跳到主内容

MENA Privacy Policy

HashKey MENA Team
更新

screenshot-20250428-121541.png

 

HashKey Privacy Policy

(Last updated on: 13 November 2025)
 

HashKey Digital Asset Group Limited and its affiliates (hereinafter referred to as "HashKey", "we", "us" or "our"), including but not limited to Hash Blockchain Limited, and HashKey Bermuda Limited, HashKey MENA FZE ("HMF") are committed to protecting the privacy, confidentiality and security of the Personal Data held by HashKey complying with the requirements of applicable Personal Data protection laws including :

 

  • the Personal Data Protection Act 2012 of Singapore ("PDPA");
  • the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) ("PDPO");
  • the General Data Protection Regulation of the European Union ("EU GDPR");
  • the General Data Protection Regulation of the United Kingdom ("UK GDPR") ;
  • Federal decree by Law No. (45) of 2021 Concerning the Protection of Personal Data ("UAE PDPL"); and
  • Virtual Asset Regulatory Authority Technology and Information Rulebook, Part II, Personal Data Protection ("VARA Data Protection Rules"),

 

with respect to the collection, use, processing and management of Personal Data. In doing so, HashKey is equally committed to ensuring that all its employees and agents uphold these obligations.

 

This Privacy Policy ("Privacy Policy") applies to our investors, job applicants and visitors of HashKey's website(s) or other third parties ("you") located in Hong Kong, Singapore, Bermuda, the United Kingdom ("UK"), the European Union ("EU"), the United Arab Emirates ("UAE") and such jurisdiction as permitted under applicable laws (as the case may be) ("your jurisdiction").

 

For the purpose of this Privacy Policy, "Personal Data" is defined as any information that relates to an identifiable individual, either directly or indirectly. Personal Data will be collected only for lawful and relevant purposes and all practicable steps will be taken to ensure that Personal Data held by HashKey is accurate. HashKey is responsible for the processing of your Personal Data as it decides why and how it is processed and thereby acting as the Data Controller for Personal Data collected and processed in connection with the provision of HashKey Services.

 

To the extent that you are a customer or user of our services, this Privacy Policy applies together with the relevant Investor Business Terms and any other agreements we may have with you.

 

To the extent that you are not a relevant stakeholder, customer or user of our services, but are using our website, this Privacy Policy also applies to you, together with our Cookie Policy.

 

This Privacy Policy should therefore be read together with our Cookie Policy, which provides further details on our use of cookies on the website. 

 

This policy applies to the following HashKey entities:

 

HashKey Digital Asset Group Limited

Place of registration: Hong Kong

Company registration number: 69098044

Address: 14/F Three Exchange Square, 8 Connaught Place, Central, Hong Kong

 

Hash Blockchain Limited

Place of registration: Hong Kong

Company registration number: 69104532

Securities and Futures Commission Central Entity Number: BPL992

Address: Units 614-615, Level 6, Cyberport 3, 100 Cyberport Road, Hong Kong

 

HashKey Bermuda Limited

Place of registration: Bermuda

Company registration number: 202302864

Class F licence holder granted by the Bermuda Monetary Authority

Address: c/ Carey Olsen Services Bermuda Limited, Rosebank Centre, 5th Floor,

11 Bermudiana Road, Pembroke, HM 08, Bermuda

 

HMF, a free zone establishment, registered within the Dubai with registered offices at EPO-0120, 26th Floor, Sheikh Rashid Tower, DM Building Number 14, Dubai World Trade Center Complex, Sheikh Zayed Road, Dubai, United Arab Emirates is the Data Controller for personal information collected and processed in connection with the provision of HMF's services. HMF is regulated by the Dubai Virtual Assets Regulatory Authority (“VARA”) to carry out Virtual Asset-related activities in the Emirate of Dubai, including its free zones, but excluding the Dubai International Financial Center.

 

  1. Collection of Personal Data

 

Personal Data is data that identifies an individual or relates to an identifiable individual. This includes data you provide to us, data which is collected about you automatically and data we obtain from third parties.

 

Please note that if you do not provide HashKey with Personal Data (or relevant Personal Data relating to persons appointed by you to act on your behalf), HashKey may not be able to provide the information, products or services you have asked for or process your requests, applications, subscriptions or registrations, as applicable.

 

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.

 

Personal Data may be collected from you on a voluntary basis for particular purposes or services. Your Personal Data is collected and held by HashKey as explained below:

 

 

Data subjects Types of personal data collected and how we collect your personal data
Investors

When you apply, subscribe and register for HashKey products and services or make enquiries to HashKey, we will collect personal information about you so that we can process your application, subscription and registration including but not limited to your name, telephone number, mobile phone number, address, email address, facsimile number, gender, date of birth, government identifiers, age, job title, bank details, interests and other information you provide via the HashKey website(s) or any other means.

 

We may also collect other ​Personal Data you provide as set out in sections of the HashKey website(s) which invite you to provide ​Personal Data.
Job applicants

We will collect information including but not limited to the below to process your job application with HashKey:

  • your personal details, including your name, telephone number, mobile phone number, address, email address, facsimile number and language proficiency;
  • your education background, including your level of education and field of study;
  • ​Personal Data contained in your resume attached to your application, transcript or reference letter; and
  • other ​Personal Data you provide in the job application process with HashKey.
Visitors of HashKey's website(s) (whether an investor, job applicant or other third party) or persons who access the HashKey Exchange1

When you visit the HashKey website(s) or access the HashKey Exchange, we will record each of your visits and will automatically collect the following information:

  • technical information, including the Internet protocol ("IP​") address used to connect your computer or mobile device to the Internet, your login information, browser type and version, geographical location, time zone setting, browser plug-in types and versions, device types, operating system, time and date of consent and platform; and
  • information about your visit, including the full Uniform Resource Locators ("URL"), clickstream to, through and from the HashKey website(s) (including date and time), products you viewed, searched for, filtered or purchased, the hyperlinks you have clicked, site usage including page viewed and page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse the HashKey website(s).

We may also collect your Personal Data including but not limited to your name, telephone number, mobile phone number, address, email address, facsimile number, gender, date of birth, nationality, job title, interests, subscription details of HashKey products and services and other information you provide to HashKey.
Information we collect from our affiliates and third parties

From time to time, HashKey may obtain information about you from HashKey affiliates or third-party sources as required or permitted by applicable laws.

 

 

  1. Use of personal data

 

From time to time, where Personal Data is provided to HashKey, HashKey may use the Personal Data as explained below and such Personal Data may be transferred to a place outside your jurisdiction.

 

In general, for all external parties, we use your Personal Data for the purpose directly related to the function or activity of HashKey, to comply with legal requirements, to carry out obligations arising from the contracts entered between you and HashKey (if any). We have specified the purposes of use of your Personal Data in this "Use of personal data" section.  We may also notify you of other purposes at the time of collection of the Personal Data.

 

  • Investors: For the purpose of providing products and services to you, we will use the information that we have collected about you to:

 

Why and how we process your information Legal basis relied upon under EU GDPR and UK GDPR (not applicable to PDPO and PDPA)

Process your applications, subscriptions and registration for HashKey products and services.

 

We will process your ​Personal Data if such processing is necessary for the conclusion or performance of a contract between HashKey and you.

 
  • Administer your accounts and provide you with HashKey products and services.
  • Provide you with the online services available through the HashKey's website(s), through the HashKey Exchange and/or through other telecommunication channels.

Legitimate interests, namely it is in our interests:

  • to maintain our account holder details;
  • to service your account and communicate with you;
  • to ensure our business runs smoothly;
  • to safeguard our business interests; and
  • to verify the people we deal with.

 

We may also need to process your data to comply with applicable laws and regulations, and anti-money laundering laws and regulations.

 

 
Process your data in accordance with our legal obligations and/or internal processes or process your data to comply with any of our other legal obligations.

Legitimate interests, namely it is in our interests:

  • to ensure compliance with applicable laws and regulations and our internal policies and risk management requirements;
  • ​to detect and prevent fraud and abuse in order to protect the security of our users, ourselves and others;
  • to safeguard our business interests; and
  • to verify the people we deal with.

 

We may also need to process your data to comply with applicable laws and regulations, and anti-money laundering laws and regulations.

 

 
Respond to and process your enquiries and take further action or to follow-up as required.

Legitimate interests, namely it is in our interests and your interests for us to provide our services to you or answer any queries.

 
Store your details (and updating them when necessary) on our database, so that we can contact you in relation to the function or activity of HashKey.

Legitimate interests, namely it is in our interests and your interests:

  • to ensure we have an accurate record of all of our customers that we interact with; and
  • to ensure our business runs smoothly.

 
  • Improve your experience while using our services.

 

  • Design new and/or enhance existing services, products, activities and/or other events relating to HashKey products or services.

 

Legitimate interests, namely it is in our interests and your interests:

  • to ensure that we provide you with relevant information in the future; and
  • to ensure our business runs smoothly.

 

We may also need to process your data to comply with ​applicable laws and regulations, and anti-money laundering laws and regulations.

 

Conduct research, survey and/or analysis from time to time to better understand your needs, preferences, interests, experiences and/or habits.

 

Legitimate interests, namely it is in our interests to improve and develop our offering by considering your feedback and feeding this into our processes where we deem necessary.

 
  • Register you for investor-related events, activities and materials.

 

  • Market and promote existing and future HashKey products or services.

 

  • Provide you with information regarding the market insights in connection with HashKey products or services.

We will send you marketing emails in reliance on your consent.

 

Where permitted by applicable law and unless you have opted-out, we may also send marketing communications based on our legitimate interests, namely it is in our interests to send you marketing communications where you are an existing customer who has accessed similar HashKey products or services in the past. When you consent to processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose. The withdrawal of your consent will not affect the lawfulness of processing prior to such withdrawal.

 

To help us to establish, exercise or defend legal claims.

 

 

 Legitimate interests, namely it is in our interests for us to be enabled to establish and defend our legal rights,  manage pending or actual disputes and understand our obligations, and seek legal advice in connection with them.

 

  • Job applicants: For the processing of your job application and administration of our recruitment database, we will use the information that we have collected about you to:

           

Why and how we process your information Legal basis relied upon under EU GDPR​ and UK GDPR (not applicable to ​Hong Kong and ​Singapore)

 

  • evaluate and process job applications;
  • ​keep job application records;
  • ​assess suitability of candidates for job positions;
  • ​communicate with you in the course of your employment and performing human resource management functions and activities;
  • ​communicate with you on other opportunities; and
  • comply with our legal obligations.

Legitimate interests, namely it is in our interests:

  • to assess your suitability for job positions;
  • maintain job applicants' records; and
  • communicate with you on current or future opportunities.

 

We may also need to process your data to comply with our legal obligations.

 

 

 

If your jurisdiction is Hong Kong or Singapore, we will obtain your consent before using your Personal Data for other purposes, unless otherwise permitted by applicable law.  If your jurisdiction is the EU, or the UK, we will rely on your consent or the alternative legal basis as identified in the table,and in accordance with applicable laws, unless as otherwise specified (e.g. we rely on consent to send you marketing emails).

UAE-Specific Legal Basis for Processing:

Under the UAE PDPL, the primary lawful basis for processing personal data is consent. However, the UAE PDPL provides specific exceptions where processing may be carried out without consent. These include: processing necessary for public interest, legal claims, employment or social protection obligations, public health, vital interests, contract performance, archiving, research or statistical purposes, and other cases specified in the UAE PDPL Executive Regulations. When processing falls within one of these exceptions, the Controller may rely on that exception as a lawful basis. Legitimate interests, as recognized under the EU GDPR or UK GDPR, are not acknowledged under the UAE PDPL and cannot be used as a basis for processing.

In practice, this means that for UAE data subjects, processing should either be based on explicit consent or one of the statutory exceptions outlined above. Any reference in the table to “legitimate interests” for UAE purposes should be disregarded or replaced with the relevant UAE PDPL exception.
 

(iii) Visitors of HashKey website(s) or persons who access the HashKey Exchange

 

We use your Personal Data to help us to improve your experience of using the HashKey website(s) or accessing the HashKey Exchange and to compile general statistics in relation to the number of visitors to HashKey website(s) and the use of the HashKey website(s) or the HashKey Exchange. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see Section 4 "How does HashKey use cookies" below.

 

We may also use your Personal Data for artificial intelligence analytics, provided that our use of artificial intelligence tools is in compliance with all applicable laws.

 

3. How does HashKey share your personal data

 

HashKey may be required to retain, process and/or disclose your Personal Data to agents, contractors or other third-party service providers, to which HashKey does not assume any liability for any loss or damage that you may sustain, in order to:

1.    comply with a court order, subpoena or other legal process (whether in Hong Kong, Singapore, the UAE or elsewhere);

2.    comply with applicable laws and regulations;

3.    comply with a request by a government authority, law enforcement agency or similar body (whether situated in Hong Kong, Singapore, the UAE or elsewhere). We may need to share your information in order to enforce or apply our legal rights to prevent fraud;

4.    provide to the third-party database for submitting behaviours concerning anti-money laundering, terrorism financing and evading trade and economic sanctions;

5.    provide to a third party which provide services (such as legal, financial, management, operation, market surveillance, analytic or technical services) or is associated or acting as a nominee to HashKey. These third parties must process the personal information in accordance with our contractual agreements and as only permitted by applicable data protection laws;

6.    provide to any third party to whom HashKey’'s businesses or any part of HashKey's businesses will be sold, assigned or transferred to, if applicable;

7.    HashKey may need to retain, process and/or disclose your Personal Data in order to enforce any agreement with you, protect HashKey's rights, property or safety or the rights, property or safety of HashKey's employees; or 
We also may disclose your Personal Data as may be described in a notice to you at the time the information is collected or before it is shared, or in any other manner to which you consent.
 


4.    How does HashKey use cookies

If you access HashKey's information or services through the HashKey website(s) or the HashKey Exchange (as applicable), you should be aware that cookies are used. Cookies are data files stored on your browsers. The HashKey website(s) and HashKey Exchange (as applicable) automatically installs and uses cookies on your browsers when you access it, which are used to store your preferences, enhance the function of the HashKey website(s) or the HashKey Exchange (as applicable) and facilitate your browsing. The cookies used in connection with the HashKey website(s) or the HashKey Exchange (as applicable) do not contain Personal Data. You may refuse to accept cookies on your browsers by modifying the settings in your browsers or internet security software. However, if you do so, you may not be able to utilise or activate certain functions available on the HashKey website(s) or the HashKey Exchange (as applicable). For detailed information on how HashKey uses cookies and the purposes for which cookies are used, please refer to our cookies policy.
 
5.    Third party websites

The HashKey website(s) or the HashKey Exchange may from time to time contain links to other websites. These other websites are independent from the HashKey website(s) or the HashKey Exchange. HashKey has no control or management over the contents of such other websites or their privacy policies or compliance with the law. You should be fully aware that the provision of such links do not constitute an endorsement, approval or any form of association by or with HashKey and HashKey has no control over the Personal Data submitted by you, if any, to other websites.

6.    Transfer of personal data

For one or more of the purposes specified above, HashKey may transfer your Personal Data outside your jurisdiction to any agents, contractors or other third-party service providers who provide administrative, telecommunications, computer, payment, debt collection, data processing, data storage, data analytics or other services to HashKey in Hong Kong, Singapore, Bermuda, the EU, the UK or elsewhere, and other third parties as notified at the time of collection.

HashKey may share your Personal Data within its group of companies for providing the products and services sought by you for the same purpose or directly related to the purposes at the time of collection.

HashKey may rely on your consent for data transfer or adopt contractual and/or other means to ensure the agents, contractors or other third-party data processors who process Personal Data on behalf of HashKey will take all reasonable steps to: (i) protect the Personal Data they hold against unauthorised or accidental access, processing, erasure, loss or use; and (ii) ensure that Personal Data will not be kept longer than necessary. HashKey will ensure suitable safeguards are implemented to ensure that such transfers are carried out in compliance with applicable data protection rules. 
 

 

UAE-specific provisions

 
To facilitate our global operations, HashKey may transfer your Personal Data outside of Dubai and the United Arab Emirates in accordance with the UAE PDPL. Transfers may occur to countries that provide an adequate level of protection under applicable laws, or, where such adequacy is not established, with appropriate safeguards in place, including recognized contractual mechanisms such as EU Standard Contractual Clauses adopted for UAE PDPL compliance.

We may transfer your Personal Data to HashKey Affiliates, third-party partners and service providers based throughout the world. These parties are contractually obliged to protect the confidentiality and security of your Personal Data, in compliance with the applicable data protection law.
 

HashKey also puts in place suitable technical, organisational and contractual safeguards (including EU Standard Contractual Clauses (“EU SCCS”) adapted as necessary to reflect UAE PDPL requirements to ensure that such transfer is carried out in compliance with applicable data protection rules and requirements.
 

To comply with VARA and the VARA Data Protection Rules, HashKey will notify VARA as soon as possible and in any event within twenty-four (24) hours following notification to us of any incident affecting, or potentially affecting, Personal Data by either:

  1. Any data regulator, including in the UAE; or
  2. A data subject.

 

HashKey will provide VARA with a summary of such incident report and a copy of such incident report if the relevant data regulator is located within the UAE (unless and to the extent prohibited by applicable law as demonstrated by HMF to VARA’s satisfaction).

 

7. Corporate reorganisation

 

As HashKey continues to develop its business, it may reorganise its business structure, undergo a change of control or business combination. In these circumstances, it may be the case that your Personal Data is transferred to a third party who will continue to operate HashKey's business or a similar service under either this Privacy Policy or a different privacy policy which will be notified to you. Such a third party may be located, and use of your Personal Data may be made in connection with such acquisition or reorganisation outside your jurisdiction (i.e., Hong Kong, Singapore, Bermuda, the EU, the UK or the UAE). We will comply with the applicable data privacy laws in disclosing your Personal Data to the prospective third party, if applicable.

 

8. Protection of personal data

 

HashKey will take reasonable and practicable steps to ensure the security of your Personal Data and to avoid unauthorised or accidental access, erasure or use for other purposes. This includes physical, technical and procedural security methods, where appropriate, to ensure that your Personal Data may only be accessed by authorised personnel.

 

All Personal Data provided to HashKey will be securely stored with restricted access by authorised personnel only. We utilise encryption/security software for data transmission so as to protect your data via encrypting it in a secure format to ensure its privacy and security from unauthorised access or disclosure, accidental loss, alteration or destruction.

 

In addition, we may rely on your consent or  adopt contractual or other means to prevent any Personal Data transferred to HashKey's data processors (i) from being kept longer than is necessary for processing of the data; and (ii) from unauthorised or accidental access, processing, erasure, loss or use, if HashKey is to engage any data processor.  For those located in the EU, the UK or the UAE, we are required to impose the mandatory contractual obligations on our data processors in compliance with EU GDPR, UK GDPR and UAE PDPL.

 

Nevertheless, the transmission of information via the internet is not completely secure. Although HashKey will do its best to protect your Personal Data, HashKey cannot guarantee the security of data transmitted to the HashKey website(s). Once your Personal Data is received, HashKey will use strict procedures and security features to try to prevent unauthorised access.

 

If you suspect any misuse, loss of or unauthorised access to your Personal Data, please let us know immediately, following the details set out in Section 15 "Contact HashKey" below.

 

9. Notice on direct marketing

 

Where you have given consent and have not subsequently opted out, HashKey may from time to time use your Personal Data (including your name and contact details) to send you direct marketing or promotional communications such as emails containing news, promotions, events and marketing offers. The dispatch of such direct marketing communications may be undertaken by third-party service providers.

 

If you do not wish to receive further direct marketing or promotional materials from HashKey, you may opt out of receiving direct marketing or promotional communications by contacting HashKey by one of the communication channels set out in Section 15 "Contact HashKey" below.

 

10. Retention of personal data

 

We aim to retain your Personal Data no longer than is necessary for the fulfilment of the purposes of collection unless a longer retention period is required or permitted by applicable laws, rules and regulations. The precise length of time will depend on the type of data, our legitimate business needs, and other legal requirements that may require us to retain it for certain minimum periods.

 

We may be required to retain certain data for the purposes of tax reporting or responding to tax queries. In other instances, there may be some other legal or risk management requirements to retain data, including where certain data might be relevant to any potential litigation (bearing in mind the relevant limitation periods).

 

In determining the appropriate retention period for different types of Personal Data, we always consider the amount, nature and sensitivity of the Personal Data in question, the potential risk of harm from unauthorised use or disclosure of that Personal Data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition, of course, to ensuring that we comply with our legal and risk management obligations, as described above).

 

Once we have determined that we no longer need to hold your Personal Data for the purposes for which it was collected, and provided there are no applicable legal or regulatory retention requirements, we will securely delete or anonymize it from our system.

 

HashKey will take commercially reasonable steps to ensure the accuracy of your Personal Data held by HashKey. If HashKey becomes aware that the Personal Data is inaccurate, HashKey will not use such data and will notify any third party to which such Personal Data has been transferred regarding the same.

 

For Personal Data for recruitment purposes, HashKey will retain such data of an unsuccessful job applicant for a period not longer than two years from the date of rejecting the applicant, unless there is a subsisting reason that obliges HashKey to retain the data for a shorter or longer period, such as for compliance with applicable laws, rules and regulations; or you have given prescribed consent for the data to be retained beyond the prescribed period.

 

UAE-specific provision

 

Additionally, identity information and special categories of Personal Data may be retained for 10 years to comply with the VARA and other UAE regulators' record keeping requirements, as well as UAE anti-money laundering laws.

 

11. Your rights

 

As outlined below, you have a number of rights in relation to your privacy and the protection of your personal information, which may depend on your location. If you would like to exercise any of these rights, or withdraw your consent to the processing of your Personal Data (where consent is our legal basis for processing your Personal Data), for details on how to contact us, see the details set out in Section 15 "Contact HashKey" below.

 

These rights may be limited in some situations, and in some jurisdictions (as set out below) – for example, where we can demonstrate we have a legal requirement to process your Personal Data.

 

Right Applicability of jurisdiction Description
Right to object

EU, UK, Bermuda, UAE

 

 

This enables you to object to us processing your Personal Data and to obtain a copy of it as well as certain information related to its processing. This is possible for one of the following four reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research or statistical purposes.

 

The "legitimate interests" category above is most likely to apply. If your objection relates to us processing your Personal Data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:​

  • ​We can show that we have compelling legitimate grounds for processing which overrides your interests.​
  • ​We are processing your data for the establishment, exercise or defence of a legal claim.
Right to withdraw consent All jurisdictions We have obtained your consent to process your Personal Data. You may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose. In which case, we will inform you of this condition. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter.
Right to access All jurisdictions

We have obtained your consent to process your Personal Data. You may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose. In which case, we will inform you of this condition. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter.

 

In accordance with the terms of applicable laws, HashKey has the right to charge a reasonable fee for the processing of any data access request.

 
Right to erasure EU, UK, Bermuda, UAE

You have the right to request that we erase your Personal Data in certain circumstances. Normally, the information must meet one of the following criteria:​

  • ​the data is no longer necessary for the purpose for which we originally collected and/or processed them;​
  • ​where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;​
  • ​the data has been processed unlawfully (i.e., in a manner which does not comply with the EU GDPR, UK GDPR or the UAE PDPL);​
  • ​it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or​
  • ​if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

 

 

We would only be entitled to refuse to comply with your request for erasure for one of the following reasons:​

  • ​to exercise the right of freedom of expression and information;​
  • ​to comply with legal obligations or for the performance of a public interest task or exercise of official authority;​
  • ​for public health reasons in the public interest;​
  • ​for archival, research or statistical purposes; or​
  • ​to exercise or defend a legal claim.

 

When complying with a valid request for the erasure of data, we will take all reasonably practicable steps to delete the relevant data.

 
Right to restrict processing EU, UK, Bermuda, UAE

You have the right to request that we restrict our processing of your Personal Data in certain circumstances. We can only continue to store your data, and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual or reasons of important EU, UK or UAE public interest.

 

The circumstances in which you are entitled to request that we restrict the processing of your Personal Data include the following:​

  • ​where you dispute the accuracy of the Personal Data that we are processing about you. In this case, our processing of your Personal Data will be restricted for the period during which the accuracy of the data is verified; ​
  • ​where you object to our processing of your Personal Data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your Personal Data;​
  • ​where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and​
  • ​where we have no further need to process your Personal Data but you require the data to establish, exercise or defend legal claims.

 

If we have shared your Personal Data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will notify you before lifting any restriction on processing your Personal Data.

 
Right to rectification All jurisdictions

You also have the right to request that we rectify any inaccurate or incomplete Personal Data that we hold about you. If we have shared this Personal Data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete Personal Data. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

 
Right of data portability EU, UK, Bermuda, UAE, Singapore

If you wish, you have the right to transfer your Personal Data between data controllers. If applicable, this means that you are able to transfer any HashKey account details to another provider. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password protected so that you can transfer the data to another provider. Alternatively, we may directly transfer the data for you. This right of data portability applies to: (i) Personal Data that we process automatically (i.e., without any human intervention); (ii) Personal Data provided by you; and (iii) Personal Data that we process based on your consent or in order to fulfil a contract.

 
Right to consent to a decision based solely on automated processing (including profiling) UAE You have the right to require that decisions be reconsidered if they are made solely by the automated means, without human involvement: we use automated tools to make sure that you are eligible to be a customer, taking into account our interests and legal obligations: if these automated tools indicate that you do not meet our acceptance criteria, we will not onboard you as a customer. This right does not apply where automated processing is required by law, agreed under a contract with you, or you gave prior consent; in those cases, the controller must still implement safeguards to protect your rights.

Right to lodge a complaint with a supervisory authority

 

 EU, UK, UAE

You have the right to lodge a complaint with your local supervisory authority.

 

United Kingdom: The supervisory authority in the UK is the Information Commissioner's Office at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (T: 0303 123 1113 E: icocasework@ico.org.uk).

 

EU: The supervisory authorities for EU Member States are listed (along with contact details) here.

 

UAE: UAE Data Protection Office.

 

NOTE: We may keep a record of your communications to help us resolve any issues that you raise
Under the UAE PDPL, Controllers must provide clear and appropriate ways for data subjects to contact them to exercise their rights..

 

12.  Termination or cancellation

Should your relationship with HashKey be cancelled or terminated at any time, HashKey shall cease processing your Personal Data as soon as reasonably practicable following such cancellation or termination, provided that HashKey may keep copies of the data as is reasonably required for reasonable purposes, such reasonable purposes shall include: keeping of records, use in relation to any actual or potential dispute, complying with applicable laws and regulations and protecting HashKey's rights, property or safety, or the rights, property or safety of HashKey's employees and agents.

 

13. Language

If there is any inconsistency or conflict between the English and Chinese versions of this Privacy Policy, the English version shall prevail.


14. Updates to Privacy Policy

HashKey reserves the right from time to time to revise this Privacy Policy. Where any changes to this Privacy Policy are material (e.g., a new purpose for using your Personal Data), HashKey may notify you using the contact details which you have provided HashKey and by updating and issuing the new version on the HashKey website. However, if the changes are not material, HashKey has the right to decide whether or not to notify you by using the contact details you have provided to HashKey. You are advised to check the Privacy Policy periodically and pay attention to its revision (see date of update). After the publication of the new version of this Privacy Policy, your continued use of the HashKey website(s) or your continued relationship with HashKey shall be deemed to be acceptance of and consent (to the extent that consent is the relevant legal basis of processing your Personal Data) to this updated Privacy Policy, as amended from time to time.
 

15. Contact HashKey
 

If you have any questions or concerns about this Privacy Policy or how HashKey processes your Personal Data, or if you would like to make a request for access or update of your Personal Data, please contact HashKey's Data Protection Officer by post or by email at:

 

Country Contact Details
Singapore

Singapore:

3 Church Street

Samsung Hub #28-06

Singapore 049483

Data Privacy Officer: ​dpo@hashkey.com

 
Hong Kong

14th Floor, Three Exchange Square

8 Connaught Place, Central

Hong Kong

Data Privacy Officer: ​dpo@hashkey.com

 
Bermuda

 

c/ Carey Olsen Services Bermuda Limited

Rosebank Centre, 5th Floor,

11 Bermudiana Road,

Pembroke, HM 08,

Bermuda

Data Privacy Officer: ​dpo@hashkey.com

 
UK (Representative)

Data Privacy Officer (dpo@hashkey.com)

 

 
EU (Representative) Data Privacy Officer (dpo@hashkey.com)
UAE dpo@hashkey.com

 

  • In respect of requests pertaining to HashKey Exchange:

 

support@customer.hashkey.com – Hash Blockchain Limited

support@global-cs.hashkey.com – HashKey Bermuda Limited

相关文章

评论

0 条评论

登录写评论。