IF YOU ARE A RESIDENT OF THE UNITED STATES OF AMERICA, ONLY APPENDIX A – UNITED STATES WRISTCHECK PRIVACY POLICY APPLIES TO YOU. PLEASE FOLLOW THE LINK TO CAREFULLY REVIEW THE UNITED STATES WRISTCHECK PRIVACY POLICY IN APPENDIX A.

FOR NON-U.S. RESIDENTS: This privacy policy (the Privacy Policy) was last updated on the date above and shall be updated from time to time. Any changes to this Privacy Policy will become effective upon posting of the revised policy hereunder. The Data User recommends that the Users review this Privacy Policy regularly to ascertain the Data User’s latest policies and practices in relation to the Personal Data. 

This Privacy Policy is intended to inform all Users about the Data User’s policies and practices in treating Personal Data and Non-personal Information. Users understand and acknowledge to be bound by this Privacy Policy by using the Platform and the Services or by otherwise giving the Data User any of his/her Personal Data. If any User does not agree with any part of this Privacy Policy, then the Data User cannot provide the Platform and the Services to such User, and such User should stop accessing the same.

Capitalised terms shall be as defined in the terms and conditions unless otherwise herein defined:

Affiliates means, in relation to the Data User, any of its subsidiary, subsidiary undertaking,  holding company, parent undertaking and group undertaking;

Data User means Wristcheck Exchange Limited, the company responsible for the collection, holding, processing and/or use of Personal Data; 

GDPR is as defined in clause 10.2 of this Privacy Policy;

Users means persons who have signed up for an account on the Platform and User shall be construed accordingly;

PDPO means the Personal Data (Privacy) Ordinance, Chapter 486 of the laws of the Hong Kong Special Administrative Region, as amended from time to time; 

Personal Data means personal data collected from the Users by the Data User or otherwise held, processed and used by the Data User which (i) relates directly or indirectly to the Users; (ii) can be used to ascertain the identity of such Users as individuals; and (iii) is in a form which access to and/or processing of such data is practicable, including but not limited to, names, contact details, email addresses, phone numbers, cryptocurrency wallet details, credit card details and billing information, bank account numbers, delivery addresses, any other such personal description provided during registration of the Account, device information and identifier, location information as set out in clause 2.2 of this Privacy Policy, information collected by cookies as set out in clause 9 of this Privacy Policy and any information provided by or in relation to such Users pursuant to this Privacy Policy; and 

Non-personal Information means any such Personal Data which the Data User makes the identity of the individual not directly or indirectly ascertainable, either by combining it with information about other individuals (aggregating one User’s information with another User’s information), or by removing characteristics (such as User’s name) that make the information personally identifiable to such User (hence de-personalizing the information).

The Data User will request all its Users to voluntarily provide it with Personal Data for purposes set out in clause 3.2 of this Privacy Policy. 

In addition, when Users use certain features of the Platform and the Services, the Data User may collect, hold, process and/or use different types of information about such Users’ location, including specific information (e.g. GPS-based functionality on mobile devices used to access the Services). If Users do not want their devices to provide the Data User with location-tracking information, they can disable the GPS or other location-tracking functions on their devices.

1. The Data User will seek its Users’ (or their respective relevant persons as defined under the PDPO) expressed consents to changes in how it uses and/or discloses their Personal Data if requested by law, but otherwise use of the Platform or the Services following such changes constitutes their acceptances of the revised statement then in effect. 
2. The Data User limits the collection (which shall be adequate and not excessive), holding, processing and use of the Personal Data to the following specific and lawful purposes only: 
3. to enable and provide its Users with access and use of the Platform and/or the Services; 
4. to communicate with its Users, including but not limited to, for provision of technical, administrative, operational and account information regarding the Platform and/or the Services, and handling of their requests and complaints;
5. to contact its Users to conduct surveys and customer reviews about their experiences with the Platform and/or the Services;
6. to operate, protect, improve and optimize the Platform and/or the Services and to improve and customize its Users’ experiences when using the same, including but not limited to the collection of Personal Data by cookies as set out in clause 9 of this Privacy Policy;
7. to offer tailored content to its Users in accordance with their interests or other indications; 
8. to administer its business and conduct research and development for new products, features, services and applications in relation to the Platform and/or the Services; 
9. where applicable and subject to compliance of the PDPO, to provide its Users with marketing and promotional materials for their enjoyment of benefits of the Services;
10. only when its Users have provided the consents required under the PDPO, to send such Users personal newsletters, marketing and promotional messages and other information (either alone or in conjunction with products, features, services and/or applications offered by the Data User’s Affiliates or business partners) that may be of interest to such Users in accordance with clause 7;
11. to enforce the Data User’s legal and/or contractual obligations and rights, and to resolve disputes between the Data User and its Users and third-parties;
12. to derive, create or otherwise transfer the same into Non-personal Information for the purpose of creating general data statistics;
13. for the Data User’s internal business and administrative purposes;
14. for the Data User’s compliance of relevant laws and regulations; and
15. other purposes directly relating to any of the above.
16. For the avoidance of doubt, the Data User is entitled to collect, hold, process and use the Non-personal Information for any lawful purpose which shall be relating to its function and activity, including but not limited to researching and analyzing to improve its services and businesses. 

1. In accordance with the terms of the PDPO, the Users (or their respective relevant persons (as defined under the PDPO) on behalf of them) have the right to:
2. request access to the Personal Data, including being informed by the Data User whether it holds their Personal Data and, if the Data User holds their Personal Data, receiving copies of such Personal Data; and 
3. request the Data User to correct their Personal Data which is inaccurate.
4. In order to protect the Personal Data, the Data User will require all Users (or their respective relevant persons (as defined under the PDPO) on behalf of them) to prove their identities in relation to their requests to access and/or correct their Personal Data. Requests for access and/or correction of Personal Data are to be addressed in writing and sent to privacy@wristcheck.com or by post to 25/F, Canton House, 54 Queen’s Road Central to Wristcheck Exchange Limited. A reasonable fee shall be charged to offset the Data User’s administrative and actual costs incurred in complying with the relevant data access requests. Where there are reasonable grounds for believing that any Personal Data is inaccurate having regard to the purpose(s) for which the Personal Data is or is to be used, the Data User shall (i) ensure that such Personal Data shall not be used for such purpose(s) unless and until those grounds cease to be applicable to such Personal Data or the Personal Data shall be erased; and (ii) inform any third-parties to whom such Personal Data was disclosed that such Personal Data is inaccurate and shall provide to them such particulars as will enable such third-parties to correct the Personal Data having regard to such purpose. 

1. Where any Personal Data held by the Data User is no longer required for the purposes as stated under clause 3.2 of this Privacy Policy, the Data User shall take practicable steps to cease processing and holding such Personal Data as soon as reasonably practicable, provided that the Data User may keep copies of such Personal Data as is reasonably required and permitted under the PDPO (i) for archival purposes; (ii) for use in relation to any actual or potential dispute; (iii) for compliance with applicable laws and regulations; (iv) for enforcing any agreement the Data User has with such User; and (v) for protecting the Data User’s and its employees’ rights, property or safety. 
2. The Data User provides its Users with the ability to request removal of their Personal Data from its storage. Users may lodge such request in writing by sending an email to privacy@wristcheck.com or by post to 25/F, Canton House, 54 Queen’s Road Central to Wristcheck Exchange Limited. For the avoidance of doubt, the Data User is entitled to retain, process and use, for indefinite term and any purpose, any Non-personal Information.

1. The Data User may make certain Personal Data available to its Affiliates for the purposes as stated in clause 3.2 of this Privacy Policy, who may be situated within or outside Hong Kong and all of whom are bound by this Privacy Policy.
2. The Data User may make certain Personal Data available to the third-parties as stated below, who may be situated within or outside Hong Kong: (i) data storage service providers, for the sole purpose of storing data which the Data User collected from time to time; (ii) strategic business partners, including but not limited to (a) mail houses and email service providers, for the sole purpose of mailing and dissemination of its promotional materials; and (b) hosting and database management service providers, including but not limited to IPFS; (iii) suppliers of the Services and other third-parties appointed by the Data User to perform the Services (including but not limited to third-parties appointed by the Data User (and/or its Affiliates) to conduct due diligence process of the Products); and (iv) data analytics service providers, for the sole purpose of carrying out data analysis to improve and customize Users’ experiences when using the Platform and/or the Services, all of whom are contractually (x) prohibited from using the Personal Data for any purpose other than those purposes specified in their respective contracts and keeping Personal Data longer than is necessary for the fulfillment of such purpose(s) specified in their respective contracts; and (y) required to prevent unauthorized or accidental access, processing, erasure, loss, use or disclosure of the Personal Data. 
3. In the circumstances where the Data User reorganizes its group structure or undergoes a change of control or business combination, each User’s Personal Data may, at the Data User’s sole discretion, be transferred to a third-party who will continue to operate the Data User or a similar service under either this Privacy Policy or a different privacy policy statement which will be notified to each User. Such a third-party may be located, and use of Users’ Personal Data may be made, outside of Hong Kong in connection with such acquisition or reorganization. 
4. By accepting this Privacy Policy, each User understands and acknowledges that his or her Personal Data may be disclosed or transferred to Affiliates and/or any such third-parties (and their respective employees and representatives) under clause 6 of this Privacy Policy.

1. The Data User intends to use the Personal Data of the Users for direct marketing. Only when Users have provided the consents required under the PDPO, may the Data User use the Personal Data of such Users to contact such Users and provide information about products in relation to the data user’s business (either alone or in conjunction with products, features, services and/or applications offered by the Data User’s Affiliates or business partners) that may be of interest to such Users.
2. The Data User intends to provide the Personal Data of the Users to marketing service providers for use by such third-parties in direct marketing. Only when Users have provided the consents required under the PDPO, may the Data User provide the Personal Data of such Users to third-parties to contact such Users and provide information about products in relation to the data user’s business that may be of interest to such Users.
3. The Data User provides its Users with the ability to unsubscribe from all direct marketing communications from the Data User/ request the Data User to cease to provide Personal Data to third-parties for use by such third-parties in direct marketing. Every time a User receives a direct marketing email, he/she will be provided with the choice to opt-out of future direct marketing emails. Users may also opt-out of receiving personal promotional materials / request the Data User to cease providing Personal Data to third-parties for use by such third-parties in direct marketing by sending an email to privacy@wristcheck.com or by post to 25/F, Canton House, 54 Queen’s Road Central to Wristcheck Exchange Limited at any time, without charge by the Data User.

Since the Platform and the Services may collect information of Users from third-party social media sites, such as WhatsApp, Instagram, Facebook and Youtube, and support products and features offered by such third-party social media sites, the privacy policies and practices and cookies policies (as applicable), as may be amended from time to time, of such third-party social media sites are incorporated to this Privacy Policy by reference (as applicable).
 

1. Users understand and acknowledge that when they visit the Platform and use the Services, the Data User may use cookie files to collect information about such Users. When Users use the Services, they understand and acknowledge that any information collected by means of cookies when using the Services about them would be Personal Data. The Data User may use such information for compiling aggregate statistics on how Users use the Services. Such statistics are collected for managing, enhancing and improving the Users’ experiences when using the Services. The strategic business partners of the Data User may also use such information for compiling information in order to analyze the interests and searches of such Users to provide advertisements tailored to their interests and searches when accessing the Platform and the Services.
2. Most web browsers are initially set up to “accept” cookies. Users may choose to “not accept” cookies by changing the settings of their web browsers. By choosing to “not accept” cookies, certain features in the Services may not be accessible and available to such Users, and some of their preferences, including but not limited to their preferred currency, languages, and searches, may not be remembered by the Platform.
3. See our Cookie Policy for details. If there is any inconsistency between this Clause 9 and the Cookie Policy, the Cookie Policy shall prevail.

1. Where applicable, the Users understand and acknowledge that their Personal Data may be transferred to, processed, and stored in Hong Kong or United States. Data protection laws in Hong Kong or United States may be different from those in the Users’ country of residence. Where applicable, the Users consent to the transfer, process and storage of their information, including Personal Data, to/in Hong Kong or United States as set forth in this Privacy Policy by using the Services. 
2. The Users understand and acknowledge that it is contemplated that the collection of Personal Data may fall within the regulation of the General Data Protection Regulation (EU) 2016/679 (GDPR). If it is held by any tribunal or court of competent jurisdiction that: (i) the collection of Personal Data falls within the GDPR; and (ii) the transfer of Personal Data is to countries not deemed to provide an adequate level of personal data protection under the GDPR, the Users understand and acknowledge that the Data User shall transfer the Personal Data based on a data transfer mechanism recognized by the European Commission as providing adequate protection for Personal Data. For data subjects who are based in the European Union, the privacy policy in compliant with GDPR will also apply to such data subjects and in the event of any conflict between this policy and the privacy policy in compliant of GDPR, the terms of such latter privacy policy will prevail.

1. The Data User will collect, hold, process and use Personal Data that its Users make available when accessing or using the Platform and the Services. It will take appropriate steps to protect Personal Data collected and/or held by it against unauthorized or accidental access, processing, erasure, loss, use or disclosure.
2. The Data User is committed to protecting the privacy, confidentiality and security of the Personal Data it holds by complying with the requirements of the PDPO with respect to the management of Personal Data. The Data User is equally committed to ensuring that all its employees and agents uphold these obligations and it will ensure compliance by its staff with the strictest standards of security and confidentiality.

1. The Data User may need to disclose Personal Data when required by the relevant laws or court orders, or as requested by other governments or law enforcement authorities. This also applies when it has reasons to believe that disclosing the Personal Data is necessary to identify, investigate, protect, contact or bring legal action against someone who may be causing interference with its Users or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
2. The Users understand and acknowledge that the Data User never asks the Users to share with other Users their Passcodes for their use of the Platform and the Services.
3. The Users understand and acknowledge that this Privacy Policy does not apply to any unsolicited information they provide to the Data User through the Services or through any other means. All unsolicited information shall be deemed to be non-confidential and the Data User shall be free to reproduce, use, disclose, and distribute such unsolicited information to others without limitation or attribution. 
4. The Users understand and acknowledge that their Personal Data are transmitted to others at their own risk. Although the Data User limits access to certain pages, Users acknowledge that no security measures are perfect or impenetrable. The Users understand and acknowledge that they should take care when using social networking features related to the Services since the information such Users choose to make available can be seen by other Users of the third-party social media sites. Additionally, the Users understand and acknowledge that the Data User cannot control the actions of other Users with whom the Users may choose to share their information (which may include their Personal Data). Therefore, the Users understand and acknowledge that the Data User cannot and do not guarantee that such Contents will not be reviewed by unauthorized persons. 
5. The Platform and the Services may contain links to other platforms or applications. The Users understand and acknowledge that the fact that the Platform and the Services link to other platforms, applications or advertisements does not mean that the Data User endorses or authorizes the collection of personal data from the Users by such third-parties, nor does it constitute a representation of any affiliation between the Data User and such third-parties. The Users understand and acknowledge that, once the Users click on a link to third-party platforms, applications or advertisements, they will access third-party platforms, applications and advertisements which may collect information from such Users. The Users understand and acknowledge that such third-party platforms, applications and advertisements follow different rules regarding the collection, use, processing or disclosure of the personal data such Users submit to them. Hence, the Users understand and acknowledge that the Data User shall not be responsible for the content and activities of these linked platforms, applications and advertisements (including any collection, use, holding, processing or disclosure of personal data of Users by such third-parties).