Your privacy is important to us. At CoinSuper Fintech (HK) Co., Ltd, (“Coinsuper”) we are committed to protecting the privacy, confidentiality and security of the personal information we collect and hold by complying with the requirements under the Hong Kong Privacy (Data Protection) Ordinance (Chapter 486 of the Laws of Hong Kong) (“PDPO”). We are equally committed to ensuring that all our employees and agents uphold these obligations.
This policy explains how we manage personal information within our organisation. It applies to CoinSuper and all its related companies and associates.
How do we collect personal information?
We collect personal information from you in the following circumstances: when you register a CoinSuper account with us, order products or services from us, subscribe to our newsletter; or complete any application form to us or submit a query or request to us. In some cases, we may be required by law to collect personal information about you. The personal information will generally be acquired through our channels, but we may however obtain information through a third party, such as representatives, agents or contractors who provide services to us, or third parties whom may refer you to us as they think you may be interested in our products or services.
What information do we collect?
The kinds of personal information that we collect and hold about you may include:
• identifying information, such as your name and date of birth
• contact information, such as your postal address, email address and telephone number
• social media profile information that you make available to us or to the public
• blockchain identifiers, such as blockchain addresses and public keys
• usernames and passwords that you create when registering for an account with us
• details of any products or services that we provide to you
• information about how you use the products and services we provide
• records of our communications with you, including any messages you send us.
Without this information, we may not be able to provide you with our products or services (or with all of the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.
You may, however, visit our site anonymously.
What do we use your personal information for?
We use personal data that we collect about you for the following purposes:
• to verify your identity for the purpose of satisfying our Anti-Money Laundering obligation
• to determine your eligibility for any of our products or services
• to determine your compliance with the terms and conditions that apply to any of our products or services and applicable law
• to enable us to provide our products and services
• to improve our website based on your information and feedback
• to answer your queries and requests
• to comply with our legal and regulatory obligations
• to carry out market analysis and research
• to monitor use of our products and services
• to assess, maintain, upgrade and improve our products and services
• to carry out education and training programs for our staff
• to manage and resolve any legal or commercial complaints or issues
• to carry out planning and forecasting activities and other internal business processes
• to keep you informed about our activities, including by sending out newsletters
EEA Residents: For individuals who reside in the European Economic Area (including the United Kingdom) or Switzerland (collectively “EEA Residents”), pursuant to Article 6 of the EU General Data Protection Regulation (GDPR) or any equivalent legislation (collectively “EEA Data Protection Law”), we process this personal information based on our contract with you to comply with our legal obligations, to satisfy our legitimate interests as described above and to satisfy on your consent.
We may from time to time use your personal information in order to send you marketing materials about products or services that we think you may be interested in (including in some cases products and services that are provided by a third party). We may not use your personal information unless we have received your consent. You can opt-out of receiving marketing communications from us by contacting us using the contact details set out below.
We may use your following personal information for the purpose of direct marketing:
• identifying information, such as your name and date of birth
• contact information, such as your postal address, email address and telephone number
• products and services portfolio information and demographic data held by us from time to time
We may use your personal information to market the following products and/or services to you:
• purchasing and/or trading digital assets
• software and hardware wallets for holding digital assets
• payment services
• other products or services related to digital assets and/or payment services
If we use your personal data in any direct marketing communications, you have the right to request that we provide you with the source of that personal data. There is no fee for requesting this information. We will provide you with the source of the personal data, unless it is impracticable or unreasonable to do so.
Please indicate your consent to receiving information relating to the above by contacting us using the contact details set out below.
We may also use and disclose your information for other purposes in accordance with your requests or instructions.
Who do we disclose your personal information to?
We may share personal information about you with:
• your representatives, advisers and others you have authorised to interact with us on your behalf
• our staff who need the information to discharge their duties
• related entities within our corporate group
• our business partners, agents and service providers
• payment system operators and financial institutions
• prospective purchasers of all or part of our business or shares in our company or a related entity
• professional advisers who we engage to provide advice on our business
• government authorities who ask us to disclose that information, or to other people as required by law
In some cases, the people to whom we disclose your personal information may be located overseas. There may not be in place data protection laws which are substantially similar to, or serve the same purposes as Hong Kong. As such, your personal information may not be protected to the same or similar extent as in Hong Kong.
How do we protect and store your information?
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We offer the use of a secure server. All personal information provided to us is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our database, which can only be accessed by those with special access rights to our systems, and are required to keep the information confidential. We update these physical and technical security processes and procedures from time to time to address new and emerging security threats that you become aware of.
Do we retain your personal information?
Yes, however your personal data will not be kept longer than required.
We may retain your personal information for a period of at least 5 years from the date on which we collect the information until the last transaction is completed with you or our relationship ends (whichever occurs last). At our discretion, we may retain personal data for longer than this period if we consider it necessary or desirable to do so to meet our legal or regulatory obligations.
Can you access and correct your personal information?
Yes. If you want to access any of the personal information that we hold about you or to correct some aspect of it (e.g. because you think it is incomplete or incorrect), please contact us using the contact details set out below. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.
Even if you do not request access to and/or correct your personal data held by us, if we are satisfied that, having regard to the reasons for which we hold your personal data, that personal data is inaccurate, incomplete, out-of-date, irrelevant or misleading, we may take reasonable steps to correct that data.
The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties here required to do by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
Third party links
Occasionally, at our discretion, we may include links to third party products or services on our website. These third-party sites have separate and independent privacy policies. Further, we do not verify their content. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will be available at www.coinsuper.com.
European Economic Area Users & Data
If you are a resident of the European Economic Area (the “EEA”), Coinsuper is the controller with respect to your personal information. We determine the means and purposes of processing data in relation to e-wallet and cryptocurrency transactions.
Legal bases for processing personal information
Our legal bases for processing under General Data Protection Regulation are described above in the sections entitled “What do we use your personal information for?”. We may process your personal information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of Coinsuper, our customers or others.
If you are a current customer residing in the EEA, we will only contact you by electronic means (email) with information about our services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.
If you are a new customer and located in the EEA, we will contact you if you are located in the EU by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to use your personal information in this way, or to pass your personal information on to third parties for marketing purposes, please contact us to opt-out immediately. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services.
EEA residents have the following rights, which can be exercised by contacting us at firstname.lastname@example.org so that we may consider your request under applicable law.
All EEA users will have the following rights which can be exercised anytime by contacting us:
• Right to withdraw consent. You have the right to withdraw your consent to the processing of your personal information collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of Coinsuper’s processing based on consent before your withdrawal.
• Right of access to and rectification of your personal information. You have a right to request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal information held by CoinSuper that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
• Right to delete. You have the right to request deletion of your personal information that:
(a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(b) was collected in relation to processing that you previously consented, but later withdraw such consent;
(c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing.
If we have made your personal information public and are obliged to delete the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the deletion of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws.
• Right to data portability. If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your personal information.
• Right to restriction of or processing. You have the right to restrict or object to us processing your personal information where one of the following applies:
(a) You contest the accuracy of your personal information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal information.
(b) The processing is unlawful and you oppose the deletion of your personal information and request the restriction of its use instead.
(c) We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defense of legal claims.
(d) You have objected to processing, pending the verification whether the legitimate grounds of Coinsuper’s processing override your rights.
Restricted personal information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.
• Notification of deletion, rectification and restriction. We will communicate any rectification or deletion of your personal information or restriction of processing to each recipient to whom your personal information has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.
• Right to object to processing. Where the processing of your personal information is based on consent, contract or legitimate interests you may restrict or object, at any time, to the processing of your personal information as permitted by applicable law. We can continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
• Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
• Right to lodge a complaint. If you believe that we have infringed your rights, we encourage you to contact us first at
email@example.com so that we can try to resolve the issue or dispute informally. You can also complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In the UK, the relevant data protection authority is the Information Commissioner's Office (ICO).
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, 0303 123 1113, firstname.lastname@example.org.
• Storage of your personal information. Coinsuper will try to limit the storage of your personal information to the extent that storage is necessary to serve the purpose(s) for which the personal information was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.
Your rights to personal information are not absolute. Access may be denied when:
• Denial of access is required or authorized by law;
• Granting access would have a negative impact on other's privacy;
• To protect our rights and properties; and
• Where the request is frivolous or vexatious.
We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact us by using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation.
If we have not responded to you within a reasonable time or if you feel that your compliant has not been resolved to your satisfaction, you are entitled to make a complaint to the Hong Kong Privacy Commissioner for Personal Data. For EEA residents, you may refer to the above section for the complaint authority.
If you want any further information from us on privacy matters, please contact us at:
Coinsuper Fintech (HK) Co., Ltd