Privacy Policy

  • HashKey Global Team

    HashKey Global - Exchange Rules
     
     
     

    HashKey Global - Exchange Rules

     
     
    __________________________________________________________________________
    HashKey Bermuda Limited (“HBML” or “we”) operates the HashKey Global. These HashKey Global - Exchange Rules (“Exchange Rules”) is an important document governing your use of HashKey Global. Please ensure you read it carefully and familiarise yourself with these Exchange Rules prior to and during your trading on the HashKey Global. These Exchange Rules are subject to change at our discretion and you are reminded to check the latest version on our website from time to time. You are also required to read our Privacy Policy, and Client Risk Disclosures Statement which impose additional requirements to these Exchange Rules. By depositing funds and/or trading on the HashKey Global you acknowledge that you have read, fully understood and accepted the terms in the aforesaid documents. For the avoidance of doubt, in the event of any inconsistency between those documents and these Exchange Rules, these Exchange Rules will prevail.
    If you have any questions about these Exchange Rules, please contact us using the details below. In any event, we do not act as your advisors in any capacity and you should consult your independent professional advisors for any issues or questions you may have regarding entering into any contractual relationship with us.
     
    ____________________________________________________________________
     
     
     
     
     
     
     
     
     
     

    Table of Contents

     
    HashKey Global - Exchange Rules1
    Part A – General6
    Section 1 Interpretation6
    1.1Definitions6
    1.2Rules of Interpretation8
    Section 2Introduction9
    2.1HashKey Global9
    2.2Token Admission and Review Committee11
    Section 3About the Exchange Rules12
    3.1Application12
    3.2Status12
    3.3Procedure where none laid down12
    3.4General provisions12
    Part B - Listing13
    Section 4Listing Criteria13
    4.1HBML Scope of Listing13
    4.2General requirements13
    4.3Additional requirements for Large-cap Digital Assets14
    4.4Specific requirements for Security Tokens14
    4.5Minimum requirements only14
    Section 5Listing Procedure14
    5.1Application procedure14
    5.2Documents and information required14
    5.3Interview and further information or document15
    5.4Due diligence15
    5.5Declarations and undertakings15
    5.6Listing conditions15
    5.7Listing fees and costs15
    Section 6Withdrawal of listing application15
    Section 7Listing Document16
    7.1Information in Listing Document16
    7.2Statements in Listing Document16
    7.3Approval for dissemination17
    7.4Amendment and variation of Listing Document17
    7.5Distribution of Listing Document17
    Part C – Continuing Obligations and Responsibilities of Issuers17
    Section 8Notification requirement17
    8.1Issuer’s obligation to notify17
    8.2Disclosure to the market18
    8.3HBML’s rights to request information18
    Section 9 Payment of fees18
    Section 10Financial information18
    Section 11Maintenance of eligibility18
    Section 12Self-reporting18
    Part D – Removal of Digital Asset19
    Section 13HBML’s power to remove a Digital Asset from HashKey Global19
    13.1Relevant circumstances19
    13.2Removal of Digital Asset from HashKey Global Warning20
    Section 14Removal of Digital Asset from Platform request20
    Section 15Removal of Digital Asset from HashKey Global Notification21
    Section 16Withdrawal of Client Money and Digital Assets upon removal21
    Section 17 Transfer of Listing21
    Section 18Relisting21
    Part E – Trading Participants21
    Section 19Type of Trading Participants21
    Section 20Eligibility22
    20.1Individuals and institutions22
    20.2Other criteria22
    Section 21Application procedure22
    Section 22Document and information required23
    Section 23Declaration, undertakings and deposit requirement23
    Section 24 HBML’s decision24
    24.1Decision subject to receipt of all required information24
    24.2Approval conditions24
    Section 25Change of Professional Investor status after registration24
    Part F – Account Opening and Trading Rules24
    Section 26Trading on HashKey Global24
    Section 27List of assets traded24
    Section 28Permitted investors only25
    Section 29Pre-funded trades only25
    Section 30Trading channels25
    Section 31Trading time25
    Section 32Limits and price limits of an order25
    Section 33Trading pairs25
    Section 34Order types and Order time limit25
    34.1Type of Orders25
    34.2Order Time Limit26
    Section 35Order execution methodology26
    35.1Order Verification Rules26
    35.2Order Priority27
    35.3Execution of Order27
    35.4Cancellation and amendment of Order28
    35.5Conflicts of Interest28
    Section 36Depositing and withdrawing Client’s fiat currencies and Digital Assets28
    36.1Deposit/Withdrawal Procedures28
    36.2General Rules for Deposit/Withdrawal28
    Section 37Restricting, suspending, rejecting or cancelling Orders29
    Section 38Clearing and settlement29
    Section 39Preferred banking partners30
    Part G – Trading Halt, Suspension and Resumption of Trading30
    Section 40Criteria and procedure of trading halt, suspension and resumption of trading30
    Section 41Notification of trading halt and suspension30
    Part H – Custody of Digital Assets30
    Section 44Title to Digital Assets31
    Section 45Segregated accounts31
    45.1Digital Assets31
    45.2Client’s fiat currencies31
    Part I – Prevention of market manipulation and abusive activities31
    Section 46Identify market manipulative and abusive activities31
    Section 47Reporting32
    Section 48Market surveillance programme32
    Part J – Fees32
    Section 49Fees to be published on website32
    Part K – Breach of these Exchange Rules32
    Section 50HBML’s power to investigate32
    Section 51Request to remedy33
    Section 52Penalties33
    Part L – Security of HashKey Global33
    Section 53 Security measures33
    Section 54System Maintenance and Interruptions34
    54.1System Maintenance Arrangements34
    54.2Unexpected Interruptions Handling34
    Part M – Contact, Complaint Procedures and Dispute Resolutions35
    Section 55Contact information of HashKey Global35
    Section 56Complaint procedures35
    Section 57Dispute resolution35
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    Part A – General

    Section 1 Interpretation

    1.1Definitions

    In these Exchange Rules, unless the context requires otherwise, the following terms shall have the meaning set forth below:
    Account” means the account (including its sub-account, if any) opened by a Trading Participant with HashKey Global for the purposes of utilizing the services at HashKey Global, including trading Digital Assets.
    Account Opening and Trading Rules means HBML’s “Account Opening and Trading Rules” which governs such matters relating to opening an account and trading on HashKey Global as published on HashKey Global’s official website and updated from time to time.
    AML means HBML’s anti-money laundering check which is to ensure that no illegally obtained funds or proceeds of criminal activities are used to conduct activities on HashKey Global.
    API means application processing interface.
    Associated Entity means HashKey Xpert Limited which:
    1. is a limited liability company incorporated in Hong Kong;
    2. holds a “trust or company service provider licence” (Licence No T006486) under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615 of the Laws of Hong Kong); and
    3. is an Affiliate of HBML.
    Business Day means any day that is not a Saturday, Sunday or a public holiday and on which banks are generally open for business in Bermuda and Hong Kong.
    BMA means the Bermuda Monetary Authority.
    Exchange Rules means the HashKey Global - Exchange Rules as provided through the official website of HashKey Global from time to time.
    HashKey Group means HashKey Digital Asset Group Limited and its affiliates.
    HashKey Global means the Digital Asset trading platform branded “HashKey Global” which is operated by HBML.
    HBML means HashKey Bermuda Limited (Registration number: 202302864), an exempted company limited by shares incorporated under the laws of Bermuda which has been granted a Class F licence by the Bermuda Monetary Authority under the Digital Asset Business Act 2018 to operate a digital asset trading platform, including its successor and assigns.
    HKIAC means the Hong Kong International Arbitration Centre.
    Hong Kong means the Hong Kong Special Administrative Region of the People’s Republic of China.
    Issuer means any person approved by HBML under the Exchange Rules whose Digital Asset is listed on HashKey Global.
    Issuer Applicant means any person whose Digital Asset is the subject of an application for listing on HashKey Global.
    KYC means HBML’s “know your client” process which is for verifying the identity of the Trading Participants.
    Listing Committee means the committee established by HBML as an independent decision maker for listing issues and a review body for decisions made by HBML.
    Listing Document means a document that complies with Section 7.
    Order means an instruction from a Trading Participant to either buy or sell a Digital Asset on HashKey Global.
    Proscribed Person means a person who appears to HBML to:
    (a)be in breach of any AML/CFT Requirements of any jurisdiction;
    (b)appear in a list of persons with whom dealings are proscribed by the United Nations or another Government Agency or a regulatory authority under Applicable Laws; or
    (c)act on behalf, or for the benefit of, any person described in paragraph (a) or (b);
    Token Admission Policy and Procedures meansHBML’s internal policy and procedures which governs the process of listing and removal Digital Assets on HashKey Global, as updated from time to time.
    Asset Operations Team means the team at HBML responsible for researching, reviewing, and gathering all the expert feedbacks for Listing Committee.
    Trading Applicant means any person who is the subject of an application for opening an account and dealing in Digital Assets on HashKey Global.
    Trading Participants means those persons and entities set out in Section 19 which are approved by HBML under the Exchange Rules to open an account and deal in Digital Assets on HashKey Global.
    User means a user of HashKey Global, including Issuers, Issuer Applicants, Trading Participants and Trading Applicants.
    Digital Assets means digital representations of value which may be in the form of digital tokens (such as digital currencies, utility tokens or security or asset-backed tokens), any other virtual commodities, crypto assets or other assets of essentially the same nature.
    we” means HBML.

    1.   Rules of Interpretation

    1. References in the Exchange Rules to Bermuda ordinances and to Bermuda statutory provisions shall be construed as references to those ordinances or statutory provisions as respectively modified (on or before the date hereof) or re-enacted (whether before or after the date hereof) from time to time and to any orders, regulations, instruments or subordinate legislation made under the relevant ordinances or provisions thereof which has been so re-enacted (with or without modifications).
    2. The headings are inserted for convenience only and shall not affect the construction of the Exchange Rules.
    3. Except where the context otherwise requires words denoting the singular include the plural and vice versa; words denoting any one gender include all genders; words denoting persons include incorporations and firms and vice versa.
    4. Except where the context otherwise requires references to the word include or including (or any similar term) are not to be construed as implying any limitation and general words introduced by the word other (or any similar term) shall not be given a restrictive meaning by reason of the fact that they are preceded by words indicating a particular class of acts, matters or things.
    5. Except where the context otherwise requires any reference to writing or written includes any method of reproducing words or text in a legible and non-transitory form.
    6. Except where the context otherwise requires references to times of the day are to that time in UTC+0 (Greenwich Mean Time) and references to a day are to a period of 24 hours running from midnight to midnight in UTC+0 (Greenwich Mean Time).
    7. References to Sections and Schedules are (unless the context requires otherwise) to sections of and schedules to the Exchange Rules.
    8. All representations, undertakings, warranties, indemnities, covenants, agreements and obligations given or entered into by more than one person are given or entered into severally unless otherwise specified.

    Section 2Introduction

    2.1HashKey Global

    General

    HashKey Global is an automated Digital Asset trading platform operated by HBML. Its mission is to provide safe, convenient and highly efficient services relating to Digital Assets to its customers. Neither HashKey Global nor HBML is a principal party to any transactions conducted via HashKey Global.

    Regulatory

    HBML is a Digital Asset trading platform granted a Class F licence by the Bermuda Monetary Authority under the Digital Asset Business Act 2018 to operate a digital asset trading platform.

    Risk management

    HBML maintains a sound risk management framework to identify, measure, monitor and manage the full range of risks arising from its businesses and operations.

    Notifications to Authority

    As an entity which is licensed by the BMA, HBML has ongoing reporting and notification obligations to the BMA and may be required to submit such information as may be specified and requested by the BMA and other law enforcement authorities from time to time.

    Good Industry Practice

    Apart from observing the regulatory regime of the BMA and other applicable compliance measures, HBML maintains and operates HashKey Global in accordance with good industry practices, which platform operators and entities engaged in internet trading incorporate into their information technology and cybersecurity risk management frameworks.

    Security of HashKey Global

    1. HBML uses its best endeavours to manage and supervise the design, development, deployment and operation of HashKey Global in accordance with industry best practices and international standards to ensure that HashKey Global is appropriately secured against cyberattack, misuse or unauthorised access.
     
    1. HBML also has in place internal governance documentation and employs cybersecurity controls in accordance with industry best practices and international standards to protect HashKey Global from being abused and conducts regular reviews to ensure that security measures put in place are in line with changing market conditions and regulatory developments.

    Exclusion of liability

    While HBML commits to use all reasonable care in the performance of its duties under the Exchange Rules, neither HBML nor its Associated Entity will be in any way liable or responsible to any Users for any loss or liability arising from any act, default, omission or misconduct of HBML, except to the extent caused by its own gross negligence, fraud or wilful misconduct.

    Records of trading

    HBML is required to keep records of its operation of HashKey Global and its dealings with Client Money and Digital Assets of Trading Participants, and retain records in respect of transactions conducted in its systems, including:
    1. details of the Trading Participants;
    2. details of any restriction, suspension or termination of the access of any Trading Participants to HashKey Global;
    3. all notices and other information provided by HashKey Global to the Users; and
    4. routine daily and monthly summaries of trading in its systems.
    Such information may be disclosed to third parties including the SFC, other regulators, law enforcement authorities and/or relevant Issuers as required from time to time.

    Discretion of HBML

    HBML may in its absolute sole discretion exercise powers granted under the Exchange Rules and applicable laws, including but not limited to accepting or rejecting any application or instructions. Unless as required under applicable laws, HBML will not give reasons for the exercise of any of its powers.

    Forks

    1. When a hard fork is imminent, HBML will notify Users of the event and how HBML will handle it through email and announcement on HashKey Global’s website.
    2. HBML will suspend deposit and withdrawal requests until the hard fork is completed. This is to avoid the unnecessary risk of asset loss due to hard fork related security events.
    3. Depending on the specific events, HBML could suspend the trading of the Digital Assets involved until the hard fork is completed.
    4. HBML will update the product (e.g. name of Digital Asset) according to the consensus of the general blockchain and Digital Assets community.
    5. HBML will take a snapshot of Trading Participants’ asset for the Digital Asset involved at the block height right before the hard fork or right at the time of the hard fork. HBML will then distribute the new Digital Asset generated from the hard fork to the Trading Participants involved.
    6. HBML will provide deposit and withdrawal services for the new Digital Asset as a result of the hard fork. The new Digital Asset will be listed on HashKey Global according to HBML's listing rules and policies.
    7. HBML will provide 24/7 customer service with coverage aligned with exchange operation hours to cater for Trading Participants’ enquiries during a hard fork.

    2.2Listing Committee

    HBML will implement listing-related due diligence procedures in respect of HashKey Global. HBML will do so via the Listing Committee HBML.

    Composition

    1. The Listing Committee will consist of the following members and any other person whom HBML’s directors deem appropriate, including but not limited to:
      1. a senior management of key business line, who will chair the LISTING COMMITTEE(“chairperson”);
     
    1. a senior management of compliance;
     
    1. a senior management of risk management; and
     
    1. a senior management of information technology.
    The quorum for LISTING COMMITTEE meetings shall be more than half of the committee members. Decisions shall be determined by simple majority and, in the event of a tie, the chairperson of the meeting shall have the casting vote.
    1. In the case of any conflicts of interest, a LISTING COMMITTEE member is required to excuse himself from voting in respect of any listing applications which he may be interested in. Nonetheless, such LISTING COMMITTEE member may still be counted in the quorum at any such meeting at which any such listing application shall be considered.

    Power and duty

    1. After the Asset Operations Team has conducted preliminary due diligence on Issuer Applicants and their Listing Documents, the LISTING COMMITTEE has the responsibility for the deliberation and review of the potential Digital Asset listing on HashKey Global. It has the power to:
     
    1. make decisions of material significance regarding Issuers, Issuer Applicants and the individuals concerned. These include approvals of listing applications, the imposition of any conditions if approvals are granted for the listing of Digital Assets and cancellations of listings; and
     
    1. act as a review body for listing recommendations made by the Asset Operations Team and has the final say regarding whether to approve the potential Digital Asset listing on HashKey Global.
      1. The chairperson of the LISTING COMMITTEE shall report to the board of directors of HBML on different areas of the activities of the LISTING COMMITTEE at the next meeting of the HBML board of directors following a meeting of the LISTING COMMITTEE.

    Section 3About the Exchange Rules

    1. Application

    The terms of the Exchange Rules are applicable to HBML and all Users.

    1. Status

    The Exchange Rules govern all Users. HashKey Global will take into account the Exchange Rules in exercising its powers, functions and responsibilities hereunder or that are provided for by applicable laws.

    1. Procedure where none laid down

      1. In case no specific procedure is laid down in the Exchange Rules in connection with any actions required under the Exchange Rules, an application for directions should be made to HBML. Such direction shall be determined in the sole discretion of HBML.
      2. Actions performed in accordance with such directions of HBML shall constitute valid performance of such actions.

    1. General provisions

    Time is of the essence

    Time is of the essence in the performance of the Exchange Rules by Issuers, Issuer Applicants, Trading Participants and Trading Applicants.

    Severance

    If at any time any provision of the Exchange Rules is, or becomes, illegal, invalid or unenforceable in any respect, the legality, validity and enforceability of the remaining provisions of the Exchange Rules shall not be affected or impaired.

    Variation of these Exchange Rules

    HBML will provide a prior notice as soon as practicable to any amendment or variation of the Exchange Rules. Any variation to the Exchange Rules shall be binding only if it is in writing and is published on the official website of HashKey Global. Users who object to the amendments or variation will be given an opt-out option to terminate their Account and should send written objections to HBML within fourteen (14) Business Days after the publication of such amendment notice at HashKey Global’s website, failing which acceptance shall be deemed of such amendment, deletion, substitution or addition.

    Third parties

    These Exchanges Rules does not create or confer any rights or benefits enforceable by any person not a party to it except HBML’s Affiliates and nominees, and any other indemnified party may enforce its rights or benefits in the Agreement, including any indemnity, limitation or exclusion of liability; and a person who is a permitted successor or assignee of the rights or benefits of HBML under the Agreement may enforce those rights or benefits. Notwithstanding the foregoing, no consent from the persons referred to in this Clause shall be required for the parties to vary or rescind the Agreement (whether or not in a way that varies or extinguishes rights or benefits in favor of those third parties).
     

    Governing laws

    The Exchange Rules shall be governed by, and construed in all respects in accordance with, the laws of Hong Kong.

    Part B - Listing

    Section 4Listing Criteria

    1. General requirements

    To allow HBML to perform due diligence on Digital Assets, set out below is a non-exhaustive list of general requirements and information which an Issuer Applicant shall provide to HBML before its Digital Assets may be approved to be listed on HashKey Global for trading:
    1. Background of management, development team, and any of its known key members;
    2. Regulatory status of Digital Asset in major jurisdictions;
    3. Supply, demand, maturity and liquidity of Digital Asset;Technical aspects of the Digital Asset;
    4. Development of the Digital Asset;
    5. Market and governance risks of the Digital Asset;
    6. Legal risks associated with the Digital Asset;
    7. Utility offered, novel use cases facilitated, technical structural or cryptoeconomic innovation, or administrative control exhibited by the Digital Asset and supporting information on viability of the project not dependent on continuous inflow into the Digital Asset;
    8. Enforceability of any rights extrinsic to the Digital Asset (for example, rights to any underlying assets) and the potential impact of the Digital Asset’s trading activity on the underlying markets; and
    9. Assessment on the money laundering and terrorist financing risks associated with the Digital Asset.

    4.5Minimum requirements only

    HBML endeavours to ensure that the decision-making process regarding the listing or removal of Digital Assets from HashKey Global is fair. Nonetheless, the listing requirements stated herein represent the minimum requirements only, and HBML may impose additional requirements as appropriate in approving the listing of any Digital Assets on HashKey Global.

    Section 5Listing Procedure

    5.1Application procedure

    Preliminary application review

    The Issuer Applicant should complete the application form provided by HBML (by email) and upon receipt, HBML will assess the admissibility of the Issuer Applicant and the relevant Digital Assets.

    Full listing review

    Upon the passing of the preliminary review, HBML will provide the Issuer Applicant a comprehensive list of required information and documents according to the class of underlying assets of the Digital Asset. Once HBML has received the fully-completed application pack from the Issuer Applicant, HBML will conduct a full listing review, including identifying any money laundering and terrorist financing risks which may arise in relation to the development and use of the relevant Digital Assets, services, business practices and technologies for both new and pre-existing products.

    5.2Documents and information required

    An application for listing shall be at least accompanied by copies of the following documents:
    1. Whitepaper: HBML will scrutinise all materials relevant to the offering including published information such as the whitepaper and any relevant marketing materials, as well as any projects associated with the Digital Asset as set out in its whitepaper and any previous major incidents associated with its history and development.
    2. Legal opinion: Written legal advice in the form of a legal opinion or memorandum on the legal and regulatory status of every Digital Asset that will be made available to Users, in particular, whether that Digital Asset falls within the definition of “securities” , and the implications for HBML.
     
    1. Smart Contract Audit: Smart contract audit report conducted by an independent assessor focused on reviewing and confirming the smart contract is not subject to any contract vulnerabilities or security flaws to a high level of confidence.
    2. Listing Document: please see Section 7 below for details.

    5.3Interview and further information or document

    HBML may require an Issuer Applicant to attend interviews, give presentations or provide any additional information or documents which HBML at its sole discretion considers to be necessary or relevant to assess the listing application.

    5.4Due diligence

    HBML will perform all reasonable due diligence on all Digital Assets before including them on HashKey Global for trading, and to verify that they continue to satisfy all listing criteria in accordance with the Token Admission Policy and Procedures and internal governance documentation. The Issuer Applicant agrees that HBML may at its sole discretion decide to engage independent experts to verify or assess the application and the Issuer Applicant authorises HBML to disclose information and documents obtained from the Issuer Applicant to such experts.

    5.5Declarations and undertakings

    HBML may require an Issuer Applicant to make a declaration or undertaking in respect of the listing application in a separate agreement to be entered into between HBML and the Issuer Applicant.

    5.6Listing conditions

    HBML may attach to a listing any conditions that HBML considers appropriate, and vary or revoke the condition(s) when deemed necessary upon listing or at any time the Digital Asset is listed on HashKey Global.

    5.7Listing fees and costs

    1. Issuer Applicants shall pay such listing fees and charges as HBML may prescribe and set out prior to the full listing application review. HBML shall have the right to waive all or part of the listing fees or charges at its sole discretion. Unless otherwise agreed by HBML, all listing fees and charges paid are non-refundable in any event.
     
    1. The Issuer Applicants shall be solely responsible for their own costs and expenses incurred in relation to the listing application regardless of the outcome.
     

    Section 6Withdrawal of listing application

    1. An Issuer Applicant may withdraw a listing application by notifying HBML through email according to the terms and conditions as may be prescribed by HBML.
     
    1. HBML may at its sole discretion discontinue to assess any listing application but shall give the lssuer Applicant written notice (including via email).
     

    Section 7Listing Document

    7.1Information in Listing Document

    A Listing Document should provide a concise and user-friendly summary, in plain language, of the key features and risks of a Digital Asset, including but not limited to the information listed in this Section. HBML may change or require additional information on a case-by-case basis in its sole discretion:
    1. Name and type of Digital Asset;
    2. Name of Issuer Applicant;
    3. The business, financial position, management and prospects of the Issuer Applicant, including:
      1. Where applicable, all relevant corporate and financial documentation of the Issuer Applicant;
      2. Where applicable, particulars and operating history of the Issuer Applicant;
    4. Key features of the Digital Asset:
      1. What is the product and how does it work;
      2. What are the key risks;
      3. What is the material technology that supports the Digital Asset, upon which its operation and/or transferability relies, including any relevant consensus protocol;
      4. Any information that is specific to its product class;
    5. Where applicable, detailed documentation in respect of the Digital Asset and the underlying asset;
    6. an investigation of the blockchain protocol of the Digital Asset;
    7. an investigation of the security of the Digital Asset;
    8. an investigation of the financial metrics of the project;
    9. Project description (if applicable);
    10. Key features of the project, covering the leading project team, business model, technical development, token economy and community and other important information (if applicable); and
    11. the risk assessment which includes the project due diligence conducted covering all the items from section 4.2 where not already provided.

    7.2Statements in Listing Document

    1. The Listing Document should detail the nature and risks that Trading Participants may be exposed to in trading Digital Assets and using HashKey Global.
    2. In addition, a Listing Document must contain the following statement (or other statement for Digital Assets that are securities, as HBML considers appropriate) in a prominent position:
    “HashKey Bermuda Limited (“HBML”) is not the issuer of the Digital Asset and did not prepare or compile this document. Therefore, HBML is not responsible for the contents of this document, makes no representations as to its accuracy or completeness and is not liable for any loss howsoever arising from or in reliance upon any part of the contents of this document. Investors should exercise caution, read and understand the contents of this document, and obtain appropriate professional advice before investing. The listing of the Digital Asset at HashKey Global does not translate to HBML’s recommendation or endorsement of any Digital Asset, nor does it guarantee the commercial merits of a Digital Asset or its performance. It does not mean the Digital Asset is suitable for all investors nor is it an endorsement of its suitability for any particular investor or class of investors.”

    1.   Approval for dissemination

    1. No party must disseminate the Listing Document unless and until HBML has approved the application.
    2. HBML’s approval of the application is not a recommendation or endorsement of a Digital Asset nor does it guarantee the commercial merits of a Digital Asset or its performance. It does not mean the Digital Asset is suitable for all investors nor is it an endorsement of its suitability for any particular investor or class of investors. HBML takes no responsibility for the contents of the Listing Document and makes no representation as to its accuracy or completeness.

    1.   Amendment and variation of Listing Document

    An Issuer shall submit relevant information and supporting documents to HBML for any changes related to the Digital Asset or contents of a Listing Document. The changes should only be implemented and published after endorsement by HBML is obtained.

    1.   Distribution of Listing Document

    Listing Document shall only be distributed through such means as approved by HBML.

    Part C – Continuing Obligations and Responsibilities of Issuers

    Section 8Notification requirement

    8.1Issuer’s obligation to notify

    An Issuer has the obligation to immediately notify HBML of:
    1. any change in control of the Issuer, including a change in any entity which controls the composition of the Issuer’s board of directors, controls more than half of the voting rights in the Issuer, or holds more than half of the Issuer’s issued share capital;
    2. any material change in the Issuer’s corporate information, business and financial position;
    3. any information that may reasonably be expected to materially affect market activity and/or price of any Digital Asset that it issues;
    4. any change in particulars submitted to HBML in its initial application and Listing Document, including any change in any Digital Asset that it issues;
    5. any proposed hard fork, upgrade, token migration, token split, token merge, rebranding, or airdrop;
    6. any regulatory action or court proceedings taken against the Issuer;
    7. any statutory demand (or other equivalent demand to repay debt in the relevant jurisdiction) issued against the Issuer or its affiliates;
    8. any other circumstances which may adversely affect the interests of Trading Participants holding the Digital Asset listed by the Issuer; and
    9. any other circumstances which may adversely affect an Issuer’s ability to carry out its obligations under the Exchange Rules or applicable laws.

    8.2Disclosure to the market

    The Issuers shall proactively liaise with HBML to publish on HashKey Global notifications to Trading Participants of the relevant material information for each Digital Asset, including providing Trading Participants with access to up-to-date offering documents or information, and providing Trading Participants with material information as soon as reasonably practicable to enable Trading Participants to appraise the position of their investments (for example, any major events in relation to a Digital Asset or any other material information provided by Issuers).

    8.3HBML’s rights to request information

    HBML may make enquiries to, or request further information from, an Issuer regarding its Digital Asset from time to time. Issuers shall respond to such enquiries or requests of HBML promptly within the prescribed timeframe set out in HBML’s notice of request.

    Section 9 Payment of fees

    All Issuers shall pay all fees associated with the use of HashKey Global as agreed with HashKey Global from time to time or so specified by HBML, otherwise HBML may delist its Digital Assets from HashKey Global.

    Section 10Financial information

    Subject to the type of Digital Asset and as notified by HBML, an Issuer shall submit to HBML its audited annual financial statements within 1 month from its issuance and/or a valuation report of the underlying asset to the satisfaction of HBML, and/or any other information reasonably requested by HBML.

    Section 11Maintenance of eligibility

    As long as its Digital Asset is listed on HashKey Global, an Issuer has a continuing obligation to ensure the listing criteria and listing conditions (if any) are satisfied and that the Issuer is not otherwise prohibited from using HashKey Global by operation of laws or other regulations.

    Section 12Self-reporting

    Any obligation to report under these Exchange Rules shall be undertaken by an Issuer proactively without needing to be first demanded by HBML. In particular, the Issuer shall immediately report to HBML and cease trading on HashKey Global if it has reason to believe that it does not meet the listing criteria or listing conditions (if any), or is otherwise under an obligation to cease trading pursuant to applicable laws.

    Part D – Removal of Digital Asset

    Section 13HBML’s power to remove a Digital Asset from HashKey Global

    HBML may remove a Digital Asset from HashKey Global in accordance with the Listing Policy and Procedures or internal governance documentation.

    13.1Relevant circumstances

    HBML may take into account the below circumstances while taking a decision to remove a Digital Asset from HashKey Global:
    1. implementation of new regulatory standards and other compliance issues;
    2. the Token or Project Team posed significant regulatory risks, including but not limited to, that the Token constitutes a “security” in a jurisdiction and HashKey Global is unable to and/or unwilling to prevent its users from that jurisdiction from holding and/or trading the Token;
    3. blockchain or related technology becomes compromised or defective;
    4. the Digital Asset is no longer supported or maintained by the Issuer or others;
    5. complaints by Users or other third parties, which are related to significant issues such as fraud;
    6. the relevant Issuer conducts or is involved in any illegal activity(ies) within any jurisdiction(s), such as money laundering, fraud or pyramid selling;
    7. any threatened, pending or active legal proceeding or Claim (whether civil, criminal, or administrative, formal or informal, or direct or indirect) against the Project Team;
    8. the relevant Issuer is suspected of manipulating the market and the circumstances are serious;
    9. the relevant Issuer’s team is unreachable within a specified period indicated to the Issuer;
    10. any changes to project team members which HBML considers to have material adverse impact on the Digital Asset or the underlying asset or project;
    11. any core member of the Project Team has been found of significant fraud or deception, including but not limited to, misappropriation of the raised Tokens, unknown whereabouts of the Project development team, cease to support the Project technology, intentionally concealment of material facts of the Project, disclosure or creation of materially fraudulent, false or misleading information;
    12. the dissolution of the project’s development team or resignation of core team members without the consent of the community, resulting in the inability to continue development;
    13. there is a lack of liquidity in the Digital Asset’s market over a time period to be determined as appropriate by HBML;
    14. no order of the Digital Asset is recorded over a time period to be determined as appropriate by HBML after initial listing;
    15. the Issuer changes supply of the Digital Asset without giving prior notice to HBML;
    16. the Issuer unlocks the Tokens without fulfilling the commitment made in the whitepaper or in other forms;
    17. the Issuer conducts a hard fork, token migration, token split, token merge, and rebranding of the Digital Asset without giving prior notice to HBML;
    18. the Project Team has caused significant losses to HashKey Global and users caused by security issues in the main net or the contract, and the Project Team fails to reimburse HashKey Global for the losses and/or compensating its users for the losses that they suffer;
    19. other risks and hazards exist in a Project, such as hacking, coins stealing, concealment of additional issuance, and double spend attack;
    20. market cap of the Digital Asset drops below USD 1,000,000.
    21. HashKey Global’s daily average transaction volume of the Digital Asset is less than USD100,000 or other equivalent tokens for more than 30 days;
    22. there is no immediate action taken or solution given by the Issuer in the event of any crisis, as deemed by HBML, that is causing detrimental impact to HBML, HashKey Global and/or the Trading Participants, including but not limited to, discovery of inaccurate information, technical issues on the Digital Asset, security breach, etc.;
    23. the Issuer conducts any activity(ies) that damages the reputation of HBML or HashKey Global, and adversely affecting the Trading Participants’ interest;
    24. breach of these Exchange Rules which the breach cannot be or has not been cured within 14 days; or
    25. other circumstance(s) that, in the sole discretion of HBML, is/are sufficient for removal of Digital Asset from HashKey Global, including any circumstances which causes the Digital Asset to be no longer eligible or appropriate to continue to be listed, and at the request of the BMA or applicable authorities.

    13.2Removal of Digital Asset from HashKey Global Warning

    Where appropriate and feasible, a warning (verbal or written) would first be given to the Issuer if any of the above events took place. A reasonable time period, usually about 14 days, would be given to the Issuer to mitigate and/or remedy the problem to the satisfaction of HBML. Failing which, HBML will take actions to remove the Digital Asset.

    Section 14Removal of Digital Asset from Platform request

    1. Any person, including the Issuer, may request HBML to exercise its power to remove a Digital Asset from HashKey Global. Nonetheless, the decision to remove a Digital Asset shall be made in the sole discretion of HBML taking into account the circumstances set out in Section 13.
    2. The request should contain the following information:
      1. the Digital Asset involved;
      2. details of any circumstances which warrant a removal;
      3. copies of any documents that provide evidence that supports the request; and
      4. name, email address and telephone number of the person submitting the request.

    Section 15Removal of Digital Asset from HashKey Global Notification

    HBML will notify Users for removal events by sending system messages and issue a removal announcement on HashKey Global’s official website and the trading portal for Digital Assets or projects that trigger the removal condition 7 days in advance. Any pending order received before the announcement date shall be executed within such period.

    Section 16Withdrawal of Client Money and Digital Assets upon removal

    1. Within 30 days from the date of removal announcement and where possible, Trading Participants shall transfer the relevant Digital Asset to their personal wallets or other trading platform accounts. Trading Participants should ensure that their personal wallets or other trading platform accounts support the relevant Digital Asset. HBML shall not be responsible for any loss or damage sustained by the Trading Participant arising from, or related to, the use of incompatible wallets or accounts. In certain instances for technical or compliance reasons HBML may decide to shorten the withdrawal period.
    2. HBML will provide reasonable notice regarding the withdrawal on HashKey Global’s official website and the trading portal. HBML is not liable for any loss or damage sustained by Trading Participants in circumstances under which a Trading Participant for any reason fails to withdraw the delisted Digital Asset before the deadline or fails to withdraw the Digital Asset due to events outside of HBML’s control.

    Section 17 Transfer of Listing

    An Issuer who wishes to conduct a transfer of listing from HashKey Global to another Digital Asset exchange platform will be treated as a removal and the Issuer shall submit a removal request in accordance with Section 14.

    Section 18Relisting

    An application for the listing of a Digital Asset on HashKey Global which was previously listed on HashKey Global will be treated as a new application for listing.

    Part E – Trading Participants

    Section 19Type of Trading Participants

    Trading Participants must submit and execute Orders at HashKey Global through their Accounts and include the following categories:
    1. Entity Investors: corporations or institutions.
    2. Retail Clients or Retail Investors: any person other than an Entity Investor.

    Section 20Eligibility

    20.1Individuals and institutions

    To be eligible to be registered as a Trading Participant, the person or entity must:
    1. acknowledge and agree that the products and services of HashKey Global may be provided by HBML with the support of its affiliates;
    2. be a natural or legal person or other body corporate with full legal capacity and authority to enter into this Agreement;
    3. in the case of an individual, be at least 18 years old or of legal age specified by applicable law in your jurisdiction of residence for a binding contract;
    4. in the case of an authorized person entering into these Terms on behalf of a body corporate, have all the necessary rights and authorities to bind such body corporate;
    5. not be a citizen of, resident of, or located in, any of the non-prohibited jurisdictions published on the official website of HashKey Global from time to time, or any jurisdiction where trading in the relevant Digital Asset is not permissible under applicable law, or reside in a country where the relevant products and services are inaccessible;
    6. have passed all compliance checks by HBML (including but not limited to KYC, AML and countering the financing of terrorism, and risk tolerance);
    7. not be a Proscribed Person; and
    8. have not previously been suspended or refused from using services provided by HashKey Global.

    20.2Other criteria

    HBML may from time to time change or impose additional criteria regarding the eligibility of Trading Participants without prior notice.

    Section 21Application procedure

    1. An application to register as a Trading Applicant may be made by following the process as set out in the Account Opening and Trading Rules.
    2. After receiving all the required information, HBML will review the submitted information. During this process, HBML may ask for additional information from the Trading Applicant. The review will normally take 3 Business Days but may be longer depending on the circumstances. After the review, HBML will send feedback to the Trading Applicant by email.
     
    1. Once an application has successfully passed HBML’s review, the Trading Applicant’s initial account will be formally converted into a client account capable of trading.
    2. A Trading Participant is not allowed to open multiple accounts, unless these are in the form of sub-accounts.

    Section 22Document and information required

    1. For the purposes of HBML’s KYC and AML processes, HBML may require a Trading Participant or Trading Applicant to provide the following information:
     
    1. Documentary evidence of the Trading Participant’s or Trading Applicant’s true and full identity, and his/her financial situation, investment experience, investment objectives and beneficial ownership information.
    2. Where a Trading Participant’s or Trading Applicant’s IP address is masked (for example, where access is via a virtual private network), the unmasked IP address, or else HBML may decline to provide services to that Trading Participant or Trading Applicant.
    3. Information regarding the Trading Participant’s or Trading Applicant’s business and risk profile and conduct ongoing due diligence on the business relationship, including wherever relevant an IP address with an associated time stamp, geo-location data, device identifiers, Digital Asset wallet addresses, and transaction hashes.
     
    1. HBML may also from time to time request information and documents to ascertain the identity, address and contact details of:
     
    1. the person or entity (legal or otherwise) ultimately responsible for originating the instruction in relation to a transaction;
     
    1. the identity, address and contact details of the person or entity (legal or otherwise) that stands to gain the commercial or economic benefit of the transaction and/or bear its commercial or economic risk; and
     
    1. the instruction given by the person or entity referred to in paragraph (b)(i) above.
     
    1. Where incomplete or suspicious information is provided, HBML reserves the right to reject, suspend or terminate the business relationship with the Trading Participant or Trading Applicant (as appropriate).

    Section 23Declaration, undertakings and deposit requirement

    1. HBML may require a Trading Applicant to make a declaration or undertaking in respect of his/her application.
    2. HBML may require a Trading Applicant to deposit a sum of fiat currency to HBML’s designated bank account from his/her bank account with a licensed bank in Bermuda or supervised by a banking regulator of an eligible jurisdiction indicated by the BMA for remote onboarding, in order to verify the bank account information prior to the first trade. No interest will be paid on such deposit. The deposit will be credited to their ledger balance after the on-boarding procedures are completed.

    Section 24 HBML’s decision

    24.1Decision subject to receipt of all required information

    HBML will only process the application after all of the requested information and documents are received in the condition in its sole satisfaction.

    24.2Approval conditions

    1. HBML may impose conditions when approving a Trading Applicant’s application which it considers appropriate, and vary or revoke the condition(s) when deemed necessary.
    2. HBML and each Trading Participant, shall enter into a written client agreement which includes a provision stating that:
    “In conducting any Digital Asset trading business activities, if we [ HashKey Bermuda Limited] solicit the sale of or recommend any product including any Digital Assets to you [the Trading Participant], the product must be reasonably suitable for you having regard to your financial situation, investment experience and investment objectives. No other provision of this agreement or any other document we may ask you to sign and no statement we may ask you to make derogates from this clause.”

    Section 25Deleted

    Part F – Account Opening and Trading Rules

    Section 26Trading on HashKey Global

    1. HBML will follow the trading rules and trade verification procedures, which are briefly outlined below and as set out in detail in the Account Opening and Trading Rules, to provide Trading Participants with high-quality Digital Asset trading services and a first-class trading experience.
    2. When the trading rules change, HBML will inform Users as soon as possible by system notification and announcement on HashKey Global’s official website.
     
    1. Upon becoming aware of events such as hard forks and airdrops, HBML will notify Trading Participants as soon as practicable.

    Section 27List of assets traded

    The list of Digital Assets traded on HashKey Global is published on the official website of HashKey Global and will be updated from time to time.

    Section 28Permitted investors only

    1. If a Trading Participant is an entity which in turn provides services or products of HashKey Global to its clients, such Trading Participant must satisfy HBML that all such clients and end users of HashKey Global are permitted investors under applicable laws.

    Section 29Pre-funded trades only

    1. HBML will only execute a trade for a Trading Participant if there are sufficient Digital Assets and/or fiat currencies in the Account to cover the intended trade.
    2. HBML will not support trading outside HashKey Global and routing of Orders to other trading platforms or exchanges.

    Section 30Trading channels

    1. Trading Participants should place an Order on the trading portal of HashKey Global.
    2. If a Trading Participant elects to place an Order through the API provided by HashKey Global, the API information and specifications can be found on the HashKey Global official website.

    Section 31Trading time

    Please refer to the HashKey Global official website for trading time.

    Section 32Limits and price limits of an order

    1. As part of the account opening process, the Trading Participants’ risk tolerance would be evaluated in the categories of “conservative”, “cautious”, “moderate”, “active” and “aggressive”.
    2. Trading Participants can trade on HashKey Global only if their risk tolerance is higher than the level of "moderate", i.e. "active" or "aggressive". Different Types of Trading Participants with different risk tolerances will have different limit as set out in the Account Opening and Trading Rules.

    Section 33Trading pairs

    The list of trading pairs is published on the official website of HashKey Global.

    Section 34Order types and Order time limit

    An Order can only be submitted by a Trading Participant to HBML on HashKey Global.

    34.1Type of Orders

    1. Market Order:
    A market order is an order that does not specify a price. It is executed immediately upon entry. The size of the order that can be filled is dependent on the following conditions: 
    • the amount of liquidity available 
    • the price of the matching liquidity does not exceed the price band of the last executed price 
    Any unexecuted portion of a market order is cancelled immediately. 
    1. Limit Order: A limit order is an order that specifies an execution price. The fill price of a limit order cannot be higher/lower than the limit price if the order is a buy/sell order.

    34.2Order Time Limit

    1. Valid Until Cancelled (GTC—Good Till Cancelled):
    Client GTC orders will remain valid until any of the following events occurs:
    • All the Orders are executed.
    • Trading Participants cancelled their Orders.
    • Orders are cancelled by the system. (For example: product removal)
     
    1. Execute Immediately or Cancel (IOC—Immediate Or Cancel): An IOC order is executed immediately. Any portion of an IOC order that cannot be filled immediately will be cancelled.

    Section 35Order execution methodology

    35.1Order Verification Rules

    To mitigate potential user mistakes in order placement, HashKey Global adopts a transaction confirmation mechanism. The time involved below is expressed in time zone, i.e. UTC + 0 time.
    When a Trading Participant places an Order, the HashKey Global platform will provide the User with following information:
    1. Order details:
      1. Order type
      2. Product
      3. Quantity
      4. Order time limit
    2. Order estimation:
      1. Transaction fee
      2. Transaction net amount (after deduction of transaction fee)
    Once the transaction is executed, it cannot be cancelled. 
    When the Order is successfully completed, the Trading Participant can review the following information about the Order on the platform:
    • Executed Time
    • Trading Symbol Name
    • Direction of the trade
    • Executed Price
    • Executed Volume
    • Fees
    • Total Volume of the order

    35.2Order Priority

    The orders of the HashKey Global platform are matched in the trading system according to price and then time priority;
    1. Price Priority: Bid orders with higher prices are ranked higher and ask orders with lower prices are ranked higher.
     
    1. Time Priority: Orders with the same price are ranked by their arrival time stamp. The earlier the order arrives at HashKey Global, the higher the ranking of the order.
     

    35.3Execution of Order

    1. The procedures by which an Order is executed is set out in the Account Opening and Trading Rules.
    1. (i) When you place a limit order, HashKey Global will freeze the amount of asset that is involved in the order plus trading fee, i.e., either the maker or the taker fee, whichever is higher.
    (ii)   When you place a market order, HashKey Global will determine if the available balance in trading account exceeds the total trading amount plus all necessary fees. Order entry will be blocked if the condition is not met.
    (iii) When a buy order price and a sell order match in price, the maximal size of either orders that can be matched at the price will be executed. An order may be executed with multiple matching orders.

    35.4Cancellation and amendment of Order

    Trading Participants may submit a request to cancel any of their orders that are not fully matched on HashKey Global.

    35.5Conflicts of Interest

    (a) HBML may provide services to employees of HBML and its group companies and affiliates who can qualify to trade on HashKey Global (each referred to as a “Connected Party”).
    (b)  Trading Participants’ interests are crucial to HBML.  In order to prevent conflicts of interest, HBML adopts the following best execution principles:
    1. Price: Bid orders with higher prices are ranked higher and ask orders with lower prices are ranked higher.
     
    1. Time: Orders with the same price are ranked by their arrival time stamp. The earlier the order arrives at HashKey Global, the higher the ranking of the order.
     
    1. Customer first: Where a Connected Party and a Trading Participant place Orders for the same Digital Assets at the same time and at the same price, Orders of Trading Participants have priority over Connected Party' Orders.
    (c) In addition, HBML has internal governance documentation that regulates conflicts of interest. Such documentation applies to (including but not limited to) all employees and short-term and long-term consultants of the company. Once employees find a conflict of interest, they should report to their immediate supervisor or the compliance department of HashKey Digital Asset Group Limited immediately.

    Section 36Depositing and withdrawing Client’s fiat currencies and Digital Assets

    36.1Deposit/Withdrawal Procedures

    Two-factor authentication must be enabled before Trading Participants can deposit and withdraw Digital Assets in their HashKey Global account. The steps for deposit and withdrawal of Digital Assets are set out in the FAQ of the official website of HashKey Global.

    36.2General Rules for Deposit/Withdrawal

    1. (i) Deposit of Digital Assets: For deposit via personal wallet, the deposit transaction will be processed when a certain number of confirmations are reached and has completed HashKey Global’s internal review. The deposit will then be credited and displayed automatically displayed on client’s account.
    Whereas for deposit via Third Party Exchange, the deposit transaction will also require HashKey Global’s internal review, which is subject to FATF’s Travel Rule Requirement.
    Users are reminded to enter the correct deposit address as confirmed transactions on blockchain may be irreversible.
    (ii) Deposits of fiat currencies (if and when applicable): Deposit transaction will be processed after the funds are received and cleared by our designated bank. The deposit will then be credited after it has completed internal review and displayed on the client's account.
    1. (i) Withdrawal of Digital Assets: After the withdrawal application is accepted, the confirmation will be sent to the requesting Trading Participant which delivery time will depend on the speed of the blockchain network. Therefore, the time for the requesting Trading Participants to receive the requested Virtual Assets may vary from a few minutes to several hours or longer.
    The Trading Participant should make sure the correct address is entered. Otherwise, HashKey Global may not return the Client’s Digital Assets.
    (ii) Withdrawal of fiat currencies (if and when applicable): After the withdrawal application is accepted, the request amount will be accredited in the Trading Participant’s bank account after processing by our designated bank, however, this may be subject to the bank’s procedures.
     
    1. Number of block confirmations for successful withdrawal application:
    Block confirmation depends on network conditions. Delays may occur due to network congestion.
    1. HBML and Associated Entity will not conduct any deposits and withdrawals of User’s Digital Assets through any wallet address other than an address which belongs to the User and is whitelisted by HBML and Associate Entity, except under permitted circumstances specified by applicable authorities.

    Section 37Restricting, suspending, rejecting or cancelling Orders

    1. In order to maintain the fair and orderly operation of HashKey Global, HBML may take the following actions as it considers appropriate:
    1. Restrict or suspend trading of a Digital Asset on HashKey Global;
    2. Reject or cancel any Orders; or
      1. Freeze any accounts.
      2. HBML may exercise its power under Section 37(a) in the following circumstances:
        1. Mismatching;
     
    1. Upon notice of any information that may reasonably be expected to materially affect market activity for and the price of any Digital Asset;
     
    1. Upon discovery of any market manipulative and abusive activities; or
     
    1. Any other circumstances which in the sole discretion of HBML will impair the fair and orderly operation of HashKey Global.

    Section 38Clearing and settlement

    1. HBML may designate a system for the purpose of providing clearing and settlement services. All Trading Participants shall settle all Orders through the system and comply with the terms and conditions of the system as notified to Trading Participants from time to time.
     
    1. HBML may in its sole discretion determine a standard settlement period of each Digital Asset from time to time.

    Part G – Trading Halt, Suspension and Resumption of Trading

    Section 39Criteria and procedure of trading halt, suspension and resumption of trading

    1. HBML reserves sole discretion to halt or suspend trading on HashKey Global at such time and for such duration as it may determine in accordance with HBML’s internal policies, which provide the criteria and procedure for halting and suspending a Digital Asset from trading on HashKey Global, and the arrangements during trading suspension, outages and business resumption.
     
    1. An Issuer whose Digital Asset is suspended from trading on HashKey Global shall continue to comply with these Exchange Rules in so far as they are relevant to it.

    Section 40Notification of trading halt and suspension

    If HBML exercises its power to halt or suspend a Digital Asset from trading on HashKey Global, HBML will notify Users through email, system notification and announcement on HashKey Global’s official website.
    Section 41HBML’s decision
    HBML’s decisions made under this Part G are conclusive and binding on the Users. Unless otherwise determined by HBML pursuant to applicable law, no loss or damage sustained by the Trading Participants shall be compensated by HBML and all such rights of the Users are irrevocably waived.

    Part H – Custody of Digital Assets

    Section 42Custody arrangement
    1. HBML holds Digital Assets on behalf of Trading Participants in a segregated account established by its Associated Entity.
    2. HBML’s Associated Entity adopts security standards in accordance with industry best practices and international standards in relation to the custody of Digital Assets. HBML has an insurance policy covering the risks associated with the custody of Digital Assets held in both hot storage and cold storage.
    3. The Associated Entity shall only receive, send, store or engage in other activities involving airdrops, hard forks or other derivatives, enhanced or forked protocols, token burns or buybacks, or other similar events, upon receipt of and in accordance with specific instructions of HBML, to the extent supported by the Associated Entity.
    4. HBML will, through its Associated Entity, store no less than 90% of Trading Participants’ Digital Assets in cold storage (Hardware Security Module (HSM)) (i.e. private keys are kept offline without access to the internet), in order to minimise exposure to losses arising from a compromise or hacking of HashKey Global. HBML endeavours to minimise transactions out of the cold storage in which a majority of Trading Participants’ Digital Assets are held.

    Section 43Title to Digital Assets

    HBML appoints its Associated Entity as custodian of HBML relating to the storage of the Digital Assets of Trading Participants. HBML and its Associated Entity has no right, interest, or title in such custodial Digital Assets, except to the extent as provided in these Exchange Rules.

    Section 44Segregated accounts

    44.1Digital Assets

    1. All Trading Participants’ Digital Assets are held in a segregated account (i.e. an account designated as a client or trust account) established by HBML’s Associated Entity for the
     
    1. purpose of holding client assets and are segregated from the assets of the Platform Operator and its Associated Entity.
     
    1. For each type of Digital Asset, the wallets in HBML’s Associated Entity’s client wallet system constitute:
     
    1. hot wallet(s), which is further composed of individual client wallets and an aggregated client hot wallet; and
     
    1. aggregated cold wallet(s), into which no less than 90% of that particular type of Digital Asset should be stored.

    44.2Client’s fiat currencies

    1. If and when deposits of fiat currencies are accepted on HashKey Global, HBML may also establish segregated accounts by the Associated Entity with an authorised financial institution in Bermuda or another bank in another jurisdiction permitted under applicable laws from time to time,
    for safekeeping Client Money, into which fiat currencies received from or on behalf of a Trading Participant should be paid within one Business Day of receipt.

    Part I – Prevention of market manipulation and abusive activities

    Section 45Identify market manipulative and abusive activities

    1. HBML established and implemented internal governance documentation for the proper surveillance of HashKey Global in order to identify, prevent, and report any market manipulative and abusive activities.
    2. HBML also conducts post-trade monitoring to reasonably identify any:
      1. suspicious market manipulative or abusive activities; and
     
    1. market events or system deficiencies, such as unintended impact on the market, which call for further risk control measures.

    Section 46Reporting

    Upon becoming aware of any market manipulative or abusive activities, whether actual or potential, on HashKey Global, HBML is required to notify the Financial Intelligence Agency “FIA” of such matter as soon as practicable, provide the FIA with such additional assistance in connection with such activities as it might request and implement appropriate remedial measures.

    Section 47Market surveillance programme

    1. HBML adopts a market surveillance system provided by a reputable and independent provider to identify, monitor, detect and prevent any market manipulative or abusive activities on HashKey Global.
    2. HBML is required to provide access to this system for the FIA to perform its own surveillance functions when required.

    Part J – Fees

    Section 48Fees to be published on website

    1. The current fee schedule adopted by HashKey Global could be found on the official website of HashKey Global which will be updated periodically without prior notice, unless required under laws of Bermuda.
    2. In relation to admission, the fee structure is designed to avoid any potential, perceived or actual conflicts of interest. In relation to trading, HBML will charge a percentage of the transaction amount daily. Different fees may apply based on the type of Order (including whether a Trading Participant is providing or taking liquidity), transaction size and type of Digital Assets transacted (if applicable). In relation to deposit and withdrawal, no deposit fee will be charged, and a different fixed withdrawal fee will apply based on the type of Digital Asset.
    3. HBML will transfer fees from the aggregated client hot wallet to HBML’s hot wallet daily at 00:00 (UTC+0 - Greenwich Mean Time).
    4. HBML may in its sole discretion and where applicable waive, reimburse, or pay for Trading Participants’ on-chain transaction fees (i.e. gas fees), including fees for transferring between an individual client’s wallet and other internal wallets, and withdrawals from HashKey Global as set out on the official website of HashKey Global.

    Part K – Breach of these Exchange Rules

    Section 49HBML’s power to investigate

    1. HBML may investigate any matter that relates to HashKey Global on its own initiative or upon receiving a complaint or enquiry from any person.
    2. Users under investigation shall promptly provide any necessary assistance to HBML during an investigation.
    3. HBML will retain a record of all investigations conducted.

    Section 50Request to remedy

    1. Where a User is found to have breached the Exchange Rules or to have conducted its business in a manner that is detrimental or prejudicial to other Users of , HBML, HashKey Global or the public, HBML may, at its sole discretion, request the breaching User to remedy the breach.
    2. For the avoidance of doubt, HBML may impose other penalties on the breaching User, and there is no obligation on HBML to allow the breaching User to remedy the breach.

    Section 51Penalties

    HBML may impose any of the following penalties on the breaching User:
    1. public reprimand;
    2. suspension of account;
    3. termination of account; or
    4. any other penalty in the discretion of HBML which is permissible under applicable laws.

    Part L – Security of HashKey Global

    Section 52 Security measures

    1. HBML employs adequate, up-to-date and appropriate security controls to protect HashKey Global from being abused, including:
      1. robust authentication methods and technology to ensure that access to HashKey Global is restricted to authorised persons only;
      2. up-to-date data encryption and secure transfer technology, in accordance with industry best practices and international standards, to protect the confidentiality and integrity of information stored on HashKey Global and during transmission between internal and external networks;
      3. up-to-date security tools to detect, prevent and block any potential intrusion, security breach and cyberattack attempts; and
      4. adequate internal procedures and training for HBML’s employees and regular alerts and educational materials for Trading Participants to raise awareness of the importance of cybersecurity and the need to strictly observe security in connection with the system.
    2. HBML also has in place effective controls to enable it, where necessary, to:
     
    1. prevent “fat finger” errors such with respect to as input limits or thresholds for Order price and quantity;
    2. immediately prevent HashKey Global from accepting Orders which are, for example, suspicious fraudulent trades initiated by hackers; and
    3. cancel any unexecuted Orders.
     
    1. HBML will arrange at least annual technology audits by a qualified independent professional to ensure the adequacy, reliability, security and capacity of HashKey Global.

    Section 53System Maintenance and Interruptions

    53.1System Maintenance Arrangements

    1. When HBML needs to perform system maintenance, the following measures will be taken:
    1. evaluating the impact, start time and estimated end time of the maintenance in advance;
    2. notifying Users of the impact, start time and estimated end time of the maintenance as soon as possible though email, SMS, system notification and announcement on HashKey Global’s official website; and
    3. notifying Users via email and announcement on website of HashKey Global as soon as possible when the maintenance is over.
      1. If system maintenance requires suspension of transactions, HBML will take the following measures:
    4. evaluating the start time and estimated end time of trading suspension in advance;
    5. notifying Users of the transaction suspension arrangements through email, SMS, system notification and announcement on HashKey Global’s official website;
    6. starting system maintenance and suspend transaction;
    7. after the system maintenance has been completed, changing the status of all Orders to “cancelled”; and
    8. when trading functions return to normal, notifying Users through email, SMS, system notification and announcement on HashKey Global’s official website.

    53.2Unexpected Interruptions Handling

    1. When the service or transaction is stopped unexpectedly due to technical reasons or other force majeure, HBML may take one or more of the following measures as appropriate: 
    1. suspending deposit and withdrawal temporarily;
    2. cancelling all Orders in the Order book;
    3. suspending trading function (including order placement, matching and cancellation);
    4. suspending login;
    5. suspending API functionality ; or
    6. closing the website service temporarily; or
    7. changing the status of all unfilled Orders to “cancelled”.
      1. In the event there is a service or transactional interruption, HBML will inform Users by email, SMS, system notification and announcement on HashKey Global’s official website.
      2. Upon resumption of the service or transactional interruption, HBML will inform Users by system notification and announcement on HashKey Global’s official website.

    Part M – Contact, Complaint Procedures and Dispute Resolutions

    Section 54Contact information of HashKey Global

    Users can reach the Client Service Team via email at support@global-cs.hashkey.com

    Section 55Complaint procedures

    1. Any complaint should be submitted to HBML through the official website of HashKey Global in accordance with HashKey Global’s Complaint Handling Procedure published on its official website.
    2. HBML will acknowledge receipt of complaints and review them for possible follow-up action. HBML is committed to dealing with complaints quickly. However, the period of time required for following up on the complaints depends on the circumstances of each case.
    3. All enquiries and complaints are treated in strict confidence. However, if circumstances require, HBML may need to disclose information to relevant authorities, regulators or agencies for further follow-up. HBML will seek the enquirer’s or complainant's consent before disclosing any personal information.

    Section 56Dispute resolution

    Any dispute, controversy, difference or claim arising out of, or relating to, the Exchange Rules, including the existence, validity, interpretation, performance, breach or termination thereof or any dispute regarding non-contractual obligations arising out of, or relating to, it shall be referred to and finally resolved by arbitration administered by the HKIAC under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted. The law of this arbitration clause shall be Hong Kong law. The seat of arbitration shall be Hong Kong. The number of arbitrators shall be three. The arbitration proceedings shall be conducted in English.
    See more
    icon

  • HashKey Global Team

    Privacy Policy

    Privacy Policy

    Global_Square.png
     
    HashKey Team
     
    HashKey Privacy Policy
     
    HashKey Digital Asset Group Limited and its affiliates (hereinafter referred to as “HashKey”, "we" "us" or "our"), including but not limited to Hash Blockchain Limited and HashKey Bermuda Limited, (hereinafter referred to as “HashKey”, "we" "us" or "our") is committed to protecting the privacy, confidentiality, and security of the personal data held by HashKey complying with the requirements of applicable personal data protection laws including the Personal Data Protection Act 2012 of Singapore ("PDPA"), and the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (“PDPO”), the General Data Protection Regulation of the European Union ("EU GDPR") and the General Data Protection Regulation of the United Kingdom ("UK GDPR") with respect to the collection, use, processing and management of personal data. In doing so, HashKey is equally committed to ensuring that all its employees and agents uphold these obligations.
     
    HashKey Digital Asset Group Limited
    Place of registration: Hong Kong
    Company registration number: 69098044
    Address: 14/F Three Exchange Square, 8 Connaught Place, Central, Hong Kong
     
     
    Hash Blockchain Limited
    Place of registration: Hong Kong
    Company registration number: 69104532
    Securities and Futures Commission Central Entity Number: BPL992
    Address: Units 614-615, Level 6, Cyberport 3, 100 Cyberport Road, Hong Kong
     
     
    HashKey Bermuda Limited
    Place of registration: Bermuda
    Company registration number: 202302864
    Class F licence holder granted by the Bermuda Monetary Authority
    Address: c/ Carey Olsen Services Bermuda Limited, Rosebank Centre, 5th Floor,
    11 Bermudiana Road, Pembroke, HM 08, Bermuda
     
     
     
     
    This Privacy Policy ("Privacy Policy") applies to our investors, job applicants and visitors of HashKey's website(s) or other third parties ("you") located in Hong Kong, Singapore, Bermuda, the United Kingdom ("UK"), the European Union ("EU") and such jurisdiction as permitted under applicable laws (as the case may be) ("your jurisdiction"). This Privacy Policy describes:
    • the types of personal data which HashKey will collect or process;,
    • how personal data will be used, shared and protected;, and
    • your rights in relation to personal data, including the right to make data access and correction requests, and in addition, for those located within the EU or the UK, the right to erasure, the right to restrict processing, the right to data portability, and the right to object.
     
    Personal data will be collected only for lawful and relevant purposes and all practicable steps will be taken to ensure that personal data held by HashKey is accurate. HashKey will use your personal data which HashKey may from time to time collect in accordance with this Privacy Policy.
     
    HashKey reserves the right from time to time to revise this Privacy Policy. Where any changes to this Privacy Policy are material (e.g. a new purpose for using your personal data), HashKey will notify you using the contact details which you have provided HashKey and by updating and issuing the new version on the HashKey website. However, if the changes are not material, HashKey has the right to decide whether or not to notify you by using the contact details you have provided to HashKey. You are advised to check the Privacy Policy periodically and pay attention to its revision. After the publication of the new version of this Privacy Policy, your continued use of the HashKey website(s) or your continued relationship with HashKey shall be deemed to be acceptance of and consent (to the extent that consent is the relevant legal basis of processing your personal data) to this updated Privacy Policy, as amended from time to time.
     
    HashKey will take reasonable and practicable steps to ensure the security of your personal data and to avoid unauthorised or accidental access, erasure or use for other purposes. This includes physical, technical, and procedural security methods, where appropriate, to ensure that your personal data may only be accessed by authorised personnel.
     
    Please note that if you do not provide HashKey with personal data (or relevant personal data relating to persons appointed by you to act on your behalf), HashKey may not be able to provide the information, products or services you have asked for or process your requests, applications, subscriptions or registrations, as applicable.
     
    If you have any questions about this Privacy Policy or how HashKey uses your personal data, please contact HashKey through the communication channels set out in the "Contact HashKey" section below.
     
    1. Collection of personal data
     
    Personal data may be collected from you on a voluntary basis for particular purposes or services. Your personal data are collected and held by HashKey as explained below:
     
     
    Data subjects
    Types of personal data collected and how we collect your personal data
    Investors
    When you apply, subscribe and register for HashKey products and services or make enquiries to HashKey, we will collect personal information about you so that we can process your application, subscription and registration including but not limited to your name, telephone number, mobile phone number, address, email address, facsimile number, gender, date of birth, age, job title, interests and other information you provide via the HashKey website(s) or any other means.
     
    We may also collect other personal data you provide as set out in sections of the HashKey website(s) which invite you to provide personal data.
    Job applicants
    We will collect information including but not limited to the below to process your job application with HashKey:
    • your personal details, including your name, telephone number, mobile phone number, address, email address, facsimile number and language proficiency;
    • your education background, including your level of education and field of study;
    • personal data contained in your resume attached to your application, transcript or reference letter; and
    • other personal data you provide in the job application process with HashKey.
    Visitors of HashKey's website(s) (whether an investor, job applicant or other third party) or persons who access the HashKey Exchange
    When you visit the HashKey website(s) or access the HashKey Exchange, we will record each of your visits and will automatically collect the following information:
    • technical information, including the Internet protocol (“IP”) address used to connect your computer or mobile device to the Internet, your login information, browser type and version, geographical location, time zone setting, browser plug-in types and versions, device types, operating system, time and date of consent and platform; and
    • information about your visit, including the full Uniform Resource Locators ("URL"), clickstream to, through and from the HashKey website(s) (including date and time), products you viewed, searched for, filtered or purchased, the hyperlinks you have clicked, site usage including page viewed and page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse the HashKey website(s).
    We may also collect your personal data including but not limited to your name, telephone number, mobile phone number, address, email address, facsimile number, gender, date of birth, nationality, job title, interests, subscription details of HashKey products and services and other information you provide to HashKey.
     
     
     
     
    1. Use of personal data
     
    From time to time, where personal data is provided to HashKey, HashKey may use the personal data as explained below and such personal data may be transferred to a place outside Hong Kong or Singaporeyour jurisdiction.
     
    In general, for all external parties, we use your personal data for the purpose directly related to the function or activity of HashKey, to comply with legal requirements, to carry out obligations arising from the contracts entered between you and HashKey (if any). We have specified the purposes of use of your personal data in this "Use of personal data" section. We may also notify you of other purposes at the time of collection of the personal data.:
     
     
     
    Investors
    For the purpose of providing products and services to you, we will use the information that we have collected about you to:
    • process your applications, subscriptions and registration for HashKey products and services;
    • administer your accounts and providing you with HashKey products and services;
    • register you for investor-related events, activities and materials;
    • design, install and use software apps of HashKey from relevant app stores;
    • respond to and process your enquiries and taking further actions or do follow-ups as required;
    • market and promote existing and future HashKey products or services;
    • provide you with information regarding the market insights in connection with HashKey products or services;
    • provide you with the online services available at the HashKey website and/or through other telecommunication channels;
    • compile general statistics in relation to the number of visitors to HashKey website and the usage of HashKey website;
    • conduct research, survey and/or analysis from time to time to better understand your needs, preferences, interests, experiences and/or habits;
    • use your personal data for AI analytics;
    • design new and/or enhance existing services, products, activities, and/or other events relating to HashKey products or services;
    • use the information that HashKey website collects about you to improve your experience while using our services; and
    • for other purposes directly relating to any of the above.
     
     
    Job applicants
    For the processing of your job application and administration of our recruitment database, we will use the information that we have collected about you to:
    • evaluate and process job applications;
    • keep job application records;
    • assess suitability of candidates for job positions;
    • communicate with you in the course of your employment and performing human resource management functions and activities;
    • communicate with you on other opportunities; and
    • comply with our legal obligations.
     
    Other third parties
    For the purpose directly related to the function or activity of HashKey, to comply with legal requirements, to carry out obligations arising from the contracts entered between you and HashKey, any other applicable purposes as set out in this "Use of personal data" section, and/or any other purpose notified to you at the time of collection of the personal data.
     
     
     
    1. Investors: For the purpose of providing products and services to you, we will use the information that we have collected about you to:
     
    Why and how we process your information
    Types of personal data used
    Legal basis relied upon under EU GDPR and UK GDPR (not applicable to PDPO and PDPA)
    To manage your account
    Process your applications, subscriptions and registration for HashKey products and services.
    • Name
    • Telephone number
    • Email
    • Postal address
    • Bank details
    We will process your personal data if such processing is necessary for the conclusion or performance of a contract between HashKey and you.
    • Administer your accounts and provide you with HashKey products and services.
     
    • Provide you with the online services available at through the HashKey's website(s), through the HashKey Exchange and/or through other telecommunication channels.
    • Name
    • Telephone number
    • Email
    • Postal address
    • Bank details
    Legitimate interests, namely it is in our interests:
    • to maintain our account holder details;
    • to service your account and communicate with you;
    • to ensure our business runs smoothly;
    • to safeguard our business interests; and
    • to verify the people we deal with.
     
    We may also need to process your data to comply with our legal obligations.
     
    To facilitate transactions which you make on the HashKey website(s) or the HashKey Exchange and to comply with our obligations to you
    Process your data in accordance with our legal obligations and/or internal processes or process your data to comply with any of our other legal obligations.
    • Name
    • Telephone number
    • Email
    • Postal address
    • Bank details
    Legitimate interests, namely it is in our interests:
    • to ensure compliance with applicable laws and regulations and our internal policies and risk management requirements;
    • to safeguard our business interests; and
    • to verify the people we deal with.
     
    We may also need to process your data to comply with our legal obligations.
     
    Respond to and process your enquiries and take further action or to follow-up as required.
    • Name
    • Telephone number
    • Email
    • Postal address
    • Bank details
    Legitimate interests, namely it is in our interests and your interests for us to provide our services to you or answer any queries.
    Store your details (and updating them when necessary) on our database, so that we can contact you in relation to the function or activity of HashKey.
    • Name
    • Telephone number
    • Email
    • Postal address
    Legitimate interests, namely it is in our interests and your interests:
    • to ensure we have an accurate record of all of our customers that we interact with; and
    • to ensure our business runs smoothly.
    • Improve your experience while using our services.
     
    • Design new and/or enhance existing services, products, activities, and/or other events relating to HashKey products or services.
    • Information that the HashKey website(s) [or the HashKey Exchange] collects about you
    Legitimate interests, namely it is in our interests and your interests:
    • to ensure that we provide you with relevant information in the future; and
    • to ensure our business runs smoothly.
     
    We may also need to process your personal data to comply with our legal obligations.
    Conduct research, survey and/or analysis from time to time to better understand your needs, preferences, interests, experiences and/or habits.
    • Name
    • Telephone number
    • Job title
    • Email
    Legitimate interests, namely it is in our interests to improve and develop our offering by considering your feedback and feeding this into our processes where we deem necessary.
    To send you direct marketing communications
    • Register you for investor-related events, activities and materials.
     
    • Market and promote existing and future HashKey products or services.
     
    • Provide you with information regarding the market insights in connection with HashKey products or services.
    • Name
    • Telephone number
    • Email
    • Postal address
    We will send you marketing emails in reliance on your consent.
     
    Where permitted by applicable law and unless you have opted-out, we may also send marketing communications based on our legitimate interests, namely it is in our interests to send you marketing communications where you are an existing customer who has accessed similar HashKey products or services in the past.
    To help us establish, exercise, or defend legal claims
    To help us to establish, exercise, or defend legal claims.
     
    • Name
    • Telephone number
    • Email
    • Postal address
    • Bank details
    • Calls, instant messages and emails with you
    • Automatically collected information
    • Information that others provide about you
    • Additional information that you choose to tell us
    Legitimate interests, namely it is in our interests for us to be enabled to establish and defend our legal rights, manage pending or actual disputes and understand our obligations, and seek legal advice in connection with them.
     
    We also use your data to help us to improve your experience of using the HashKey website(s) or accessing the HashKey Exchange and to compile general statistics in relation to the number of visitors to the HashKey website(s) and the use of the HashKey website(s) or the HashKey Exchange. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see Section 4 "How does HashKey use cookies" below.
     
    We may also use your personal data for artificial intelligence analytics, provided that our use of artificial intelligence tools is in compliance with all applicable laws.
     
    If your jurisdiction is Hong Kong or Singapore, Wwe will obtain your consent before using your personal data for other purposes, unless otherwise permitted by applicable law. If you your jurisdiction is the EU or the UK, we will rely on your consent or the alternative legal basis as identified in the table unless as otherwise specified (e.g. we rely on consent to send you marketing emails).
     
     
    1. Job applicants: For the processing of your job application and administration of our recruitment database, we will use the information that we have collected about you to:
     
     
    Why and how we process your information
    Types of personal data used
    Legal basis relied upon under EU GDPR and UK GDPR (not applicable to PDPO and PDPA)
    •evaluate and process job applications;
    •keep job application records;
    •assess suitability of candidates for job positions;
    •communicate with you in the course of your employment and performing human resource management functions and activities; and
    •communicate with you on other opportunities; and
    comply with our legal obligations.
    • Name
    • Telephone number
    • Email
    • Postal address
    • Bank details
    Legitimate interests, namely it is in our interests:
    • to assess your suitability for job positions;
    • maintain job applicants' records; and
    • communicate with you on current or future opportunities.
     
    We may also need to process your data to comply with our legal obligations.
     
     
    If your jurisdiction is Hong Kong or Singapore, we will obtain your consent before using your personal data for other purposes, unless otherwise permitted by applicable law. If you your jurisdiction is the EU or the UK, we will rely on your consent or the alternative legal basis as identified in the table unless as otherwise specified (e.g. we rely on consent to send you marketing emails).
     
    1. Visitors of HashKey website(s) or persons who access the HashKey Exchange
     
    We use your personal data to help us to improve your experience of using the HashKey website(s) or accessing the HashKey Exchange and to compile general statistics in relation to the number of visitors to HashKey website and the use of the HashKey website(s) or the HashKey Exchange. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see Section 4 "How does HashKey use cookies" below.
     
     
    1. Other UsesHow does HashKey share your personal data
     
    HashKey may be required to retain, process and/or disclose your personal data to agents, contractors or other third-party service providers, to which HashKey does not assume any liability for any loss or damage that you may sustain, in order to:
     
    1. comply with a court order, subpoena or other legal process (whether in Hong Kong, Singapore or elsewhere);
     
    1. comply with applicable laws and regulations;
     
    1. comply with a request by a government authority, law enforcement agency or similar body (whether situated in Hong Kong, Singapore or elsewhere);
     
    1. provide to the third-party database for submitting behaviors concerning anti-money laundering, terrorism financing, and evading trade and economic sanctions;
     
    1. provide to a third party which provide services (such as legal, financial, management, operation, market surveillance, analytic or technical services) or is associated or acting as a nominee to HashKey;
     
    1. provide to any third party to whom HashKey’s businesses or any part of HashKey’s businesses will be sold, assigned or transferred to, if applicable; or
     
    1. HashKey may need to retain, process and/or disclose your personal data in order to enforce any agreement with you, protect HashKey’s rights, property or safety, or the rights, property or safety of HashKey’s employees.
     
    1. How does HashKey use cookies
     
    If you access HashKey’s information or services through the HashKey website(s) or the HashKey Exchange (as applicable), you should be aware that cookies are used. Cookies are data files stored on your browsers. The HashKey website(s) and Hashkey Exchange (as applicable) automatically installs and uses cookies on your browsers when you access it, which are used to store your preferences, enhance the function of the HashKey website(s) or the HashKey Exchange (as applicable), and facilitate your browsing. The cookies used in connection with the HashKey website(s) or the HashKey Exchange (as applicable) do not contain personal data. You may refuse to accept cookies on your browsers by modifying the settings in your browsers or internet security software. However, if you do so you may not be able to utilise or activate certain functions available on the HashKey website(s) or the HashKey Exchange (as applicable). For detailed information on how HashKey uses cookies and the purposes for which cookies are used, please refer to our cookies policy at https://www.hashkey.com/en/cookies-policyhttps://support.hashkey.com/hc/en-gb/articles/10757307365017-Cookie-Policy.
     
     
     
     
    1. Third party websites
     
    The HashKey website(s) or the HashKey Exchange may from time to time contain linkages to other websites. These other websites are independent from the HashKey website(s) or the HashKey Exchange. HashKey has no control or management over the contents of such other websites or their privacy policies or compliance with the law. You should be fully aware that the provisions of such linkages links do not constitute an endorsement, approval, or any form of association by or with HashKey and HashKey has no control over the personal data submitted by you, if any, to other websites.
     
    1. Transfer of personal data
     
    For one or more of the purposes specified above, HashKey may transfer your personal data outside your jurisdiction to any agents, contractors or other third-party service providers who provide administrative, telecommunications, computer, payment, debt collection, data processing, data storage, data analytics or other services to HashKey in Hong Kong, Singapore[, Bermuda, the EU and the UK] or elsewhere, and other third parties as notified at the time of collection.
     
    HashKey may share your personal data within its group of companies for providing the products and services sought by you for the same purpose or directly related to the purposes at the time of collection.
     
    HashKey may rely on your consent for data transfer or will adopt contractual and/or other means to ensure the agents, contractors or other third-party data processors who process personal data on behalf of HashKey will take all reasonable steps to (i) protect the personal data they hold against unauthorized or accidental access, processing, erasure, loss or use; and(ii) ensure that personal data will not be kept longer than necessary.
     
    1. Corporate reorganisation
     
    As HashKey continues to develop its business, it may reorganise its business structure, undergo a change of control or business combination. In these circumstances it may be the case that your personal data is transferred to a third party who will continue to operate HashKey’s business or a similar service under either this Privacy Policy or a different privacy policy which will be notified to you. Such a third party may be located, and use of your personal data may be made in connection with such acquisition or reorganisation outside your country of locationjurisdiction (i.e. Hong Kong, or Singapore, Bermuda, the EU or the UK). We will comply with the applicable data privacy laws in disclosing your personal data to the prospective third party, if applicable.
     
    1. Protection of personal data
     
    All personal data provided to HashKey will be securely stored with restricted access by authorized personnel only. We utilize encryption/security software for data transmission so as to protect your data via encrypting it in a secure format to ensure its privacy and security from unauthorised access or disclosure, accidental loss, alteration or destruction.
     
    In addition, we may rely on your consent or will adopt contractual or other means to prevent any personal data transferred to HashKey's data processors (i) from being kept longer than is necessary for processing of the data; and (ii) from unauthorized or accidental access, processing, erasure, loss or use, if HashKey is to engage any data processor. For those located in the EU or the UK, we are required to impose the mandatory contractual obligations on our data processors in compliance with EU GDPR and UK GDPR.
     
    Nevertheless, the transmission of information via the internet is not completely secure. Although HashKey will do its best to protect your personal data, HashKey cannot guarantee the security of data transmitted to the HashKey website(s). Once your personal data is received, HashKey will use strict procedures and security features to try to prevent unauthorized access.
     
    If you suspect any misuse, loss of, or unauthorised access to your personal data, please let us know immediately following the details set out in Section 14 "Contact HashKey" below.
     
     
    1. Notice on direct marketing
     
    Where you have given consent and have not subsequently opted out, HashKey may from time to time use your personal data (including your name and contact details) to send you direct marketing or promotional communications such as emails containing news, promotions, events and marketing offers. The dispatch of such direct marketing communications may be undertaken by third-party service providers.
     
    If you do not wish to receive further direct marketing or promotional materials from HashKey, you may opt out of receiving direct marketing or promotional communications by contacting HashKey by one of the communication channels set out in Section 14 "Contact HashKey" section below.
     
    1. Retention of personal data
     
    We aim to retain your personal data no longer than is necessary for the fulfilment of the purposes of collection unless a longer retention period is required or permitted by applicable laws, rules and regulations. The precise length of time will depend on the type of data, our legitimate business needs, and other legal requirements that may require us to retain it for certain minimum periods.
     
    We may be required to retain certain data for the purposes of tax reporting or responding to tax queries. In other instances, there may be some other legal or risk management requirements to retain data, including where certain data might be relevant to any potential litigation (bearing in mind the relevant limitation periods).
     
    In determining the appropriate retention period for different types of personal data, we always consider the amount, nature, and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition of course to ensuring that we comply with our legal and risk management obligations, as described above).
     
    Once we have determined that we no longer need to hold your personal data, we will delete it from our systems.
     
    HashKey will take commercially reasonable steps to ensure the accuracy of your personal data held by HashKey. If HashKey becomes aware that the personal data is inaccurate, HashKey will not use such data and will notify any third party to which such personal data has been transferred regarding the same.
     
    For personal data for recruitment purposes, HashKey will retain such data of unsuccessful job applicant, for a period not longer than two years from the date of rejecting the applicant, unless there is subsisting reason that obliges HashKey to retain the data for a shorter or longer period, such as for compliance with applicable laws, rules and regulations; or you have given prescribed consent for the data to be retained beyond the prescribed period.
     
    1. Access and correction of personal dataYour rights
     
    Under applicable lawdata privacy laws in Hong Kong and Singapore, you may have the right to request for access to your personal data, to obtain a copy of the personal data, to correct any personal data that is inaccurate and to delete or cease the collection, processing or use of any personal data. You can also may request HashKey to inform you of the type of personal data held by HashKey.
     
    Request for access and correction of personal data or for information regarding policies and practices and kinds of data held by us should be addressed in writing and sent to HashKey by post or by email following the details set out in the Section 14 "Contact HashKey" section below.
     
    In accordance with the terms of applicable laws, HashKey has the right to charge a reasonable fee for the processing of any data access request.
     
     In addition, the EU GDPR and UK GDPR offer various protections (not available under PDPO or PDPA) and clarify the rights of citizens and individuals in the EU or the UK, with regard to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
     
    Right to object (not available under PDPO or PDPA): This enables you to object to us processing your personal data. This is possible for one of the following four reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research, or statistical purposes.
     
    The "legitimate interests" category above is most likely to apply. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
    • We can show that we have compelling legitimate grounds for processing which overrides your interests.
    • We are processing your data for the establishment, exercise, or defence of a legal claim.
     
    Right to withdraw consent: We have obtained your consent to process your personal data. You may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose. In which case, we will inform you of this condition.
     
    Right to access: You may ask us to confirm what information we hold about you at any time, and request us to modify, update, or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information that we hold about you, we will not charge you for this unless your request is "manifestly unfounded or excessive." If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
     
    Right to erasure (not available under PDPO or PDPA): You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
    • the data is no longer necessary for the purpose for which we originally collected and/or processed them;
    • where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
    • the data has been processed unlawfully (i.e., in a manner which does not comply with the EU GDPR and UK GDPR);
    • it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
    • if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
     
    We would only be entitled to refuse to comply with your request for erasure for one of the following reasons:
    • to exercise the right of freedom of expression and information;
    • to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
    • for public health reasons in the public interest;
    • for archival, research, or statistical purposes; or
    • to exercise or defend a legal claim.
     
    When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
     
    Right to restrict processing (not available under PDPO or PDPA): You have the right to request that we restrict our processing of your personal data in certain circumstances. We can only continue to store your data, and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise, or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or UK public interest.
    The circumstances in which you are entitled to request that we restrict the processing of your personal data include the following:
    • where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
    • where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
    • where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
    • where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.
    If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will notify you before lifting any restriction on processing your personal data.
     
    Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
     
    Right of data portability (not available PDPO): If you wish, you have the right to transfer your personal data between data controllers. If applicable, this means that you are able to transfer any HashKey account details to another provider. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another provider. Alternatively, we may directly transfer the data for you. This right of data portability applies to: (i) personal data that we process automatically (i.e., without any human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or in order to fulfill a contract.
     
    Right to lodge a complaint with a supervisory authority:
    If you are in the EU or UK, you also have the right to lodge a complaint with your local supervisory authority.
     
    The supervisory authority in the UK is the Information Commissioner's Office at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (T: 0303 123 1113 E: icocasework@ico.org.uk).
     
    The supervisory authorities for EU Member States are listed (along with contact details) here.
     
    If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), for details on how to contact us, see the details set out in Section 14 "Contact HashKey" below.
     
    NOTE: We may keep a record of your communications to help us resolve any issues that you raise.
     
    It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.
     
    1. Termination or cancellation
     
    Should your relationship with HashKey be cancelled or terminated at any time, HashKey shall cease processing your personal data as soon as reasonably practicable following such cancellation or termination, provided that HashKey may keep copies of the data as is reasonably required for reasonable purposes, such reasonable purposes shall include keeping of records, use in relation to any actual or potential dispute, complying with applicable laws and regulations, and protecting HashKey’s rights, property or safety, or the rights, property or safety of HashKey’s employees and agents.
     
     
    1. Language
    If there is any inconsistency or conflict between the English and Chinese versions of this Privacy Policy, the English version shall prevail.
     
    1. Contact HashKey
     
    If you have any questions or concerns about this Privacy Policy or how HashKey processes your personal data, or if you would like to make a request for access or update of your personal data, please contact HashKey's Data Protection Officer by post or by email at:
     
    Address:
     
    Singapore:
    3 Church Street
    Samsung Hub #28-06
    Singapore 049483
     
    Hong Kong:
    14th Floor, Three Exchange Square
    8 Connaught Place, Central
    Hong Kong
     
    Bermuda:
    c/ Carey Olsen Services Bermuda Limited
    Rosebank Centre, 5th Floor,
    11 Bermudiana Road,
    Pembroke, HM 08,
    Bermuda
     
     
    UK Representative: Data Privacy Officer (dpo@hashkey.com)
     
    EU Representative: Data Privacy Officer (dpo@hashkey.com)
     
     
    Email:
     
    • In respect of requests pertaining to HashKey Exchange - customersupport@hashkey.com .
    • In respect of all other requests - media@hashkey.com
     
     
    1. Legal Bases for Processing Your Data (This section is applicable to EU GDPR and UK GDPR only)
     
    The legal bases that we rely on to process your personal data are listed below.
     
    1. Legitimate Interests
    Article 6(1)(f) of the EU GDPR (and equivalent provisions under UK GDPR) says that we can process
    your data where it "is necessary for the purposes of the legitimate interests pursued by [us] or by a third party,
    except where such interests are overridden by the interests or fundamental rights or freedoms of [you]
    which require protection of personal data."
    You have the right to object to us processing your personal data on this basis.
    We use and store your personal data in order to ensure you can access the products and services available through the HashKey website(s) or the HashKey Exchange smoothly and so as to respond to you if you contact us through the HashKey website(s).
     
    1. Consent
    In certain circumstances, we are required to obtain your consent to the processing of your personal data
    in relation to certain activities.
    Article 4(11) of the EU GDPR states that (opt-in) consent is "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her" In plain language, this means that:
    • You have to give us your consent freely, without us putting you under any type of pressure.
    • You have to know what you are consenting to so we will make sure we give you enough information.
    • You should have control over which processing activities you consent to and which you do not.
    • You need to take positive and affirmative action in giving us your consent. We are likely to provide a check box for you to check so that this requirement is met in a clear and unambiguous fashion.
    • We will keep records of the consents that you have given in this way.
    You have the right to withdraw your consent to these activities. You can do so at any time.
     
    1. For the Performance of a Contract
    In certain circumstances we may use and process your personal information where it is necessary to perform a contract that you have with us. For example, when you access any product or services through the HashKey website(s) or HashKey Exchange, we need to use your personal information to process any transactions and to respond to any requests you may have.
     
    1. Compliance with a Legal Obligation
    We also have legal obligations that we must comply with. Article (6)(1)(c) of the EU GDPR
    (and equivalent provisions under UK GDPR) states that we can process your personal data where this
    processing "is necessary for compliance with a legal obligation to which [we] are subject."
    We will process your data where we are required to comply with our legal obligations. If we believe in
    good faith that it is necessary, we may share your data in connection with crime detection or tax collection.
    We also may share your data with other relevant bodies in order to comply with any regulatory obligations.
    We will keep records of your personal data (including personal data contained in communications and calls)
    in accordance with our legal obligations.
    In this Privacy Policy we refer to data being processed or disclosed in connection with a legal obligation. It is not possible to provide a comprehensive and exhaustive list of the legal obligations that may give rise to such requirements. New laws may be enacted or other obligations become binding which may require processing your data in accordance with other legal obligations. However, examples include processing in order to comply with court orders, regulatory rules or directions, or applicable legislation. Legislation which would require us to process your personal data includes legislation pertaining to corporate obligations, anti-money laundering and tax and accounting.
     
    1. Establish, Exercise, or Defend Legal Claims
    Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance
    with local laws and requirements, special categories of personal data in connection with exercising or defending
    legal claims. Article 9(2)(f) of the EU GDPR (and equivalent provisions under UK GDPR) allows this where the
    processing "is necessary for the establishment, exercise, or defence of legal claims or whenever courts are
    acting in their judicial capacity."
    This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
     
    1. Special Categories of Personal Data
    In certain cases, we may process information about your ethnic background, gender, disability, age, sexual
    orientation, religion or other similar beliefs, and/or social-economic background. We will do this only where
    appropriate and in accordance with local laws and requirements.
    This information is what is called ‘special categories’ of personal data (this is also known as sensitive personal data).
    We may need to obtain your explicit consent before we can collect it. We will ask for your consent by offering you
    an opt-in. This means that you have to explicitly and clearly tell us that you agree to us collecting and using this information.
    We may collect other special categories of personal data about you, such as health-related information.
    We will never do this without your explicit consent.
    If you are not happy about this, you have the right to withdraw your consent at any time.
     
    1. How do We Store and Transfer Your Data Internationally?
    We want to make sure that your data is stored and transferred in a way that is secure. We will therefore only transfer data overseas where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. For example:
    • By data transfer agreement, incorporating applicable standard contractual clauses for the transfer of personal data to data controllers and processors in jurisdictions which do not benefit from a finding of adequacy (see next paragraph).
    • Transferring your data to a country where there has been a finding of adequacy by the European Commission or the UK's data protection supervisory authority in respect to that country's levels of data protection via its legislation.
    • To the extent applicable, by way of scheme approved by the European Commission or under relevant UK legislation, whether as a successor to the EU-US Privacy Shield or scheme which otherwise permits the exchange of personal data between jurisdictions.
    • Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interest for the purposes of that contract (e.g., if we need to transfer data in order to meet our obligations under that contract).
    • Where you have consented to the data transfer.
    See more
    icon