BYFIN Co. Limited (“BYFIN”, “we”, “us”, “our”), an SBI Group company, recognise our responsibilities in relation to the collection, use, disclosure and other processing and storage of personal data. We protect data security of our customers and potential customers by complying with all relevant data protection laws and regulations and ensure compliance by our staff with strict standards of security and confidentiality.
This statement provides you with notice as to how and why your personal data is collected, how it is intended to be used, to whom your personal data may be transferred to, how to access, review and amend your personal data, and our policies on direct marketing and the use of cookies. You may be asked to consent to the practices and policies in this statement when you access, or interact with us via, this website. Otherwise, by using this website, you are accepting the practices and policies in this privacy statement. If you object to any practices and policies in this statement, please do not use this website to submit your personal information to BYFIN.
BYFIN recognises its responsibilities in relation to the collection, holding, processing or use of personal data. The provision of your personal data is voluntary. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to provide information and services to you or to respond to your enquiries. BYFIN will not collect any information that identifies you personally through this website unless and until you use and browse the website, register as a user, interact with us, or otherwise communicate with us (including where requesting technical support).

How we collect data.
We will collect and store your personal data either:
• directly when you provide such information to us (for example, enquiries or communications);
• indirectly through your use of our website; or
• where you have provided it to us through any other means.
We may obtain lawfully collected personal or non-personal data about you from affiliated entities, business partners and other independent third parties’ sources. We may also collect some information about your computer or other devices used when you visit this website.
The personal data we collect (which includes sensitive personal data as defined under relevant applicable laws and regulations), includes the following:
• identity-related information that you provide us when you register an account with us, including
your name, physical address, email address, telephone and/or mobile phone number, and unique identification number (e.g., identification card number or passport number), and identity-related information of the directors, executive officers, or employees of your corporate body authorised to operate your account;
• financial information such as your bank account information;
• transactional information based on your activities conducted on our website and through our services;
• information provided through chats, dispute resolution, referral services, or added to a website form or when adding/updating your account information, or provided when you correspond through our website and services;
• technical information – such as IP address, browser type and version, time zone settings, browser plugin types, operating systems and platform, device information (including where mobile device the IMEI number, wireless networks and general network information).
We will usually identify any information which is mandatory (i.e., information required for creating an account, and to enable you to access the features of the website and receive any services) when we collect the information from you. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to do business with you or to respond to your enquiries.

Why we collect your personal data and how it may be used?
Personal data is collected for the following purposes:
• to provide you with access to the content on the website;
• to process and administer your account, to implement and effect the requests or transactions contemplated by the forms available on our website or any other documents you may submit to us from time to time;
• to design new or enhance existing products, information and services provided by us;
• to communicate with you including to send you administrative and technical communications about any account you may have with us, to provide technical support or notify about future changes to this privacy statement;
• for statistical or actuarial research undertaken by BYFIN, the financial services industry, or regulators;
• for advances data analytics, data matching, internal business and administrative purposes;
• to monitor your use of the website and conduct analysis of the use of the website in order to operate, evaluate and improve the website and our services, understand your preferences and troubleshoot any problems;
• to assist in law enforcement purposes, investigations by police or other government or regulatory authorities and to meet requirements imposed by applicable laws and regulations or other obligations committed to government or regulatory authorities;
• to personalise the appearance of our websites, provide recommendations of relevant products, information and services and provide targeted advertising on our website or through other channels;
• other purposes as notified at the time of collection; and
• other purposes directly relating to any of the above. Unless permitted by applicable laws and regulations, we will obtain consent from you if we wish to use your personal data for purposes other than those stated in this privacy statement.
BYFIN may retain your information for as long as necessary to fulfil the purpose(s) for which it is collected or as otherwise required to ensure compliance with applicable laws and regulations. BYFIN applies reasonable security measures to prevent unauthorised or accidental access, processing, erasure, loss, or use including limiting physical access to data within BYFIN’s systems and encryption of sensitive data when transferring such data. Reasonable steps will be taken to delete or destroy the information when it is no longer necessary for any of the purpose above.
For our policy on use of your personal data for promotional or marketing purposes, please see the section entitled “Use of Personal Data for Direct Marketing Purposes”.

Who may be provided with your personal data?
Personal data will be kept confidential but may, where permitted by law or where such disclosure is necessary to satisfy the purpose or a directly related purpose for which the personal data was collected, provide such personal data to the following parties:
• any person authorised to act as an agent of BYFIN (or another SBI Group company) in relation to the distribution of products and services offered by BYFIN (or that SBI Group company);
• any agent, contractor or third-party service provider (within or outside SBI Group) who provides administration, data processing, telecommunications, computer, payment, debt collection or securities clearing, technology outsourcing, call centre services, mailing and printing services in connection with the operation of BYFIN’s business and BYFIN’s provision of services to you;
• any member company of SBI Group in relation to the provision or marketing of financial services;
• any agent, contractor or third-party service provider (within or outside SIB Group) including companies that help deliver our services, including but not limited to insurance companies, money exchange companies, remittance companies, banks and other money lenders;
• other companies that help gather your information or communicate with you, such as research companies and ratings agencies, in order to enhance the services we provide to you; and
• government or regulatory bodies in any jurisdiction or any person to whom an SBI Group company must disclose data: (a) under a legal and/or regulatory obligation in that or any other jurisdiction applicable to that particular SBI Group company; or (b) pursuant to an agreement between the SBI Group company and the relevant government, regulatory body or other person.
For our policy on sharing of your personal data for promotional and marketing purposes, please see the section entitled “Use of Personal Data for Direct Marketing Purposes”.
From time to time, we may purchase a business or sell one or more of our businesses (or portions thereof) and your personal data may be transferred or disclosed as a part of the purchase or sale or a proposed purchase or sale. In the event that we purchase a business, the personal data received with that business would be treated in accordance with this privacy statement if it is practicable and permissible to do so.
Your personal data may be provided to any of the above persons who may be located in other jurisdictions or territories to that in which you are located. Your information may be transferred to, stored, and processed in other jurisdictions where any SBI Group entity is located, or jurisdictions where a third-party contractor is located or from which the third-party contractor provides us services.
Where required under relevant law, we may seek your consent to the transfer of such information outside your jurisdiction to our facilities or to those third parties with whom we share it as described above. Your personal data will only be transferred to other locations, where we are satisfied that adequate levels of protection exist to protect the integrity and security of your personal data, which as a minimum are comparable to the jurisdiction or territory in which you provided such personal data.

Access Rights to Personal Data
Under applicable laws and regulations, you may have the right to:
• verify whether BYFIN holds any personal data about you and to access any such data;
• require BYFIN to correct any personal data relating to you which is inaccurate;
• withdraw your consent for use or provision of personal data for direct marketing;
• make a complaint about BYFIN’s data handling; and
• enquire about BYFIN’s policies and practices in relation to personal data.
Requests for access, correction, complaints, or other queries relating to your personal data should be addressed to:
BYFIN Co., Limited
Suites 2702-4, 27th Floor, Tower 6
The Gateway, Harbour City
Kowloon
Hong Kong
Email: info@byfin.com
Under applicable laws and regulations, BYFIN has the right to charge costs which are directly related to and necessary for the processing of any personal data request.
You also have the right to lodge a complaint with a supervisory authority in certain jurisdictions if you consider that the processing of your personal data infringes applicable law.

Use of Personal Data for Direct Marketing purposes
In addition to the purposes set out above, where permitted by law, BYFIN may use your name and contact details for promotional or marketing purposes including sending you promotional materials and conducting direct marketing in relation to the following products, services, advice and subjects:
money exchange; remittance; insurance; banking; financial services; reward/loyalty/privilege programmes; charitable/non-profitable causes (“Classes of Marketing Subjects”).
For the purposes of direct marketing, we may, where permitted by law, provide your personal information to providers whether within or outside of SBI Group of any of the Classes of Marketing Subjects described above and call centre, marketing, or research services so that they can send you promotional materials and conduct direct marketing in relation to the products and services they offer (these materials may be sent to you by postal mail, email or other means). Where permitted by law,
we may provide your personal data to providers (whether within or outside of SBI Group) of any of the Classes of Marketing Subjects for gain.
Before using or providing your personal data for the purposes and to the transferees set out in this section, we may be required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use and provide your personal data for any promotional or marketing purpose.
The types of personal data that BYFIN would use and provide for direct marketing purposes as described above are your name and relevant contact details, although we may possess additional personal data.
If your consent is required, and you provide such consent, you may thereafter withdraw your consent to the use and provision to a third party by BYFIN of your personal data for direct marketing purposes and thereafter BYFIN shall cease to use or provide such data for direct marketing purposes.
If you have provided consent and wish to withdraw it or if you prefer not to receive marketing communications from us in any form, please inform us by writing to the address or sending us an email in the section on “Access Rights to Personal Data”. Any such request should clearly state details of the personal data in respect of which the request is being made.

Use of Cookies
Cookies are small text containing small amounts of information which are downloaded and may be stored on any of your web browsers or internet enabled devices (e.g., your computer, smartphone or tablet) that can later be read by the server – like a memory for a web page.
BYFIN may use cookies and other tools on the website. By continuing to use the website, you are agreeing to us placing cookies on your computer. The information collected (including but not limited to: your IP addresses (and domain names), browser software, types and configurations of your browser, language settings, geo-locations, operating systems, referring website, pages and content viewed, and durations of visit) will be used to ensure operation of the website and enable you to log in securely, for compiling aggregate statistics on how our visitors reach and browse our websites for web enhancement and optimisation purposes, and to help us understand how we can improve your experience on it.
The cookies also enable our website to remember you and your preferences, and tailor the website for your needs. Advertising cookies will allow us to provide advertisements on our websites that are as relevant to you as possible, e.g., by selecting interest-based advertisements for you, or preventing the same advisement from constantly reappearing to you.

External links
If any part of this website contains links to other websites, those sites may not operate under this privacy statement. You are advised to check the privacy statements on those websites to understand their policies on the collection, usage, transferal, and disclosure of personal data.

Amendments to this Privacy Statement
BYFIN reserves the right, at any time and without notice, to add to, change, update or modify this privacy statement, simply by notifying you of such change, update, or modification. If we decide to change our personal data policy, those changes will be notified on our website so that you are always aware of what information we collect, how we use the information and under what circumstances the information is disclosed. Any such change, update or modification will be effective immediately upon
posting. Where required by applicable law, we may also notify you in the event of material changes to this privacy statement and, where required, seek your consent to those changes.

Additional Information
Should you have any questions on any part of this privacy statement or would like additional information regarding BYFIN’s data privacy practices, please do not hesitate to contact us by the contact details above.