Logo
Appendix 1 - Personal Information Collection Statement
  1. RedotPay Privacy Policy
  2. Appendix 1 - Personal Information Collection Statement
  3. Appendix 2 - EEA Terms
  4. Appendix 3 - Brazil Terms

Appendix 1 - Personal Information Collection Statement

RedotPay is committed to protecting your personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) of the Laws of Hong Kong. This Personal Information Collection Statement (“PICS”) outlines the types of personal data we collect from you (and, where applicable, from Relevant Persons such as your beneficial owners, directors, officers, authorized signatories, employees, representatives, guarantors, or other related natural persons), the purposes for which it is collected, the classes of persons to whom it may be transferred, and your rights regarding access and correction.

This PICS applies when you apply for, access, or use our Services/Products, including our website, mobile applications, and associated interfaces. By providing your personal data to us, you consent to its collection, use, disclosure, and processing as described herein.

1. Types of Personal Data Collected

We may collect the following categories of personal data during onboarding, account management, transactions, or other interactions with our Services:

  • Personal Identifying Information: Full legal name (including former names and names in other languages), identification document type and number (e.g., passport or ID), gender, date of birth, place of birth, nationality, residential address, country/state of residence, contact phone number, email address, blockchain address, and biometric data (e.g., for identity verification).

  • Personal Financial Information: Net wealth, sources of wealth or income, purpose of account opening, nature of business/occupation/employment, source of funds/digital assets, credit history and score, transaction history, spending patterns, and bank account or payment card details.

  • Personal Location Information: IP address, location data (e.g., from GPS or transactions), and device details (e.g., browser type, operating system).

  • Sensitive Personal Information: In limited cases, data such as biometric information or data revealing racial/ethnic origin, where strictly necessary for compliance or security purposes (e.g., enhanced KYC). We collect sensitive data only with your explicit consent.

We may also collect data from public sources, third-party providers, or cookies/tracking technologies on our Site.

Providing personal data is generally obligatory for using our Services, as it is required for identity verification, compliance, and transaction processing under applicable laws (e.g., anti-money laundering regulations). If you do not provide the required data, we may be unable to open or maintain your account, process transactions, or provide certain Services. Voluntary data (e.g., for marketing preferences) will be clearly indicated as such.

2. Purposes of Collection and Use

Your personal data will be collected, processed, used, and stored for the following purposes:

  1. a) To provide, manage, and improve our Services, including account opening, maintenance, transaction processing, customer support, and personalization.

  2. b) To verify your identity and comply with legal and regulatory obligations, such as know-your-customer (KYC), anti-money laundering (AML), counter-terrorist financing, and tax reporting.

  3. c) For risk management, including credit assessments, fraud detection, security monitoring, and internal audits.

  4. d) To communicate with you regarding your account, Services, updates, statements, invoices, and operational notifications.

  5. e) For marketing and promotional purposes, such as sending information about our products, events, or affiliate offers (only with your consent; you may opt out at any time).

  6. f) To conduct market research, analytics, and surveys to understand preferences and enhance user experience.

  7. g) To enforce our terms, defend legal rights, resolve disputes, or comply with court orders.

  8. h) For any other purposes disclosed to you at the time of collection or as required/permitted by law.

We will not use your personal data for any purpose other than those stated above without your prior consent.

3. Disclosure and Transfer of Personal Data

We may disclose or transfer your personal data to the following classes of transferees for the purposes outlined in Clause 2:

  • Service Providers: Identity verification (KYC) providers, payment processors, banks, financial institutions, IT/infrastructure vendors, and analytics partners.

  • Professional Advisers: Auditors, lawyers, consultants, and compliance experts.

  • Affiliates and Business Partners: RedotPay affiliates, merchants, or loyalty program partners (under confidentiality obligations).

  • Regulatory and Legal Authorities: Government agencies, regulators, law enforcement, or courts in Hong Kong or other jurisdictions, as required by law.

  • Authorized Third Parties: Persons you authorize (e.g., representatives) or in connection with business transfers (e.g., mergers/acquisitions).

Your personal data may be transferred outside Hong Kong, including to countries with different data protection standards. We ensure appropriate safeguards, such as standard contractual clauses, data protection impact assessments, or equivalent mechanisms, to protect your data during transfers.

4. Data Security and Retention

We implement reasonable security measures, including encryption, two-factor authentication, and access controls, to protect your personal data from unauthorized access, alteration, disclosure, or destruction. However, no method is entirely secure, and we cannot guarantee absolute security.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Thereafter, it will be securely deleted or anonymized.

5. Your Rights: Access and Correction

Under the PDPO, you have the right to:

  • Request access to your personal data held by us.

  • Request correction of any inaccurate personal data.

  • Ascertain our policies and practices in relation to personal data.

To exercise these rights, please contact our Data Protection Officer. We may charge a reasonable fee for processing access requests. We will respond within 15 working days, subject to any legal restrictions.

If we rely on your consent for processing, you may withdraw it at any time, though this may affect our ability to provide Services.

6. Marketing Opt-Out

We may use your personal data for direct marketing of our financial products and services. You have the right to opt out of such use at no cost by contacting us. If you have not opted out, we may share limited contact details with our affiliates for similar marketing purposes.

7. Enquiries and Contact

For any questions about this PICS, our privacy practices, or to exercise your rights, please contact our Data Protection Officer at ​.

We may update this PICS from time to time. The latest version will be available on our Site. Your continued use of our Services constitutes acceptance of any changes.

This PICS may be translated into other languages than English. In case of inconsistency, the English version shall prevail.