Privacy Policy

This privacy policy covers the responsibilities of Payrock (“Payrock”) for and on behalf of itself and certain of its affiliates (“Payrock Affiliates”) (together, Payrock and Payrock Affiliates are referred to as ”Payrock Group”) with regard to The Personal Data Protection Act 2012 (“PDPA”) and the Info-communications Media Development Act 2016 (“IMD”).

By visiting this website www.Payrock.io and by contacting Payrock as well as by entering into a service agreement with Payrock, you confirm that you have read this privacy policy and understood the content. You agree with this policy, and you give your consent to collect your personal data as specified in this privacy policy and to use this personal data for the purpose as described within this privacy policy.

You’re aware that you can make use of your rights as displayed within this privacy policy at all times.

Payrock is a corporate entity registered in Hong Kong offering innovative payment services in various international destinations for international clients.

Payrock owns and operates the internet domain www.Payrock.io, hosted by GoDaddy Inc. ([email protected])

Payrock will update this privacy policy from time to time to reflect any changes or proposed changes to our use of your personal data, or to comply with changes in applicable law or regulatory requirements.

Payrock may notify you via email of any significant changes to this Privacy Policy, but Payrock encourages you to review this Privacy Policy periodically to keep up to date on how Payrock uses your personal data. If Payrock updates this Privacy Policy, Payrock will update the effective date at the bottom of the page.

Our Commitment to You

At Payrock, we treat all individual visitors that enter our corporate website www.Payrock.io, as well as all private individuals that represent our corporate clients and all our private individual clients as Data subjects in the sense of the PDPA.

Payrock has appointed a Data Protection Officer (DPO). This DPO remains independent within our corporate structure and has a direct connection to the top-level management at Payrock by submission of electronic correspondence to [email protected]. You can get in touch with our DPO and submit your request regarding your personal information.

We understand the importance of maintaining the confidentiality and privacy of your personal information and data. By entrusting us with your information and data, we would like to assure you of our commitment to keeping such information private. We have taken measurable steps to protect the confidentiality, security, and integrity of your information and data.

What Data do we at Payrock collect?

Payrock collects personal information from the chat function on our corporate website, www.payrock.io, by the IT infrastructure of our corporate website provided by our website’s server host, via the use of our contact form in the ‘contact us’ section of our corporate website by individual visitors of our website and during the course of rendering our services to our clients. This information collected includes, but is not limited to the following data:

From corporate clients

• Certificate of incorporation
• Certificate of shareholders
• Certificate of registered address
• Resolution of Directors
• Certificate of Incumbency
• Certificate of good standing
• Memorandum and Articles of Association
• Audited financial statements
• Copies of Licenses granted to the corporate entity
• Information on corporate bank account numbers
• Set of contact data of the corporate entity
• Set of contact data of employees and/or local management and/or Ultimate Beneficial Owner (UBO)
• Company’s structure chart (if relevant)
• UBO’s Source of Wealth and Source of Funds

From individuals representing a corporate client

• Copy of Passport
• Copy of ID card
• Proof of physical address of an individual
• Information and documents related to an individual’s profession and /or employment
• Criminal record of an individual
• Documents on the financial status of an individual (e.g., non-bankruptcy certificate)
• Professional certificates of an individual’s professional background
• Documents regarding the educational background of an individual
• Documents related to the origin of the wealth of an individual
• Contact telephone number(s) related to an individual
• Electronic mail address associated with an individual

What is your personal data used for?

Log Data, which is collected via our IT infrastructure for our corporate website, www.Payrock.io, and which includes the IP (Internet Protocol) address and geographical location, as well as the internet access service provider of an individual visitor, information of the type of computer or telecommunication device used to enter our corporate website, information on the data accessed, the duration and frequency of sessions and the page visit history is used for internal statistical purpose only and neither retained nor disclosed to any third party.

Contact data, including an individual’s name, surname, electronic mail address, and any other personal information communicated to Payrock via our chat function on our corporate website, as well as via the contact form in the ‘contact-us’-section of our corporate website, is used only for establishing a proper communication channel with the specific data subject. This data is stored and retained in accordance with the applicable legislation and is neither disclosed to any third party nor access by any unauthorized personnel or third party.

All data collected by Payrock, which relate to our prospective and/or existing clients (including individuals as well as representative/s, UBO/s, and/or local management of corporate clients) is used for rendering our services to our clients.

Personal data related to a specific individual data subject is used to send commercial and non-commercial notifications of Payrock to that data subject.

How is your personal data stored and/or retained?

Payrock will only uses store, process, and handle the client’s Personal Information and Data, in accordance with the PDPA.

This means we retain hard copies of personal data related to individual persons (individual visitors of our corporate website, private clients, and/or representative/s or UBO/s of corporate clients) in protected storage facilities, to which unauthorized persons do not have any access.

We retain electronic soft copies of personal data related to individual persons (individual visitors of our corporate website, private clients, and/or representative/s or UBO/s of corporate clients) in protected and encrypted IT facilities, free from unauthorized access.

In all communication in which individuals share their personal data with Payrock, the communication channel is protected by an SSL secure log protocol technology.

Your Rights to your data

In line with the provisions and requirements of the PDPA on the protection of personal data, you retain the following rights to your personal data:

• You retain the right to review all personal information, which is related to you and which was/is collected during your visit to our corporate website and during the use and processing as described in this privacy policy at any time and to check the accuracy of personal data, which is related to you individually.
• You remain the right to have corrections, rectifications, and refreshments to your personal data.
• You remain the right to have your personal data deleted partly or completely.
• You retain the right to obtain information on the use and purpose of processing your personal data.
• You remain the right to limit the purpose for processing and use of your personal data. However, this may have an effect on the accessibility of our regulated financial services rendered to you. You can refer to our DPO and/or our Compliance Department for further clarifications on this.
• You remain the right to opt-out from commercial and non-commercial newsletters and notifications from Payrock by notification to our DPO accordingly.
• You remain the right to have all personal data, which is related to you and which is or had been collected during your visit and use of our corporate website and during your correspondence with Payrock, transferred to another Data Controller nominated by you.
• You remain the right to withdraw your previously given explicit consent with regards to the collection, use, and processing of your personal data at any time by contacting our Data Protection Officer via electronic mail services to [email protected].

You can submit your request to make use of the above rights to your personal data by contacting our Data Protection Officer (DPO) through electronic mail services to [email protected].  

Disclosures

We will not without your consent disclose to third parties any individually identifying information, such as names, postal and e-mail addresses, telephone numbers, or others, which you have provided to Payrock.

The rendering of our services to our company’s perspective and/or existing clients requires the disclosure of personal data related to our prospective and/or existing clients to third parties. These third parties are external service providers, which are legally and economically independent from Payrock and have third-party agreements in place with Payrock, whereas all of our subcontractors and/or external service partners are bound to our standard on Data Protection. Prior to processing personal data related to our clients, Payrock will inform the specific client about that use and asks for the explicit consent of that person accordingly.

Please refer to our Data Protection Officer (DPO) in case you have questions on this or in case you want to make use of your rights related to your personal data as described in this privacy policy.

We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce or apply our Site Terms and Conditions. Furthermore, your personal data is permitted to be disclosed to public bodies only in cases where the disclosure concerns matters of national and/or international security, the prevention or investigation of criminal activities, law enforcement, where the public interest is given, a juridical proceeding against the person, to which the personal data is related is pending or had been initiated or completed before and/or the personal security of the individual to which the personal data is related.

If you click on one of the social media links on Payrock’s Website or otherwise interact with Payrock’s social media pages such of third parties, Payrock and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose, such as certain Behavioural Data and Technical Data.

The relevant social media platform may also collecting personal data in respect of the PDPA that is collected via the use of our social media pages and may use that personal data for additional purposes. For details on how the relevant social media platform uses your personal data, please see the privacy policy of the relevant social media platform.

Payrock will communicate the specific purpose for processing your personal data to you prior to its use as described in this privacy policy.

If you feel your personal data has been infringed by Payrock, please get in touch with our DPO at [email protected].

Cookie Policy

Our corporate website www.payrock.io is using cookies. A cookie is a text file in the format .txt, and in log files, which the host server of our corporate website sends to the browser application that an individual visitor of our corporate website is using when entering our corporate website. These entries are generated automatically, and help Us to troubleshoot errors, improve performance, gather statistics about your browsing habits, and maintain the security of our websites. It is stored locally on the hard drive of the computer or telecommunication device used by the individual visitor of our corporate website when entering our corporate website. The data written into this file includes information on the IP address (Internet Protocol), the internet access service provider, the duration and frequency of page visit sessions within our corporate website, data which was viewed or downloaded, the type of computer or telecommunication device used by the individual visitor of our corporate website as well as the geographical location of the individual visitor of our corporate website.

The data collected is read out from the cookie file and retained on the website server/host in electronic form. The purpose of collecting this data is to identify a specific individual visitor after entering our corporate website. This data related to the individual visitor of our corporate website may be used by Payrock for internal statistical and analytical purposes only.

By entering our corporate website www.payrock.io, we have asked you to submit your explicit consent to the cookie policy in electronic form.

You can deactivate the use of cookie files by effecting the modifications in the system settings of the browser application you use for entering our corporate website. Please refer to the help documents and/or technical support for the browser application used for entering our corporate website accordingly. By selecting to empty the cache folder of your browser application and by deleting the browser history, cookie files can be deleted completely or partly.

Web Beacons

Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to Us. The information collected via web beacons will include information such as IP Address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.). We will use web beacons on our websites or include them in e-mails that We send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalization.

Payrock complies with legal requirements to provide adequate safeguards for the transfers of personal data outside Hong Kong.

[Last updated on June 25, 2024]