Privacy Policy

Your privacy is important to us. At [Hex] (“we”, “us” or “our”), we are committed to protecting the privacy, confidentiality and security of the personal information we collect and hold by complying with the requirements under the Hong Kong Privacy (Data Protection) Ordinance (Chapter 486 of the Laws of Hong Kong) (“​PDPO​”). We are equally committed to ensuring that all our employees and agents uphold these obligations.

This policy explains how we manage personal information within our organisation. It applies to us​ ​and all of our related companies, affiliates and associates.

How do we collect personal information?

We collect personal information from you in the following circumstances: when you register an account with us; order products or services from us; subscribe to our newsletter; or complete any application form to us or submit a query or request to us. In some cases, we may be required by law to collect personal information about you. The personal information will generally be acquired through our channels, but we may however obtain information through a third party, such as representatives, agents or contractors who provide services to us, or third parties whom may refer you to us as they think you may be interested in our products or services.

What information do we collect?

The kinds of personal information that we collect and hold about you may include:

  • identifying information, such as your name, date of birth, identity document, passport, business registration, certificate of incorporation, etc..;
  • contact information, such as your postal address, email address and telephone number;
  • social media profile information that you make available to us or to the public;
  • blockchain identifiers, such as blockchain addresses and public keys;
  • usernames and passwords that you create when registering for an account with us;
  • details of any products or services that we provide to you;
  • information about how you use the products and services we provide; and
  • records of our communications with you, including any messages you send us.

Without this information, we may not be able to provide you with our products or services (or with all of the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.

What do we use your personal information for?

We use personal data that we collect about you for the following purposes:

  • to verify your identity for the purpose of satisfying our Anti-Money Laundering obligation;
  • to determine your eligibility for any of our products or services;
  • to determine your compliance with the terms and conditions that apply to any of our products or services and applicable law;
  • to enable us to provide our products and services;
  • to improve our website based on your information and feedback;
  • to answer your queries and requests;
  • to comply with our legal and regulatory obligations;
  • to carry out market analysis and research;
  • to monitor use of our products and services;
  • to assess, maintain, upgrade and improve our products and services;
  • to carry out education and training programs for our staff;
  • to manage and resolve any legal or commercial complaints or issues;
  • to carry out planning and forecasting activities and other internal business processes; and
  • to keep you informed about our activities, including by sending out newsletters.

EEA Residents: For individuals who reside in the European Economic Area (including the United Kingdom) or Switzerland (collectively “EEA Residents”), pursuant to Article 6 of the EU General Data Protection Regulation (GDPR) or any equivalent legislation (collectively “EEA Data Protection Law”), we process this personal information based on our contract with you to comply with our legal obligations, to satisfy our legitimate interests as described above and to satisfy on your consent.

Who do we disclose your personal information to?

We may share personal information about you with:

  • your representatives, advisers and others you have authorised to interact with us on your behalf;
  • our staff who need the information to discharge their duties;
  • related entities within our corporate group;
  • our business partners, agents and service providers;
  • payment system operators and financial institutions;
  • prospective purchasers of all or part of our business or shares in our company or a related entity;
  • professional advisers who we engage to provide advice on our business; and
  • government authorities who ask us to disclose that information, or to other people as required by law.

Under this privacy policy, you consent to your personal information being disclosed in such circumstances.

In some cases, the people to whom we disclose your personal information may be located overseas. There may not be in place data protection laws which are substantially similar to, or serve the same purposes as Hong Kong. As such, your personal information may not be protected to the same or similar extent as in Hong Kong.

How do we protect and store your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.We offer the use of a secure server. All personal information provided to us is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our database, which can only be accessed by those with special access rights to our systems, and are required to keep the information confidential. We update these physical and technical security processes and procedures from time to time to address new and emerging security threats that you become aware of.

Do we retain your personal information?

Yes, however your personal data will not be kept longer than required.

We may retain your personal information for a period of at least seven (7) years from the date on which we collect the information until the last transaction is completed with you or our relationship ends (whichever occurs last). At our discretion, we may retain personal data for longer than this period if we consider it necessary or desirable to do so to meet our legal or regulatory obligations.

Can you access and correct your personal information?

Yes. If you want to access any of the personal information that we hold about you or to correct some aspect of it (e.g. because you think it is incomplete or incorrect), please contact us using the contact details set out below. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.

Even if you do not request access to and/or correct your personal data held by us, if we are satisfied that, having regard to the reasons for which we hold your personal data, that personal data is inaccurate, incomplete, out-of-date, irrelevant or misleading, we may take reasonable steps to correct that data.

Do we use cookies?

Yes, we use cookies on our website/platform to monitor and observe your use of our websites, compile aggregate data about that use, and provide you with more effective service (which may include customising parts of our websites based on your preferences and past activities on those websites). “Cookies” are small text files created and stored on your hard drive by your internet browser software, in order to hold relevant information and the webpage you are currently viewing. Most internet browsers have a facility that will allow you to disable cookies altogether – please refer to your browser’s help menu to find out how to do this. While you will still be able to browse our websites with cookies disabled on your internet browser, some website functionality may not be available or may not function correctly.

Third party links

Occasionally, at our discretion, we may include links to third party products or services on our website. These third-party sites have separate and independent privacy policies. Further, we do not verify their content. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Your Consent

By using our site, providing personal information and/or using any of our products or services, you agree that you consent to our privacy policy, as updated from time to time.

Changes to our Privacy Policy

We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will be available at kyc.hexcustody.com/privacy-policy.html

European Economic Area Users & Data

If you are a resident of the European Economic Area (the “EEA”), we are the controller with respect to your personal information. We determine the means and purposes of processing data in relation to e-wallet and cryptocurrency transactions.

Legal basis for processing personal information

Our legal bases for processing under General Data Protection Regulation are described above in the sections entitled “What do we use your personal information for?”. We may process your personal information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, our rights or safety and our customers or others.

Direct Marketing

If you are a current customer residing in the EEA, we will only contact you by electronic means (email) with information about our services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.

If you are a new customer and located in the EEA, we will contact you if you are located in the EU by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to use your personal information in this way, or to pass your personal information on to third parties for marketing purposes, please contact us to opt-out immediately. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services

Individual Rights

EEA users have the following rights, which can be exercised by contacting us:

  • Right to withdraw consent. You have the right to withdraw your consent to the processing of your personal information collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of our data processing based on consent before your withdrawal.
  • Right of access to and rectification of your personal information. You have a right to request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal information held by us ​that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
  • Right to delete. You have the right to request deletion of your personal information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing that you previously consented, but later withdraw such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal information public and are obliged to delete the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the deletion of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws.
  • Right to data portability. If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your personal information.
  • Right to restriction of or processing. You have the right to restrict or object to us processing your personal information where one of the following applies:
    • (a) You contest the accuracy of your personal information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal information.
    • (b) The processing is unlawful and you oppose the deletion of your personal information and request the restriction of its use instead.
    • (c) We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defence of legal claims.
    • (d) You have objected to processing, pending the verification of whether our legitimate grounds of us processing your data override your rights.
  • Restricted personal information shall only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.
  • Notification of deletion rectification and restriction. We will communicate any rectification or deletion of your personal information or restriction of processing to each recipient to whom your personal information has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.
  • Right to object to processing. Where the processing of your personal information is based on consent, contract or legitimate interests you may restrict or object, at any time, to the processing of your personal information as permitted by applicable law. We can continue to process your personal information if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law.
  • Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
  • Right to lodge a complaint. If you believe that we have infringed your rights, we encourage you to contact us first at ​ops@hexcustody.com so that we can try to resolve the issue or dispute informally. You can also complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In the UK, the relevant data protection authority is the Information Commissioner's Office.Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, 0303 123 1113, ​casework@ico.org.uk​.
  • Storage of your personal information. We ​will try to limit the storage of your personal information to the extent that storage is necessary to serve the purpose(s) for which the personal information was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.

Your rights to personal information are not absolute. Access may be denied when:

  • denial of access is required or authorized by law;
  • granting access would have a negative impact on other's privacy;
  • to protect our rights and properties; and
  • where the request is frivolous or vexatious.

Complaints

We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact us by using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation.

If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Hong Kong Privacy Commissioner for Personal Data.

Contact details

If you want any further information from us on privacy matters, please contact us at: ops@hexcustody.com

We use cookies, including third-party cookies, to ensure that we give you the best experience on our website. By continuing to browse, you consent to the use of cookies. Learn more about cookies and how to control whether they are enabled. View our Privacy Policy for more information.
AcceptDenyCookies Settings
Cookie preferences