logo
中國香港(EN)

Privacy Policy

Effective Date: January 19,2023

This Privacy and Security Policy ("Privacy Policy" or "This Policy") sets out the basis on which we("XTransfer"), together with our subsidiaries, our holding company, affiliated company (Our Group) from time to time, collect, use, store, share and protect your personal or company information as you use our website (https://www.xtransfer.com) or any other Uniform Resource Locators ("URL"), application and tools (collectively, the "Our Platform") through or on which we provide services offered to you. Based on the specific services you use, different subjects may provide you with corresponding services, the entities that provide different services are called relevant service parties, in order to comply with relevant laws, regulations and regulatory requirements, and to provide you with services or improve your service experience, relevant service parties will collect, use, store and share your personal information and company information, and relevant service parties will process your personal data and company information in accordance with this policy.

We strongly suggest you to read this policy carefully and prudently since what stated in this policy is very important to your rights and benefit.We ask for your attention to important provisions which shall materially affect your benefit, obligation or responsibilities by virtue of bold and underlining provisions aforementioned, if you have any question, please contact us through contact information stated in this policy.

If you have any queries regarding this Policy or our use of personal data, please refer to contact information at the end of this Policy.

1. Policy Statement

1.1 This Policy provides you with notice as to how and why your personal data is collected, how it is intended to be used, to whom your personal data may be transferred to, how to access, review and amend your personal data, and our policies on direct marketing and the use of Cookies, etc.

1.2 We collect and process your personal data in compliance with the Personal Data (Privacy) Ordinance, Chapter 486 of the Laws of the Hong Kong Special Administrative Region ( "Ordinance"). Terms like "data", "personal data", "data user", "processing", "disclose" and other terms defined by the Ordinance are used in this Policy in accordance with the definitions given by the Ordinance.

1.3 You may be asked to consent to this Policy when you access, or interact with us via our platform. Otherwise, by using our platform, you are accepting the practices and statements in this Policy. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to provide information and Services to you or to respond to your enquiries.

1.4 Please read the following carefully to understand our policy and practices regarding how your personal data will be treated. This Policy may from time to time be revised.

2. How we collect data

2.1 We will collect your personal data that you voluntarily provide to us through your user account on our platform or using our or Our Group’s or our business partners’ services. Based on laws or your authorization, we may also collect your personal data from third parties (e.g., marketing agencies, market research companies, our suppliers, contractors and consultants at our group companies, your colleagues and business contacts, public websites and public agencies) or sent to us automatically when using our platform and services.We, and our third party service providers ,automatically collect your information about your use of our Website and our Services through cookies, web beacons, and other technologies.

2.2 How we use Cookies

Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your web browser for record-keeping purposes,The information collected (including but not limited to: your IP addresses (and domain names), browser software, types and configurations of your browser, language settings, geo-locations, operating systems, referring website, pages and content viewed, etc.) will be used to ensure operation of the website and enable you to log in securely, for compiling aggregate statistics on how our visitors reach and browse our websites for web enhancement and optimization purposes, and to help us understand how we can improve your experience on it.

You can edit your browser options to block cookies. Visitors to our Website who disable their web browsers’ ability to accept cookies will still be able to browse our Website. However, most website features will not function correctly, if you disable all cookies (including essential cookies) and you may not even be able to login to use our Services. More information can be found in our Cookie policy.

3. When Does XTransfer Collect Your Information

We may collect and store any information you provide us when you use our Services, including when you add information on a web form, add or update your account information, participate in dispute resolutions, or when you otherwise correspond with us regarding our Services.

4.Why we collect your data and what kind of data we collect

4.1 Realize the necessary functions of our Services

When you use our Services, you may need to provide or authorize us to collect your data required for the corresponding Services in the following conditions. If you refuse to provide data required for some Services, you may not be able to access to these Services, but it will not affect your normal use of our other Services.

(a) Registration and certification

When you register for an XTransfer account, you need to provide us with your phone number, email address and set a password to create an XTransfer account. We will verify whether your information is valid by sending a SMS verification code or verification email.

After logging in to your XTransfer account, you can independently complete and enter your phone number, contact address and other personal data. After completing the registration and before using our services, you also need to complete the corporate certification. When performing corporate certification, you need to provide us with basic corporate information, corporate license and the identity information as well as the photocopy or photo of the relevant license of the corporate-related natural person(s) (including legal person, director, actual controller, etc.) .

(b) Sending/Money Transfer

In order to realize the function of sending/money transfer, you are required to provide your own bank account information to upload money, the bank account information of the recipient/beneficiary and related business information (including contracts or invoices, etc.).

(c) Payment Collection

In order to provide you with payment collection services, you need to provide trade-related materials (including contracts or invoices, etc.) to credit the payment. If required for risk compliance review, we may request you to provide more transaction-related information based on specific circumstances.

(d) Regulatory Domestic Reporting and Fund Disbursement

In order to realize the function of regulatory domestic reporting and funds disbursement, you must first bind your account, which requires your financial information (including debit card or bank account information). In addition to your financial information and trade-related materials provided at the time of your service request, you need to provide payee’s identity information, transaction-related logistics documents or logistics-related supporting materials based on the delivery situation. If required for risk compliance review, we will request you to provide more transaction-related information based on specific circumstances.

(e) Payment Withdrawal(if applicable)

In order to realize the function of payment withdrawal, you must first bind your account, which requires your financial information (including debit card or bank account information).

4.2 Optimize of Service Experience, Customer Service, Protection of User Rights and Interests(additional functions)

For the purpose of optimizing your Service experience, providing you with better customer Service and protecting your rights as our user, we and our third-party service providers may collect the following information about you, in case that you do not provide or agree with our retention of the aforementioned information, we may not be able to provide you with certain Services related to the optimization of service experience, customer service and user rights protection, but it will not affect your use of our other Services.

(a) Optimize of Service Experience

We and our third-party service providers may collect the following information from you: your domain name, your browser type and operating system, your Internet Protocol (IP) address, the duration of your visit to our website or use of our services, your activities on our platform, and the referring URLs or pages that lead you to our platform.

(b) Communications of Customer Service

In order to respond to inquiries and assist you when offering customer Services, we may collect your XTransfer account information (including phone number, corporate basic information and your position, etc.) and related transaction information to verify your identity. Under certain occasions, in the need of check the authenticity of the transaction and complete the collection, we may collect name, ID number and bank account information of legal person’s spouse.

Meanwhile, in order to ensure the quality of Service, protect the rights and interests of our users, prevent fraud, and check the accuracy of the information you provide in the process of our customer Service, we will record the calls you receive and make to our customer service hotline. The chat history information between you and our online customer service will also be collected. The aforesaid call recordings and chat history information will be deleted after being retained for a certain period of time, unless preserved due to the needs of compliance requirements or legitimate interest needs.

(c) Protection of User Rights and Interests

From time to time, we may collect feedback/recommendations information or the information you provided during reporting.

5. Use of data

Our primary purpose in collecting personal data is to provide you with a secure, smooth, efficient, and customized experience. We may use your personal data for the following purposes:

(a) to validate your identity;

(b) to process and administer your XTransfer account, to implement and effect the requests or transactions contemplated by the forms available on our platform or any other documents you may submit to us from time to time;

(c) to exercise our rights and perform our obligations relating to your contract with us, to communicate with you about our Services or any changes in the Service’s terms and conditions that apply to you;

(d) to respond to your inquiries and offer you customer Services;

(e) to administer our Services for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

(f) to protect our customers, employees or property - for instance, to investigate fraud, harassment or other types of unlawful activities involving us or other companies that we operate business with;

(g) to monitor your use of the platform and conduct analysis of the use of the platform in order to operate, evaluate and improve the platform and our Services, understand your preferences and troubleshoot any problems;

(h) to assist in law enforcement purposes, investigations by police or other government or regulatory authorities and to meet requirements imposed by applicable laws and regulations or other obligations committed to government or regulatory authorities;

(i) to personalize the appearance of our platforms, provide recommendations of relevant products, information and services and provide targeted advertising on our platform or through other channels;

(j) other purposes as notified at the time of collection; and

(k) other purposes directly relating to any of the above.

6. Personal Data Sharing and Disclosures

As a global company, XTransfer may share data with its group of companies, business partners, or government authorities, etc. XTransfer applies caution when contracting with data processors, performs the relevant activities and puts all the safeguards in place, as required to comply with the Ordinance.

6.1 With Our Group

We share personal data with Our Group as necessary to provide the Services or perform usual technological activities. Personal data shared within Our Group are granted a Ordinance level of protection. Access to personal data within Our Group is restricted to those individuals who need to access the information for our business purposes.

6.2 With Business Partners

We may share certain clients’ data (such as basic corporate information, bank account information, etc.) with our business partners (such as bank, payment institution, etc.). In addition, we will sign strict confidentiality agreements with business partners that we shared your information with, requiring them to process and use data in accordance with this Policy and take strict data security measures.

6.3 With Government Authorities

We may provide personal data to government authorities as requested by public authorities, auditors or institutions competent to exercise inspections on XTransfer, based on their legal obligations, which may ask us to provide information. In addition, we may provide personal data to comply with a legal requirement or to protect the rights and assets of XTransfer or other entities or people, such as courts of law, or enforcement authorities.

6.4 With Potential Acquirers or Investors

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email, account message and/or a prominent notice on our platform of any change in ownership or uses of your personal data, as well as any choices you may have regarding personal data.

6.5 To Protect us and Others

We may disclose your information when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our Services’ terms and conditions or this Policy, or as evidence in litigation in which we are involved.

6.6 With Analytic and Search Engine Providers

We may disclose your information to analytic and search engine providers that assist us in the improvement and optimization of our platform.

For our policy on sharing of your personal data for promotional and marketing purposes, please see the section entitled "Use of Personal Data for Direct Marketing Purposes".

7. Use of Personal Data for Direct Marketing Purposes

7.1 In addition to the purposes set out above, where permitted by law, XTransfer may use your name and contact details for promotional or marketing purposes including sending you promotional emails and conducting direct marketing in relation to our products, services, or activities or, as appropriate, those of Our Group or other companies with whom we have partnered.

7.2 For the purposes of direct marketing, we may, where permitted by law, provide your personal information to marketing and call center providers so that they can send you promotional materials and conduct direct marketing in relation to our Services (these materials may be sent to you by SMS, email or other means).

7.3 Before using or providing your personal data for the purposes and to the transferees set out in this section, we may be required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use and provide your personal data for any promotional or marketing purpose.

7.4 If your consent is required, and you provide such consent, you may thereafter withdraw your consent to the use and provision to a third party by XTransfer of your personal data for direct marketing purposes and thereafter XTransfer shall cease to use or provide such data for direct marketing purposes.

7.5 If you have provided consent and wish to withdraw it or if you prefer not to receive marketing communications from us in any form, please contact us as described in this Policy.

8. Data Transfers and Global Processing

Due to the nature of our global business and the technologies required, your personal data may be transferred to third-party service providers outside Hong Kong. We are committed to take all reasonably necessary steps and exercise all due diligence to make sure all personal data collected, held, stored, used, or otherwise processed outside Hong Kong are treated securely, in accordance with this Policy and in compliance with the Ordinance.

9. Personal Data Security

XTransfer uses reasonable methods to secure all personal data by a variety of methods, including restricting access to such personal information only to those people who have a legitimate need to know in order to discharge their job responsibilities on behalf of XTransfer, securing access to the facility where the personal data is stored and the use of technology and physical controls to secure the personal data. XTransfer is required to disclose personal information in response to lawful requests by public authorities including to meet national security or law enforcement requirements. If you have questions about the security of your personal data, please contact us as described in this Policy.

10. Personal Data Retention

Your personal data will be stored on third-party servers in China.We will store your personal data for a limited period of time, as necessary to achieve the purposes of the personal data processing, as described in this Policy, and in accordance with our legal and contractual obligations, or industry practices.

Once the retention period expires for a specific category of data, XTransfer will delete, archive, anonymize or destroy it, in accordance with our internal policies and procedures, unless prohibited by the Ordinance or other applicable law.

You may request to have your personal data deleted at any time by contacting us using the contact details as described in this Policy.

11. How Does XTransfer Store and Protect Your Information

We will strictly abide by relevant laws and regulations to respect and protect users’ privacy rights. Unless in accordance with XTransfer General User Terms and Conditions, Privacy and Security Policy, Website Terms of Use, and other published guidelines on our platform, we will not disclose and reveal your personal information without your authorization.

We take security measures in respect of physical, electronic, and management that comply with industry standards to protect your personal information. We manage the storage and use of standardized information by establishing data hierarchical management, system security management, and data security development specifications.We conduct comprehensive security control of data by signing confidentiality agreements with information receivers, completing monitoring and internal management systems.

We will take all reasonable and feasible measures to protect your personal information. For example, the data exchange between your browser and XTransfer is protected by SSL encryption; encryption technology is used to ensure the confidentiality of data; two -factor authentication is used to protect account security; a trusted protection mechanism is used to prevent malicious attacks on accounts; conduct network information security training and assessment regularly for relevant personnel to make them fully realize the importance of network security and strictly abide by corresponding rules and regulations.

If you accidentally disclose your login account and password, you shall contact us via the contact information on our platform or our customer service hotline as soon as possible for us to lock the user’s operating authority timely to prevent any third -party from illegal operation. Besides, you can reset your password and resume to normal use after providing valid identification and relevant credentials which have been reviewed and verified by us.

12. How Does XTransfer Protect the Information of Minors?

We attach great importance to the protection of minors' personal information, and the services of our platform are mainly for adults. If you are a minor, it is recommended for your parents or guardians to read this policy and you can only use our services or provide us with your information after the consent of your parents or guardians. If your guardian does not agree that you use our services or provide us with information in accordance with this policy, please stop using our services immediately and notify us as soon as possible so that we can take corresponding measures. We will ensure the confidentiality and security of minors' personal information in accordance with relevant laws and regulations.

For minors' personal information collected during the use of our products or services with the consent of parents or guardians, we will only use, share, transfer or disclose such information if it is permitted by laws and regulations, there is express consent of parents or guardians or it is necessary to protect minors.

13. Data Subject Rights

You have the following rights with respect to your personal data under the Ordinance, which you may exercise at any time by contacting us using the contact details as described below.

(a) verify whether XTransfer holds any personal data about you and to access any such data;

(b) require XTransfer to correct any personal data relating to you which is inaccurate;

(c) withdraw your consent for use or provision of personal data for direct marketing;

(d) make a complaint about XTransfer’s data processing; and

(e) enquire about XTransfer’s policies and practices in relation to personal data.

Requests for access, correction, complaints, or other queries relating to your personal data should be addressed to the contact details as described in this Policy.

Under applicable laws and regulations, XTransfer has the right to charge costs which are directly related to and necessary for the processing of any personal data request.

14. Changes to this Policy

XTransfer will occasionally update this Policy as it could become necessary. XTransfer encourages you to periodically review this Policy to be informed of how XTransfer is protecting your personal data.

15. Contact Information

If you want to exercise your rights as set out in this Policy, or have any queries regarding this Policy or our processing of personal data, please contact us at:

Xtransfer Limited

Address: 6/F, Bank of America Center, 12 Harcourt Road, Central, Hong Kong

Email: [email protected]

16. Definition

We, means Xtransfer Limited

Affiliated Companies, means Shanghai Duohui Network Technology Co., Ltd and Shanghai Duochang Network Technology Co., Ltd.

17. Special Terms

If you are located in mainland, China or you will use the relevant services or functions through your current website, web link, application or tool to our mainland website, web link, application or tool (Mainland Site), you will additionally apply the following terms.

(a) Regarding personal data, the personal data referred to in this Policy are consistent with personal information as defined in the Personal Information Protection Law of the People's Republic of China.

(b) Article 7 "Use of Personal Data for Direct Marketing Purposes" in this Policy does not apply.

(c) Device Permissions invoked to Provide Additional Functions

In order to provide you with convenient and high -quality services, we may need to invoke some permissions on your device. When you use the corresponding function, you will see a pop -up reminder asking you whether to authorize it. You can choose to turn off some or all permissions in the settings of your mobile device. Based on different mobile device operating systems, the opening and closing methods of the above permissions may be different. For details, please refer to the instructions or guidelines of the device and system developers. If you would like to see more details on our access to your device permissions, please refer to the appendix 2 "Invocation List of Device Permission" .

Besides, we may also need additional commercial and/or identification information from you e.g. if you send or receive certain high -value or high -volume transactions or as needed to comply with our anti-money laundering obligations under applicable law.

In providing the personal data of any individual (other than yourself) to us during your use of our Services, you promise that you have obtained consent from such individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data, for the purposes set out in this Privacy Policy.

We do not, however, collect and process any types of personal sensitive data without your prior consent or unless we are required to by law, for e.g. details about your race or ethnic origin, religious beliefs, personal health information, etc.

(d) Cooperation between XTransfer and Third -party Software Development Kit (SDK) Service Providers

In order to ensure the stable operation of the client and the realization of functions, so that you can use and enjoy more services and functions, our application will embed the SDK of authorized partners or other similar applications. You can use the "Third Party SDK Directory" (See Annex 1) View the SDK details of our authorized partners. We will conduct more stringent security tests on the application programming interface (API) and software tool development kit (SDK) for authorized partners to obtain relevant information, and agree strict data protection measures with authorized partners to comply with this policy and other Any relevant confidentiality and security measures to handle personal information. If you find that these SDKs or other similar applications are at risk, it is recommended that you immediately terminate the relevant operations and get in touch with us in time.

(e) Regarding data sharing, the following terms shall also apply:

Sharing with advertisers, media and other partners, we may cooperate with the aforementioned partners to use the processed masking data in various forms for commercial purposes, including optimizing advertising and improving marketing effectiveness. We will not share your identity information with the aforesaid partners unless otherwise authorized by you. We may provide these partners with ad serving strategy data or advertiser ad performance data instead of providing any personally identifiable information, otherwise we will aggregate this information so that it cannot be identifiable;

Your personal data collected and generated during our operations in the People's Republic of China will be stored on a third-party cloud server in mainland China.Based on the necessity of providing services, we may share your information with partners outside mainland, China or our affiliates, and we will obtain your authorization on the aforementioned sharing upon your request for using specific services, and you will be informed of the recipient of your information on the display page of the specific service.

We will use commercially reasonable efforts to make sure that the transfer and disclosure of your personal data meets the applicable local laws and regulations under the premise of complying with PRC laws , regulations and requirements. Meanwhile, we will also take all the reasonably necessary steps(including but not limited to encrypted transmission, limiting the scope of access, signing a data processing agreement with the data recipient or a cooperation agreement containing data processing terms to clarify the data protection responsibilities and obligations of both parties) to ensure that your personal data is processed securely and in accordance with the protection provisions of this Policy.

(f)Regarding Contact Information

If you have any questions, comments or suggestions about this Policy or data processing, you can contact us by email or phone via the following contact information:

Tel: 400-998-9930

E-mail: [email protected]

You have the right to cancel your XTransfer account, you can send us a cancellation application through your registered email address 30 days in advance, and note the reason for cancellation to email:[email protected], we will process your cancellation request upon receipt.

(g)Regarding Definitions

We, means Shanghai Duohui Network Technology Co., Ltd and Shanghai Duochang Network Technology Co., Ltd.

Affiliated Companies, means Xtransfer Limited.

(h) Annexes

Annex 1 <Third Party SDK Directory>

No.Name of SDKAffiliationUsage of SDKPersonal Information Collected by SDKLink of Privacy Policy
1.Umeng SDKUmeng Tongxin (Beijing) Technology Co., Ltd.Basic package, push, share, statisticsDevice Information(IMEI/android ID/IDFA/OPENUDID/GUID、SIM Card IMSIInformation/Geogr aphic location and so on)https://www.umeng.com/page/policy
2.Xiaomi pushXiaomi Technology Co., Ltd.message pushDevice information, Network type, Device model, Application informationhttps://privacy.mi com/all/zh_CN/
3.Vivo pushGuangdong BBK Electronic Industry Co., Ltd.message pushDevice information, Device modelhttp://www.vivo.com.cn/about-vivo/privacy-policy
4.Meizu pushZhuhai Meiwang Technology Co., Ltd.message pushDevice information, location, Application information, Network type, Device modelhttps://www.meizu.com/legal.html
5.Huawei pushHuawei Technologies Co., Ltdmessage pushDevice information, Network type, Device model, Application informationhttps://developerharmonyos.com/cn/docs/design/des-guides/privacy-statement-0000001077380966
6.OPPO pushOPPO Guangdong Mobile Communication Co., Ltd.message pushDevice information, Device model,https://privacy.oppo.com/cn/policy/
7.WeChat Open PlatformTencent Technology (Shenzhen) Co., Ltd.WeChat login authorization,W eChat sharing, WeChat payment, WeChat collectionDevice information (IMEI, IMSI, MAC address,AndroidID),Network information,WeChat account informationhttps://privacy.qqcom/policy/tencent-privacypolicy
Annex 2 <Invocation List of Device Permission>

Please be aware:

1. In order to ensure the realization and operation of XTransfer App functions in safe and sable ways/ provide you with personalized services, we may apply to invoke certain permissions of your mobile device.

2. This list will show the possible mobile device permissions that we may apply to invoke. With the upgrade of XTransfer App/our functions, such as changes in the type and purpose of device permissions applied for or used, we will update this list in time.

3. Please be aware that some third -party SDKs we use may also apply for to invoke certain permissions of your mobile device.

Invocation List of Device Permission for Android System

Android device permissionsPurpose of use
CameraID card recognition, QR code recognition, face recognition, uploading user information, video recording, taking photos, and scanning.
Photo albumUpload user information, face recognition, account opening
Address bookImage loading
Short messageAutomatically detect verification codes
Geographical locationTransaction Risk Control Guarantee
Network communicationCommunicate with the server
Device Information (Phone Status)Guarantee account, transaction security and transaction risk control

Invocation List of Device Permission for IOS System

IOS device permissionsPurpose of use
CameraID card recognition, QR code recognition, face recognition, uploading user information, video recording, taking pictures, scanning
Photo albumSet avatar, face recognition, open account
Geographical locationTransaction Risk Control Guarantee
Network communicationCommunicate with the server

私隱政策

生效日期:2023年01月19日

本隱私與安全政策 ("隱私政策"或"本政策") 規定了當您使用我們用於提供服務的網站(https://www.xtransfer.com)或任何其他網站連結("URL")、應用程式和工具(XTransfer App) (以下統稱為"我方平台") 時,我們"XTransfer" 以及我們的子公司、 控股公司、關聯公司(我們集團)如何收集、使用、存儲、共用和保護您的個人或公司資料。基於您使用的具體服務不同,可能會由不同的主體向您提供對應的服務,提供不同服務的主體我們稱為相關服務方,為遵守相關法律法規及監管要求,及為向您提供服務或提升服務體驗,相關服務方將收集、使用、存儲、共用您個人資料及企業資料,相關服務方將按照本私隱與安全政策處理您的個人資料及企業資料。

本政策對您使用服務及處理您個人資料及企業資料有密切關係,我們強烈建議您仔細閱讀本政策,我們將涉及您重要利益及責任的條款採用加上粗體的方式進行提示,您如有任何問題均可通過本政策載明聯繫方式與我們取得聯繫。

如果您對本政策或我們對個人資料的使用有任何疑問,請參閱本政策末尾的聯繫方式。

1.政策聲明

1.1本政策為您提供了有關如何收集您的個人資料以及為什麼收集您的個人資料;如何使用您的個人資料;您的個人資料可能會傳輸給誰;如何訪問、審查和修改您的個人資料,以及我們關於直接行銷和使用Cookie等的政策的通知。
1.2我們根據香港特別行政區法例第486章《個人資料(私隱)條例》("條例")收集及處理您的個人資料。本政策中使用的"資料"、"個人資料"、"資料使用者"、"處理"、"披露"及其他條例所界定的術語,均按照條例所給出的定義使用。
1.3當您訪問我方平台或通過我方平台與我們互動時,我們可能會要求您同意本政策。否則,通過使用我方平台,您即接受本政策中的實踐和聲明。您可以選擇不向我們提供所要求的資料,但如果不這樣做,我們可能無法向您提供資料和服務,或無法回覆您的查詢。
1.4請仔細閱讀以下內容,以了解我們如何處理您的個人資料的政策和實踐。本政策將不時修訂。

2. 我們如何收集資料

2.1 我們將通過您在我們平台的註冊帳號及使用我們或我們集團公司或商業合作夥伴的服務收集您自願提供的資料,在法律允許的條件下或基於您的授權,我們也可能會從協力廠商收到關於您的資料 (如行銷機構、市場調查公司、我們在集團公司的供應商、承包商和顧問、 您的同事和業務連絡人、公共網站和公共機構) ,以及當您使用我們平台和服務時自動發送的資料。我們以及我們採用的協力廠商服務提供者將通過cookies、網路信標和其他技術收集有關您使用我們網站和我們服務的資料。

2.2 XTransfer如何使用 Cookies

Cookies 是我們通過您的網路流覽器傳輸到您的電腦硬碟驅動器上的字母數位識別碼符, 用於保存記錄,收集的資料(包括但不限於:您的IP位址(及功能變數名稱)、流覽器軟體、流覽器類型及配置、語言設置、地理位置、作業系統、參考網站、所流覽的網頁及內容等),將被用於確保本網站的運作及確保您安全地登錄,並用於彙編有關訪客如何到達及流覽本網站的統計資料,以加強及優化網頁,以及幫助我們了解如何改善你的流覽體驗,並通過了解和記住您的特定流覽偏好,在未來為您提供量身定制的體驗。您可以編輯您的流覽器選項,以便遮罩cookies。我們網站的訪問者如果將網路瀏覽器設置為不接受 cookies,仍然可以流覽我們的網站。但如果您禁用了所有 cookies (包括必需的cookies) ,大部分網站功能將無法正常工作,甚至可能無法登錄使用我們的服務。可以在我們的Cookie 政策中找到更多資料。

3. XTransfer 何時收集您的資料

我們可能會在您使用我們服務時收集和保存您向我們提供的任何資料,包括您在網頁表單上添加資料、添加或更新您的帳戶資料、參與爭議解決,或以其他方式就我們的服務與我們進行通料。

4. 我們為什麼收集您的資料和我們收集什麼樣的資料

4.1實現本服務的必要功能

當您使用我們的服務時,在以下情況下,您可能需要提供或授權我們收集相應服務所需的資料。如果您拒絕提供部分服務所需的資料,您可能無法使用這些服務,但不影響您正常使用我們的其他服務。

(a)註冊和驗證

當您註冊XTransfer帳戶時,您需要向我們提供您的電話號碼、電子郵寄地址並設置密碼以創建XTransfer帳戶。我們將通過發送短信驗證碼或郵件驗證您的資料是否有效。

登錄您的XTransfer帳戶後,您可以獨立填寫並輸入您的電話號碼、聯繫地址等個人資料。完成註冊後,在使用我們的服務之前,您還需要完成公司認證。在進行公司認證時,您需要向我們提供公司基本資料、公司執照、與公司有關的自然人(包括法定代表人、董事、實際控制人等)的身份資料(身份證件、姓名、證件號)以及相關證照的影本或照片。

(b)匯款/轉帳

為了實現匯款/轉帳功能,您需要提供自己的銀行帳戶資料以上傳資金、收款人/受益人的銀行帳戶資料以及相關業務資料(包括合同或發票等)。

(c)收款

為了向您提供收款服務,您需要提供與貿易有關的資料(包括合同或發票等),以抵扣貨款。如果風險合規性審查需要,我們可能會根據具體情況要求您提供更多與交易相關的資料。

(d)結匯提現

為了實現結匯提現功能,您必須先綁定您的結匯提現帳戶,這需要您的財務資料(包括借記卡或銀行帳戶資料)。除了您在提出服務要求時提供的財務資料和與貿易有關的材料外,您還需要根據交付情況提供收款人的身份資料、與交易有關的物流單據或與物流有關的證明材料。如果需要進行風險合規性審查,我們將根據具體情況要求您提供更多與交易相關的資料。

(e)普通提現(如適用)

為實現普通提現的功能,您需先進行綁定普通提現帳戶的操作,這需提供您綁定的普通提現帳戶的財務資料 (包括借記卡或銀行帳戶資料)。

4.2優化服務體驗,客戶服務,保護使用者權益(附加功能)

為了優化您的服務體驗,為您提供更好的客戶服務,保護您作為我們的用戶權益,我們和我們的協力廠商服務提供者可能會收集您的以下資料,如果您不提供或不同意我們保留上述資料,我們可能無法向您提供與優化服務體驗、客戶服務和使用者權益保護相關的某些服務。但不會影響您使用我們的其他服務。

(a)優化服務體驗

我們和我們的協力廠商服務提供者可能會向您收集以下資料:您的功能變數名稱、您的流覽器類型和作業系統、您的互聯網協議(IP)位址、您訪問我們網站或使用我們服務的時長、您在我們平台上的活動以及引導您訪問我們平台的引用URL或頁面。

(b)客戶服務溝通

我們可能會收集您的XTransfer帳戶資料(包括電話號碼、公司基本資料、您的職位等)和相關交易資料,以驗證您的身份,以便在提供客戶服務時為您提供諮詢和協助。在某些特定情形下,基於核實交易背景及説明您完成收款,我們可能會收集法定代表人配偶的姓名、身份證號和銀行帳戶資料。

同時,為確保服務品質,保障使用者權益,防止欺詐行為,並核對您在客戶服務過程中提供的資料的準確性,我們會對您撥打的客戶服務熱線電話進行錄音。您與我們的線上客服之間的聊天記錄資料也將被收集。

(c)保護用戶權利和利益

我們會時不時收集您向我們提供的回饋意見/建議或舉報時提供的資料。

5.資料的使用

我們收集個人資料的主要目的是為您提供服務及向您提供安全、順暢、高效和定制化的體驗。我們可能會將您的個人資料用於以下用途:

(a)驗證您的身份;
(b)處理和管理您的XTransfer帳戶,執行和實現我們平台上可用的表格或您可能不時提交給我們的任何其他檔所設想的請求或交易;
(c)就您與我們簽訂的合同行使我們的權利和履行我們的義務,就我們的服務或適用於您的服務條款和條件的任何變更與您溝通;
(d)回復您的查詢並向您提供客戶服務;
(e)為內部運營管理我們的服務,包括故障排除、資料分析、測試、研究、統計和調查目的;
(f)保護我們的客戶、員工或財產——例如,調查涉及我們或與我們有業務往來的其他公司的欺詐、騷擾或其他類型的非法活動;
(g)監控您對平台的使用情況,並對平台的使用情況進行分析,以便運營、評估和改進平台和我們的服務,了解您的偏好並排除任何問題;
(h)協助執法目的、警方或其他政府或監管機構的調查,並滿足適用法律法規的要求或向政府或監管部門承擔的其他義務;
(i)個性化我們的平台外觀,提供相關產品、資料和服務的推薦,並在我們的平台或通過其他管道提供有針對性的廣告;
(j)收款時通知的其他目的;和
(k)與上述任何一項直接相關的其他目的。

6.個人資料共用和披露

作為一家全球性公司,XTransfer可能會與其集團公司、商業夥伴或政府機構等共用資料。XTransfer在與資料處理者簽訂合同時謹慎行事,執行相關活動並落實所有保障措施,以遵守條例的要求。

6.1與我們集團

為了提供服務或進行通常的技術活動,我們在必要時與我們集團共用個人資料。在我們集團內共用的個人資料享有條例級別的保護。在我們集團內只有出於我們的業務目的需要訪問資料的個體才能訪問個人資料。

6.2與商業夥伴

我們可能會與我們的商業夥伴(如銀行、支付機構等)共用某些客戶的資料(如公司基本資料、銀行帳戶資料等)。此外,我們還會與與我們共用您資料的商業夥伴簽署嚴格的保密協定,要求其按照本政策處理和使用資料,並採取嚴格的資料安全措施。您的某些服務將由協力廠商提供,在此情形下,我們需將您的個人資料才能向您提供相關服務。

6.3與政府機構

如有權對XTransfer進行檢查的機構基於其法定義務要求我們提供資料,我們可能會根據該等要求向監管機構提供個人資料。我們可能基於遵循法律的要求或出於保護XTransfer或其他實體或個人權利和財產的目的提供個人資料,例如向法院或執法機構提供。

6.4 與潛在的收購者或投資者

如果我們存在全部或部分資產的合併、收購或出售的情形,我們將通過電子郵件、帳戶消息和/或我們平台上的顯著通知通知您您的個人資料所有權或使用的任何變化,以及您對該等個人資料可能享有的任何選項。

6.5為了保護我們和他人

當我們認為有必要就非法活動、涉嫌欺詐、違反我們服務的條款和條件或本政策的行為進行調查、預防或採取行動時,或在我們參與的訴訟中作為證據時,我們可能會披露您的資料。

6.6與分析和搜尋引擎提供商

我們可能會向分析和搜尋引擎提供商披露您的資料,以説明我們改進和優化我們的平台。

有關我們為推廣及推廣用途而分享您的個人資料的政策,請參閱"使用個人資料作直接促銷用途"一節。

7.使用個人資料作直接促銷用途

7.1 除了上述目的外,在法律允許的情況下,XTransfer可能會將您的姓名和聯繫方式用於促銷或行銷目的,包括向您發送促銷電子郵件,並就我們的產品、服務或活動,或視情況而定對我們的集團公司或與我們合作的其他公司的產品、服務或活動進行直接行銷。
7.2為了直接行銷的目的,在法律允許的情況下,我們可能會向行銷和呼叫中心提供商提供您的個人資料,以便他們向您發送促銷材料,並就我們的服務進行直接行銷(這些材料可能通過短信、電子郵件或其他方式發送給您)。
7.3在為本節所述的目的向受讓人提供您的個人資料之前,法律可能要求我們取得您的書面同意。在這種情況下,只有在取得該等書面同意後,我們才可使用和提供您的個人資料作任何推廣或市場推廣之用。
7.4如果需要您的同意,並且您提供了此類同意,您可以隨後撤回您對XTransfer將您的個人資料用於直接行銷目的並將其提供給協力廠商的同意,此後XTransfer將停止使用或提供此類資料用於直接行銷目的。
7.5如果您已提供同意並希望撤回該同意,或您不願意接收我們以任何形式發送的行銷通訊,請按照本政策中所述的聯繫方式與我們聯繫。

8.資料傳輸和全球處理

由於我們的全球業務性質及所需的技術,您的個人資料可能會轉移至香港以外的協力廠商服務提供者。我們承諾採取一切合理必要的步驟,並盡一切應有的努力,確保所有在香港以外地方收集、持有、儲存、使用或以其他方式處理的個人資料,均按照本政策及條例的規定得到安全處理。

9.個人資料安全

XTransfer使用合理的方法,通過各種方法保護所有個人資料的安全,包括將訪問這些個人資料的許可權限制為那些有合法需要了解的人,以便代表XTransfer履行其工作職責,確保訪問存儲個人資料的設施,以及使用技術和物理控制來保護個人資料。XTransfer必須根據公共當局的合法要求披露個人資料,包括滿足國家安全或執法要求。如果您對個人資料的安全性有疑問,請按照本政策中所述的聯繫方式與我們聯繫。

10.個人資料保留

您的個人資料將儲存在中國境內協力廠商伺服器上,我們將根據本政策,我們的法律和合同義務或行業慣例,在實現個人資料理處理目的所需的情況下,將您的個人資料存儲一段有限的時間。

一旦特定類別資料的保留期限到期,XTransfer將根據我們的內部政策和程式刪除、歸檔、匿名化或銷毀該資料,除非條例或其他適用法律禁止。

您可以隨時使用本政策中所述的聯繫方式與我們聯繫,要求刪除您的個人資料。

11. 個人資料安全及保護

我們將嚴格遵守相關法律法規,尊重並保護用戶的個人隱私,除了在與使用者簽署的隱私保護協定和網站服務條款以及其他公佈的準則規定的情況下,未經使用者授權不隨意公佈和洩露使用者個人身份資料

我們採取符合業界標準的物理、電子和管理方面的安全措施來保護您的個人資料安全。我們通過建立資料分級管理、系統安全管理、資料安全開發規範來管理規範資料的存儲和使用。我們通過與資料接觸者簽署保密協定、完善監控和內部管理制度來對資料進行全面安全控制。

我們會採取一切合理可行的措施,保護您的個人資料。例如,在您的流覽器與XTransfer 之間交換資料時受 SSL 加密保護;使用加密技術確保資料的保密性;使用雙因素驗證保護帳戶安全;通過受信賴的保護機制防止帳戶遭到惡意攻擊;定期對相關人員進行網路資料安全培訓並進行考核,使網站相關管理人員充分認識到網路安全的重要性,嚴格遵守相應規章制度。

如您不慎洩露登陸帳號和密碼,應當及時通過我們網站公佈的方式或撥打客服電話聯繫我們並告知我們,以便我們鎖定相關的操作許可權,防止他人非法操作;在您提供有效身份證明和相關憑據並經我們審查核實後,您可以重新設定密碼並恢復正常使用。

12.未成年人資料保護

我們非常重視對未成年人個人資料的保護,我們平台的服務主要面向成年人。如您為未成年人,建議請您的父母或監護人閱讀本政策,並在征得您父母或監護人同意的前提下 使用我們的服務或向我們提供您的資料。如您的監護人不同意您按照本政策使用我們的服務或向我們提供資料,請您立即終止使用我們的服務並及時通知我們,以便我們採取相應的措施。我們將根據國家相關法律法規的規定保護未成年人的個人資料的保密性及安全性。

對於經父母或監護人同意使用我們的產品或服務而收集未成年人個人資料的情況,我們只會在法律法規允許、父母或監護人明確同意或者保護未成年人所必要的情況下使用、共用、轉讓或披露此資料。

13.資料主體權利

根據條例,您對您的個人資料享有以下權利,您可以隨時通過下方聯繫方式聯繫我們行使這些權利。

(a)核實XTransfer是否持有您的任何個人資料,並查閱任何該等資料;
(b)要求XTransfer更正與您有關的任何不準確的個人資料;
(c)撤回同意你使用或提供個人資料作直接促銷之用;
(d)就XTransfer的資料處理提出投訴;和
(e)查詢XTransfer有關個人資料的政策和操作。

有關查閱、更正、投訴或與您的個人資料有關的其他查詢,應向本政策中所述的聯繫方式提出。

根據適用法律法規,XTransfer有權收取與處理任何個人資料請求直接相關且必要的費用。

14.本政策的變更

XTransfer將在必要時不時更新本政策。XTransfer鼓勵您定期查看本政策,以了解XTransfer如何保護您的個人資料。

15.聯繫資料

如果您想行使本政策中規定的權利,或對本政策或我們對個人資料的處理有任何疑問,請通過以下方式與我們聯繫:

XTransfer Limited

地址: 香港中環夏愨道12號美國銀行中心6樓

電子郵箱: [email protected]

16.定義

我們,指XTransfer Limited

關聯公司,指上海奪匯網路技術有限公司,上海奪暢網路技術有限公司。

17. 特別條款

如您位於中國大陸,或您將通過當前的網站、網路連結、應用程式或工具前往我們中國大陸的網站、網路連結、應用程式或工具(大陸站)使用相關服務或功能,您將額外適用如下條款

(a) 關於個人資料,本政策所指提及的個人資料均與《中華人民共和國個人資料保護法》所定義的個人資料保持一致。
(b) 關於本政策中的第7條"使用個人資料作直接促銷用途"不適用。
(c) 關於為提供附加功能而調用的設備許可權

為向您提供便捷、優質的服務,我們可能會調用您設備上的一些許可權。在您使用相應功能時會看到彈窗提醒,詢問您是否授權。您可以在移動設備的設置功能中選擇關閉部分 或全部許可權。基於不同的移動設備作業系統,上述許可權的開啟和關閉方式可能有所不同, 具體請參考設備及系統開發方的說明或指引。關於我們調取您設備許可權的具體情況,詳見後文附件二《調用設備許可權清單》。

除此以外,我們還可能需要您提供更多商業和/或身份資料,例如,如果您發送或接收某些高價值或高額交易,或根據遵守適用法律規定的反洗錢義務的需要。

在您使用我們的服務期間,如果向我們提供任何個人 (除您以外) 的個人資料,貴方保證已經獲得了相關個人的同意向我們披露他/她的個人資料,並且他/她同意我們出 於本隱私政策規定的目的收集、使用和披露這些個人資料。

但我們不會在未經您事先同意的情況下收集和處理任何類型的個人敏感性資料,除非法律要求,例如關於您種族或族裔、宗教信仰、個人健康資料等方面的詳細資料。

(d) XTransfer 與協力廠商軟體發展包 (SDK) 服務商的合作

為保障用戶端的穩定運行、功能實現,使您能夠使用和享受更多的服務及功能,我們的應用中會嵌入授權合作夥伴的SDK 或其他類似的應用程式,您可以通過附件一《協力廠商 SDK 目錄》查看我們接入授權合作夥伴的SDK 詳情。我們會對授權合作夥伴獲取有關資料的應用程式接口 (API) 、軟體工具開發包 (SDK) 進行更嚴格的安全檢測,並與授權合作夥伴約定嚴格的資料保護措施,令其按照本政策以及其他任何相關的保密和安全措施來處理個人資料。如您發現這些SDK 或其他類似的應用程式存在風險時,建議您立即終止相關操作並及時與我們取得聯繫。

(e) 關於資料共用,還需適用以下條款:

與廣告主、媒體等合作夥伴共用,我們可能會與前述合作夥伴合作以多種形式將經過處理後的脫敏資料用於包括優化廣告投放和提升行銷效果等的商業化使用之目的。除非得到您的授權,否則我們不會將您的個人身份資料向合作夥伴分享。我們會向這些合作夥伴提供有關廣告投放人群策略資料或廣告主廣告效果的資料,而不會提供任何個人身份資料,或者我們將這些資料進行匯總處理,以便它無法作身份識別;

我們在中華人民共和國境內運營中收集和產生的關於您的個人資料,將存儲在中國境內協力廠商的雲伺服器上,基於提供服務的必要,我們可能向中國大陸地區以外的合作方或我們的關聯公司共用您的資料,前述共用將在您開通具體服務時獲取您的授權,您可在具體開通服務的介面知悉您資料的接收方。 我們在滿足中國法律法規相關規定和要求的前提下,且將盡商業合理上的最大努力採取措施確保您的資料轉移披露是符合當地法律法規的要求,同時,我們也將採取合理必要的一切步驟(包括但不限於加密傳輸、限制可訪問範圍、與資料接收方簽訂資料處理協定或者含有資料處理條款的合作協定以明確雙方資料保護責任義務等),確保您的個人資料得到安全處理,並符合本隱私政策的保護約定。

(f) 關於聯繫資料

如果您對我們的隱私與安全政策或資料處理有任何疑問、意見或建議,可以通過郵件或電話與我們聯繫,我們聯繫方式如下:

電話:400-998-9930

電子郵箱:[email protected]

您有權註銷 XTransfer 帳戶,您可以提前 30 日通過您的註冊郵箱向我們發送註銷申請,並備註註銷原因至 [email protected],我們將在收到後處理您的註銷申請。

(g) 關於定義

我們,指上海奪匯網路技術有限公司,上海奪暢網路技術有限公司。

關聯公司,指XTransfer Limited。

(h) 附件

附件一《協力廠商 SDK 目錄》

編號SDK名稱所屬機構SDK用途SDK收集的個人資料隱私權政策連結
1.友盟SDK友盟同欣(北 京)科技有限 公司基礎包、推送、分享、統計設備信息(IMEI/android ID/IDFA/OPENUDID/GUID、SIM卡、IMSI資料/地理位置等)https://www.umeng.com/page/policy
2.小米推送小米科技有限責任公司消息推送設備資料、網路類型、設備型號、應用 資料https://privacy.mi.com/all/zh_CN/
3.Vivo推送廣東步步高電子工業有限公司消息推送設備資料、設備型號http://www.vivo.com.cn/about-vivo/privacy-policy
4.魅族推送珠海市魅網科技有限公司消息推送設備資料、定位、應用資料、網路類型、 設備型號https://www.meizu.com/legal.html
5.華為推送華為技術有限公司消息推送設備信息、網絡類型、設備型號、應用資料https://developer.harmonyos.com/cn/docs/design/des-guides/privacy-statement-0000001077380966
6.OPPO推送OPPO廣東移動通信有限公司消息推送設備資料、設備型號https://privacy.oppo.com/cn/policy/
7.微信開放平台騰訊科技(深圳)有限公司微信授權登錄 、微信分享 、微信支付 、微信收藏設備信息(IMEI、IMSI、MAC地址、AndroidID)、網路資料、微信帳號資料https://privacy.qq.com/policy/tencent-privacypolicy

附件二《調用設備許可權清單》

請知悉:

1. 為保障XTransfer App 功能實現與安全穩定運行/為您提供個性化服務的目的,我們可能會申請調用您某些移動設備的許可權。

2. 本清單將展示我們可能申請調用的您的移動設備許可權。隨著 XTransfer App/我們功 能的升級,如申請或使用的設備許可權類型與目的發生變動,我們將及時更新列表。

3. 請您知悉,我們接入的協力廠商 SDK 也可能會申請調用某些設備許可權。

安卓系統設備許可權清單

Android 設備許可權使用目的
攝像頭用於身份證識別、識別二維碼、人臉識別、上傳使用者資料、錄影、拍照,掃一掃功能。
相冊用於上傳使用者資料、人臉識別,開戶功能。
通訊錄用於圖片載入
短信用於自動檢測驗證碼功能。
地理位置用於交易風控保障功能。
網路通訊用於與服務端進行通訊功能。
設備資訊 (電話狀態)用於保障帳戶、交易安全以及交易風控保障功能。

IOS 系統設備許可權清單

IOS 設備許可權使用目的
攝像頭用於身份證識別、識別二維碼、人臉識別、上傳使用者資料、錄影、拍照,掃一掃功能。
相冊用於設置頭像、人臉識別,開戶功能。
地理位置用於交易風控保障功能。
網路通訊用於與服務端進行通訊功能。