Privacy Policy
for
Zhenxing Technology Limited
Version Dated: 30 November 2023
1.
Introduction
This Privacy Policy ("Privacy
Policy") applies to the collection, processing, sharing and use of
data collected from you when you use the remittance and/or foreign exchange
services operated by Zhenxing Technology Limited (collectively, the “Services”).
This Privacy Policy does not apply to information
collected: (i) through third-party services
(including any third-party websites) that you may access through the Services;
or (ii) by other companies and organisations who advertise their services on
our Services.
For the purpose
of data protection laws, the data controller of your personal data in relation
to the Services is Zhenxing Technology Limited. Our local representative for
data protection purposes are:
In this Privacy Policy, "we", "our" and "us"
refers to Zhenxing Technology
Limited, together with our parent and affiliates, and "you" refers either of the
following:
We use and process your personal data in accordance with the provisions
of this Privacy Policy, the Personal Data (Privacy) Ordinance ("PDPO") in Hong Kong and other
applicable data protection laws.
By agreeing to this Privacy Policy and/or
continuing to use the Services or access our website or web contents, you are
deemed to have accepted the terms of this Privacy Policy, and to have expressly
acknowledged and, where required, consented to our processing of the
information you provide to us for the purposes outlined in, or otherwise in
accordance with, this Privacy Policy.
To the extent that you provide personal
data relating to any other person,
such as the Sender or Recipient (as applicable), you agree and acknowledge that
you have notified such persons of this Privacy Policy, obtained their consent
to the use, processing, retention and transfer of their personal data in
accordance with this Privacy Policy (including any amendments or revisions
thereto), and have complied with the legal obligations in respect to the
processing of their personal data in accordance to applicable data protection
laws. You further agree and acknowledge that we are not responsible for any
loss incurred due to or in relation to the failure of you to obtain such
consent from any such person. You are
responsible for ensuring all personal data you provide is accurate and
complete.
If you do not agree to the processing of your
personal information in the way this Privacy
Policy describes, please do not provide your information when requested and
stop using the Services. By using the Services you are
acknowledging how we process your personal information as described in this
Privacy Policy.
SUMMARY
Here is a summary of the
information contained in this Privacy Policy. You can find more detail by
clicking ‘More Information’.
|
What information do we need
to be able to provide the Services? |
·
If you send or receive money using our Services
then we will need some information from you to facilitate such remittance.
This includes your basic contact information, such as your legal name, email address, mailing address, area code, country /
area of residence and telephone or mobile phone number, bank account information,
transaction information and other unique identifiers, such as IP address, ID
number, ID type, customer ID etc. |
|
|
How will we use your
information? |
·
We use your information to provide the Services,
enable us, our partner banks in the PRC and Tenpay, all of whom support our
provision of Services, to comply with legal and regulatory obligations, e.g.
in relation to AML and KYC |
|
|
Who do we share your
information with? |
·
We use third parties and work with our affiliates
to help us deliver the best possible experience (such as for remittance and
payment processing). ·
All third party service providers providing
services for us are prohibited from retaining, using, or disclosing your
personal information for any purpose except where strictly necessary for the
Services (i.e., to fulfil the purpose(s) described above). ·
In some cases we may be required by a court or be
under a legal obligation (such as a valid search warrant or subpoena) to
disclose certain information. |
|
|
Where do we process your
information? |
·
Pursuant to our contract with you, we may
transfer data outside of the location in which you are based for the purposes
described in this Privacy Policy. ·
We have servers for the Services in Hong Kong and
the People’s Republic of China (excluding Hong Kong SAR, Macau SAR and
Taiwan) (“PRC”). We also have support, engineering and other teams who
may support the Services, including from Hong Kong, PRC and Singapore. ·
If you are located in
the EEA or the UK, transfers between our affiliates and to third parties use
applicable safeguards, such as incorporating standard contractual clauses or
taking into account adequacy assessments. |
|
|
How long do we keep your
information? |
·
Unless otherwise required or permissible by
applicable laws, we retain your information for as long as the information is
needed to fulfil the purpose for which it was collected (as further described
in this Privacy Policy). We then delete or anonymise such data, in accordance
with applicable laws. |
|
|
How can I exercise my rights
over my information? |
·
Certain jurisdictions offer individuals specific
rights with respect to their information, so you may have a right to access
or receive a copy of your data, or to delete your data or restrict or object
to our processing of your data. |
|
|
How will we notify you
of changes? |
·
Changes to this Privacy Policy will be posted
here. We will also notify you of changes in accordance with relevant legal
requirements. |
We may from time to time revise
or add specific instructions, policies and terms to this Privacy Policy. These
instructions, policies and terms form part of this Privacy Policy.
Your use of the Services
indicates your acceptance of the current version of this Privacy Policy, which
may be amended from time to time. You can determine when this Privacy Policy
was last revised by referring to "Last Modified" at the top of
this document.
Where we consider that any
changes to this Privacy Policy are reasonably material, we will notify you (via
notification within our websites or other web contents, direct communication to
you, or other means) prior to the change becoming effective. By agreeing to the
revised Privacy Policy and/or continuing to use the Services or access our
website or web contents after any changes to this Privacy Policy, with or
without notice from us, you are deemed to have accepted the terms of the
revised Privacy Policy.
This section provides more
detail on the types of personal data we collect from you and why.
|
Personal Data |
Use |
Legal Basis (where
applicable) |
|
Basic information · Sender: phone number, email
address, user ID, username, date of birth, nationality and address · Recipient: name of account
holder and customer ID |
We use this information to: · Provide the Services |
Necessary for performance of contract to provide our Services to you. |
|
· Fulfil our legal and regulatory obligations, e.g. in relation to AML
and KYC |
Necessary to satisfy our legal obligations under applicable law to
provide our Services. |
|
|
Partner bank information Recipient’s Chinese name, mobile phone number, bank card number, ID
number, ID type, ID expiry and validity date, IP address, gender, occupation,
address, area code, nationality, open ID, remittance ID, bank type, bank
name, remittance amount and currency |
We use this information to: · Provide the Services |
Necessary for performance of contract to provide our Services to you. |
|
· Fulfil our and enable our bank partners in the PRC with whom you have
a bank account with to fulfil their legal and regulatory obligations, e.g. in
relation to AML and KYC |
Necessary to satisfy our legal obligations under applicable law to
provide our Services. |
|
|
Tenpay information ·
Sender: phone number, email address, user ID, username, date of birth,
nationality and address · Recipient: transfer type, account
type and information, currency, remittance amount, remittance country,
recipient country, purpose of remittance, Chinese name, open ID and any
supporting documents provided |
We use this information to: · Provide the Services |
Necessary for performance of contract to provide our Services to you. |
|
· Fulfil our and enable Tenpay in the PRC, which remits the funds into
Recipient’s Weixin Pay account, to fulfil their legal and regulatory
obligations, e.g. in relation to AML and KYC |
Necessary to satisfy our legal obligations under applicable law to
provide our Services. |
|
|
·
Sender: phone number, email address, user ID, username, date of birth,
nationality and address, Chinese name, bank card number, bank type, ID
number, ID type, ID expiry and validity date, IP address, gender, occupation,
address, area code, nationality, open ID, remittance ID, bank type, bank
name, remittance amount, currency and any supporting documents provided ·
Recipient: customer ID and name, Chinese name, mobile phone number, bank card
number, ID number, ID type, ID expiry and validity date, IP address, gender,
occupation, address, area code, nationality, open ID, remittance ID, bank
type, bank name, remittance amount, currency and any supporting documents
provided |
We use this information to provide the Services, specifically to
enable Tenpay to identify the Recipient and remit the funds to his/her Weixin
Pay account. |
Necessary for performance of contract to provide our Services to you. |
Pursuant
to our contract with you, we may transfer data outside of the location in which
you are based for the purposes described in this Privacy Policy.
We have
servers for the Services in Hong Kong and the PRC. We also have support,
engineering and other teams who may support the Services, including from Hong
Kong, PRC and Singapore.
If you are located in the
EEA or the UK, transfers between our affiliates and to third parties use
applicable safeguards, such as incorporating standard contractual clauses or
taking into account adequacy assessments.
Only where necessary will we share your personal information with the following persons:
(a)
companies within our corporate
group who process your personal data solely for the purpose of providing the
Services to you, including our subsidiaries, holding companies, associated companies and or affiliates
of, or companies controlled by, or under common control with us. In particular,
we may share personal data with our affiliate Tenpay for the purpose of
providing the Services to you. Tenpay may also use and disclose such personal
data for the purpose of complying with its legal obligations such as anti-money
laundering, counter-terrorist financing and other transaction monitoring and
reporting requirements under applicable laws and regulations;
(b)
third
parties that provide services in support of the Services, including our business partners, agents,
contractors, suppliers, service providers and other service providers engaged
by us to assist with providing you our Services, including service providers
for purposes such as payment and transaction processing;
(c)
financial institutions
(such as our bank partners in the PRC), charge or credit card issuing
companies, credit providers, credit information or reference bureaux, or
collection agencies, security agencies, necessary to establish and support the
payment of any Services being requested;
(d) regulators,
judicial authorities and law enforcement agencies. There
are circumstances in which we may be legally required to disclose information
about you, such as to comply with legal obligations or processes. In
complying with the terms of valid legal
processes, such as a subpoena, or search warrant, unfortunately we may not be
able to seek your consent to or notify you in advance of such disclosure;
(e) third
parties to ensure safety, security, or compliance with laws.
We may disclose your information to:
a. enforce
our terms and conditions and other agreements, including investigation of any
potential violation thereof;
b. detect,
prevent or otherwise address security, fraud or technical issues; or
c. protect
the rights, property or safety of us, our users, a third party or the public as
required or permitted by law (such as exchanging information with other
companies and organisations for the purposes of fraud protection and credit
risk reduction); and
(f) a
third party that acquires all or substantially all of us or our business.
We may also disclose your information to third parties if we either: (a) sell,
transfer, merge, consolidate or re-organise any part(s) of our business, or
merge with, acquire or form a joint venture with, any other business, in which
case we may disclose your data to any prospective buyer, new owner, or other
third party involved in such change to our business; or (b) sell or transfer
any of our assets, in which case the information we hold about you may be sold
as part of those assets and may be transferred to any prospective buyer, new
owner, or other third party involved in such sale or transfer.
We may
from time to time also use aggregate non-identifying information about our
customers to better design and improve the Services we offer. This information
will not identify any individual in particular.
We treat the security of your personal data
seriously. We utilize and use a variety of administrative, technical and
physical safeguards and security measures to protect the personal data against
accidental, unlawful or unauthorized destruction, loss, alteration, access,
disclosure or use and any other unlawful forms of processing. For instance, for
some of our Services, we will use encryption technology (such as SSL) to
protect certain sensitive Information provided by you to us. All
the data is protected and only available to authorized personnel and
subcontractors.
However, no system is impenetrable and no
information provided over the Internet can be guaranteed to be completely
secure. Although we will implement and maintain reasonable measures to protect
your personal data, we cannot guarantee the security of any
information that you transmit to us or receive from us over the Internet. Our systems and the communications networks
through which you access our Services may be subject to failures which are due
to circumstances beyond our reasonable control.
We do not keep your data for longer than is
necessary to fulfil the relevant purpose described above unless we are required or permitted to do so under law. If we retain
your information beyond the retention periods set out below, for example to
comply with applicable laws, we will store it separately from other types of
personal information.
For further details on how long we keep your data,
please refer to the time periods set out below.
|
Personal Data |
Retention Policy |
|
As set out in Section 3 (How We Process Your
Personal Data) above |
Generally, we store this
information for a minimum of 6 years from the end of our business
relationship with you or the date of the last transaction (as
applicable), or such
other period as permitted by, and in accordance with, applicable law. |
You may
have certain rights in relation to the personal information we hold about you.
Some of these only apply in certain circumstances (as set out in more detail
below). If you believe we hold any other personal information about you, please
contact us at wisefx_personaldata@tencent.com.
We will
endeavour to deal with your request as soon as possible. This is without prejudice
to any right you may have to launch a claim with a data protection authority in
the region in which you live or work where you think we have infringed data
protection laws.
Access
You may have the right to
access personal information we hold about you, how we use it, and who we share
it with.
Correction
You may have
the right to correct personal information we hold that is inaccurate.
Portability
You may have the right to receive a copy of
certain personal information we process about you. For example, in certain
jurisdictions this can comprise personal information we process on the basis of
your consent or pursuant to our contract with you (e.g., account name), as
described above in the section “How We Process Your Personal Information”. We will provide further information to
you about transferring this data if you make such a request.
Erasure
You may be able to request for erasure of your
personal data. We may need
to retain personal information if there are valid grounds under data protection
laws for us to do so (for example, for the defence of legal claims or freedom
of expression) but we will let you know if that is the case. Where you have
requested that we erase personal information that has been made available
publicly on the Services and there are grounds for erasure, we will use
reasonable steps to try to tell others that are displaying the personal
information or providing links to the personal information to erase it too.
Restriction of Processing
to Storage Only
You may have a right to
require that we stop processing the personal information we hold about you
(other than for storage purposes in certain circumstances). Please note,
however, that if we stop processing the personal information, we may use it
again if there are valid grounds under data protection laws for us to do so
(for example, for the defence of legal claims or for another’s protection).
Where we agree to stop processing the personal information, we will take steps
to tell any third party to whom we have disclosed the relevant personal
information so that they can stop processing it too.
Objection
You may have the right to object
to our processing of your personal information. If you wish to do so, please
contact us using the contact
details set out below, and we will consider your
request.
Consent Withdrawal
To the extent provided
by applicable laws and regulations, you may withdraw consent you previously
provided to us for certain processing activities by contacting us at using the contact details set out below. Where consent is
required to process your personal information, if you do not consent to the
processing or if you withdraw your consent we may not be able to deliver the
expected service. Please note that
the right to withdraw consent is only available if the legal basis for
processing information is consent.
Hong Kong specific rights
As a Hong Kong data subject you have legal rights in relation to the
personal information we hold about you (to the extent permitted under applicable
laws and regulations). You are entitled to make a subject access request to
receive a copy of the data we process about you, a data correction request as
well as a right to reject to the use of your personal data for direct marketing
purposes. A fee may be chargeable by
us for complying with a data access request.
The English version of this Privacy Policy shall
prevail over any Chinese version (if any) which is provided for information
purposes only.
If you wish to contact
us regarding this Privacy Policy or any privacy-related matters, please contact
our Privacy Officer via email at wisefx_personaldata@tencent.com. In addition, with respect to Personal Data shared
with Tenpay, you may contact Tenpay at Tenpay_dataprivacy@tencent.com.