Last updated: 2 October 2024
1.Introduction
Thank you for visiting OKLink.com (the “Site”). Your use of this Site is being facilitated by one of the following parties (individually as a “Party” and collectively as the “Parties”):
- OKLink Trust Limited, a Hong Kong incorporated private limited company (company registration number: 68501890) and trust company registered under section 78(1) of the Trustee Ordinance (trust license number TC007017), if you are using any fiat or digital asset custody services; and
- OKLink Fintech Limited, a Hong Kong incorporated private limited company (company registration number: 70684721), if you are using the services relating to the following products – (i) Explorer, (ii) Chaintelligence, or (iii) Onchain AML (including Know Your Transaction and Know Your Address), or for any other purpose not specifically mentioned above.
The Parties are indirect wholly-owned subsidiaries of OKG Technology Holdings Limited, a Cayman Islands incorporated company listed on the Main Board of The Stock Exchange of Hong Kong Limited (stock code: 1499).
Where the terms “OKLink” or “we” are used in this privacy notice (the “Privacy Notice”), it shall mean either Party. The Parties act as controller of your personal data where we determine how and why personal data can be used. This Privacy Notice does not apply where we act as a processor or service provider to another controller (including our users). The Parties can be contacted at the following email address: support@oklink.com.
OKLink, as a/the data controller, provides this Privacy Notice to describe our practices regarding the collection, storage, use, disclosure and other processing of Personal Data (as defined below). By visiting, accessing, or using our Site, associated APIs (application program interfaces), mobile applications or Services (as defined below), you (a) acknowledge that you have the right, capacity and authority to accept this Privacy Notice; (b) acknowledge that you have read and understand this Privacy Notice; and (c) consent to the policies and practices outlined in this Privacy Notice, so please read them carefully to understand what we do.
This Privacy Notice explains what data we collect, and why we collect it, how such data is used and stored, as well as how such data may be shared by us, rights you may have, and how you can contact us about our privacy practices. If you do not wish for your Personal Data (as defined below) to be used in the ways described in this Privacy Notice, you shall not use this Site or any services, software, APIs, technologies, products and/or functionalities offered by this Site or the Parties (collectively, the “Service” or “Services”).
2.Definitions
“Personal Data”, means any information relating to an identified natural person (a “Data Subject”), or one who can be identified directly or indirectly by way of linking data, using identifiers such as name, voice, picture, identification number, online identifier, geographic location, or one or more special features that express the physical, psychological, economic, cultural or social identity of such person. It does not include data where the identity has been removed (anonymous data). This includes Sensitive Information.
“Sensitive Information” means any data that directly or indirectly reveals a natural person's family, racial origin, political or philosophical opinions, religious beliefs, criminal records, biometric data, or any data related to the health of such person, such as his/her physical, psychological, mental, genetic or sexual condition, including information related to health care services provided thereto that reveals his/her health status.
3.What Personal Data We Collect And Hold, And How We Collect It
We collect, process, and store Personal Data via your use of the Service or where you have given your consent. This Personal Data may include contact details, copies of identification documentation provided by you or derived from publicly accessible databases, your government identification number as well as information relating to your device or internet service (such as an IP address and a MAC number).
To understand how OKLink protects the data it collects from its users, please see details below.
We collect information you provide during the user account setup or onboarding process, which may be a completed, incomplete, or abandoned process. We also collect Personal Data when you communicate with us through customer support, subscribe to marketing communications, correspond with us by phone, email or other communication channels, or when you conduct certain actions on our Site. We may actively or automatically collect, use, store or transfer your Personal Data, which may include, without limitation, the following:
- Personal identification information such as name, email, phone number, nationality, date of birth, address, and government identification information;
- Institutional details such as corporate legal name, corporate registration information, government identification number, proof of identity and legal existence, address, business description, directors' information, beneficial owner information;
- Commercial information such as data related to transactions conducted through use of the Service;
- Financial information such as credit/debit card numbers and bank account information;
- Correspondence Information such as communication with our Customer Support team and responses to user surveys;
- Information required by regulatory agencies such as licensing authorities and consumer protection agencies; and
- Other identifiers such as biometric data, IP address, and geolocation information.
We may also collect Personal Data about you from third parties, such as electronic verification services, referrers, and/or marketing agencies. If so, we will take reasonable steps to ensure that they are made aware of applicable privacy laws. We may also use third parties to analyze traffic on our Site, which may involve the use of cookies (additional information on Cookie Usage is set out in Section 12 below). Information collected through such analysis is not anonymous.
We will not collect Sensitive Information about you without your consent, unless an exemption or exception applies. These exemptions or exceptions include if the collection is required or authorized by law, or if it is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
If the Personal Data we request is not provided by you, we may not be able to provide you with the benefit of our Services or meet your needs appropriately. Accordingly, we do not give you the option of dealing with us anonymously or under a pseudonym.
Furthermore, we conduct business and collect Personal Data from individuals and entities located in various jurisdictions in accordance with data protection laws. Where applicable, we are required to protect Personal Data processed in such jurisdictions in accordance with the applicable data protection laws. To understand more about how we protect the data collected from individuals and entities located within such jurisdictions, please see Sections 17 to 19 below.
4.Unsolicited Personal Data
We may receive unsolicited Personal Data about you. We destroy or de-identify all unsolicited Personal Data we receive, unless it is relevant to the purposes stated in this Privacy Notice for collecting Personal Data. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other Personal Data.
5.Who We Collect Personal Data About
The Personal Data we may collect and hold includes (but is not limited to) Personal Data about users, potential users, service providers or suppliers of the Site or our Service, and other third parties with whom we come into contact.
6.How We Use Your Personal Data
We use Personal Data to administer, deliver, improve, and personalize the Service for you and to comply with our legal and regulatory obligations. We also may use such data to communicate with you in relation to other products or Services offered by OKLink and/or its partners to consider any concerns or complaints you may have.
We may use and disclose your Personal Data for any of these purposes. We may also use and disclose Personal Data for secondary purposes which are related to the primary purposes set out in this section, or in other circumstances authorized by the law.
Sensitive Information will be used and disclosed for the purpose for which it was provided (or a directly related secondary purpose), unless you explicitly consent otherwise, or an exemption under law applies.
Below are specific ways in which we may process your Personal Data:
- Provide you with our services. We use your Personal Data to provide you with our Services. For example, we need to know certain financial information to conduct fiat transfers into and out of your account.
- Detect and prevent fraud. Your Personal Data is used to detect and prevent fraud.
- Protect the security of our Services. We process your Personal Data, such as information about your device and activity, to maintain the security of your account and our exchange.
- User/customer support. We process your Personal Data when you contact our Customer Support team to help us address your question.
- Enhance our Services. We process your Personal Data to understand how our Services are being used, to improve our Services and develop new Services.
- Product marketing. We process your Personal Data to identify our Services that we believe may be of interest to you. We may contact you about them. You may opt out of marketing communications with us at any time. If you do not want to receive these communications, please send an email to the address referred to in Section 1, above.
- Consent. We may use your Personal Data for additional purposes with your consent.
- Other business purposes. We may use your Personal Data for other reasonably expected business purposes as permitted by law or when required to comply with our legal obligations.
Processing Personal Data Without Consent
If you do not provide us with consent to process your Personal Data, we may still process your Personal Data under one of the following bases:
- Public interest. We will process your Personal Data without your consent where it is necessary to protect the public interest.
- Legal Proceedings. We will process your Personal Data without your consent where it is necessary to initiate or defend legal proceedings or in relation to judicial or security procedures.
- Protection of your interests. We will process your Personal Data without your consent where it is necessary to protect your interests.
- Performance of a contract. We will process your Personal Data without your consent where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; we use this basis for provision of our Services.
- Compliance with a legal obligation. We will process your Personal Data without your consent where we need to comply with a legal obligation we are subject to.
- Legitimate interests. We will process your Personal Data where it is necessary for the purpose of the legitimate interests pursued by us and the interests of our users when, for example, we detect and prevent fraud and abuse in order to protect the security of our users, ourselves, or others; to improve our services and enhance our user experience.
For the avoidance of doubt, consent may not be legally required in your jurisdiction.
To Whom We Might Disclose Personal Data
OKLink may disclose Personal Data to:
- Members of our corporate group, which includes our subsidiaries, holding companies and companies under common control including their respective contractors, affiliates, employees or representatives;
- Our service providers and other third parties which assist us in providing the Services to you and/or as required or permitted by law or professional standards including, for example, payment processing, customer support, data analytics, information technology, data processing, network infrastructure, storage and tax reporting;
- Entities in connection with corporate transactions involving OKLink, including any financing, acquisition or dissolution proceedings which involve disclosing a certain portion or all of our business or assets;
- Government entities or other parties to legal process, including law enforcement agencies and authorities, officers, regulators or other third parties to comply with any law, court order, subpoena or government request;
- Professional advisors, including legal, accounting or other consulting services for purposes of audits or to comply with our legal obligations.
Other than as disclosed in this Privacy Notice, we do not share your Personal Data with any other third parties unless required to do so by law or legal reporting obligations. This Site or the Service may contain links to other third party websites where their own privacy policies may apply and we are not responsible for the privacy policies of such third party websites.
If we disclose your Personal Data to service providers that perform business activities for us, they may only use your Personal Data for the specific purpose for which we supply it. We will take reasonable steps to ensure that all contractual arrangements with third parties adequately address compliance with applicable privacy laws.
Additionally, we have implemented standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions. These standards require us to undertake due diligence on our users in order to be compliant with applicable laws and regulations. This may include the use of third-party data and service providers which will cross-reference your Personal Data for identity verification, fraud detection and prevention, transaction monitoring, credit verification and security threat detection.
We currently use identity verification services provided by Au10tix, amongst other entities. Each provider collects, processes, and shares your personal information, which may include biometric data, as set out in the Au10tix Biometric Data Policy, Au10tix Privacy Notice.
7.How We Store Your Personal Data
We recognise the importance of securing the Personal Data of our users. We take steps to ensure your Personal Data is protected from misuse, interference or loss, and unauthorised access, modification or disclosure.
Your Personal Data is generally stored in our or our affiliates’ computer databases and/or with third party storage providers. In relation to information that is held on our or our affiliates’ computer database, we apply data security guidelines to ensure that your Personal Data is managed securely.
For more information, refer to Section 13 (Information Security) below.
The data that we collect from you may be transferred to, and stored at, a destination outside of the country of your residence. It may also be processed by staff operating outside of the country of your residence who work for us or for one of our service providers. By submitting your Personal Data, you expressly consent to this transfer, storing or processing, except users located in certain jurisdictions, as detailed in the Sections 17 to 19 below.
We retain your Personal Data to enable your continued use of the Services, for our legitimate business purposes, and to comply with our legal and regulatory obligations. If you close your account with us, we will continue to retain your Personal Data as necessary to comply with our legal and regulatory obligations. For example, we are subject to certain anti-money laundering laws which require us to retain records we used to comply with our client identification and due diligence obligations for an additional period after our business relationship with you has ended. Otherwise, we will take all practicable steps to erase Personal Data held by us, as required by law.
8.Sending Information To Other Countries
Your Personal Data may be stored and processed in any country where we have operations or where we engage service providers. We may disclose information to third party storage providers or affiliates that are located outside your country of residence, or disclose to third party storage providers or affiliates that are located outside your country or residence.
We may transfer Personal Data that we maintain about you to recipients in countries other than the country in which the Personal Data was originally collected. Those other countries may have data protection or privacy rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Privacy Notice. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.
9.Access, Correction, And Deletion Of Your Personal Data
Subject to exceptions set out in the law, you have the right to obtain a copy of your Personal Data upon request and ascertain whether the information we hold about you is accurate and up-to-date. We will provide access within 30 days of your request. If we refuse to provide the information, we will provide reasons for the refusal. We will require identity verification and specification of what information is required before providing you with access. If any of your Personal Data is inaccurate, you may request to update your information. Where we are satisfied that the request to update the information is accurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. If you are entitled by law, you may request to delete your Personal Data, with the exception that we may refuse your deletion request in certain circumstances, such as compliance with law or legal purposes. For data access, correction, or deletion requests, or to request withdrawal of your previously provided consent, please send an email with your request to the address set out in Section 1 above with the subject “DATA INQUIRY”.
10.Childrens’ Personal Data
OKLink does not knowingly offer services to or collect the Personal Data of anyone under the age of 18. If we learn that we have collected Personal Data of anyone under the age of 18, we will promptly delete it from our systems. If you are aware of anyone under the age of 18 using our Services, please notify us so we can take prompt action to prevent access to our Services.
11.Marketing
We may only use Personal Data we collect from you for the purposes of direct marketing with your consent, where we provide a simple way of opting out of direct marketing and you have not requested to opt out of receiving direct marketing from us.
If we collect Personal Data about you from a third party, we will only use that information for the purposes of direct marketing if you have consented and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact you may make such a request in our direct marketing communications.
You have the right to request that we do not use or disclose your Personal Data for the purposes of direct marketing, or for the purposes of facilitating direct marketing by other organizations. We must give effect to the request free of charge within a reasonable period of time.
We may communicate company news, promotions, and information relating to our products and Services provided by OKLink. We may share Personal Data with third parties to help us with our marketing and promotional projects, or sending marketing communications. By using OKLink, you accept this Privacy Notice and you agree to receive such marketing communications.
Users can opt out from these marketing communications at any time by clicking the unsubscribe link within any marketing communications or sending an email to the address set out in Section 1, above.
For Services related communications, such as surveys, policy/terms updates and operational notifications, you will not be able to opt out of receiving such information.
12.Cookie Usage
While you access our Site, we may use the industry practice of placing a small amount of data that will be saved by your browser (“Cookies”). This information can be placed on your computer or other devices used to visit our Site. We use Cookies to enhance your experience of using our Site. The information is used to identify users, remember user preferences and allow users to complete tasks without having to re-enter information when browsing from one webpage to another or when re-visiting the Site at a later date. We also use Cookies to collect and analyze Site usage data, related to user use and patterns. This data is used to improve our Site and enhance users’ experience. We may also use the information collected to ensure compliance with our Anti-Money Laundering (“AML”) requirements, and to ensure your account security has not been compromised by detecting irregular, suspicious, or potentially fraudulent account activities.
You can set your browser to block or alert you about these Cookies, but this may affect the functionality of the Services or your user experience. Session Cookies are added when a user starts to browse our Site or interacts with a specific feature and are deleted when the browser is closed. Persistent Cookies are added when a user starts to browse our Site or interacts with a specific feature, but may remain stored on your device until a certain termination date is reached.
13.Information Security
We have put in place appropriate information security measures to prevent your Personal Data from being accidentally lost, accessed, altered, disclosed, used or destroyed in an unauthorized way (or other similar risks). We take various measures to ensure information security, including encryption of the our Site communications; two-factor authentication; periodic review of our Personal Data collection, storage, and processing practices; and restricted access to your Personal Data on a need-to-know basis for our employees and vendors who are subject to strict contractual confidentiality obligations.
If you have any questions about information security or report any security issues, please contact us by sending an email to the address set out in Section 1, above with the subject “Information Security Request”.
14.Contacting Oklink About Privacy Questions Or Concerns
If you have any questions about this Privacy Notice or the use of your Personal Data, please contact us by sending an email to the address set out in Section 1, above with the subject “PRIVACY REQUEST”.
When handling requests to exercise your privacy rights, we check the identity of the requesting party to ensure that he or she is the person legally entitled to make such a request. While we endeavor to respond to these requests free of charge, should your request be repetitive or unduly onerous, we reserve the right to charge you a reasonable fee (if applicable) for compliance with your request. To exercise your privacy rights, please send an email with your request to the the address set out in Section 1, above with the subject “DATA INQUIRY REQUEST”.
15.Changes To Our Privacy Notice
We may update this Privacy Notice at any time by posting the amended version on this Site, so please check frequently to see if there are any updates and changes. Your continued access to or use of this Site and/or the Service constitute your acknowledgment and acceptance of such changes to this Privacy Notice.
16.Languages
This Privacy Notice may be posted in different languages. If there are any discrepancies, the English version shall prevail.
17.Additional Information For Persons Subject To Eu Data Protection Laws
For users who are located in the EEA or other locations subject to EU data protection laws (collectively, “European Residents”), we adhere to relevant and applicable EU data protection laws and provide European Residents with the following additional information. For the purposes of this section, “Personal Data” has the meaning provided in the General Data Protection Regulation (EU) 2016/679 (GDPR).
Legal Basis For Processing Personal Data
We process Personal Data subject to the GDPR on one or more of the following legal bases:
- To comply with legal obligations and regulations. To comply with applicable laws, including “know your customer” obligations based on applicable anti-money laundering and anti-terrorism requirements, financial crime and fraud prevention, suspicious activity reporting, responding to requests from public authorities, complying with economic and trade sanctions requirements, performing customer due diligence, performing audit and risk assessments, preparing tax reports, fulfilling our retention obligations and handling legal claims.
- To comply with contractual obligations. To comply with our contractual obligations to you under any of our user agreements and/or terms of service, including to provide you with our services and customer support services, and to optimize and enhance the Site or our Services.
- Consent. To provide and market our services to you based on your consent. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before consent is withdrawn.
- Legitimate interest. To monitor the usage of our Services, fraud prevention, network and information security, conduct automated and manual security checks of our Services, to engage in direct marketing activities and to protect your rights. When we process your personal data for our legitimate interests, we consider and balance any potential impact on you and your rights under data protection laws.
European Privacy Rights
European Residents have the following rights under the GDPR with respect to their Personal Data, subject to certain exceptions provided under the law. We will advise you in our response to your request where we are relying on such exemptions. You should include adequate information to identify yourself and other relevant information that will reasonably assist us in fulfilling your request.
- Right to Access and Rectification. You may submit a request that OKLink disclose the Personal Data we process about you and correct any inaccurate Personal Data.
- Right to withdraw consent. Where we have relied upon your consent to process your Personal Data, you have the right to withdraw that consent. This does not affect the lawfulness of processing based on your consent until withdrawal.
- Right to Erasure. You may submit a request that OKLink delete the Personal Data that we have about you.
- Right to Restriction of Processing and Right to Object. You have the right to restrict or object to our processing of your Personal Data under certain circumstances.
- Right to Data Portability. You have the right to receive the Personal Data you have provided to us in an electronic format and to transmit the Personal Data to another data controller.
- Right to Complain. You may lodge a complaint with a data protection supervisory authority
Auto decision-making
We may engage in automated decision-making for purposes of risk and fraud detection. When we do, we implement suitable measures to safeguard your rights and freedoms and legitimate interests, including the right to obtain human intervention, to express your point of view and to contest the decision.
18.Information Security - SINGAPORE
For users who are located in Singapore, we adhere to the PDPA and provide Singapore residents with the following additional information. For the purposes of this section, “Personal Data” has the meaning provided in section 2 of the PDPA.
A. Transfers of Personal Data out of Singapore. If your personal data has been processed in Singapore, prior to transferring such personal data from Singapore to a jurisdiction or territory outside Singapore, OKLink will generally take appropriate steps to ensure that the recipient of the personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the PDPA (“Comparable Standard”). To this end, OKLink will ensure that at least one of the following measures is implemented:
- you consented to such transfer after you have been given a reasonable summary in writing of the extent to which your personal data to be transferred will be protected to a Comparable Standard (including but not limited to this Privacy Notice);
- the overseas recipient of such personal data is bound by law, contract, binding corporate rules or any other legally binding instrument to protect the transferred personal data to a Comparable Standard; and/or
- the overseas recipient of such personal data holds a valid certification under the Asia Pacific Economic Cooperation Cross Border Privacy Rules (“APEC CBPR”) System or the Asia Pacific Economic Cooperation Privacy Recognition for Processors (“APEC PRP”) System.
Where the above measures are not feasible, OKLink may still proceed with the transfer of your personal data from Singapore to a recipient outside of Singapore if:
- the transfer is necessary for a use or disclosure that is in your vital interests and OKLink has taken reasonable steps to ensure that the personal data will not be used or disclosed by the recipient for any other purpose; and/or
- the transfer is reasonably necessary for the conclusion or performance of a contractual obligation between you and OKLink.
B. Security of your Personal Data. If we have credible grounds to believe that a data breach has occurred, we will take steps to assess whether the data breach is notifiable under the PDPA. Once we assess that a data breach is a notifiable data breach, we will notify the Personal Data Protection Commission of Singapore and you as soon as it is practicable. If we share your personal data with our third party service providers, we will require them to process it strictly in accordance with our instructions or as otherwise required by the PDPA.
19.Information Security – HONG KONG
For users who are located in Hong Kong, we adhere to the Personal Data (Privacy) Ordinance (“PDPO”) and provide Hong Kong residents with the following additional information. For the purposes of this section, “Personal Data” has the meaning provided in section 2 of the PDPO.
A. Transfers of Personal Data out of Hong Kong. OKLink may transfer your Personal Data from Hong Kong to a jurisdiction or territory outside Hong Kong on any of the following grounds:
- OKLink has reasonable grounds for believing that there is in force in that jurisdiction or territory any law which is substantially similar to, or serves the same purposes as the PDPO;
- you have consented in writing to such transfer (which you hereby grant if you have not previously done so);
- OKLink has reasonable grounds for believing that, in all the circumstances of the case:
(a) such transfer is for the avoidance or mitigation of adverse action against you;
(b) it is not practicable to obtain your written consent to such transfer; and
(c) if it was practicable to obtain such consent, you would give it;
- your Personal Data is exempt from data protection principle 3 (as defined in Schedule 1 to the PDPO) by virtue of an exemption under Part 8 of the PDPO.
- OKLink has taken all reasonable precautions and exercised all due diligence to ensure that your Personal Data will not, in that place, be collected, held, processed or used in any manner which, if that place were Hong Kong, would be a contravention of a requirement under the PDPO.
------------------------------------------------------------------------------------------------------
OKLink 隐私通知
最后更新日期: 2024年 10 月2日
1. 简介
感谢您访问 OKLink.com(“网站”)。 您使用的本网站由以下各方之一(单独称为“一方”,合称为“各方”)提供:
- OKLink Trust Limited,一家在香港注册成立的私人有限公司(公司注册号:68501890),及根据《受托人条例》第 78(1) 条注册的信托公司(信托牌照号 TC007017),如果您使用任何法币或数字资产托管服务;以及
- OKLink Fintech Limited,一家在香港注册成立的私人有限公司(公司注册号:70684721),如果您正在使用与以下产品相关的服务 – (i) 浏览器,(ii) 链上天眼,或 (iii) 链上AML(包括了解您的交易(KYT)和了解您的地址(KYA)),或用于上述未明确提及的任何其他目的。
各方为 OKG Technology Holdings Limited 的间接全资子公司,OKG Technology Holdings Limited 是一家在香港联合交易所有限公司主板上市的开曼群岛注册公司(股份代码:1499)。
在本隐私通知(“隐私通知”)中使用术语“OKLink”或“我们” 均指任何一方。各方将作为您个人数据的控制者,由我们决定如何使用个人数据。如果我们作为另一控制者(包括我们的用户)的处理者或服务提供商,则本隐私通知不适用。您可以通过以下电子邮件地址联系各方:support@oklink.com。
OKLink 作为数据控制者,提供本隐私通知来描述我们在收集、存储、使用、披露和其他个人数据(如以下所定义)处理方面的做法。 通过访问、浏览或使用我们的网站、相关 API(应用程序接口)、移动应用程序或服务(如以下所定义),您 (a) 确认您有权利、能力和权限接受本隐私通知; (b) 确认您已阅读并理解本隐私通知; (c) 同意本隐私通知中所述政策和做法,因此请仔细阅读本条款内容以理解我们的处理方式。
本隐私通知解释了我们收集哪些数据、收集数据的原因、如何使用和存储这些数据、我们可能如何共享这些数据、您可能拥有的权利以及您如何就我们的隐私惯例与我们联系。 如果您不希望您的个人数据(如以下所定义)以本隐私通知中所述方式使用,您不得使用本网站或本网站各方提供的任何服务、软件、API、技术、产品和/或功能 (合称为“服务”)。
2. 定义
“个人数据”是指与已识别的自然人(“数据主体”)有关的任何信息,或可直接或间接通过以下方式识别人的信息:通过链接数据、使用识别信息,例如姓名、声音、图片、身份证号、在线标识符、地理位置或一个或多个表述此人的身体、心理、经济、文化或社会身份的特殊特征。这不包括已删除身份的数据(匿名数据),但包括敏感信息。
“敏感信息”是指直接或间接展示自然人的家庭、种族来源、政治或哲学观点、宗教信仰、犯罪记录、生物特征数据的任何数据,或与该人的健康有关的任何数据,例如其身体、心理、精神、遗传或性状况,包括与向其提供的展示其健康状况的医疗保健服务相关的信息。
3. 我们收集和保存哪些个人数据,以及我们如何收集这些数据
我们通过您使用服务或在您同意的情况下收集、处理和存储个人数据。 个人数据可能包括您提供的或从可公开访问的数据库中获取的联系方式、身份证明文件复印件、您的政府身份证号以及与您的设备或互联网服务相关的信息(例如 IP 地址和 MAC 号码)。
要了解 OKLink 如何保护其从用户收集的数据,请参阅以下详细信息。
我们收集您在用户帐户设置或注册过程(可能是已完成、未完成或已放弃的流程)中提供的信息。 当您通过客户支持与我们沟通、订阅营销通讯或通过电话、电子邮件或其他通信渠道与我们沟通时,或者当您在我们的网站上执行某些操作时,我们也会收集个人数据。 我们可能会主动或自动收集、使用、存储或传输您的个人数据,其中可能包括但不限于以下内容:
- 个人身份信息,例如姓名、电子邮件、电话号码、国籍、出生日期、地址和政府身份信息;
- 机构详细信息,例如公司法定名称、公司注册信息、政府识别号码、身份和合法存在证明、地址、业务描述、董事信息、受益所有人信息;
- 商业信息,例如通过使用本服务进行的交易相关的数据;
- 财务信息,例如信用卡/借记卡号和银行账户信息;
- 通信信息,例如与我们的客户支持团队的沟通以及对用户调查的回复;
- 牌照机构和消费者保护机构等监管机构要求的信息; 和
- 其他识别信息,例如生物识别数据、IP 地址和地理位置信息。
我们还可能从第三方收集关于您的个人数据,例如电子验证服务、推荐人和/或营销机构。 如是,我们将采取合理措施确保其了解适用的隐私法。 我们也可能使用第三方来分析我们网站的流量,这可能涉及使用 Cookie(有关 Cookie 使用的更多信息请参阅以下第 12条)。 通过此类分析收集的信息不是匿名的。
未经您的同意,我们不会收集有关您的敏感信息,除非适用豁免或例外情况。 这些豁免或例外包括如果收集是法律要求或授权的,或者如果是对涉嫌非法活动或严重不当行为采取适当行动所必需的。
如果您未提供我们要求的个人数据,我们可能无法为您提供我们的服务或很好的满足您的需求。 因此,我们不会让您选择匿名或使用化名与我们沟通。
此外,我们根据数据保护法开展业务并收集位于不同司法管辖区的个人和实体的个人数据。在适用的情况下,我们需要根据适用的数据保护法保护在这些司法管辖区处理的个人数据。要详细了解我们如何保护从位于这些司法管辖区内的个人和实体收集的数据,请参阅以下第 17 至 19 条。
4. 未经请求的个人数据
我们可能会收到未经请求的关于您的个人数据。 我们会销毁或取消识别我们收到的所有未经请求的个人数据,除非其与本隐私通知中所述的收集个人数据的目的相关。 如果我们收到的关于您的其他信息与我们需要或有权收集的其他信息相结合,我们可能会保留这些信息。 如果我们这样做,我们将以与保存您的其他个人数据相同的方式保留信息。
5. 我们收集关于谁的个人数据
我们可能收集和持有的个人数据包括(但不限于)有关用户、潜在用户、网站或我们服务的服务提供商或供应商以及我们与之有业务往来的其他第三方的个人数据。
6. 我们如何使用您的个人数据
我们使用个人数据为您管理、交付、改进和个性化服务,并遵守我们的法律和监管义务。 我们也可能使用此类数据与您就 OKLink 和/或其合作伙伴提供的其他产品或服务进行沟通,以考虑您可能有的任何疑虑或投诉。
我们可能出于上述任何目的使用和披露您的个人数据。 我们也可能出于与本节规定的主要目的相关的次要目的,或在法律授权的其他情况下使用和披露个人数据。
除非您明确同意,或适用法律豁免,否则将根据提供信息的目的(或直接相关的次要目的)使用和披露敏感信息。
以下是我们处理您的个人数据的具体方式:
- 为您提供我们的服务。我们使用您的个人数据为您提供我们的服务。 例如,我们需要知道某些财务信息才能将法币转入和转出您的账户。
- 检测并防止欺诈。 您的个人数据用于检测和防止欺诈。
- 保护我们服务的安全。 我们处理您的个人数据以维护您的帐户和我们的交易的安全,例如有关您的设备和活动的信息。
- 用户/客户支持。当您联系我们的客户支持团队以帮助我们解决您的问题时,我们会处理您的个人数据。
- 增强我们的服务。 我们处理您的个人数据以了解我们的服务是如何被使用,以及用于改进我们的服务和开发新的服务。
- 产品营销。我们处理您的个人数据以识别我们认为您可能感兴趣的产品和服务。我们可能会与您联系该等事宜。 您可以随时选择退订与我们的营销通讯。 如果您不想收到这些通讯,请发送电子邮件至上述第1条所述地址。
- 同意。经您同意,我们会使用您的个人数据作其他用途。
- 其他商业用途。我们可将您的个人数据用于法律准许或遵守我们的法律义务所要求的其他合理预期的商业用途。
未经同意处理个人数据
如果您不同意我们处理您的个人数据,我们仍可能根据以下任一依据处理您的个人数据:
- 公共利益。在需要保护公共利益的情况下,我们将在未经您同意的情况下处理您的个人数据。
- 法律程序。在需要启动或辩护法律程序或涉及司法或安全程序的情况下,我们将在未经您同意的情况下处理您的个人数据。
- 保护您的利益。在需要保护您的利益的情况下,我们将在未经您同意的情况下处理您的个人数据。
- 履行合同。在需要履行您作为一方的合同或在订立此类合同之前根据您的要求采取措施的情况下,我们将在未经您同意的情况下处理您的个人数据;我们以此为基础提供我们的服务。
- 遵守法律义务。在我们需要遵守我们所负法律义务的情况下,我们将在未经您同意的情况下处理您的个人数据。
- 合法利益。我们将在必要时处理您的个人信息,以维护我们追求的合法利益和我们用户的利益,例如,当我们发现并防止欺诈和滥用以保护我们用户、我们自身或他人的安全时;改进我们的服务并增强我们的用户体验。
为避免疑义,在您所在的司法管辖区,法律上可能不要求您同意。
我们可能向其披露个人数据的对象
OKLink可能向以下对象披露个人数据:
- 我们企业集团的成员,包括我们的子公司、控股公司和受共同控制的公司,包括其各自的承包商、关联方、雇员或代表;
- 我们的服务提供商和协助我们向您提供服务的其他第三方和/或法律或专业准则要求或允许的其他第三方,例如支付处理、客户支持、数据分析、信息技术、数据处理、网络基础设施、存储和报税等;
- 与OKLink相关的公司交易相关实体,包括涉及披露我们部分或全部业务或资产的任何融资、收购或解散程序;
- 遵守任何法律、法庭命令、传票或政府要求的政府实体或法律程序的其他当事方,包括执法机构和机关、官员、监管机构或其他第三方;
- 专业顾问,包括为审计或履行我们的法律义务之目的提供法律、会计或其他咨询服务。
除了本隐私通知所披露的内容,除非法律或法定报告义务所要求,我们不与任何第三方分享您的个人数据。本网站或服务可能包含其他第三方网站的链接,这些第三方网站的隐私政策可能适用于该等第三方网站,但我们对该等第三方网站的隐私政策不负任何责任。
如果我们向为我们开展业务活动的服务提供商披露您的个人数据,他们只能将您的个人数据用于我们提供该个人数据的特定目的。 我们将采取合理步骤,确保与第三方的所有合同安排充分解决遵守适用的隐私法律。
此外,我们已实施了防止洗钱、恐怖主义融资和规避贸易和经济制裁的标准,这些标准要求我们对我们的用户进行尽职调查,以遵守适用的法律法规。 这可能包括使用第三方数据和服务提供商,其将交叉引用您的个人数据,以进行身份验证、欺诈检测和预防、交易监控、信用验证和安全威胁检测。
我们目前使用 Au10tix 和其他实体提供的身份验证服务。每个供应商均会收集、处理和共享您的个人信息,其中可能包括生物特征数据,如 Au10tix 生物识别数据政策、Au10tix 隐私通知中所述。
7. 我们如何存储您的个人数据
我们认识到确保用户个人数据安全的重要性。 我们会采取措施确保您的个人数据不会被滥用、干扰或丢失,以及未经授权的访问、修改或披露。
您的个人数据通常存储在我们或我们的关联方的计算机数据库中,和/或第三方存储供应商处。 对于我们或我们的关联方的计算机数据库中保存的信息,我们采用数据安全指南以确保您的个人数据得到安全管理。
有关更多信息,请参阅下述第13条(信息安全)。
我们从您处收集的数据可能会被传输至并存储在您居住国以外的目的地。 您居住国以外为我们或我们服务提供商工作的员工也可能会处理您的数据。通过提交您的个人数据,您明确同意此类传输、存储或处理(位于某些司法管辖区的用户除外),详见以下第17至19条所述。
我们保留您的个人数据以使您能够继续使用服务、实现我们的合法商业目的以及遵守我们的法律和监管义务。 如果您关闭您在我们平台的账户,我们将继续在必要时保留您的个人数据以履行我们的法律和监管义务。例如,我们需要遵守某些反洗钱法律,该等法律要求我们在与您的业务关系终止后,继续将用于履行客户身份识别和尽职调查义务的记录继续保留一段期间。否则,我们将根据法律要求采取一切切实可行的措施删除我们持有的个人数据。
8. 将信息发送至其他国家
您的个人数据可能在我们开展业务或聘用服务提供商的任何国家/地区进行存储和处理。 我们可能会向位于您居住国家/地区之外的第三方存储提供商或关联方披露信息。
我们可能会将我们保存的关于您的个人数据传输给最初收集个人数据的国家/地区以外的其他国家/地区的接收者。 该等其他国家/地区的数据保护或隐私规则可能与您所属国家/地区的不同。 但是,我们将采取措施确保任何该等传输均符合适用的数据保护法,并确保您的个人数据受到本隐私通知所述标准的保护。在某些情况下,这些其他国家/地区的法院、执法机构、监管机构或安全机构可能有权访问您的个人数据。
9. 访问、更正和删除您的个人数据
除法律规定的例外情况之外,您有权根据要求获取您个人数据的副本,并确定我们所持有的有关您的信息是否是准确的和最新的。 我们将在您提出请求后30天内提供访问权限。 如果我们拒绝提供信息,我们将提供拒绝的理由。在向您提供访问权限之前,我们将要求您进行身份验证并说明所需信息。如果您的任何个人数据不准确,您可以要求更新您的信息。如果我们认为更新信息的请求是正确的,我们会在30天内采取合理措施更正信息,除非您另行同意。如果您依法有权要求删除您的个人数据,您可以要求删除您的个人数据,但在某些情况下,我们可能会拒绝您的删除请求,例如为遵守法律或出于合法目的。 对于数据访问、更正或删除的请求,或要求撤回您之前提供的同意,请将您的请求通过电子邮件发送至上述第 1条所列地址,标题为“数据查询”。
10. 儿童个人数据
OKLink不会在知情的情况下向18岁以下的任何人提供服务或收集其个人数据。 如果我们得知我们收集了18岁以下任何人的个人数据,我们将立即将其从我们的系统中删除。 如果您发现任何18岁以下人士使用我们的服务,请通知我们,以便我们及时采取行动阻止其使用我们的服务。
11. 市场营销
我们仅会在征得您同意的情况下,将从您那里收集的个人数据用于直接营销,前提是我们会提供一种简单的方式让您选择退订直接营销,且您并未要求选择退订接收我们的直接营销。
如果我们从第三方收集您的相关个人数据,我们将仅在您同意的情况下,将该信息用于直接营销,并且我们将提供一种简单的方式,让您可以轻松请求不接收我们的直接营销通讯。我们将提请您注意,您可以在我们的直接营销通讯中提出此类请求。
您有权要求我们不得为直接营销目的或为促进其他组织的直接营销目的使用或披露您的个人数据。我们必须在合理的时间内免费执行该请求。
我们可能会传达公司新闻,推广活动以及与OKLink提供的产品和服务相关的信息。我们可能会与第三方共享个人数据,以帮助我们开展营销和推广项目,或发送营销通讯。使用OKLink,即表示您接受本隐私通知,并同意接收此类营销通讯。
用户可以随时选择退订这些营销通讯,只需点击任何营销信息中的取消订阅链接或发送电子邮件至上述第 1 条中所列地址即可。
对于与服务相关的通讯,例如调查问卷、政策/条款更新和运营通知,您将无法选择不接收此类信息。
12. Cookie的使用
当您访问我们的网站时,我们可能会按照行业惯例存放少量数据,这些数据将由您的浏览器保存(“Cookie”)。这些信息可以存放在您的计算机或用于访问我们的网站的其他设备上。我们使用Cookie来增强您使用我们网站的体验。这些信息用于识别用户、记住用户偏好,并允许用户在从一个网页浏览到另一个网页或稍后重新访问网站时无需重新输入信息即可完成任务。我们还使用Cookie来收集和分析与用户使用和模式相关的网站使用数据。这些数据用于改进我们的网站并增强用户体验。我们还可能将收集的信息用于确保遵守我们的反洗钱(“AML”)要求,并通过检测异常、可疑或潜在的欺诈性帐户活动来确保您的账户安全不会受到损害。
您可以将浏览器设置为阻止或提醒您这些Cookie,但这可能会影响服务的功能或您的用户体验。会话Cookie在用户开始浏览我们的网站或与特定功能交互时添加,并在浏览器关闭时删除。持久性Cookie是在用户开始浏览我们的网站或与特定功能交互时添加,但可能会一直存储在您的设备上,直到达到某个终止日期。
13. 信息安全
我们已采取适当的信息安全措施,以防止您的个人数据意外丢失、被访问、被更改、被披露、被未经授权使用或被销毁(或其他类似风险)。我们采取各种措施确保信息安全,包括对我们的网站通信进行加密;双重身份验证;定期审查我们的个人数据收集、存储和处理实践;并根据需要限制我们的员工和供应商访问您的个人数据,该等员工和供应商应遵守严格的合同保密义务。
如果您对信息安全有任何疑问或报告任何安全问题,请通过发送电子邮件至上述第1条所列地址与我们联系,主题为“信息安全请求”。
14. 联系 OKLINK 咨询隐私问题或疑虑
如果您对本隐私通知或您的个人数据的使用有任何疑问,请发送电子邮件至上述第 1 条中所列地址与我们联系,邮件主题为“隐私请求”。
在处理行使您的隐私权的请求时,我们会检查请求方的身份,以确保其为合法有权提出此类请求的人。虽然我们尽力免费响应这些请求,但如果您的请求重复或过于繁重,我们保留向您收取合理费用(如适用)的权利,以遵守您的请求。为行使您的隐私权,请将您的请求通过电子邮件发送至上述第 1 条所列地址,主题为“数据查询请求”。
15. 隐私通知的变更
我们可能会随时更新本隐私通知,并在本网站上发布修订版本,因此请经常查看是否有任何更新和变更。您继续访问或使用本网站和/或服务即表示您确认并接受对本隐私通知的此类变更。
16. 语言
本隐私通知可能以不同的语言发布。如有任何差异,以英文版本为准。
17. 受欧盟数据保护法约束的人士的附加信息
对于位于欧盟经济区或受欧盟数据保护法约束的其他地区的用户(统称为“欧洲居民”),我们遵守适用的相关欧盟数据保护法,并向欧洲居民提供以下附加信息。就本条而言,个人数据具有《通用数据保护条例(EU) 2016/679》(“GDPR” )中所规定的含义。
处理个人数据的法律依据
我们根据以下一项或多项法律依据处理受 GDPR 约束的个人数据:
- 遵守法律义务和规定。遵守适用法律,包括基于适用的反洗钱和反恐要求的“了解您的客户”义务、金融犯罪和欺诈预防、可疑活动报告、响应政府当局的要求,遵守经济和贸易制裁要求,执行客户尽职调查,执行审计和风险评估,编制税务报告,履行我们的保留义务和处理法律索赔。
- 遵守合同义务。遵守我们在任何用户协议和/或服务条款项下对您的合同义务,包括为您提供我们的服务和客户支持服务,以及优化和增强网站或我们的服务。
- 同意。根据您的同意向您提供和推广我们的服务。您可以随时撤回您的同意,而不影响撤回同意之前基于同意进行处理的合法性。
- 合法权益。监控我们的服务的使用情况、欺诈预防、网络和信息安全,对我们的服务进行自动和手动安全检查,参与直接营销活动并保护您的权利。当我们为了我们的合法利益处理您的个人数据时,我们会考虑并平衡对您和您在数据保护法下的权利的任何潜在影响。
欧洲隐私权
根据GDPR,欧洲居民对其个人数据享有以下权利,但法律规定的某些例外情况除外。我们将在回复您的请求时告知您我们依赖此类豁免的情况。您应提供足够的信息来识别您的身份,并提供其他相关信息,以合理地帮助我们满足您的请求。
- 访问和更正权。您可以提交请求,要求OKLink披露我们处理的关于您的个人数据,并更正任何不准确的个人数据。
- 撤回同意权利。如果我们依赖您的同意来处理您的个人数据,您有权撤回该同意。这不会影响在您撤回前基于您的同意进行处理的合法性。
- 删除权。您可以提交请求,要求OKLink删除我们所拥有的有关您的个人数据。
- 限制处理权和反对权。在某些情况下,您有权限制或反对我们处理您的个人数据。
- 数据可携带权。您有权以电子形式接收您提供给我们的个人数据,并将个人数据传输给另一个数据控制者。
- 投诉权。您可以向数据保护监管机构投诉。
自动决策
出于风险和欺诈检测的目的,我们可能会进行自动决策。当我们这样做时,我们会采取适当的措施来保护您的权利和自由以及合法利益,包括获得人为干预的权利、表达您的观点和对决策提出异议的权利。
18. 信息安全 - 新加坡
对于位于新加坡的用户,我们遵守 PDPA,并向新加坡居民提供以下附加信息。为本条之目的,“个人数据”具有 PDPA 第 2 条中规定的含义。
A. 将个人数据传输出新加坡。如果您的个人数据已在新加坡处理,则在将此类个人数据从新加坡传输到新加坡以外的司法管辖区或地区之前,OKLink 通常会采取适当措施,确保个人数据的接收者受法律上可执行的义务约束,为传输的个人数据提供至少与 PDPA 项下的保护相当的保护标准(“可比标准”)。为此,OKLink 将确保实施以下至少一项措施:
- 在收到一份合理的书面摘要,说明您的个人数据将在何种程度上受到可比标准(包括但不限于本隐私通知)的保护后,您同意进行此类传输;
- 此类个人数据的海外接收者受法律、合同、具有约束力的公司规则或任何其他具有法律约束力的文书的约束,以保护所传输的个人数据达到可比标准;和/或
- 此类个人数据的海外接收者持有亚太经合组织跨境隐私规则(“APEC CBPR”)系统或亚太经合组织的处理者隐私识别(“APEC PRP”)体系下的有效认证。
如果上述措施不可行,OKLink 仍可继续将您的个人数据从新加坡传输到新加坡以外的接收者,前提是:
- 传输对于符合您切身利益的使用或披露是必要的,并且 OKLink 已采取合理措施确保接收者不会出于任何其他目的使用或披露个人数据;和/或
- 传输对于您和 OKLink 之间订立或履行合同义务是合理必要的。
B. 您的个人数据安全。如果我们有充分理由相信发生了数据泄露,我们将采取措施评估数据泄露是否属于 PDPA 规定的可报告数据泄露。一旦我们评估数据泄露属于可报告数据泄露,我们将尽快通知新加坡个人数据保护委员会和您。如果我们与第三方服务提供商共享您的个人数据,我们将要求其严格按照我们的指示或 PDPA 的其他要求处理您的个人数据。
19. 信息安全 – 香港
对于位于香港的用户,我们遵守个人资料(私隐)条例(“PDPO”)并向香港居民提供以下附加信息。就本条而言,“个人数据”具有PDPO第 2 条中所规定的含义。
A. 将个人数据传输出香港。OKLink 可基于以下任何理由将您的个人数据从香港转移到香港以外的司法管辖区或地区:
- OKLink 有合理理由相信该司法管辖区或地区存在任何与PDPO基本相似或目的相同的法律;
- 您已书面同意此类传输(如果您之前未同意,您在此同意);
- OKLink 有合理理由相信,基于所有情况:
(a) 此类传输是为了避免或减轻对您的不利行动;
(b) 实际上无法获得您对此类传输的书面同意;及
(c) 如果实际上可以获得该等同意,您会给予同意;
- 根据PDPO第 8 部分的规定,您的个人数据不受数据保护原则 3 (如PDPO附件 1 所定义)的约束。
- OKLink 已采取一切合理预防措施,并尽一切应尽努力确保你的个人数据不会在该地被收集、持有、处理或使用(如果该地是香港,这将违反PDPO的规定)。