do not provide us with such Personal Information as requested by us, we may not be able to provide to you our Services or Products which you have requested or process any of your enquiries, instructions or requests.
(2) SOVRAE will devote effort to maintaining Personal Information held by SOVRAE in confidence. We will not share your information for commercial purposes with third parties unless you give us your prior permission to do so or such disclosure is within the ambit of permitted disclosures under the Applicable Laws. We will take such reasonable steps to protect the confidentiality of the Personal Information and to safeguard your privacy. It is important that the Personal Information we hold about you must be accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.
(3) SOVRAE will collect and use your Personal Information in accordance with applicable provisions of the PDPO, the guidelines, circulars and directives issued by the Privacy Commissioner for Personal Data (the “Privacy Commissioner”), and any other applicable data protection laws, rules and regulations, in the manner set forth in this Privacy Policy. Any Personal Information obtained will be used by us solely for providing or facilitating the provision of our Services and will not be disclosed or made accessible to any third party except as provided by this Privacy Policy.
(4) Collected from the Users. As you interact with our website, we will automatically collect, through the use of cookies, log files and other technologies, data that servers, mobile and other computer devices typically make available, including your IP address and the associated geolocation, as well as other data which are generally not personal data, such as the browser type, domain name, operating system, language preference, referring site or the link which led you to our website, and the date and time of each access request and length of each visit. Our main purposes in collecting such data (including both Personal Data and other information) are to better understand how you use our website and to monitor activities of the Users in order to detect any illegal, suspicious or prohibited behaviour and prevent hacking and unauthorised access. You may always refuse to supply such data by rejecting some or all of our cookies. However, this may result in certain features, functionalities or services of our website not being available to you. Please refer to Section 11 “Cookies” below for further information.
(5) Provided by the Users. Our website may collect Personal Information (including Personal Information about the User and, where applicable, your Relevant Persons) provided voluntarily by the Users when you use our Services and/or Products, which may include, without limitation:
a) completing and submitting the application form to open and register an account with us (“Account”);
b) the processing of applications for, and daily operation of the Services and/or the Products (if applicable);
c) authorising any of our Affiliates and other third parties to release your information, data and documents to us for issuance and card payment services, KYC check, custodian services and other services and purposes in connection with the Services and/or the Products;
d) client relationship management (including but not limited to loyalty programs or privileges and rewards schemes);
e) maintaining your credit and instruction history for present and future reference;
f) enhancing, improving, designing or launching existing or new trust and company services or related products for your use;
g) determining the amount of indebtedness owed to you or to SOVRAE;
h) collecting amounts outstanding from you;
i) meeting any requests or requirements to make disclosure under the Applicable Laws;
j) submitting any orders, requests or instructions or carrying out any transactions, through your Account;
k) submitting an enquiry form or feedback form through our website or other means prescribed by us;
l) providing personalised advertising to you on third party websites (this may involve us aggregating your data with data of others);
m) commencing, defending or otherwise participating in any legal or administrative proceedings or inquiry before any court or competent authority;
n) seeking or obtaining banking, financing, insurance, administrative, custodian, telecommunications, computer, payment, debt collection or securities clearing, audit, business consulting, outsourcing, or other services to SOVRAE in connection with the operation of our business;
o) corresponding with us, whether via e-mail, telephone or any other means;
p) any other lawful purpose directly or indirectly relating or incidental to any of the above.
Please note that if you do not provide such Personal Information, you may not be able to open an Account with us, and/or may not be able to use some or all of our Services and/or the Products, and we may not be able to receive or process your requests, orders and instructions.
3. TYPES OF PERSONAL INFORMATION
(1) We may collect the Personal Information you provide directly or indirectly to us when you visit our website and/or use the Services and/or the Products, Personal Information which may be provided to us by third parties with your authorisation and Personal Information which may be available from public databases and other sources. Such Personal Information collected by us may, include, without limitation, the following:
(a) your contact information (e.g., name, email address, contact phone number, billing address, residential address, correspondence address, email address);
(b) biometric data such as your voice ID, thumb print and facial recognition data
(c) tax identification number;
(d) gender;
(e) date and place of birth;
(f) nationality;
(g) identity verification documents (e.g., photograph, other information requested to verify your information, including copy of valid ID document or corporate documents);
(h) country/state of residence;
(i) total net wealth;
(j) purpose of Account opening;
(k) initial and ongoing sources of wealth or income;
(l) nature and details of the business/occupation/employment;
(m) level of activity anticipated;
(n) source of funds/digital assets to be used in the relationship;
(o) credit history and score;
(p) your transaction history and spending pattern;
(q) bank and credit account information;
(r) blockchain address;
(s) your location data;
(t) records of any bankruptcy, winding-up, liquidation or dissolution proceedings filed or commenced against you;
(u) records of any litigation, arbitration, administrative or other similar proceedings filed or commenced against you;
(v) technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website and/or platforms as designated by us from time to time;
(w) data from people who act for you or who you deal with through the Services;
(x) data from public sources, credit reference, debt collection and fraud prevention agencies, and other aggregators;
(y) criminal record (if any);
(z) other Personal Information collected through the use of cookies and other tracking technologies as described in Section 11 below; and
(aa) additional Personal Information (including Personal Data) or documentation at the discretion of our compliance team
(2) Please be aware that we may collect Personal Information from you via your use of the Services and/or the Products or where you have given your consent. You shall be responsible for ensuring that the privacy rights of the Relevant Persons in accordance with the PDPO and the Applicable Laws, as well as any other terms and conditions governing data privacy and protection as between you and the Relevant Persons, are observed and complied with, including but not limited to obtaining any prior authorisation or consent required for such disclosure and our collection, use, processing, retention and disclosure of such information in accordance with this Privacy Policy. Any such Relevant Persons whose Personal Information is provided by you to us shall be deemed to have accepted and agreed to this Privacy Policy. Further, you agree and undertake to indemnify, defend and hold us harmless from and against any losses, damages, costs, expenses, suits, actions, proceedings and third-party demands and claims arising from or in connection to your failure to obtain valid authorisation or consent or your breach of any term or condition applicable to your disclosure of the Personal Information of any Relevant Persons.
4. USE OF PERSONAL INFORMATION
(1) We will only collect, use, process and retain the personal data we collect for the purposes set out in this Privacy Policy. If you do not provide the Personal Information (including the Personal Data) requested, we may not be able to provide or continue to provide our Services and/or Products to you, including without limitation, providing you with trading services in respect of certain markets and/or products. Your Personal Information (including the Personal Data, whether individually, or aggregated with the Personal Data of your Relevant Persons) may be used for the following purposes:
(a) To make decisions relating to the provision or continued provision of the Services and/or Products to you;
(b) To administer, operate, deliver, improve, and personalize the Services and/or the Products;
(c) To process your payments and transactions, and to provide you with statements, invoices, receipts and other related information in relation to the Services and/or Products;
(d) To monitor and record the usage of the Services and/or Products and communications with you (including for investigation and fraud prevention purposes);
(e) To detect, prevent and address technical issues;
(f) For risk assessment and data analysis (including data processing, anti-money laundering and credit analyses), internal management and to carry out internal/external audits;
(g) To communicate with you, your representatives and/or the Relevant Persons in relation to events, our Services and/or the Products, and other products or services offered by us, our Affiliates and our third-party partners, our service providers and collaborators, unless you have opted not to receive such information;
(h) To conduct market research, surveys, promotions and contests, and to analyse your preferences, interests and behaviour in relation to the Services and/or the the Products;
(i) To fulfil any applicable legal, regulatory and compliance requirements, including but not limited to the AMLO;
(j) To enforce or defend the rights or property of us, our Affiliates, our third-party partners, our service providers and collaborators and other Users;
(k) Carry out any other purpose(s) described to you at the time the data was collected; and
(l) Any functions related to the foregoing.
(2) Where you provide to us Personal Information (including Personal Data) about another person, we shall be entitled to assume, conclusively and without enquiry, that the authorisation or consent of any such Relevant Persons, counterparty or third party as aforesaid has been obtained for the provision of his/her/its information to us and our collection, use, processing, retention and disclosure of such information in accordance with this Privacy Policy, and shall not in any event be responsible for any lack of authorisation or consent for the same. Further, you agree and undertake to indemnify, defend and hold us harmless from and against any losses, damages, costs, expenses, suits, actions, proceedings and third-party demands and claims arising from or in connection to your failure to obtain valid authorisation or consent or your breach of any term or condition applicable to your disclosure of Personal Information (including Personal Data) and any other information of any Relevant Persons.
5. DISCLOSURE OF PERSONAL INFORMATION
(1) Personal Information (including Personal Data) held by us will be kept confidential, but may be disclosed to the following persons for one or more of the purposes set out in Sections 2 and 4 of this Privacy Policy:
(a) Our Affiliates, our third-party partners, our service providers and collaborators who help us provide, operate, maintain, secure and improve the Services and/or the Products (including but not limited to any issuance and card payment services, KYC, custodian services, credit card networks, banks or financial institutions, payment processors, merchants, loyalty programs partners, and service providers that provide website hosting, data analysis, information technology, mailing, telecommunications, human resource, data processing, payments, credit references or other services (if applicable);
(b) Any of our officers, employees, agents, contractors, service providers or third-party partners and collaborators who provide administrative, credit data, debt collection, telecommunications, client verification, due diligence, computing, payment, promotional, marketing or other services related to our business operations to us (e.g. IT vendors, electronic storage vendors);
(c) Any financial institutions trading with or intending to trade with you, or any of your counterparties in a trade;
(d) To any third-party agents, our service providers, our third-party partners and collaborators or delegate which we may appoint or engage for the purpose of performing AML/CTF checks, screenings, analyses, review and monitoring;
(e) To debt collection agencies for the purpose of collecting from you outstanding amounts owed by you to us in the event of delay or default upon your payment or repayment obligations under or in connection with the applicable terms governing the Services and/or the Products;
(f) Any persons or entities or data recipients who have already established or intend to establish any business relationship in relation to the Services and/or the Products;
(g) Any relevant authorities (including but not limited to the Joint Financial Intelligence Unit and the Hong Kong Police Force), for the purpose of reporting suspicious transactions or illegal activities, whether in Hong Kong or other places;
(h) Any agencies in Hong Kong or other competent jurisdictions for compliance with applicable laws, regulations, rules or guidelines regarding the automatic exchange of financial account information or the Foreign Account Tax Compliance Act promulgated by the United States of America; and
(i) In any other cases, to such persons and for such purposes as authorised by you at the time the data was collected.
(2) With respect to the disclosure of the Personal Information (including Personal Data) to third parties as set out above, such information will only be used for the purposes for which it was disclosed, except as otherwise required or permitted by law. We strive to ensure that such third parties will be bound by terms no less protective of your Personal Information than those described in this Privacy Policy and in compliance with all applicable laws concerning data privacy and data protection, including but not limited to the PDPO and guidelines and directives issued by the Privacy Commissioner.
(3) Notwithstanding the foregoing, we will use reasonable efforts to ensure that our Affiliates and any other third parties to whom we disclose your data comply with the terms of this Privacy Policy and applicable data protection laws. However, you acknowledge that we shall not be held liable for any data breach, unauthorized disclosure, or mishandling of your data by such Affiliates or third parties, except to the extent caused by our own negligence or willful misconduct.
6. TRANSFER AND STORAGE OF PERSONAL INFORMATION
Your Personal Information (including Personal Data) may be transferred to and maintained on computers located outside Hong Kong where the data protection laws may differ from those of Hong Kong. Please note that we may transfer the Personal Information, including Personal Data, outside Hong Kong and process it there. However, we will take measures to ensure that any such transfer complies with the Applicable Laws (and, to the extent applicable, those of other relevant jurisdictions) and that your Personal Information remains protected to the standards described in this Privacy Policy. Your submission of such information represents your agreement to the transfer, storing or processing in accordance with this Privacy Policy, including transfers to destinations outside Hong Kong as described herein. We will take reasonable measures to ensure that your Personal Information is treated securely and in accordance herewith.
7. RETENTION OF PERSONAL INFORMATION
(1) For the purpose of compliance with the Applicable Laws, and to enable our provision of our Services and/or the Products to you, we will retain any Personal Information which you have provided to us or which we otherwise collect in accordance with this Privacy Policy throughout the continuance of your relationship with us and for a period of five (5) years after the termination of such business relationship, unless a longer period of retention is required by the Applicable Laws or any order, direction or request of the relevant authorities.
(2) After the expiration of said period, we will, unless prohibited by the Applicable Laws, delete and destroy the Personal Information held by us and take practicable measures to ensure that our Affiliates, agents, third-party partners and collaborators to which we have disclosed the Personal Information in accordance with this Privacy Policy do the same.
8. PERSONAL INFORMATION PROTECTION
(1) We implement protective measures on our website to safeguard and secure Personal Information to ensure it is protected against unauthorised or accidental access, processing, or erasure. These measures include the following:
(a) access or use of the Personal Information is limited to authorised staff or agents on a “need to know” basis and such Personal Information is accessed utilising secured methods (e.g. Personal Information is encrypted when necessary);
(b) we do not distribute the Personal Information to other persons except to the classes of transferees set out in this Privacy Policy and for the purposes set out in this Privacy Policy;
(c) the use and transfer of the Personal Information is subject to strict internal security standards, confidentiality policies, privacy laws and other Applicable Laws;
(d) we ensure that our employees fully comply with such standards, policies and laws; and
(e) we provide training to our staff on the proper handling of the Personal Information.
(2) All Personal Information you provide to us will be stored on our secure servers. You shall be responsible for keeping your device and your Account credentials safe and secure and not share them with anyone (other than your authorised representatives).
(3) As we further develop new products and services, we will continue to make every effort to ensure that the Personal Information is properly used and protected.
9. DIRECT MARKETING
(1) From time to time, we may use the Personal Information to send you news, updates, offers, promotions and joint marketing offers relating to our Services, Products, or other new products, services and facilities provided or offered by us and our Affiliates and other business partners. Your consent is required for the use of your Personal Information for such purposes. We may contact you by email, in-App notifications, telephone, SMS, WhatsApp, WeChat, other text/picture/video messaging channels, social media, or mail (where applicable).
(2) Your name, email address, telephone number, contact address, social media contact, date of birth, as well as information about your subscriptions, products and services portfolio, transaction and activity patterns and behaviors, browsing records, content viewing habits and personal interests held by us may be used by us in direct marketing (as defined in the PDPO) of the Services, the Products and any new or existing products, services and facilities offered by us, our Affiliates, our service providers and our business partners, including but not limited to: money or virtual asset exchange or trading services, asset custody solutions and services, pre-paid cards, credit cards, debit cards, credit facilities, financial products, investment products and services, as well as other similar products, services and facilities.
(3) By accepting this Privacy Policy, you will be deemed to have consented to the use of your Personal Information for direct marketing purposes in accordance with this Section, unless you expressly indicate to us your objection to such use.
(4) We may, at our sole discretion, provide your Personal Information to the person(s) as set out in Section 5 of this Privacy Policy for direct marketing purposes (where consented (including an indication of no objection) by you) or any other purposes permitted by this Privacy Policy.
(5) If you prefer not to receive any direct marketing communications from us or our marketing partners, you may indicate the same when submitting your Account opening application for the use of the Services and/or the Products or withdraw your consent to the use and provision of your Personal Information for direct marketing at any time thereafter by updating your preferences through your registered Account or by email to us at [support@sovrae.io]. Upon actual receipt of your request, we shall cease to use your Personal Information as soon as practicable without charge to you.
10. RIGHT TO ACCESS AND CORRECTION OF PERSONAL DATA
(1) According to and in accordance with the PDPO, you may have the right to:
(a) request access to the Personal Data we process about you;
(b) request us to correct, update, erase your Personal Data that is no longer correct in our records;
(c) request a copy of the Personal Data we have processed about you;
(d) request us to inform you of the type of the Personal Data held by us;
(e) object to the processing of your Personal Data and request us to cease processing of it;
(f) ask us to suspend the processing of your Personal Data; and
(g) withdraw your consent to process your Personal Data .
(2) In accordance with the PDPO, we reserve the right to charge a reasonable fee for processing any data request, as may be notified to you via publication or posting on our website or any other means for the giving of notices and communications in accordance with the terms governing the Services and/or the Products. Nothing in this Privacy Policy shall limit your rights under the PDPO.
(3) You shall send a written email request to us with the contact information as provided in this Privacy Policy. Please indicate your name, account/user number and contact number registered with us to follow up with your request. You may be asked to provide additional information to authenticate your identity in order for us to follow up your request.
11. COOKIES
(1) We use cookies and other technologies to track and collect information of the Users. Cookies are small data files which track and collect your browsing information from your web browser, and then use such information during your future visits to our website, so that the server may immediately recognise that you have been to the website before.
(2) Our cookies will not destroy any files in your electronic devices, but are only used to track information such as the User’s IP address, which pages have been visited, and the duration or each visit and frequency of visits, as well as the activity patterns, habits and preferences of visitors. We do not use cookies to track the identity of the actual user (other than his or her IP address), and cookies will only tell if a certain computer or device has visited our website in the past. For example, your name, email address and mobile phone number will not be collected by the cookies deployed on our website.
(3) If you visit our website and your mobile settings accept cookies, we will consider this as acceptance of our use of cookies. If you do not wish to permit such tracking and information collection by our cookies, you may adjust the settings in your web browser to reject some or all of our cookies. However, this may prevent you from accessing or using some or all of the features, functionalities and services of our website.
12. AMENDMENT
(1) We may amend, modify, update or supplement this Privacy Policy from time to time as we in our sole and absolute discretion consider necessary or appropriate. When there is any change to this Privacy Policy, we will publish the revised version of this Privacy Policy or a supplemental document on our website. Such amendments, modifications, updates and supplementations are considered part of the Privacy Policy and shall have the same force and effect as this Privacy Policy. If you continue using our website, the Service and/or the Products after such amendments, modifications, updates and supplementations take effect, you are deemed to have accepted the revised or updated Privacy Policy and be bound by it accordingly.
(2) We recommend that you read and understand this Privacy Policy from time to time to better understand the policies that you are obligated to comply with. If you do not agree to the provisions of this Privacy Policy, please immediately close your Account and cease to use our website, the Services and or the Products.
13. CONTACT US
If you have any questions about this Privacy Policy, or if you want to exercise your rights regarding your Personal Information, please contact us at [support@sovrae.io]. We will review questions as soon as possible and reply to you within a reasonable time period and you may be requested to provide additional information.
14. LINKS TO OTHER SITES
Our website or the platforms where we provide the Services and/or the Products may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. You understand we have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services. If you directly provide any data or information to such third parties, we make no commitment or assume any responsibility regarding the security of such data and the compliance with data processing.
15. LIABILITY
We shall in no event be liable to you in respect of any claims, losses, damages, expenses (including any legal fees) arising out of or in connection with the use, processing, retention, disclosure or dissemination of any data or information in accordance with this Privacy Policy and any consents or authorisations that you may have otherwise provided to us.
16. GOVERNING LAW AND JURISDICTION
This Privacy Policy shall be governed by and construed in accordance with the laws of Hong Kong. Any dispute, controversy, difference or claim arising out of or relating to this Privacy Policy, including the existence, validity, interpretation, performance, breach or termination of the terms hereof or any dispute regarding any non-contractual obligations arising out of or relating to this Privacy Policy, shall be referred to and finally resolved by arbitration administered by the Hong Kong International Arbitration Centre (“HKIAC”) under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted. The law of this arbitration clause shall be Hong Kong law. The seat of arbitration shall be Hong Kong. The number of arbitrators shall be one. The arbitration proceedings shall be conducted in English.