IDA Finance Hong Kong Limited (the “IDA”, “we”, “us” and/or “our“) is committed to protecting the privacy of personal data and this Privacy Policy Statement (“Policy”) sets out our personal data privacy policies and practices in accordance with the provisions of the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (“PDPO”).

The content of this Policy is meant to provide a general overview. For further details, please refer to our Personal Information Collection Statement (“PICS”). For the avoidance of doubt, should there be any inconsistencies between this Policy and the PICS, the PICS shall prevail to the extent of any such inconsistencies. This Policy sets out the policy and practices in connection with your access to and use of our goods and services.

Kinds of personal data held
We may collect personal data from you in connection with the matters and purposes set out in the PICS and this Policy. This may include information as defined in the PICS. For details on the kinds of personal data held, please refer to the PICS.

Main purposes of collecting and keeping personal data
We may collect and use (including disclose) your personal data from time to time in the ordinary course of your relationship with us for various purposes, including: delivering goods and services to operate and improve our stablecoin services; managing your account and processing transactions; providing customer support and resolving inquiries; ensuring legal compliance with applicable laws and regulations; monitoring compliance to detect and address violations; fulfilling legal obligations, including necessary disclosures; protecting against fraud and illicit activities; conducting analytics and research to enhance user experience; personalizing your interactions with tailored content; sending marketing communications and managing our relationship with you, subject to your consent; assessing creditworthiness and preventing fraud; preventing financial loss by reporting illegal activities; conducting due diligence for potential mergers or financing; enhancing functionalities within our platform; safeguarding users and ensuring system security; and for any other related purposes that align with these objectives.

We may also use your personal data in other ways for which we provide specific notice at the time of collection or for which you have subsequently consented.

Retention of personal data
Personal data collected from you will not be kept longer than necessary for the carrying out of the purposes for which such data were initially collected, unless otherwise required or permitted by applicable laws or regulations.

We will retain and procure our service providers to retain your personal data only for so long as is necessary for the purposes set out in the PICS, this Policy and in accordance with the PDPO and all applicable regulatory requirements.

Security of personal data
We take all reasonable steps, including technical, administrative and physical safeguards to help protect your personal data that we process from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Disclosure of data
We will comply with the applicable requirements and restrictions under the PDPO in disclosing personal data to any other person. We may, when appropriate and necessary, provide, transfer or disclose your personal data to our Group Companies (defined below) and any third party (whether within or outside Hong Kong) set out in Part C of the PICS for the purposes set out above and/or in the PICS.

For details on the disclosure of personal data to third parties, please refer to the PICS.

Outsourcing arrangement
We may appoint suppliers, agents, contractors, service providers and other contractual counterparties within or outside Hong Kong to process data collected by us, in order to provide administrative, telecommunication, computing, remittance or other services to us, such as in connection with the operation or maintenance or the provision of services and products, including for fraud prevention, payment settlement and transaction processing, insurance, bill collection, data entry, database management, promotion, marketing, customer service, technology service, product and service alerts and stable-coin related services.

All suppliers, agents, contractors, service providers and other contractual counterparties are required to comply with the applicable requirements and restrictions under the PDPO and personal data access will be restricted to authorised personnel on a need-to-know basis.

Direct Marketing
We may wish to use your personal data in direct marketing activities for the purposes set out above and/or in the PICS. We will comply with the applicable requirements and restrictions under the PDPO and the PICS in direct marketing activities.

We will not use your personal data for direct marketing activities unless we have received your consent. You have the right to opt-out of receiving marketing communications from us at any time by following the unsubscribe instructions included in each marketing email or by contacting us directly at dpo@idafi.xyz.

Use of cookies
We use cookies and similar tracking technologies to track the activity on our website and store certain information. Cookies help us to improve our goods and services by understanding user behaviour. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may be unable to use some portions of our website. 

We do not use 'spyware' or hidden identifiers or other similar devices to gain access to your personal data or store hidden information when you visit our website. 

Use of information gathered from cookies
The information gathered through the use of cookies, SPM and other technologies referenced in the previous section of this Policy will enable us to adopt a more focused customer experience for our goods and services.
We do not use spyware or hidden identifiers or other similar technologies to gain access to your personal data or store hidden information when you visit our website. For details, please refer to our Cookie Policy.

Accessing your personal data
You have the right to access and update your information and contact us. For example, you may:

(a)  check whether we hold personal data about you and/or access such personal data;

(b)  require us to correct any personal data relating to you which is inaccurate;

(c)  to the extent required in accordance with applicable laws and regulations, require us to correct inaccurate, or unlawfully collected or unlawfully processed personal data;

(d)  ascertain our policies and procedures in relation to personal data and to be informed of the kind of personal data held by us; and

(e)  request us not to use your personal data for direct marketing purposes, in which case we will cease to do so at no cost to you.

If you would like to make a request for access to your personal data, please submit the "Data Access Request Form" (the prescribed form (form:OPS003) can be downloaded from the following link http://www.pcpd.org.hk/english/publications/files/Dforme.pdf), along with appropriate proof of identity (a copy of the applicant's Hong Kong Identity Card or Passport) to our Data Protection Officer at the address below. We may charge you a fee as permitted by the PDPO for this service.

If you have any question about this Policy, or would like to request for access to personal data or correction of personal data, or for information regarding our policies and practices and kinds of personal data held, please write to us at:

The Data Protection Officer
IDA Finance Hong Kong Limited 
Address: Unit 2101, 21/F, Hong Kong, Diamond Exchange Building, 8-10 Duddell Street, Hong Kong
Email: dpo@idafi.xyz

In this Policy, unless inconsistent with the context or otherwise specified, the words below shall have the following meanings:

• “Our Group Companies” means Gala Equity Holdings Limited and IDA Finance Limited.

•  “Hong Kong” means the Hong Kong Special Administrative Region of the People’s Republic of China. 

•   The words “include” and “including” shall be construed without limitation.

Last Updated: September 2024

Personal Information Collection Statement (“PICS”) pursuant to Personal Data (Privacy) Ordinance (Cap.486) (“PDPO”) in relation to IDA Finance Hong Kong Limited 

This PICS sets out how IDA Finance Hong Kong Limited (the “IDA”, “we”, “us” and/or “our”) may collect, use and disclose your “personal data”, “personally identifiable information” or other personal information as ascribed under the  PDPO (collectively, “Personal Data”) in connection with your access to and use of our goods and services. 

From time to time, it is necessary for you to provide us with Personal Data in connection with your registration and use of our goods and services, or for compliance with any laws, guidelines or requests issued by regulatory or other authorities. 

If you do not supply such Personal Data to us, it may result in us being unable to provide you with the goods and services.

In this Policy, unless inconsistent with the context or otherwise specified, the words below shall have the following meanings:

The words “include” and “including” shall be construed without limitation.

In this PICS,
“Our Group Companies” shall mean:
Gala Equity Holdings Limited and IDA Finance Limited

“Goods and Services” shall mean:
Payment and financial products and services related to stablecoins, along with promotional offers, discounts, and additional products and services provided by us or our service providers or service partners. 

A. COLLECTION OF PERSONAL DATA
We may obtain your Personal Data (directly or indirectly), including:

• Personal Identification Information: Name, email address, phone number, postal address, date of birth, identification document numbers, and other identifiers.

• Financial Information: Bank account details, credit/debit card information, wallet addresses, transaction histories, and linked financial accounts.

• Technical Data/Device Information: IP address, browser type, device information, operating system, page access times, referring URLs, and other device-related information.

• Usage Data: Information about how you use our website, products, and services, including your browsing history and interaction with our content.

• Communication Data: Records of your correspondence with us, including email, chat logs, call recordings, and social media interactions.

• Profile Data: Username, password, purchase history, preferences, feedback, survey responses, and any other information you voluntarily provide.

• Recipient’s information: Name, account number, contact information, and other details related to the recipient of a redemption fund transfer. Before providing us with the Recipient’s Information, you confirm, represent and warranty that either (i) the provision of Recipient’s Information is necessary for a redemption fund transfer in which the recipient is a legal beneficiary and his/her interest will not be prejudiced; or (ii) you have received a consent from such person regarding the use (including disclosure and transfer) of his/her personal data and other information by us and/or other parties as specified under Part 8 of this Policy.

Any combination, derivation or updated version of the above information may be provided by you or collected by us (automatically or manually) as a user of our services. The above information may constitute your Personal Data. We have taken steps to ensure that we do not collect more information (whether or not such information constitutes Personal Data) from you than is necessary for us to provide you with our services, to perform the purposes set out in Part 2 of this Policy, to protect you, to comply with our legal obligations, to protect our legal rights, and to operate our business.

B. USE OF PERSONAL DATA

We may collect and use (including disclose) your personal data from time to time in the ordinary course of your relationship with us for any of the following purposes:

• Goods and Services Delivery: To provide, operate, maintain, and improve our stablecoin services.

• Account Management: To create and manage your account, including processing transactions and verifying your identity.

• Customer Support: To respond to your inquiries, provide customer support, and resolve issues related to your use of our goods and services.

• Legal Compliance: To comply with applicable laws, regulations, and legal processes, including tax regulations and anti-money laundering laws.

• Compliance Monitoring: To detect, investigate, and resolve violations of service agreements, applicable policies, industry standards, and regulations.

• Legal Disclosures: To comply with legal obligations, including disclosures required by any applicable laws, regulations, or third parties, such as payment networks.

• Security and Fraud Prevention: To protect our business, services, and users from fraud, abuse, illicit activities, and other harmful actions.

• Analytics and Research: To conduct research and analysis to enhance our goods and services and improve user experience.

• Customization: To personalize your experience and tailor the content we deliver to you.

• Marketing and Communications: We will send you marketing communications, newsletters, and promotional offers, and manage our relationship with you, subject to obtaining your consent as required by law.

• Risk Management: To assess creditworthiness and solvency, and to detect, investigate, and prevent fraud or illegal activities, thereby safeguarding the integrity of our stablecoin platform.

• Prevention of Harm: To prevent financial loss or harm by reporting suspected illegal activities or addressing potential claims against us.

• Due Diligence: To enable evaluations for mergers, acquisitions, financing transactions, or joint ventures related to our stablecoin services.

• Functionality Enhancement: To provide additional functionalities within the IDA platform, utilizing your registration details for account activation across related services.

• Legitimate Business Purposes: To protect you and other users from losses, ensure system security, and comply with internal policies and applicable regulations.

• Other Related Purposes: Any other purposes that relate to the aforementioned objectives.

We also may use your Personal Data in other ways for which we provide specific notice at the time of collection or for which you have subsequently consented.

C. METHODS OF COLLECTION

• Direct Interactions: When you provide personal data by filling in forms, creating an account, or corresponding with us by post, phone, email, or otherwise.

• Automated Technologies: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns using cookies, server logs, and other similar technologies.

• Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources, including analytics providers, advertising networks, and social media platforms.

D. DISCLOSURE OF PERSONAL DATA

Your Personal Data held by us will be kept confidential, but we may provide such information to the following parties (whether within or outside Hong Kong) for the purposes set out in Section B of this PICS above:

1. Our Group Companies and members of Gala Equity Holdings Limited and IDA Finance Limited.

2. Our suppliers, agents, contractors, professional advisers, contractual counterparties or third party service providers that we engage (including their employees, directors and officers) who are under a duty of confidentiality to us and who provide administrative, telecommunication, computing, remittance or other services to us in connection with the operation or maintenance or the provision of services and products, including but not limited for fraud prevention, payment settlement and transaction processing, insurance, bill collection, data entry, database management, promotion, marketing, customer service, technology service, product and service alerts and stable-coin related extension services. They are required to comply with the applicable requirements and restrictions under the PDPO and personal data access will be restricted to authorised personnel on a need-to-know basis. 

3. Marketing service providers under a duty of confidentiality to us who provide administrative, data processing, research and marketing, distribution, professional or other similar services to us.

4. Law enforcement agencies, government and regulatory authorities or any other organizations to which IDA is under an obligation or expected to make disclosures under the requirements of any applicable law, regulation or commercial arrangement.

   Actual or proposed entities involved in any merger, acquisition, financing transaction or joint venture with us. We may disclose and transfer to any of our actual or proposed assignees or transferees of our rights with respect to your Personal Data in connection with a company re-structuring, and/or merger (as between us and a third party), sale, or transfer (whether of assets or shares, in whole or in part), to use, hold, process, collect or retain such Personal Data for the purposes mentioned in Sections A and B of this PICS.

Your personal data may be transferred to, stored, or processed in a country other than Hong Kong, where we or our third-party service providers operate. We will ensure that any such transfers comply with applicable data protection laws and that your personal data is protected to the same standard as it is in Hong Kong.

E. DIRECT MARKETING

IDA may wish to use your Personal Data in direct marketing activities. Please note that:

1. We will solicit your consent by way of explicit indication of no objection and will use your Personal Data for direct marketing purposes after receipt of your consent. 

2. IDA may use your name, contact information, products and service portfolio, transaction pattern and history, financial background, demographic data and geographical location in order to send to you marketing communications on the Goods and Services.

3. IDA may market to you the Goods and Services. This may include Goods and Services that are offered by us, any of Our Group Companies and our business partners or any other selected third parties.

4. IDA shall not provide your Personal Data to third parties for them to conduct direct marketing, unless we have your express consent to provide your Personal Data to certain third parties with which we maintain business referral or other similar commercial arrangements, including (i) Our Group Companies, and (ii) business partners for use by them in marketing their own Goods and Services.

We may wish to use your personal data in direct marketing activities for the purposes set out above. We will comply with the applicable requirements and restrictions under the PDPO in direct marketing activities.

We will not use your personal data for direct marketing activities unless we have received your consent. You have the right to opt-out of receiving marketing communications from us at any time by following the unsubscribe instructions included in each marketing email or by contacting us directly at dpo@idafi.xyz.

F. SECURITY MEASURES AND RETENTION

We take all reasonable steps, including technical, administrative and physical safeguards to help protect your Personal Data that we process from loss, misuse and unauthorized access, disclosure, alteration and destruction.

We will retain and procure our service providers to retain your Personal Data only for so long as is necessary for the purposes set out in this PICS and in accordance with the PDPO and all applicable regulatory requirements.

G. THIRD PARTY SERVICES AND WEBSITES

IDA may provide links to other websites and services for your convenience and information. These services and websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review before you use any of their services or conduct any activities on those websites. To the extent that any linked websites and services you visit are not owned or controlled by us, we are not responsible for their contents, their privacy practices and the quality of their services.

H. CHANGES TO THIS NOTICE

We may update this PICS to reflect changes to our data practices. Any change, update or modification will be effective immediately upon posting on this webpage. Please review this page periodically for the latest information on our privacy practices. If you use our goods and services, you will be deemed to have agreed to any updated version of this PICS concerning the collection, use, storage, transfer and disclosure of your Personal Data as set out in this PICS.

I.  FURTHER INFORMATION

Under the PDPO, you have the right to access or correct your Personal Data or exercise of any “opt-out” right. If you wish to exercise any of these rights, please contact us through the following means:

The Data Protection Officer
IDA Finance Hong Kong Limited 
Address: Unit 2101, 21/F, Hong Kong, Diamond Exchange Building, 8-10 Duddell Street, Hong Kong
Email: dpo@idafi.xyz

IDA may charge a reasonable fee for processing any data access request. 

Last Updated: September 2024