Privacy Policy
HashKey Team
HashKey Privacy Policy
HashKey Digital Asset Group Limited and its affiliates (hereinafter referred to as “HashKey”, "we" "us" or "our"), including but not limited to Hash Blockchain Limited and HashKey Bermuda Limited, (hereinafter referred to as “HashKey”, "we" "us" or "our") is committed to protecting the privacy, confidentiality, and security of the personal data held by HashKey complying with the requirements of applicable personal data protection laws including the Personal Data Protection Act 2012 of Singapore ("PDPA"), and the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (“PDPO”), the General Data Protection Regulation of the European Union ("EU GDPR") and the General Data Protection Regulation of the United Kingdom ("UK GDPR") with respect to the collection, use, processing and management of personal data. In doing so, HashKey is equally committed to ensuring that all its employees and agents uphold these obligations.
HashKey Digital Asset Group Limited
Place of registration: Hong Kong
Company registration number: 69098044
Address: 14/F Three Exchange Square, 8 Connaught Place, Central, Hong Kong
Hash Blockchain Limited
Place of registration: Hong Kong
Company registration number: 69104532
Securities and Futures Commission Central Entity Number: BPL992
Address: Units 614-615, Level 6, Cyberport 3, 100 Cyberport Road, Hong Kong
HashKey Bermuda Limited
Place of registration: Bermuda
Company registration number: 202302864
Class F licence holder granted by the Bermuda Monetary Authority
Address: c/ Carey Olsen Services Bermuda Limited, Rosebank Centre, 5th Floor,
11 Bermudiana Road, Pembroke, HM 08, Bermuda
This Privacy Policy ("Privacy Policy") applies to our investors, job applicants and visitors of HashKey's website(s) or other third parties ("you") located in Hong Kong, Singapore, Bermuda, the United Kingdom ("UK"), the European Union ("EU") and such jurisdiction as permitted under applicable laws (as the case may be) ("your jurisdiction"). This Privacy Policy describes:
-
the types of personal data which HashKey will collect or process;,
-
how personal data will be used, shared and protected;, and
-
your rights in relation to personal data, including the right to make data access and correction requests, and in addition, for those located within the EU or the UK, the right to erasure, the right to restrict processing, the right to data portability, and the right to object.
Personal data will be collected only for lawful and relevant purposes and all practicable steps will be taken to ensure that personal data held by HashKey is accurate. HashKey will use your personal data which HashKey may from time to time collect in accordance with this Privacy Policy.
HashKey reserves the right from time to time to revise this Privacy Policy. Where any changes to this Privacy Policy are material (e.g. a new purpose for using your personal data), HashKey will notify you using the contact details which you have provided HashKey and by updating and issuing the new version on the HashKey website. However, if the changes are not material, HashKey has the right to decide whether or not to notify you by using the contact details you have provided to HashKey. You are advised to check the Privacy Policy periodically and pay attention to its revision. After the publication of the new version of this Privacy Policy, your continued use of the HashKey website(s) or your continued relationship with HashKey shall be deemed to be acceptance of and consent (to the extent that consent is the relevant legal basis of processing your personal data) to this updated Privacy Policy, as amended from time to time.
HashKey will take reasonable and practicable steps to ensure the security of your personal data and to avoid unauthorised or accidental access, erasure or use for other purposes. This includes physical, technical, and procedural security methods, where appropriate, to ensure that your personal data may only be accessed by authorised personnel.
Please note that if you do not provide HashKey with personal data (or relevant personal data relating to persons appointed by you to act on your behalf), HashKey may not be able to provide the information, products or services you have asked for or process your requests, applications, subscriptions or registrations, as applicable.
If you have any questions about this Privacy Policy or how HashKey uses your personal data, please contact HashKey through the communication channels set out in the "Contact HashKey" section below.
-
Collection of personal data
Personal data may be collected from you on a voluntary basis for particular purposes or services. Your personal data are collected and held by HashKey as explained below:
Data subjects
|
Types of personal data collected and how we collect your personal data
|
Investors
|
When you apply, subscribe and register for HashKey products and services or make enquiries to HashKey, we will collect personal information about you so that we can process your application, subscription and registration including but not limited to your name, telephone number, mobile phone number, address, email address, facsimile number, gender, date of birth, age, job title, interests and other information you provide via the HashKey website(s) or any other means.
We may also collect other personal data you provide as set out in sections of the HashKey website(s) which invite you to provide personal data.
|
Job applicants
|
We will collect information including but not limited to the below to process your job application with HashKey:
|
Visitors of HashKey's website(s) (whether an investor, job applicant or other third party) or persons who access the HashKey Exchange
|
When you visit the HashKey website(s) or access the HashKey Exchange, we will record each of your visits and will automatically collect the following information:
We may also collect your personal data including but not limited to your name, telephone number, mobile phone number, address, email address, facsimile number, gender, date of birth, nationality, job title, interests, subscription details of HashKey products and services and other information you provide to HashKey.
|
-
Use of personal data
From time to time, where personal data is provided to HashKey, HashKey may use the personal data as explained below and such personal data may be transferred to a place outside Hong Kong or Singaporeyour jurisdiction.
In general, for all external parties, we use your personal data for the purpose directly related to the function or activity of HashKey, to comply with legal requirements, to carry out obligations arising from the contracts entered between you and HashKey (if any). We have specified the purposes of use of your personal data in this "Use of personal data" section. We may also notify you of other purposes at the time of collection of the personal data.:
Investors
|
For the purpose of providing products and services to you, we will use the information that we have collected about you to:
|
|
||
Job applicants
|
For the processing of your job application and administration of our recruitment database, we will use the information that we have collected about you to:
|
|
||
Other third parties
|
For the purpose directly related to the function or activity of HashKey, to comply with legal requirements, to carry out obligations arising from the contracts entered between you and HashKey, any other applicable purposes as set out in this "Use of personal data" section, and/or any other purpose notified to you at the time of collection of the personal data.
|
|
-
Investors: For the purpose of providing products and services to you, we will use the information that we have collected about you to:
Why and how we process your information
|
Types of personal data used
|
Legal basis relied upon under EU GDPR and UK GDPR (not applicable to PDPO and PDPA)
|
To manage your account
|
||
Process your applications, subscriptions and registration for HashKey products and services.
|
|
We will process your personal data if such processing is necessary for the conclusion or performance of a contract between HashKey and you.
|
|
|
Legitimate interests, namely it is in our interests:
We may also need to process your data to comply with our legal obligations.
|
To facilitate transactions which you make on the HashKey website(s) or the HashKey Exchange and to comply with our obligations to you
|
||
Process your data in accordance with our legal obligations and/or internal processes or process your data to comply with any of our other legal obligations.
|
|
Legitimate interests, namely it is in our interests:
We may also need to process your data to comply with our legal obligations.
|
Respond to and process your enquiries and take further action or to follow-up as required.
|
|
Legitimate interests, namely it is in our interests and your interests for us to provide our services to you or answer any queries.
|
Store your details (and updating them when necessary) on our database, so that we can contact you in relation to the function or activity of HashKey.
|
|
Legitimate interests, namely it is in our interests and your interests:
|
|
|
Legitimate interests, namely it is in our interests and your interests:
We may also need to process your personal data to comply with our legal obligations.
|
Conduct research, survey and/or analysis from time to time to better understand your needs, preferences, interests, experiences and/or habits.
|
|
Legitimate interests, namely it is in our interests to improve and develop our offering by considering your feedback and feeding this into our processes where we deem necessary.
|
To send you direct marketing communications
|
||
|
|
We will send you marketing emails in reliance on your consent.
Where permitted by applicable law and unless you have opted-out, we may also send marketing communications based on our legitimate interests, namely it is in our interests to send you marketing communications where you are an existing customer who has accessed similar HashKey products or services in the past.
|
To help us establish, exercise, or defend legal claims
|
||
To help us to establish, exercise, or defend legal claims.
|
|
Legitimate interests, namely it is in our interests for us to be enabled to establish and defend our legal rights, manage pending or actual disputes and understand our obligations, and seek legal advice in connection with them.
|
We also use your data to help us to improve your experience of using the HashKey website(s) or accessing the HashKey Exchange and to compile general statistics in relation to the number of visitors to the HashKey website(s) and the use of the HashKey website(s) or the HashKey Exchange. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see Section 4 "How does HashKey use cookies" below.
We may also use your personal data for artificial intelligence analytics, provided that our use of artificial intelligence tools is in compliance with all applicable laws.
If your jurisdiction is Hong Kong or Singapore, Wwe will obtain your consent before using your personal data for other purposes, unless otherwise permitted by applicable law. If you your jurisdiction is the EU or the UK, we will rely on your consent or the alternative legal basis as identified in the table unless as otherwise specified (e.g. we rely on consent to send you marketing emails).
-
Job applicants: For the processing of your job application and administration of our recruitment database, we will use the information that we have collected about you to:
Why and how we process your information
|
Types of personal data used
|
Legal basis relied upon under EU GDPR and UK GDPR (not applicable to PDPO and PDPA)
|
•evaluate and process job applications;
•keep job application records;
•assess suitability of candidates for job positions;
•communicate with you in the course of your employment and performing human resource management functions and activities; and
•communicate with you on other opportunities; and
comply with our legal obligations.
|
|
Legitimate interests, namely it is in our interests:
We may also need to process your data to comply with our legal obligations.
|
If your jurisdiction is Hong Kong or Singapore, we will obtain your consent before using your personal data for other purposes, unless otherwise permitted by applicable law. If you your jurisdiction is the EU or the UK, we will rely on your consent or the alternative legal basis as identified in the table unless as otherwise specified (e.g. we rely on consent to send you marketing emails).
-
Visitors of HashKey website(s) or persons who access the HashKey Exchange
We use your personal data to help us to improve your experience of using the HashKey website(s) or accessing the HashKey Exchange and to compile general statistics in relation to the number of visitors to HashKey website and the use of the HashKey website(s) or the HashKey Exchange. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see Section 4 "How does HashKey use cookies" below.
-
Other UsesHow does HashKey share your personal data
HashKey may be required to retain, process and/or disclose your personal data to agents, contractors or other third-party service providers, to which HashKey does not assume any liability for any loss or damage that you may sustain, in order to:
-
comply with a court order, subpoena or other legal process (whether in Hong Kong, Singapore or elsewhere);
-
comply with applicable laws and regulations;
-
comply with a request by a government authority, law enforcement agency or similar body (whether situated in Hong Kong, Singapore or elsewhere);
-
provide to the third-party database for submitting behaviors concerning anti-money laundering, terrorism financing, and evading trade and economic sanctions;
-
provide to a third party which provide services (such as legal, financial, management, operation, market surveillance, analytic or technical services) or is associated or acting as a nominee to HashKey;
-
provide to any third party to whom HashKey’s businesses or any part of HashKey’s businesses will be sold, assigned or transferred to, if applicable; or
-
HashKey may need to retain, process and/or disclose your personal data in order to enforce any agreement with you, protect HashKey’s rights, property or safety, or the rights, property or safety of HashKey’s employees.
-
How does HashKey use cookies
If you access HashKey’s information or services through the HashKey website(s) or the HashKey Exchange (as applicable), you should be aware that cookies are used. Cookies are data files stored on your browsers. The HashKey website(s) and Hashkey Exchange (as applicable) automatically installs and uses cookies on your browsers when you access it, which are used to store your preferences, enhance the function of the HashKey website(s) or the HashKey Exchange (as applicable), and facilitate your browsing. The cookies used in connection with the HashKey website(s) or the HashKey Exchange (as applicable) do not contain personal data. You may refuse to accept cookies on your browsers by modifying the settings in your browsers or internet security software. However, if you do so you may not be able to utilise or activate certain functions available on the HashKey website(s) or the HashKey Exchange (as applicable). For detailed information on how HashKey uses cookies and the purposes for which cookies are used, please refer to our cookies policy at https://www.hashkey.com/en/cookies-policyhttps://support.hashkey.com/hc/en-gb/articles/10757307365017-Cookie-Policy.
-
Third party websites
The HashKey website(s) or the HashKey Exchange may from time to time contain linkages to other websites. These other websites are independent from the HashKey website(s) or the HashKey Exchange. HashKey has no control or management over the contents of such other websites or their privacy policies or compliance with the law. You should be fully aware that the provisions of such linkages links do not constitute an endorsement, approval, or any form of association by or with HashKey and HashKey has no control over the personal data submitted by you, if any, to other websites.
-
Transfer of personal data
For one or more of the purposes specified above, HashKey may transfer your personal data outside your jurisdiction to any agents, contractors or other third-party service providers who provide administrative, telecommunications, computer, payment, debt collection, data processing, data storage, data analytics or other services to HashKey in Hong Kong, Singapore[, Bermuda, the EU and the UK] or elsewhere, and other third parties as notified at the time of collection.
HashKey may share your personal data within its group of companies for providing the products and services sought by you for the same purpose or directly related to the purposes at the time of collection.
HashKey may rely on your consent for data transfer or will adopt contractual and/or other means to ensure the agents, contractors or other third-party data processors who process personal data on behalf of HashKey will take all reasonable steps to (i) protect the personal data they hold against unauthorized or accidental access, processing, erasure, loss or use; and(ii) ensure that personal data will not be kept longer than necessary.
-
Corporate reorganisation
As HashKey continues to develop its business, it may reorganise its business structure, undergo a change of control or business combination. In these circumstances it may be the case that your personal data is transferred to a third party who will continue to operate HashKey’s business or a similar service under either this Privacy Policy or a different privacy policy which will be notified to you. Such a third party may be located, and use of your personal data may be made in connection with such acquisition or reorganisation outside your country of locationjurisdiction (i.e. Hong Kong, or Singapore, Bermuda, the EU or the UK). We will comply with the applicable data privacy laws in disclosing your personal data to the prospective third party, if applicable.
-
Protection of personal data
All personal data provided to HashKey will be securely stored with restricted access by authorized personnel only. We utilize encryption/security software for data transmission so as to protect your data via encrypting it in a secure format to ensure its privacy and security from unauthorised access or disclosure, accidental loss, alteration or destruction.
In addition, we may rely on your consent or will adopt contractual or other means to prevent any personal data transferred to HashKey's data processors (i) from being kept longer than is necessary for processing of the data; and (ii) from unauthorized or accidental access, processing, erasure, loss or use, if HashKey is to engage any data processor. For those located in the EU or the UK, we are required to impose the mandatory contractual obligations on our data processors in compliance with EU GDPR and UK GDPR.
Nevertheless, the transmission of information via the internet is not completely secure. Although HashKey will do its best to protect your personal data, HashKey cannot guarantee the security of data transmitted to the HashKey website(s). Once your personal data is received, HashKey will use strict procedures and security features to try to prevent unauthorized access.
If you suspect any misuse, loss of, or unauthorised access to your personal data, please let us know immediately following the details set out in Section 14 "Contact HashKey" below.
-
Notice on direct marketing
Where you have given consent and have not subsequently opted out, HashKey may from time to time use your personal data (including your name and contact details) to send you direct marketing or promotional communications such as emails containing news, promotions, events and marketing offers. The dispatch of such direct marketing communications may be undertaken by third-party service providers.
If you do not wish to receive further direct marketing or promotional materials from HashKey, you may opt out of receiving direct marketing or promotional communications by contacting HashKey by one of the communication channels set out in Section 14 "Contact HashKey" section below.
-
Retention of personal data
We aim to retain your personal data no longer than is necessary for the fulfilment of the purposes of collection unless a longer retention period is required or permitted by applicable laws, rules and regulations. The precise length of time will depend on the type of data, our legitimate business needs, and other legal requirements that may require us to retain it for certain minimum periods.
We may be required to retain certain data for the purposes of tax reporting or responding to tax queries. In other instances, there may be some other legal or risk management requirements to retain data, including where certain data might be relevant to any potential litigation (bearing in mind the relevant limitation periods).
In determining the appropriate retention period for different types of personal data, we always consider the amount, nature, and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition of course to ensuring that we comply with our legal and risk management obligations, as described above).
Once we have determined that we no longer need to hold your personal data, we will delete it from our systems.
HashKey will take commercially reasonable steps to ensure the accuracy of your personal data held by HashKey. If HashKey becomes aware that the personal data is inaccurate, HashKey will not use such data and will notify any third party to which such personal data has been transferred regarding the same.
For personal data for recruitment purposes, HashKey will retain such data of unsuccessful job applicant, for a period not longer than two years from the date of rejecting the applicant, unless there is subsisting reason that obliges HashKey to retain the data for a shorter or longer period, such as for compliance with applicable laws, rules and regulations; or you have given prescribed consent for the data to be retained beyond the prescribed period.
-
Access and correction of personal dataYour rights
Under applicable lawdata privacy laws in Hong Kong and Singapore, you may have the right to request for access to your personal data, to obtain a copy of the personal data, to correct any personal data that is inaccurate and to delete or cease the collection, processing or use of any personal data. You can also may request HashKey to inform you of the type of personal data held by HashKey.
Request for access and correction of personal data or for information regarding policies and practices and kinds of data held by us should be addressed in writing and sent to HashKey by post or by email following the details set out in the Section 14 "Contact HashKey" section below.
In accordance with the terms of applicable laws, HashKey has the right to charge a reasonable fee for the processing of any data access request.
In addition, the EU GDPR and UK GDPR offer various protections (not available under PDPO or PDPA) and clarify the rights of citizens and individuals in the EU or the UK, with regard to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
Right to object (not available under PDPO or PDPA): This enables you to object to us processing your personal data. This is possible for one of the following four reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research, or statistical purposes.
The "legitimate interests" category above is most likely to apply. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
-
We can show that we have compelling legitimate grounds for processing which overrides your interests.
-
We are processing your data for the establishment, exercise, or defence of a legal claim.
Right to withdraw consent: We have obtained your consent to process your personal data. You may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose. In which case, we will inform you of this condition.
Right to access: You may ask us to confirm what information we hold about you at any time, and request us to modify, update, or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information that we hold about you, we will not charge you for this unless your request is "manifestly unfounded or excessive." If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
Right to erasure (not available under PDPO or PDPA): You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
-
the data is no longer necessary for the purpose for which we originally collected and/or processed them;
-
where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
-
the data has been processed unlawfully (i.e., in a manner which does not comply with the EU GDPR and UK GDPR);
-
it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
-
if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure for one of the following reasons:
-
to exercise the right of freedom of expression and information;
-
to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
-
for public health reasons in the public interest;
-
for archival, research, or statistical purposes; or
-
to exercise or defend a legal claim.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
Right to restrict processing (not available under PDPO or PDPA): You have the right to request that we restrict our processing of your personal data in certain circumstances. We can only continue to store your data, and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise, or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or UK public interest.
The circumstances in which you are entitled to request that we restrict the processing of your personal data include the following:
-
where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
-
where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
-
where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
-
where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.
If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will notify you before lifting any restriction on processing your personal data.
Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right of data portability (not available PDPO): If you wish, you have the right to transfer your personal data between data controllers. If applicable, this means that you are able to transfer any HashKey account details to another provider. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another provider. Alternatively, we may directly transfer the data for you. This right of data portability applies to: (i) personal data that we process automatically (i.e., without any human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or in order to fulfill a contract.
Right to lodge a complaint with a supervisory authority:
If you are in the EU or UK, you also have the right to lodge a complaint with your local supervisory authority.
The supervisory authority in the UK is the Information Commissioner's Office at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (T: 0303 123 1113 E: icocasework@ico.org.uk).
The supervisory authorities for EU Member States are listed (along with contact details) here.
If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), for details on how to contact us, see the details set out in Section 14 "Contact HashKey" below.
NOTE: We may keep a record of your communications to help us resolve any issues that you raise.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.
-
Termination or cancellation
Should your relationship with HashKey be cancelled or terminated at any time, HashKey shall cease processing your personal data as soon as reasonably practicable following such cancellation or termination, provided that HashKey may keep copies of the data as is reasonably required for reasonable purposes, such reasonable purposes shall include keeping of records, use in relation to any actual or potential dispute, complying with applicable laws and regulations, and protecting HashKey’s rights, property or safety, or the rights, property or safety of HashKey’s employees and agents.
-
Language
If there is any inconsistency or conflict between the English and Chinese versions of this Privacy Policy, the English version shall prevail.
-
Contact HashKey
If you have any questions or concerns about this Privacy Policy or how HashKey processes your personal data, or if you would like to make a request for access or update of your personal data, please contact HashKey's Data Protection Officer by post or by email at:
Address:
Singapore:
3 Church Street
Samsung Hub #28-06
Singapore 049483
Hong Kong:
14th Floor, Three Exchange Square
8 Connaught Place, Central
Hong Kong
Bermuda:
c/ Carey Olsen Services Bermuda Limited
Rosebank Centre, 5th Floor,
11 Bermudiana Road,
Pembroke, HM 08,
Bermuda
UK Representative: Data Privacy Officer (dpo@hashkey.com)
EU Representative: Data Privacy Officer (dpo@hashkey.com)
Email:
-
In respect of requests pertaining to HashKey Exchange - customersupport@hashkey.com .
-
In respect of all other requests - media@hashkey.com
-
Legal Bases for Processing Your Data (This section is applicable to EU GDPR and UK GDPR only)
The legal bases that we rely on to process your personal data are listed below.
-
Legitimate Interests
Article 6(1)(f) of the EU GDPR (and equivalent provisions under UK GDPR) says that we can process
your data where it "is necessary for the purposes of the legitimate interests pursued by [us] or by a third party,
except where such interests are overridden by the interests or fundamental rights or freedoms of [you]
which require protection of personal data."
You have the right to object to us processing your personal data on this basis.
We use and store your personal data in order to ensure you can access the products and services available through the HashKey website(s) or the HashKey Exchange smoothly and so as to respond to you if you contact us through the HashKey website(s).
-
Consent
In certain circumstances, we are required to obtain your consent to the processing of your personal data
in relation to certain activities.
Article 4(11) of the EU GDPR states that (opt-in) consent is "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her" In plain language, this means that:
-
You have to give us your consent freely, without us putting you under any type of pressure.
-
You have to know what you are consenting to so we will make sure we give you enough information.
-
You should have control over which processing activities you consent to and which you do not.
-
You need to take positive and affirmative action in giving us your consent. We are likely to provide a check box for you to check so that this requirement is met in a clear and unambiguous fashion.
-
We will keep records of the consents that you have given in this way.
You have the right to withdraw your consent to these activities. You can do so at any time.
-
For the Performance of a Contract
In certain circumstances we may use and process your personal information where it is necessary to perform a contract that you have with us. For example, when you access any product or services through the HashKey website(s) or HashKey Exchange, we need to use your personal information to process any transactions and to respond to any requests you may have.
-
Compliance with a Legal Obligation
We also have legal obligations that we must comply with. Article (6)(1)(c) of the EU GDPR
(and equivalent provisions under UK GDPR) states that we can process your personal data where this
processing "is necessary for compliance with a legal obligation to which [we] are subject."
We will process your data where we are required to comply with our legal obligations. If we believe in
good faith that it is necessary, we may share your data in connection with crime detection or tax collection.
We also may share your data with other relevant bodies in order to comply with any regulatory obligations.
We will keep records of your personal data (including personal data contained in communications and calls)
in accordance with our legal obligations.
In this Privacy Policy we refer to data being processed or disclosed in connection with a legal obligation. It is not possible to provide a comprehensive and exhaustive list of the legal obligations that may give rise to such requirements. New laws may be enacted or other obligations become binding which may require processing your data in accordance with other legal obligations. However, examples include processing in order to comply with court orders, regulatory rules or directions, or applicable legislation. Legislation which would require us to process your personal data includes legislation pertaining to corporate obligations, anti-money laundering and tax and accounting.
-
Establish, Exercise, or Defend Legal Claims
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance
with local laws and requirements, special categories of personal data in connection with exercising or defending
legal claims. Article 9(2)(f) of the EU GDPR (and equivalent provisions under UK GDPR) allows this where the
processing "is necessary for the establishment, exercise, or defence of legal claims or whenever courts are
acting in their judicial capacity."
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
-
Special Categories of Personal Data
In certain cases, we may process information about your ethnic background, gender, disability, age, sexual
orientation, religion or other similar beliefs, and/or social-economic background. We will do this only where
appropriate and in accordance with local laws and requirements.
This information is what is called ‘special categories’ of personal data (this is also known as sensitive personal data).
We may need to obtain your explicit consent before we can collect it. We will ask for your consent by offering you
an opt-in. This means that you have to explicitly and clearly tell us that you agree to us collecting and using this information.
We may collect other special categories of personal data about you, such as health-related information.
We will never do this without your explicit consent.
If you are not happy about this, you have the right to withdraw your consent at any time.
-
How do We Store and Transfer Your Data Internationally?
We want to make sure that your data is stored and transferred in a way that is secure. We will therefore only transfer data overseas where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. For example:
-
By data transfer agreement, incorporating applicable standard contractual clauses for the transfer of personal data to data controllers and processors in jurisdictions which do not benefit from a finding of adequacy (see next paragraph).
-
Transferring your data to a country where there has been a finding of adequacy by the European Commission or the UK's data protection supervisory authority in respect to that country's levels of data protection via its legislation.
-
To the extent applicable, by way of scheme approved by the European Commission or under relevant UK legislation, whether as a successor to the EU-US Privacy Shield or scheme which otherwise permits the exchange of personal data between jurisdictions.
-
Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interest for the purposes of that contract (e.g., if we need to transfer data in order to meet our obligations under that contract).
-
Where you have consented to the data transfer.
Comments
1 comment
How to make my KYC
Please sign in to leave a comment.