YAX Privacy Policy

1.     INTRODUCTION

YAX (Hong Kong) Limited and its affiliates and subsidiaries (collectively, “YAX”, “we”, “us”, or “our”) have established a corporate vision to respect, protect and promote privacy. We are strongly committed to protecting your privacy rights, and we work to maintain your trust and confidence when handling personal or financial information.

This Privacy Policy (“Policy”) explains how we collect, use, store, share, delete and protect your personal data when you interact with us in any of the following ways:

(1)    By visiting the websites at https://yax.hk/ or our mobile application;

(2)    By using our services, platform, or products;

(3)    By interacting or communicating with us as part of our marketing practices; and

(4)    By connecting with us at industry events and conferences.

In this Policy, “personal data” means information that (either in isolation or in combination with other information) enables you to be directly or indirectly identified. This Policy also describes the choices that you have with respect to your personal data and how to contact us to learn more about our privacy practices.

We encourage you to read this Privacy Policy carefully as it can help you make informed decisions about enjoying our services. By starting to use any of our services and products, it represents that you fully understand and agree to this Policy and agree that we will collect, use, store, share and protect your related information in accordance with this Policy.

2.     PERSONAL DATA WE COLLECT AND USE

2.1    WHEN YOU INTERACT WITH US BEFORE THE TRANSACTION

When you visit our website or app either directly or through a third-party platform, click on advertisements we place on relevant third-party platforms, participate in our operation activities, subscribe to marketing newsletter, or contact us for any requests or consultations, we may collect your following data:

(1)    Basic Data

   Phone number

   E-mail address

   Country

Based on your consent and the performance of a contract with you, we use the data to communicate with you, process your request, and provide products or services.

(2)    Account Data

   User name

   Password

   User profile photo

   Third Party Sign-in: if you log in to our services using credentials from a third party (e.g., Google), we will receive information that you have made public via your privacy settings with that third party.

Based on your consent and the performance of a contract with you, we use your data to help with your YAX registration on the web/app and to communicate with you. Whenever we rely on consent as a legal basis, you may withdraw such consent at any time without affecting the lawfulness of processing based on consent before such withdrawal.

(3)    Technical Data We Collect Automatically

   IP address, Cookies

   Submit source (Web, App, Wap)

   Device type, model and related operation system

   Device ID: OAID, Android ID, IDFV, IDFA, GAID, IMEI

   Telecom operator type

   Browse (plug-in) type and version

   Language and time zone settings

   Diagnostic data: crash logs URL clickstream.

To provide product functionality, analyze performance, solve bugs, and guarantee the basic availability and stability of the product. This purpose is based on your consent and/or our legitimate interests in improving experience and security to deal with operational bugs or product issues you encounter during use.

2.2    WHEN PERFORMING IDENTITY CHECK AUTHENTICATION

We provide services to both individual clients and institutional clients, and the types of data we collect are different. Prior to any transactions or use of related services, we need to perform KYC (Know Your Client) identification and identity and address verification in accordance with the requirements of KYC, AML, and CFT laws and regulations. We need to collect these data to perform a contract to which you are a party and compliance with the legal obligation of regional finance laws or regulations. Such data will be used for identity authentication purposes such as, onboarding and 2 factor-authentication (2FA) unbinding. The data we use and collect from the client may include:

(1)    Contact Data

   Phone number

   E-mail address

(2)    Biometric Data

   Facial biometric data (photo or video). For automated biometric verification and identification.

(3)    Identification Data (Individual clients)

   Name

   Gender

   Date of birth

   Country and region

   Postal address

   Government identification (residence permit, passport, driver license, national identity card, etc.)

   Proof of address (e.g. utility bill)

(4)    Institutional Data (Corporate clients)

   Certificate of incorporation

   Location of headquarters (utility bill and office address, etc.)  

   Names of affiliated entities  

   The official list of directors and beneficial owners

   Articles of association

   Memorandum

   Organizational ownership chart

   Financial history and details (investment activity, bank statements, balance sheets, etc.)      

2.3    WHEN CONDUCTING A SPECIFIC TRANSACTION ACTIVITY

When you initiate a specific transaction, including but not limited to transfers, payments, purchases, and receipts of virtual assets (These types of transaction may be named Spot, Margin, Execution, Flexible Earn, Fixed Earn, Dual Currency, Loan in our websites and apps, detailed service context please refer to the service agreement you duly signed), we need to process your transaction orders and communicate with you about these orders based on the performance of a contract with you and compliance with the legal obligation of regional finance laws or regulations (AML/CFT). The data we collect from you or related third parties may include:

(1)    Financial Data

   Bank account information (account number, SWIFT code, ABA Number, CVC2, etc.)

   Credit card information

   Deposit proof information

   Cryptocurrency address (on-chain address)

   Wallet address

(2)    Risk Management Data

   Occupation

   Source of wealth

   Annual income

   Deposit plan

   Personal credit information (payment history, credit information and debt information, etc.)

   Judicial and litigation-related information

   Compliance assessment and risk assessment information from third-parties

(3)    Transaction Data

   Names of counterparties to transactions

   Bank account information of counterparties to transactions

   Name of VASP

   Transaction order details (time, timestamp, amount, payment gateway, etc.)

   Transaction type (NFT, cryptocurrency, etc.)      

2.4    CREATE DE-IDENTIFIED OR AGGREGATE INFORMATION

We may use the information we have about you to create de-identified or aggregate information, such as de-identified demographic or location information, information about devices used to access our services, or other relevant analyses. Such data cannot be associated with a specific individual. We may perform our analytics on such data or share it with any third-parties.

3.     COLLECTED BY COOKIES AND SIMILAR TECHNOLOGIES

We (and the service providers working on our behalf) use various technologies to collect personal data and other information as you use our services. This may include saving cookies to your computer or mobile device. “Cookies” are small text files placed on your device when you visit websites; they store information that is sent back to our servers or those of third-parties. As described in more detail below, we use such technologies to:

   Recognize new or past users;

   Store your profile or authentication credentials if you are registered on the services;

   Improve the services and to better understand your use of the services;

   Integrate with third-party social media websites;

   Serve you with interest-based or targeted advertising;

   Observe your behaviors and browsing activities over time across multiple websites or other platforms; and

   Better understand the interests of our users.

Some cookies are required for certain uses of the services. For example, if you choose to register an account through the services, we will use cookies to facilitate your registration and remember your preferences. Cookies are either “session” cookies, which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it.

Please refer to the following list for all our cookies and their features.

(1)    Strictly Necessary Cookies

These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.

(2)    Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website and will not be able to monitor its performance.

(3)    Functional Cookies

These cookies enable our Services to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

(4)    Targeting Cookies

These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store direct personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising

(5)    Social Media Cookies

These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They can track your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Please note that our services are not available to users in Mainland China and other regions where it is unreasonable and unlawful to provide certain services. We will collect your network IP address when you intended to register and start our service trip to verify the country, this data will not be stored and used for any other purposes or scenarios and is only to comply with relevant laws or regulations to fulfill our legal obligations.

4.     OUR POLICY TOWARDS CHILDREN

Our services are not intended for children, so we restrict anyone below the age of 18 years or below the age of legal majority in the relevant jurisdiction to use services. We do not knowingly or intentionally collect and process any data related to children.

We are unable to identify whether a child has provided us personal data without the KYC process. If we become aware that a child has provided us with personal data, we will take steps to delete such information as soon as possible.

5.     SHARING YOUR PERSONAL DATA

5.1    WHEN YOU SHARE YOUR PERSONAL DATA

Some of our services have functions and features that allow you to share information with other people. For example, you can refer friends or share your account with others. You have control over when, how, and with whom you share when you enjoy these functions or features.

5.2    WHEN WE SHARE YOUR PERSONAL DATA

We share your personal data with your consent or as necessary to provide you with the services. We will share your data as follows:

   With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as helping to provide products and services to you or to analyze and improve the services.

   With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers that may be involved in the other types of services and activities otherwise discussed in this Policy.

   To abide by applicable law or protect rights and interests. For example, we may disclose your personal if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.

   In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.

   In aggregated or anonymized manner that does not directly identify you with third parties.

If you elect to receive periodic email communication from us (such as company newsletter, services information), you may choose to opt out from receiving such communications by clicking the ‘Unsubscribe’ link provided in these emails.

6.     INTERNATIONAL TRANSFERS

We operate globally, and we may need to transfer your personal data internationally. To provide secure and stabile of the services, we maintain servers in Hong Kong or Singapore. Your personal data may be processed outside your country of residence. Data protection laws vary from country to country, with some countries offer more protection than others. Wherever your personal data is processed, we apply the same protections as described in this Policy. We transfer your personal data in accordance with legal frameworks required in different jurisdictions. Recipients of your personal data must agree to at least the same level of privacy safeguards required by applicable data protection laws.

7.     HOW WE PROTECT PERSONAL DATA

Privacy protection is a key component of our brand value and a cornerstone of our business. We respect and do our best to protect your personal data by establishing and implementing comprehensive technical and organizational measures.

We use reasonable and appropriate administrative, technical, and physical safeguards to protect information we have about you from loss, theft, and unauthorized use, access, modification, or destruction. We regularly review our established policies and procedures to ensure that they are appropriate and effective. We also require third party service providers acting on our behalf or with whom we share your information to maintain security measures consistent with industry standards.

Our security procedures mean that we may ask you to verify your identity before we disclose personal information to you. It is important for you to protect against unauthorized access to your account password. We recommend using a unique password for your YAX account that is not utilized for other online accounts. Be sure to sign off when you finish using a shared computer.

8.     RETENTION OF YOUR PERSONAL DATA

We keep your personal data for as long as it is necessary for us to carry out our business and legal purposes, for finance, tax, and accounting purposes or as otherwise communicated to you. The specific periods for which we keep your information varies depending on the nature of the information, its purpose, and if it is de-identified. We also consider the minimum necessary retention period prescribed by applicable laws, recommended by industry standards, and stated in contracts and other legal obligations.

Personal data collected to perform a contract with or to comply with our legal obligations under financial or anti-money laundering laws may be retained after transaction closure for as long as required under such laws. It is generally required to be kept for five (5) to ten (10) years in the relevant laws or regulations of different jurisdictions.

9.     YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you may have different rights. The following types of rights are common.

   Right to be informed: you have the right to be informed about the collection and use of your personal data. We set out this Policy for this purpose, and you will be informed of any changes to this Policy.

   Right to access: you have the right to request copies of your personal data from us.

   Right to rectification: you have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete any information you believe is incomplete. Some rectifications can be made directly from the front end of our app or website, such as changing your registered account email or phone number, while others will require you to contact us, i.e. change your KYC documents.

   Right to be erasure: you have the right to request the erasure of your personal data. However, we are required to keep some data by law and for the duration of the retention period cannot be erased.

   Right to deletion: if you are no longer using our app products, you may delete your app account. Based on the contracts you signed during your trading activity, you need to ensure that the assets in your account are disposed of before the deletion.

   Right to object processing: you have the right to object to the processing of your personal data under certain circumstances. Please note you will not be able to carry out any transactional activities when you object processing of certain data that is necessary for the performance of a contract or necessary for us to comply with our legal obligations.

   Right to restriction of processing: you have the right restrict the processing of your personal data. Please note you will not be able to carry out any transactional activities when you restrict the processing of certain data that is necessary for the performance of your contract or necessary for us to comply with our legal obligations

   Right to withdraw consent: insofar as our processing of your personal data based on your consent, you have the right to withdraw consent at any time.

   Right to data portability: you have the right to request to transfer your personal data to you or a third party of your choice under certain circumstances.

   Right related to automatic decision-making and profiling: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

10.  HOW TO CONTACT US AND MAKE A REQUEST

Please contact us at help@yax.xyz to make a query, raise a concern, or exercise your data subject rights.

11.  CHANGES TO THIS POLICY

Our business changes constantly, and our Privacy Policy will change also. You should check our websites frequently to see recent changes. If you do not agree with the revised content, you shall stop accessing YAX services immediately. When an updated version of the Privacy Policy is released, your continued access to YAX services means that you agree to the updated content and agree to abide by the updated Privacy Policy. Unless stated otherwise, our current Privacy Policy applies to all information that we have about you and your account.