FoCard Exemption rules

FOPAY PRIVACY POLICY

Your personal data is important. Hang Feng Wallet Technologies Limited, hereinafter referred to as “we”, “us”, “our” or “FoPay”) understands the importance you place on personal data, and we make every effort to maintain its security and reliability.

FoPay is committed to providing its clients with excellent services of comprehensive Fintech solutions together with third party partners and collaborators. Based on your service needs, we will collect and use different types of your personal data and non-personal data. We treat the use and confidentiality of our clients’ personal data and non-personal data seriously.

The security and privacy of our clients’ personal data and non-personal data is a matter of utmost importance for FoPay. We are committed to protecting the privacy, confidentiality, and security of our clients’ personal data and non-personal data; in the case of personal data by complying with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) through the implementation of the Privacy Policy.

Where our operations are also subject to privacy legislation other than that of Hong Kong, such as General Data Protection Regulation, the privacy laws of Chinese Mainland, etc. we will seek to comply with all such applicable laws and regulations to the extent that it is possible for us to do so. Where there is a conflict between different systems of laws, we will, in most cases, comply with the system of law that imposes a stricter standard on us.

This Privacy Policy applies only to services of FoPay in the application named FoChat (the “Platform”) and our products or services provided on the Platform. For other products or services we offer, you should read the applicable privacy policies we have separately formulated and published. For information on third-party platforms to which the Platform may link or direct, or technology provided by third parties, you should read and comply with the terms, documents, and privacy policies formulated and published by such third parties.

Please note that this Privacy Policy may be amended from time to time, with prior notice to you. Nevertheless, you are advised to check the latest version of this Privacy Policy on our websites on a regular basis.

Our collection and use of personal data

FoPay may collect the below personal data provided voluntarily by our clients when you use our products or services on the Platform.

• Full legal name (including former name, and names in English and Chinese, if applicable)

• Identification document type (e.g. Passport)

• Identification document number (e.g. Passport No.)

• Gender

• Date of birth

• Place of birth

• Nationality

• Residential address

• Country/state of residence

• Total net wealth

• Purpose of account opening

• Initial and ongoing sources of wealth or income

• Nature and details of the business/occupation/employment

• Level of activity anticipated

• Source of funds/digital assets to be used in the relationship

• Credit history and score

• Contact phone number

• Email address

• Your transaction history and spending pattern

• Bank account information

• Blockchain address

• Your location data

• Additional personal data or documentation at the discretion of our compliance team.

Please be aware that we may also collect personal data of your beneficial owners, directors, officers, authorized signatories, employees, representatives, guarantee/security providers and other natural persons related to you via your use of the Platform or where you have given your consent.

FoPay may also obtain your personal data from publicly available sources of information, recording telephone conversations and/or communications by using electronic media, or from third party risk intelligence applications.

We will only use the personal data we collect for the purposes set out in this Privacy Policy. If you do not provide the personal data requested, we may not be able to provide or continue to provide our services or products to you, including without limitation, providing you with trading services in respect of certain markets and/or products. Your personal data (whether individually, or aggregated with the personal data of other people) may be used for the following purposes:

To make decisions relating to the provision or continued provision of the services to you.
To administer, operate, deliver, improve, and personalize the services.
To process your payments and transactions, and to provide you with statements, invoices, receipts and other related information in relation to the services.
To monitor and record the usage of the services and communications with you (including for investigation and fraud prevention purposes).
To detect, prevent and address technical issues.
For risk assessment and data analysis (including data processing, anti-money laundering and credit analyses), internal management and to carry out internal/external audits.
To communicate with you, your affiliates and/or your representatives in relation to events, our services and other products or services offered by FoPay or its affiliates, unless you have opted not to receive such information.
To conduct market research, surveys, promotions and contests, and to analyse your preferences, interests and behavior in relation to the services.
To fulfil any applicable legal, regulatory and compliance requirements (including anti-money laundering and tax obligations applicable to us).
To enforce or defend the rights or property of FoPay, its affiliates and other users.
Carry out any other purpose(s) described to you at the time the data was collected.
Any functions related to the foregoing.

Where you provide to us personal data about another person, you must give to that person a copy of this Privacy Policy and, in particular, tell him/her that you have provided us with their personal data and how we may use his/her personal data.

Disclosure of personal data

Personal data held by FoPay will be kept confidential, but may be disclosed to the following persons for one or more of the purposes set out in Section 1:

our third party service providers who help us provide, operate, maintain, secure and improve the services (including but not limited to any “Know Your Client” or other blockchain analytics service providers, credit card networks, banks or financial institutions, payment processors, merchants, loyalty programs partners, and service providers that provide website hosting, data analysis, information technology, mailing, telecommunications, human resource, data processing, payments, credit references or other services);
any of our officers, employees, agents, contractors or third party service providers who provide administrative, credit data, debt collection, telecommunications, client verification, due diligence, computing, payment, promotional, marketing or other services related to our business operations to us (e.g. IT vendors, electronic storage vendors);
any financial institution trading with or intending to trade with you, or any of your counterparties in a trade;
any person or entity or data recipient who has already established or intends to establish any business relationship with FoPay;
any certification authority whether in Hong Kong or other places; and
any agencies in Hong Kong or other places for compliance with applicable laws, regulations, rules or guidelines regarding the automatic exchange of financial account information or the Foreign Account Tax Compliance Act promulgated by the United States.

Transfer of personal data

Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Please note that we may transfer the data, including personal data, outside your jurisdiction and process it there. Your consent to this Privacy Policy and your submission of such information represents your agreement to that transfer.

We will take reasonable measures to ensure that your personal data is treated securely and in accordance herewith and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your personal data and other personal information.

How we protect personal data

FoPay implements protective measures to safeguard and secure personal data to ensure it is protected against unauthorized or accidental access, processing, or erasure. These measures include the following:

access or use of such data is limited to authorized staff or agents on a “need to know” basis and such data is accessed utilizing secured methods (e.g. personal data is encrypted when necessary);
we do not distribute your personal data to other persons except to the classes of transferees set out in this Privacy Policy and for the purposes set out in this Privacy Policy;
the use and transfer of your personal data is subject to strict internal security standards, confidentiality policies, privacy laws and other applicable laws;
we ensure that our employees fully comply with such standards, policies and laws; and
we provide training to our staff on the proper handling of your personal data.

As we further develop new products and services, we will continue to make every effort to ensure that your personal data is properly used and protected.

Your rights regarding your personal data

According to and in accordance with the terms of the applicable data protection laws or regulations, you may have the right to:

request access to the personal data we process about you;
request us to correct, update, shield or delete your personal data in our records;
request a copy of the personal data we have processed about you;
object to the processing of your personal data and request us to cease processing of it;
ask us to suspend the processing of your personal data;
file a complaint against processing your personal data or if you are under the impression that we process your data unlawfully;
withdraw your consent to process your personal data;
lodge a complaint with competent authorities if you think that any of your data privacy rights have been infringed by us.

Your specific rights regarding your personal data may depend on where you reside and which data protection laws and regulations apply to you. In accordance with the terms of the applicable laws and regulations, FoPay reserves the right to charge a reasonable fee for processing any data request. Nothing in this Privacy Policy shall limit your rights under the applicable laws and regulations.

You should send requests to us with the contact information as provided in Section 8. Please indicate your name, account number and contact number for us to follow up with your request. You may be asked to provide additional information to authenticate your identity in order for us to follow up your request.

How we store personal data

We will not keep personal data longer than is necessary for the fulfillment of the purpose for which it was collected. The retention period of personal data collected depends on different factors, including:

Usage: we may have to continue to retain the personal data for the purpose(s) for which it was collected for; and
Legal obligations: there may be minimum retention periods for that personal data, as stipulated in applicable laws and regulations, including but not limited to certain AML-related systems, procedures, policies, KYC (including third-party services providers) requirements, and other applicable laws and regulations in other jurisdictions. You hereby agree that we will store the relevant data in accordance with the minimum retention period requirement.

Updates to this Privacy Policy

We may revise this Privacy Policy from time to time as our business changes. When there is any change to this Privacy Policy, we will publish the revised version on our website or our Platform. Such revisions are considered part of the Privacy Policy and shall have the same force and effect as this Privacy Policy.

We recommend that you read and understand this Privacy Policy from time to time to better understand the policies that you are obligated to comply with. If you do not agree to terms of this Privacy Policy, please cease to access this website and use our services.

Contact us

If you have any complaints or suggestions, or if you want to exercise your rights regarding personal information, you may send your questions, requests or complaints to us.

We will review questions as soon as possible and reply to you within a reasonable time period in accordance with the law and you may be requested to provide additional information.

Links To Other Site

Our Site may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. You understand we have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Part of the services on the Platform will be provided by third parties. If you directly provide any data or information to such third parties, FoPay makes no commitment or assumes any responsibility regarding the security of such data and the compliance of data processing.

Specific Rights Under Different Jurisdictions

A. Your rights if your personal data is covered by the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (“EEA”), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal data we collect and the specific context in which we collect it. We may process your personal data because:

• We need to use your personal data to contract with you or to perform our obligations thereunder.

• You have given us consent to do so.

• The processing is in our legitimate interests or necessary to comply with our legal obligations.

• To comply with applicable laws and regulations.

If you are a resident of the EEA, you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.

In certain circumstances, you have the following data protection rights:

• The right to access, update or to delete the information we have on you.

• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

• The right to object. You have the right to object to our processing of your personal data.

• The right of restriction. You have the right to request us to restrict the processing of your personal information.

• The right to data portability. You have the right to be provided with a copy of the information we have on you.

• The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

B. Your rights if you are a resident of California or certain US states

Under the laws of the states of California, Colorado, Connecticut, Utah and Virginia (“Applicable States”), you may have rights to ask us to:

• provide access to certain information we hold about you, in some cases in a portable format, if technically feasible.

• update or correct your information.

• delete certain information we hold about you.

• opt in to or opt out of use of certain sensitive information we hold about you.

You may also have the right to designate an authorized agent to help you exercise these rights. To ensure the security of your account, we will generally ask you to verify your, or your authorized agent’s, request using the contact information you have already provided.

No sale of personal information. We do not sell any personal information to anyone.

No discrimination. We will not discriminate against any exercising their rights under the privacy laws of California or other Applicable States.

California. Below are the additional disclosures required by the California Consumer Privacy Act and the California Privacy Rights Act (together, the “CCPA”), effective as of January 1, 2023.

• Categories of personal information collected. The personal information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the CCPA, depending on how you engage with us:

• Identifiers, such as your name, email, address, phone numbers, or IP address.

• Personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number.

• Characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;

• Commercial information, such as purchase activity;

• Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;

• Geolocation information, such as the location of your device or computer determined from your IP address or mobile device’s GPS depending on your device settings;

• Audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;

• Professional or employment-related information, for example information you may provide about your business; and

• Inference data, such as information about your preferences.

Categories of personal information disclosed for a business purpose. The personal information that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the CCPA, depending on how you engage with us:

• Identifiers, such as your name, email, address, phone numbers, or IP address;

• Personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number;

• Characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;

• Commercial information, such as purchase activity;

• Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;

• Geolocation information, such as the location of your device or computer, for example if you enable location services to enhance your experience through applications we offer;

• Audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;

• Professional or employment-related information, for example information you may provide about your business;

• Inference data, such as information about your preferences.

Sensitive personal information. The categories of information that FoPay collects and discloses for a business purpose include “sensitive personal information” as defined under the CCPA. FoPay does not use or disclose sensitive personal information for any purpose not expressly permitted by the CCPA.

FOPAY

PRIVACY POLICY

Our collection and use of personal data

FoPay may collect the below personal data provided voluntarily by our clients when you use our products or services on the Platform.

• Full legal name (including former name, and names in English and Chinese, if applicable)

• Identification document type (e.g. Passport)

• Identification document number (e.g. Passport No.)

• Gender

• Date of birth

• Place of birth

• Nationality

• Residential address

• Country/state of residence

• Total net wealth

• Purpose of account opening

• Initial and ongoing sources of wealth or income

• Nature and details of the business/occupation/employment

• Level of activity anticipated

• Source of funds/digital assets to be used in the relationship

• Credit history and score

• Contact phone number

• Email address

• Your transaction history and spending pattern

• Bank account information

• Blockchain address

• Your location data

• Additional personal data or documentation at the discretion of our compliance team.

To make decisions relating to the provision or continued provision of the services to you.
To administer, operate, deliver, improve, and personalize the services.
To process your payments and transactions, and to provide you with statements, invoices, receipts and other related information in relation to the services.
To monitor and record the usage of the services and communications with you (including for investigation and fraud prevention purposes).
To detect, prevent and address technical issues.
For risk assessment and data analysis (including data processing, anti-money laundering and credit analyses), internal management and to carry out internal/external audits.
To communicate with you, your affiliates and/or your representatives in relation to events, our services and other products or services offered by FoPay or its affiliates, unless you have opted not to receive such information.
To conduct market research, surveys, promotions and contests, and to analyse your preferences, interests and behavior in relation to the services.
To fulfil any applicable legal, regulatory and compliance requirements (including anti-money laundering and tax obligations applicable to us).
To enforce or defend the rights or property of FoPay, its affiliates and other users.
Carry out any other purpose(s) described to you at the time the data was collected.
Any functions related to the foregoing.

Disclosure of personal data

Personal data held by FoPay will be kept confidential, but may be disclosed to the following persons for one or more of the purposes set out in Section 1:

our third party service providers who help us provide, operate, maintain, secure and improve the services (including but not limited to any “Know Your Client” or other blockchain analytics service providers, credit card networks, banks or financial institutions, payment processors, merchants, loyalty programs partners, and service providers that provide website hosting, data analysis, information technology, mailing, telecommunications, human resource, data processing, payments, credit references or other services);
any of our officers, employees, agents, contractors or third party service providers who provide administrative, credit data, debt collection, telecommunications, client verification, due diligence, computing, payment, promotional, marketing or other services related to our business operations to us (e.g. IT vendors, electronic storage vendors);
any financial institution trading with or intending to trade with you, or any of your counterparties in a trade;
any person or entity or data recipient who has already established or intends to establish any business relationship with FoPay;
any certification authority whether in Hong Kong or other places; and
any agencies in Hong Kong or other places for compliance with applicable laws, regulations, rules or guidelines regarding the automatic exchange of financial account information or the Foreign Account Tax Compliance Act promulgated by the United States.

Transfer of personal data

How we protect personal data

access or use of such data is limited to authorized staff or agents on a “need to know” basis and such data is accessed utilizing secured methods (e.g. personal data is encrypted when necessary);
we do not distribute your personal data to other persons except to the classes of transferees set out in this Privacy Policy and for the purposes set out in this Privacy Policy;
the use and transfer of your personal data is subject to strict internal security standards, confidentiality policies, privacy laws and other applicable laws;
we ensure that our employees fully comply with such standards, policies and laws; and
we provide training to our staff on the proper handling of your personal data.

As we further develop new products and services, we will continue to make every effort to ensure that your personal data is properly used and protected.

Your rights regarding your personal data

According to and in accordance with the terms of the applicable data protection laws or regulations, you may have the right to:

request access to the personal data we process about you;
request us to correct, update, shield or delete your personal data in our records;
request a copy of the personal data we have processed about you;
object to the processing of your personal data and request us to cease processing of it;
ask us to suspend the processing of your personal data;
file a complaint against processing your personal data or if you are under the impression that we process your data unlawfully;
withdraw your consent to process your personal data;
lodge a complaint with competent authorities if you think that any of your data privacy rights have been infringed by us.

How we store personal data

Usage: we may have to continue to retain the personal data for the purpose(s) for which it was collected for; and
Legal obligations: there may be minimum retention periods for that personal data, as stipulated in applicable laws and regulations, including but not limited to certain AML-related systems, procedures, policies, KYC (including third-party services providers) requirements, and other applicable laws and regulations in other jurisdictions. You hereby agree that we will store the relevant data in accordance with the minimum retention period requirement.

Updates to this Privacy Policy

Contact us

If you have any complaints or suggestions, or if you want to exercise your rights regarding personal information, you may send your questions, requests or complaints to us.

We will review questions as soon as possible and reply to you within a reasonable time period in accordance with the law and you may be requested to provide additional information.

Links To Other Site

Specific Rights Under Different Jurisdictions