Privacy policy

This Privacy Policy, together with our Terms of Service (the “Terms”), governs the collection, processing, use, retention and disclosure of your personal data by Humanity Protocol (the “Company”, “we” or “us”) and its Affiliates in connection to your use of the Platform, the Site, the App and the Services. In this Privacy Policy, unless otherwise provided herein, "personal data" shall have the meaning given in the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) (the “PDPO”) and includes, without limitation, any information which may, in itself or together with any other information, identify a user as an individual, such as name, address, e-mail address, mobile phone number and banking details, but does not include anonymised and/or aggregated data that does not identify a specific user.

This Privacy Policy forms an integral part of the Terms. By entering into the Terms and/or using the Platform or any of the Services, you agree to be bound by this Privacy Policy and any amendments, modifications, updates and supplementations hereto and agree to the collection, processing, use and disclosure of your personal data as set out in this Privacy Policy.

As used in this Privacy Policy, the terms “you” and “your” shall refer to the user of the Services and/or the Platform or the person reading and accessing this Privacy Policy, as the case may be.

Unless otherwise defined herein, capitalised terms in this Privacy Policy shall have the same meanings as are ascribed to them in the Terms.

1. Introduction

In order to provide our Services in compliance with the obligations imposed by the Applicable Laws, in particular those relating to anti-money laundering and counter-terrorist financing (“AML/CTF”), including but not limited to the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Chapter 615 of the Laws of Hong Kong) (the “AMLO”), we must ask you to provide certain personal data and other information which, not being personal data, nevertheless relates to you or your activities (collectively “Personal Information”). Such Personal Information may include, without limitation, identification information (such as national identification number, passport number and/or tax identification number, together with copies of the corresponding identification documents), your residential address and correspondence address, financial information (such as your source(s) of income, source(s) of funds and source(s) of wealth, employment status, as well as your bank account details) and other information/documents as from time to time required by the Applicable Laws or our internal policies and procedures designed to ensure compliance with such Applicable Laws. Please note that if you do not provide us with such Personal Information as requested by us in the onboarding process or thereafter, we may not be able to grant you an Account or provide to you the services or assistance which you have requested or process any of your enquiries, instructions or requests.

We will collect and use your Personal Information in accordance with applicable provisions of the PDPO, the guidelines, circulars and directives issued by the Privacy Commissioner For Personal Data (the “PrivacyCommissioner”), and any other applicable data protection laws, rules and regulations, in the manner set forth in this Privacy Policy. Any Personal Information obtained will be used by us solely for providing or facilitating the provision of our Services and will not be disclosed or made accessible to any third party except as provided by this Privacy Policy.

2. Collection of Information

  1. Collected from Site and App Visitors

    We automatically collect, through the use of cookies, web beacons, log files and other technologies, data that web browsers, servers, mobile and other computer devices typically make available, including your IP address and the associated geolocation, as well as other data which are generally not personal data, such as the browser type, domain name, operating system, language preference, referring site or the link which led you to our Site or App, and the date and time of each access request and length of each visit. Our main purposes in collecting such data (including both personal data and other information) are to better understand how our visitors use our Site and App and to monitor activities of visitors in order to detect any illegal, suspicious or prohibited behaviour and prevent hacking and unauthorised access.

    You may always refuse to supply such data by rejecting some or all of our cookies. However, this may result in certain features, functionalities or services of the Site and the App not being available to you. Please refer to Section 11 “Cookies” below for further information.

  2. Provided by User

    Instances in which you may provide Personal Information to us include, without limitation, the following:

    1. completing and submitting the application to open an Account with us;

    2. competing the KYC procedures and providing supporting information and documents in connection to your Account opening application; 

    3. providing any biometric data, information or image that identifies you through your physical or physiological attributes ("Biometric Data”) for the conversion to an encrypted biometric signature (“Biometric Signature”);

    4. providing other supporting information and documents for our identification and verification of your identity;

    5. providing information for the registration and receipt of the Testnet token and Humanity Protocol token (collectively the “Tokens”) which may be issued to you as reward or otherwise;

    6. authorising any of our Affiliates or other third party to release your information, data and documents to us for KYC and other purposes; 

    7. submitting any orders, requests or instructions or carrying out any transactions through your Account;

    8. submitting an enquiry form or feedback form through the Platform; 

    9. corresponding with us, whether via e-mail, telephone or any other means; and 

    10. when a problem is reported or a request for support is received.

Please note that if you do not provide such Personal Information, you may not be able to open an Account with us and/or may not be able to use some or all of our Services, and we may not be able to receive or process your requests, orders and instructions. 

3. Types of Personal Information Collected

We collect the Personal Information you provide directly or indirectly to us when you visit our Site or App, when you carry out any of the activities referred to in Section 2 above or otherwise, as well as Personal Information which may be provided to us by third parties with your authorisation and personal data which may be available from public databases and other sources. Such Personal Information collected by us may, include, without limitation, the following:

  • your contact information (e.g., name, email address, phone number, billing address, residential address, correspondence address, email address);

  • nationality;

  • national, passport and tax identification numbers;

  • date and place of birth;

  • bank and credit account information;

  • IP address;

  • Biometric Data (such as palmprint, fingerprint and facial recognition);

  • identity verification documents (e.g., photograph, other information requested to verify your information, including copy of valid ID document or corporate documents);

  • details of any orders, requests or instructions submitted, and transactions carried out, through your Account and, subject to your authorisation, your other accounts with our Affiliates;

  • any other information that you choose to provide to us (e.g., if you send us an email to us, call us or otherwise contact us);

  • records of any bankruptcy, winding-up, liquidation or dissolution proceedings filed or commenced against you;

  • records of any litigation, arbitration, administrative or other similar proceedings filed or commenced against you;

  • criminal record (if any); and

  • other personal data collected through the use of cookies and other tracking technologies as described in Section 11 below.

Unless you have specifically notified us to the contrary, you will be deemed to have agreed and consented to the collection, use, processing, retention, transfer and disclosure of your Personal Information (including but not limited to those types and categories of information and data enumerated above) so collected by us in accordance with the provisions of this Privacy Policy.

You shall be responsible for providing accurate and up-to-date information to us or we may not be able to provide or may suspend your access to any or all of our Services.

If you are required to provide any information about any other person, you hereby acknowledge and confirm that you have that other person’s authorisation or consent to provide his or her information to us and our collection, use, processing, retention and disclosure of such information in accordance with this Privacy Policy. Any person whose personal data and other information are provided to us, whether by such person himself or herself or by any person on his or her behalf, shall be deemed to have accepted and agreed to this Privacy Policy, which will be binding upon such person.

We shall be entitled to assume, conclusively and without enquiry, that the authorisation or consent of any such other person as aforesaid has been obtained for the provision of his or her information to us and our collection, use, processing, retention and disclosure of such information in accordance with this Privacy Policy, and shall not in any event be responsible for any lack of authorisation or consent for the same. Further, you agree and undertake to indemnify, defend and hold us harmless from and against any losses, damages, costs, expenses, suits, actions, proceedings and third-party demands and claims arising from or in connection to your failure to obtain valid authorisation or consent or your breach of any term or condition applicable to your disclosure of personal data and any other information of any other person.

4. Use of Personal Data

We will only collect, use, process and retain your personal data for the following purposes:

  • to provide you with access to the Site;

  • to process your Account opening application and to grant to you an Account upon approval;

  • to carry out client due diligence and know-your-client procedures;

  • to monitor transactions and other activities carried out under your Account and detect any misuse, abuse, other prohibited conduct, illegal activities, unauthorised access or security threats, among other things;

  • to provide to you the Services, including but not limited to processing and executing or relaying your transactions, instructions, orders and other requests;

  • to analyse usage and activity and transaction patterns with a view to improving our Services, the functionalities and features of our Site and App, the Tokens and other offerings;

  • to respond to your customer service requests and support needs;

  • to contact you in relation to your use of our Services, including but not limited to making enquiries and communicating with you in relation to your orders, instructions and requests;

  • to give you information and notices in relation to the Platform and the Services, including notices referred to in or contemplated by the provisions of the Terms;

  • subject to Section 9 below, to provide you with information, news, updates, promotions and offers relating to the Services and other products, services and facilities provided by us and our Affiliates;

  • to administer contests, surveys or other activities, events and site features as may from time to time be announced on the Site and the App;

  • to comply with the Applicable Laws, including but not limited to the AMLO;

  • other purposes referred to in, or contemplated by, the Terms; and

  • other legitimate business or commercial purposes as permitted by, or which are not contrary to, the provisions of the Terms and this Privacy Policy.

5. Disclosure of Personal Data

We only disclose your personal data:to provide you with access to the Site;

  • to our officers and employees, other personnel and agents involved in the operation of the Platform and provision of Services to you; 

  • to our Affiliates and third party service providers (including but not limited to third party banking institutions, financial services providers, money service operators, virtual asset exchanges, liquidity providers, technology services provider and software developers) in connection to the provision of the Services; 

  • to our Affiliates, business partners, service providers and other third parties with which we have a collaborative relationship, and to any third-party database operator, pursuant to any data-sharing arrangement established for the purpose of combatting money-laundering and terrorist-financing risks; 

  • to any third-party agent, service provider or delegate which we may appoint or engage for the purpose of performing KYC procedures, AML/CTF checks, screenings, analyses, review and monitoring; 

  • to debt collection agencies for the purpose of collecting from you outstanding amounts owed by you to us in the event of delay or default upon your payment or repayment obligations under or in connection to the Terms; 

  • to Authorities of competent jurisdiction (including governmental bodies, regulatory authorities, law enforcement agencies and courts and tribunals) or to any other person as required by Applicable Laws and/or requests, demands and orders of such Authorities; 

  • to the relevant Authorities (including but not limited to the Joint Financial Intelligence Unit (the “JFIU”) and the Hong Kong Police Force (the “HKPF”)) for the purpose of reporting suspicious transactions or illegal activities; 

  • where we have reasonable ground to believe that disclosure is necessary to prevent physical harm or financial loss to us or our Affiliates, to you or to any other user of services provided by us or our Affiliates; and 

  • in any other cases, to such persons and for such purposes as authorised by you.

With respect to the disclosure of your personal data to third parties as set out above, we assure you that such disclosure shall be made on a need-to-know basis, and an undertaking from such parties that they will keep such data confidential in accordance with this Privacy Policy. Our third-party service providers are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We strive to ensure that such third parties will be bound by terms no less protective of your data than those described in this Privacy Policy and in compliance with all Applicable Laws concerning data privacy and data protection, including but not limited to the PDPO and guidelines and directives issued by the Privacy Commissioner.

Notwithstanding the foregoing, you agree and acknowledge that we will in no circumstances be liable or responsible for any data breach, unauthorised disclosure or mishandling by our Affiliates and any other third parties to which we may disclose your data in accordance with the provisions of this Privacy Policy.

6. Transfer and Storage of Data

Our services are global in nature and data may be stored and processed in any country where we have operations or where we engage third party service providers, including but not limited to transferring data to and from our Affiliates, third party service providers, counterparties, intermediary institutions and regulatory authorities, as well as staff members, agents, sub-contractors and sub-processors operating outside Hong Kong which may collect and process data on our behalf, or which may be involved in our provision of services to you. That means data may be transferred and stored outside of Hong Kong, which may have data protection rules that are different from those of Hong Kong. However, we will take measures to ensure that any such transfer complies with the Applicable Laws of Hong Kong (and, to the extent applicable, those of other relevant jurisdictions) and that your personal data remain protected to the standards described in this Privacy Policy. By submitting your personal data to us, you agree to our transfer, storing or processing in accordance with this Privacy Policy, including transfers to destinations outside Hong Kong as described herein. We will take steps as are reasonably necessary to ensure that the data are treated securely and confidentially in accordance with this Privacy Policy and the Applicable Laws.

The Biometric Signature will be stored on the decentralised network of InterPlanetary File System (“IPFS”). Other Biometric Data that are encrypted will be stored on decentralised severs or nodes, using quantum-resistant symmetrically encrypted private keys (AES-GCM). Such Biometric Data, once decrypted, can be accessed by you upon the completion of the following verification procedures:

  1. user verification by on-chain credentials with unidentifiable metadata; and/or

  2. generation of zero-knowledge proofs by querying the Protocol's oracles for additional information.

Notwithstanding the foregoing, you acknowledge and agree that we may be required by the AMLO, PDPO or other Applicable Laws or requests of third-party service providers or changes in our business needs to transfer and store your Biometric Data to our severs and/or disclose your Biometric Data in accordance with Section 5.

7. Retention of Personal Data

For the purpose of compliance with the AMLO and other Applicable Laws, and to enable our provision of our Services to you, we will retain any Personal Information which you have provided to us or which we otherwise collect in accordance with this Privacy Policy throughout the continuance of your business relationship with us and for a period of [five (5)] years after the termination of such business relationship, unless a longer period of retention is required by Applicable Law or any order, direction or request of the relevant Authorities. 

After the expiration of said period, we will, unless prohibited by Applicable Law, delete and destroy your personal data held by us and take practicable measures to ensure that our Affiliates, agents and third-party services providers to which we have disclosed your personal data in accordance with this Privacy Policy do the same. 

Despite the above, please note that blockchains are decentralised third-party networks that we do not control or operate. Due to the public and immutable nature of blockchain technology, we cannot amend, erase, or control the disclosure of data that is stored on blockchains.

8. Security of Personal Data

We take all organisational and technical measures appropriate to protect against the unauthorised access, use, disclosure, alteration or destruction of your personal data.

Unless otherwise required by the AMLO, PDPO or other Applicable Laws or otherwise provided herein, all personal data you provide to us will be stored on our secure servers. You shall be responsible for keeping your device and your Account credentials safe and secure and not share them with anyone.

You acknowledge that transmission of information via the internet is not completely secure; any such transmission shall be at your own risk. Although no one can guarantee security of data transmitted via the internet, we strive to protect the data transmitted through your Account. We use industry standard security techniques, including but not limited to encryption, to help keep the data safe while the data is in transit or being stored by us.

The Site and the App may, from time to time, contain links to and from the websites of our partner networks, advertisers, Affiliates and third-party service providers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any data to such third parties.

9. Direct Marketing

From time to time, we may use your personal data to send you news, updates, offers, promotions and joint marketing offers relating to our Services or other new products, services and facilities provided or offered by us and our Affiliates and other business partners. Your consent is required for the use of your personal data for such purposes. We may contact you by email, in-App notifications, telephone, SMS, WhatsApp, WeChat, other text/picture/video messaging channels, social media, or mail.

Your name, email address, telephone number, contact address, social media contact, date of birth, as well as information about your Biometric Data, subscriptions, products and services portfolio, transaction and activity patterns and behaviors, browsing records, content viewing habits and personal interests held by us may be used by us in direct marketing (as defined in the PDPO) of our Services and any new or existing products, services and facilities offered by us, our Affiliates and business partners, including but not limited to: money or virtual asset exchange or trading services, asset custody solutions and services, pre-paid cards, credit cards, debit cards, credit facilities, financial products, investment products and services, as well as other similar products, services and facilities.

By entering into the Terms and accepting this Privacy Policy, you will be deemed to have consented to the use of your personal data for direct marketing purposes in accordance with this Section 9, unless you expressly indicate to us your objection to such use.

If you prefer not to receive any direct marketing communications from us or our marketing partners, you may indicate the same when submitting your Account opening application or opt out of such direct marketing at any time thereafter by updating your preferences through your registered Account or by email to us at humans@humanity.org. Upon actual receipt of your request, we shall cease to so use your personal data as soon as practicable without charge to you.

10. Access and Correction of Personal Data

Under the PDPO, you have the right to request for access to your personal data, to obtain a copy of the personal data, to correct any personal data that is inaccurate and to delete or cease the collection, processing or use of any personal data. You may request us to inform you of the type of personal data held by us.

Request for access and correction of personal data or for information regarding policies and practices and kinds of data held by us should be addressed in writing and sent to the Company by post or by email following the details set out in Section 16 below.

As permitted by the PDPO, we reserve the right to charge a reasonable fee for the processing of any data access request, as may be notified to you via publication or posting on the Platform or any other means for the giving of notices and communications in accordance with the Terms. 

However, please note that blockchains are public ledgers of transactions that are maintained on decentralised networks operated by third parties that are not controlled or operated by us. Due to the public and immutable nature of blockchain ledgers, we cannot guarantee the ability to amend, erase, or control the disclosure of data which have been uploaded and stored on a blockchain.

11. Cookies

Our Site and App use cookies and other technologies to track and collect information of visitors. Cookies are small data files which track and collect your browsing information from your web browser, and  then use such information during your future visits to our website, so that the server may immediately recognise that you have been to the website before.

Our cookies will not destroy any files in your computer, but are only used to track information such as the visitor’s IP address, which pages have been visited, and the duration or each visit and frequency of visits, as well as the activity patterns, habits and preferences of visitors. We do not use cookies to track the identity of the actual user (other than his or her IP address), and cookies will only tell if a certain computer or device has visited our website in the past. For example, your name, email address and mobile phone number will not be collected by the cookies deployed on our App and Site.

If you visit our Site or App and your browser settings accept cookies, we will consider this as acceptance of our use of cookies. If you do not wish to permit such tracking and information collection by our cookies, you may adjust the settings in your web browser to reject some or all of our cookies. However, this may prevent you from accessing or using some or all of the features, functionalities and services of our Site and App.

12. General Data Protection Regulation (“GDPR”)

Notwithstanding anything in this Privacy Policy or the Terms, if the possession of your personal data by us falls under the scope of the GDPR (i.e. if you are a resident of the European Economic Area (the “EEA”)), you will be entitled to the following additional rights prescribed by the GDPR (to the extent not already provided in other parts of this Privacy Policy):

  1. You have the right to request from us at any time to release the information of your personal data that we possess within the scope of Article 15 of the GDPR;

  2. You have the right to request for immediate correction of your personal data if it is incorrect;

  3. You have the right to demand that we delete the personal data concerning you, in particular the personal data that no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under European Union law or the law of the member state to which we are subject;

  4. You have the right to demand that we restrict processing in accordance with Article 18 of the GDPR. 

  5. You have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Article 20 of the GDPR;

  6. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1) of the GDPR and in accordance with Article 21 of the GDPR; and

  7. If the processing of personal data is based on your consent, you are entitled under Article 7 of the GDPR to revoke your consent to the use of your personal data at any time with effect for the future, whereby the revocation is just as easy to declare as the consent itself. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

For the purposes of this Section 12 only, “personal data” has the meaning given in Article 4(1) of the GDPR. 

Please note that the additional rights set out above apply only to residents of the EEA. If you do not reside in the EEA, the provision of this Section 12 will have no effect with respect to the collection, use, processing, retention, transfer and disclosure of your data and the remainder of this Privacy Policy will apply without regard to the provisions of this Section 12.

13. Amendments to this Privacy Policy

This Privacy Policy may be amended, modified, updated or supplemented from time to time as we in our sole and absolute discretion consider necessary or appropriate, for example as new products, services and features are added, as our business model develops or as required by updates to Applicable Laws. We may  amend, modify, update or supplement this Privacy Policy at any time by posting a revised version of this Privacy Policy or a supplemental document on our website. Such amendments, modifications, updates and supplementations shall be effective when published on the Platform.  If you continue using our the Platform and/or the Service after such amendments, modifications, updates and supplementations take effect, you are deemed to have accepted the revised or updated Privacy Policy and be bound by it accordingly.  If you disagree with the terms of this Privacy Policy or any Such amendments, modifications, updates and supplementations hereto, you should immediately close your Account and cease to use our Platform and Services. 

14. Liability

We shall in no event be liable to you in respect of any claims, losses, damages, expenses (including any legal fees) arising out of or in connection with the use, processing, retention or and/or disclosure or dissemination of any data in accordance with this Privacy Policy and any consents or authorisations that you may have otherwise provided to us.

15. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of Hong Kong.

Any dispute, controversy, difference or claim arising out of or relating to this Privacy Policy, including the existence, validity, interpretation, performance, breach or termination of the terms hereof or any dispute regarding any non-contractual obligations arising out of or relating to this Privacy Policy, shall be referred to and finally resolved by arbitration administered by the Hong Kong International Arbitration Centre (“HKIAC”) under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted. The law of this arbitration clause shall be Hong Kong law. The seat of arbitration shall be Hong Kong. The number of arbitrators shall be one. The arbitration proceedings shall be conducted in either English or Chinese.

16. Contact Us

If you have any questions about this Privacy Policy or how we use your personal data, or if you would like to make a request to access or update your personal data registered with your Account or otherwise on record with us (or any other request relating to your personal data), please contact us at humans@humanity.org.