Privacy Policy
Updated date: 28 March, 2022
Effective date: 28 March, 2022
1.Westock Securities International (Hong Kong) Limited (“Westock” or “we”) is committed to providing the world-class financial services to our clients
2.Protecting the security and privacy of our clients' data is a matter we take seriously. Accordingly, We have established the following code of conduct and is committed to maintaining the confidentiality of our clients' data and information.
3.We respect and protect your personal privacy. We collect, use and share your personal information in accordance with our Privacy Policy (this "Policy") when you use the Westock App and its sub-pages (the "Platform") or use our related services.
The policy will help you understand in detail how we collect, use, store, transmit, share, transfer (if applicable) and protect personal information and how we provide you with services such as access, update, control and information protection. As this policy is closely related to your use of our services, we encourage you to read and understand the contents of this policy carefully and make the choices you deem appropriate. The use of our App indicates that you fully understand and agree to this Privacy Policy in its entirety.
This policy hope you understand:
(1) How we collect and use your personal information
(2) How we use cookies and similar technologies
(3) The storage and security of information
(4) How we share, transfer and publicly disclose your personal information
(5) How we protect your personal information
(6) Personal information subject to cancel the account
(7) Your rights
(8) How this policy is updated
3.1. How we collect and use your personal information
Personal information means all kinds of information recorded by electronic or other means that can identify a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information. The sources of the aforementioned information include: information that you provide to us through the App or other platforms; information that you disclose to the public yourself; information that you disclose through lawful public channels (such as lawful news reports, government information disclosure, etc.) or lawfully retained in third parties, etc.
We will use your personal information when we:
(1)use your personal information for the reasons set out in this policy for collecting and using personal information
(2) We use your personal information to send you commercial electronic messages and to provide you with information about products that are relevant to you. You can manage the aforementioned information by clicking on "Message" in the Westock App. If you want to receive news notifications from Westock, you will need to authorise the notification function in your phone settings. If you do not want to receive our news feeds, you can turn off notifications in the system settings of your device. If you turn off the notification function, you will not receive message alerts from the platform on your mobile phone system notification bar. If you do not want to receive push messages from us, you can choose to turn off the push function through your device system settings or contact us to cancel the push service.
(3) If we need to use your personal information for purposes other than those set out in this policy, we will ask for your consent again in the form of a confirmation agreement, a text confirmation action in specific scenarios, etc.
3.1.1.Westock Securities will only collect and use your personal information for the following purposes as described in this policy.
3.1.1.1.to fulfill anti-money laundering obligations and for real name management in accordance with laws, regulations and supervision, as well as other circumstances such as securities supervision, securities registration and settlement, exchange regulations, investor protection and network security.
(1)When you open an account or use the services of the platform through Westock Securities, you are required to provide your identity information, contact information, address and information such as the bound tripartite depository account. If you fail to provide such information, you may not be able to open an account or enjoy the relevant services; at the same time, in order to verify the accuracy and completeness of such information, we will verify the information provided by you with the information legally kept by you in relevant institutions (including government agencies, institutions, commercial institutions, etc.).
(2)If you are an individual user, you may be required to provide us with a scanned colour copy of a valid identity document for our verification and retention in the event that certain circumstances arise under the relevant anti-money laundering laws and regulations and regulatory requirements; if you fail to provide such documents or information, we may not be able to open an account for you or provide other services on the Platform to you.
3.1.1.2. Risk prevention
To prevent your funds, personal information and other important information or data from being accessed by unscrupulous persons, we need to collect the following information from you to determine the risk of your account: when you access the Platform, we may record information about the type and manner of services you use and the operations you perform when using the services, including information about permissions such as
(1) Camera permissions
a. In the account opening interface by taking a photo to upload your own ID front and back photos.
b. Upload a photo of your bank account on the Add Bank Card screen.
c. Upload a photo of the remittance voucher on the deposit screen.
(2) Photo Album Permission
a. In the account opening screen, upload a photo of the front and back of your ID by selecting a picture from your mobile phone album.
b. In the Add Bank Card screen, upload a photo of your bank account by selecting a photo from your mobile phone album.
c. Upload a photo of your remittance voucher by selecting a photo from your mobile phone album on the Deposit Funds screen.
(3) Microphone access
Used for contacting customer service in the online customer service interface.
(4) SMS sending permission
Send SMS to verify the user's identity when registering with MicroInvest Securities and conducting business.
(5) SMS receiving permission
When using MicroInvest Securities mobile phone number to register, you need to read the user verification code information to facilitate the user's operation.
(6) Calling permission
Some pages displaying customer service phone numbers need to use dialing permission to facilitate users to dial directly.
(7) Storage permission
You need to upload pictures or files of your personal identification information When you use Westock’s business function, which requires read storage permission, as well as some necessary resource files for downloading, caching pictures and self-selecting line clearing data.
(8)Application self-update function permission description
To ensure the security of the version you are using, this application needs to apply for the following permissions when updating independently:
Permission Name: Install Unknown Application Permission (REQUEST-INSTALL-PACKAGES)
Usage description: Only used for downloading new version installation packages to complete overlay installation, and will not be used for other application installations or unrelated operations.
Data association: This process does not collect your device information or identity data, only verifies the integrity of the installation package (such as SHA256 signature matching).
User Control: You can disable this permission at any time in the system settings, but it will not automatically update to the latest version.
(9)Wifi address
Your wifi address will be used as your proof of operation when you place an order with Westock.
(10) Application Media File Access Permission Description
10.1 Data Usage Boundaries
1) We only access individual files you explicitly select when you actively trigger specific features
2) We do not scan, read, or collect other media files on your device
3) We do not use obtained media files for any purposes not explicitly stated
4) We do not share your original media file data with any third parties
10.2 Image Permission (READ_MEDIA_IMAGES) Usage Description
We request read image permission when you use the following features:
1) Profile settings: Select images from album to set avatar and background
2) Account security verification: Upload ID photos for account opening and identity verification
3) Content creation: Image operations during dynamic publishing and editing, including saving and draft management
4) Social sharing: Generate share images, save content to album, or share images
5) Application feedback: Upload screenshots or photos to assist with issue troubleshooting
10.3 Video Permission (READ_MEDIA_VIDEO) Usage Description
We request read video permission when you use the following features:
1) Security verification: Upload short videos for liveness authentication during advanced account verification to enhance security and prevent fraud
2) Problem feedback: Attach operation screen recording videos when submitting technical issues to help technical team accurately locate problems
3) Media selection optimization: In content editing scenarios like transaction reviews, to distinguish between videos and images and improve selection experience, the application uses custom media selector to access video files
10.4 User Rights Protection
We solemnly commit:
1) All permission requests are triggered based on specific functions, following the principle of minimum necessity
2) Only access media files you explicitly select, never scan your entire media library; all media files are promptly deleted after completing specific purposes
3) You can manage or revoke permission authorization at any time through device settings; we will not deny core transaction services due to your refusal to authorize
4) All data processing activities comply with Google Play Developer policies and applicable data protection laws and regulations
10.5 Supervision and Responsibility
We commit:
Never use media data for user profiling or personalized recommendations
Never use media data for training AI models
In case of data breaches, we will provide timely notification according to law and bear corresponding responsibilities
(11)Notification permission is used to provide you with timely market information, announcements and trade notification type message push (through a third party SDK), details are:
[TalkingDataSDK required permissions and information]
The purpose, manner and scope of the personal information we need to share with this SDK are as follows:
(1) READ_PHONE_STATE, which allows the application to access the information of the mobile device in a read-only manner, uniquely identifies the user by the information obtained and is used for application statistical analysis, cheat protection.
(2) ACCESS_WIFI_STATE is to obtain the MAC address of the device and uniquely identify the user. It is also used for application statistics analysis, cheat protection.
(3) WRITE_EXTERNAL_STORAGE, which is used to store information about the device and to record logs.
To protect your information security, we have signed strict data security confidentiality agreements with third party SDK services that adhere to our data privacy and security requirements. To help you better understand the types of data [TalkingData] collects and how it is used, as well as how personal information is protected, you can learn more about [TalkingData] at https://www.talkingdata.com/privacy.jsp?languagetype=zh_cn. We also understand and respect your right to choose, and if you reject to participate in [TalkingData]'s big data calculations, you may log in https://www.talkingdata.com/optout.jsp?languagetype=zh_cn to use your opt-out right. You understand and agree that [TalkingData] has the right to de-identify and aggregate the data it collects to build a database for the purpose of providing data services. If there is a change in the purpose, manner or scope of use of personal information collected by the Talking Data SDK, we will notify the end user in an appropriate manner and remind him/her to read.
[Permissions and information required for Xiaomi SDK]
Message Service
For the purpose of providing push services to you, sending notifications about software updates or new product releases (including marketing messages), evaluating advertising effectiveness, etc., you agree that we may temporarily store the content of messages obtained from third-party
applications.
We may also collect your device identification information, including IMEI/OAID (for Android Q and above), IMEI MD5/MEIDMD5, Android ID, VAID, AAID, and your MID (for MIUI). Your device model, network type, device storage, device runtime information, app version, SDK version, and your country or region settings will also help us to provide you with a better push service and experience. We also use your settings, including whether to block the notification bar and whether to set lock screen pop-up messages, to provide you with the service. We also collect information about the apps that use the push service (package name, version number, app name, when it was first installed, when the update was last completed) to ensure that you do not receive further notifications related to the app after you have uninstalled it.
If you have set up app splitting, we will also collect your Space ID to differentiate between apps for you. If you are not using Xiaomi phone, we will also collect your carrier name for access quality statistics and to optimise push services.
Your IMEI, network type, carrier name and device running process information will only be read locally and will not be uploaded.
For information collected from your various devices, we may correlate it so that we can provide you with a consistent service across these devices. We may use some of this information to analyse and develop statistical information related to the use of our products or services in order to better improve our products or services.
[Permissions and information required for AliCloud SDK]
Permissions for Business Use
ACCESS_NETWORK_STATEACCESS_WIFI_STATEACCESS_FINE_LOCATIONREAD_PHONE_STATE is used to determine network status, turn push on and off, cache push connection parameters to differentiate between networks, and use different push connections.
INTERNET is used to link and provide push services.
RECEIVE_BOOT_COMPLETED is used to maintain the stability of the push channel on low-end phones and improve the timeliness of push messages.
READ_EXTERNAL_STORAGEWRITE_EXTERNAL_STORAGE is used as sole signal for push channel storage and improve the accuracy of the push.
GET_TASKSREORDER_TASKS is used to push the open way-open app function to avoid excess app opening.
[Permissions and information required for Huawei SDK]
Huawei Push Service will collect the following information from you:
Your ID, application ID, application package name, and server public IP address. In addition, if you have opened the Return Receipt entitlement, then the Return Receipt Certificate and Return Receipt Address URL information will be collected by us; if you have opened the iOS entitlement, then the iOS Certificate information will be collected by us; if you have opened the WebPush entitlement, then the key pair information corresponding to WebPush will be collected by us; all of the above information will be stored in both Singapore, Russia and China servers in Singapore, Russia and China.
If you create a message push task on the AppGallery Connect website, information on the frequency of use, task name, message content and push range (application Token, or topic name, or audience group name) of each Huawei Push function will be collected by us and processed according to the data processing location you have selected; however, if you do not select a data processing location, then you will not be able to use the data in AppGallery Connect. then you will not be able to create message push tasks on the AppGallery Connect website.
In addition, Huawei Push collects the following information about your end user.
AAID (Application Anonymity Identifier), Application Token, Topic subscription relationship, and if you have selected a data processing location, the data will be processed according to the data processing location you have selected; otherwise the above information will not be processed.
The message delivery record, Token application record, Show/click/close hitting point reporting record will only be processed if you enable Huawei Analytics and select a data processing location; otherwise, no data processing will be performed.
Cached message content is processed for data based on the region where the client is located (see Distribution of Data Processing Locations for details).
If your app pushes messages with Huawei account-based message verification enabled, we will collect the mobile user's identifier HMS Core openId in this scenario. HMS Core openId will be irreversibly encrypted to be saved on the device side only.
The content of the messages you send will be saved on the end-user device side.
[Tencent Bugly SDK]
Purpose of use: for statistical analysis of application crash information
Scope of personal information collected: log information (including: third-party developer-defined logs, Logcat logs and APP crash stack information), device ID (including: androidid and idfv), networking information, system name, system version and country code
Collection method: Automatically collected when you agree to the privacy policy and only collected when the app is launched, the SDK is initialised and the app crashes.
[Seven Niu Cloud SDK]
Purpose of use: To provide object storage function.
Collect your personal information, including registration information, real name authentication, payment information, other information (authentication information of specific identity); use the service to collect your device information, log information, location information, other information.
Collection method: Automatically collected after you agree to the privacy policy, only collected when the APP is launched, initializing the SDK, using the upload function.
Privacy Policy: https://www.qiniu.com/agreements/privacy-right
[NetEase Seven Fish SDK]
Purpose of use: To provide IM message communication function.
Collect and send end-user's voice information, picture and video information, end-user's information (device information, network information, log information), collect distance sensor information.
Collection method: Collected automatically after you agree to the privacy policy, and only when the APP is launched, initializing the SDK, and using the online customer service function.
Privacy Policy: https://qi.163.com/termsService?catalog=1
[Three-party account login (WeChat Open Platform, QQ Internet, Sina Weibo Open Platform)]
Purpose of use: To implement the third-party login function and one-click quick login function
Scope of the type of personal information collected:After your authorisation and consent, WeChat SDK, Sina Weibo Login SDK, QQ Login SDK may obtain personal device information (device version, system version, generation ID, phone style, phone name, iccid, bssid, MAC address, IMSI, IMEI), read/write into external storage, WiFi access, network status, phone status The following functions can be used to ensure the proper use of the corresponding functions: retrieve the running applications, read and write to external storage, WiFi access, network status, phone status.
3.1.1.3. Operation and safety assurance
(1) Operation and Security
We are committed to providing you with a safe and reliable product and usage environment, and providing high quality, efficient and reliable services and information is our core objective.
(2) Equipment information and log information
a. To ensure the security of the software service and your account, the quality and efficiency of the service operation, we will collect your hardware model, operating system version number, device name, device configuration, International Mobile Device Identifier, unique device identifier, MAC address, IP address, WLAN access point, Bluetooth, base station, software version number, network access method, type, status, network quality data, operation, usage and service logs. operation, usage, and service logs. We may associate your device information or phone number with your MicroPort Securities account.
b. To prevent malicious programs, secure the service and improve the browsing experience, we may collect information about installed applications or running processes, overall application operation, usage and frequency, application crashes, overall installation and usage, performance data, and application sources.
c. In order to analyse statistical metrics such as app additions, activations, retention and performance, we may call upon the clipboard to attribute the relevant statistical information.
d. We may use your account information, device information, service log information, and information that our affiliates and partners are authorized to share with you or are legally allowed to share, for the purposes of determining account security, application launch activity and activity, identity verification, and detecting and preventing security incidents.
e. During silent operation, in order to accurately push relevant information and analyze statistical indicators and operation of the application, we may use your device information, service log information and information that our affiliates and partners (referred to as third parties) have been authorized by you or are legally able to share, for the purpose of determining account security, accuracy, performing identity verification, detecting and preventing security incidents.
(3) Changes in the purpose of collecting and using personal information
Please be aware that as our business develops, there may be adjustments and changes to existing functions and services offered. In principle, when a new function or service is related to the function or service we currently provide, the personal information collected and used will be directly or reasonably related to the original purpose of processing. In cases where there is no direct or reasonable connection to the original purpose of processing, we will collect and use your personal information and will again inform you separately by means of page prompts, interaction processes and agreement confirmation in accordance with the requirements of laws, regulations and national standards, and obtain your consent.
3.1.1.4 Providing personalised services and improving service quality
In order to improve the quality of our services, prevent risks, enhance your service experience, or recommend better quality or more suitable services for you, we will collect your search records when you use our services, the information you provide when you contact our customer service team, the information you send to us when you participate in questionnaires, as well as the types and methods of services you use and the information on your operations when using the services; we will also collect information from our We may also collect information about your behaviour and transactions from our affiliated companies and partners that they legally retain. We will analyse this information in order to provide you with a more accurate, personalised, smooth and convenient service. In order to improve processing efficiency, reduce processing costs and increase processing accuracy, we may commission our affiliated companies with the relevant capabilities to provide such services and we will require them to comply with strict confidentiality obligations and prohibit them from using such information for any purpose not authorised by you.
3.1.1.5. Provision of service status notification and enquiry services
Subject to the relevant laws and regulations and regulatory requirements, we will archive your identity information, transaction information and behavioural information when using the services of the Platform for your convenience and keep the aforementioned information in strict accordance with the laws and regulations. In order to keep you informed of the status of your use of the Platform services, we will send you service status notifications based on the relevant information.
3.1.1.6. Other circumstances
Permitted by law or regulation, we may collect and use your personal information without your authorised consent in the following circumstances.
(1) Directly related to national security or defence security
(2) Directly related to public safety, public health or vital public interest.
(3) Directly related to the investigation, prosecution, trial and execution of judgments for crimes
(4) Where it is necessary to protect the life, property and other significant legitimate rights and interests of the subject of the personal information or other individuals but it is difficult to obtain their consent
(5) Where the personal information collected is disclosed to the public by the subject of the personal information himself/herself.
(6) Where personal information is collected from information that is lawfully and publicly disclosed, such as lawful news reports, government information disclosure and other channels.
(7) Where necessary for the conclusion and performance of a contract at the request of the subject of personal information.
(8) Those necessary for maintaining the safe and stable operation of the products or services provided, such as detecting and disposing of product or service failures.
(9) Necessary if the controller of personal information is a news organization and it is carrying out legitimate news reporting.
(10)Where the controller of personal information is an academic research institution and it is necessary for the conduct of statistical or academic research in the public interest, and it de-identifies the personal information contained in the results when providing the results of academic research or descriptions to the public.
(11) Other circumstances as provided for in laws and regulations.
3.2. How we use cookies and similar technologies
3.2.1 Cookies and similar technologies such as device identifiers are commonly used on the internet to ensure that our website works properly by storing small data files called cookies on your computer or mobile device. cookies usually contain an identifier, the name of the site and some numbers and characters. Cookies enable websites to store data such as your preferences.
(1) Keeping products and services safe and efficient
We may set cookies or anonymous identifiers for authentication and security purposes to enable us to verify that you are securely logged into our services or that you have not experienced theft, fraud or other irregularities. These technologies also help us to improve the efficiency of our services and increase login and response times.
(2) Helping to make your access experience easier
The use of such technologies can help you to eliminate the need to repeat the steps and processes you need to take to fill in your personal information and enter your search content.
3.2.1. Delete Cookie
We do not use cookies for any purpose other than those described in this policy. You have the right to choose whether or not to accept cookies. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of the website.. For more information on how to change your browser settings, you can use the Internet search engines to find out how to do this for different browsers.
3.3. Information storage and security
3.3.1. Storage
The personal information we collect and generate in the People's Republic of China will be stored in the People's Republic of China. We will store your personal information in accordance with the laws and regulations and the storage period stipulated by the regulatory authorities. After you cancel your account, we will cease providing products and services to you and delete or anonymise your personal information at your request, except where required by laws, regulations or regulatory authorities. If we cease operations, we will immediately cease collecting your personal information, notify you of the cessation of operations by individual delivery, announcement or other means, and delete or anonymise any personal information we hold about you.
3.3.2. Information security
(1) In order to protect the security of your information, we will take all reasonable and necessary measures to protect your information after we have collected it. For example, in a technology development environment, we will only use de-identified information for statistical analysis; when providing research reports to external parties, we will de-identify the information contained in the reports. We store the de-identified information separately from information that can be used to re-identify individuals to ensure that individuals are not re-identified in subsequent processing of the de-identified information.
(2)To protect the security of your information, we are committed to using a variety of security technologies and supporting management systems to minimise the risk of disclosure, destruction, misuse, unauthorised access, unauthorised disclosure and alteration of your information. Examples include: encrypted transmission via network security layer software (SSL), encrypted storage of information, and severely restricted access to data centres. When transmitting and storing sensitive personal information (including personal biometric information), we will use security measures such as encryption, permission control and de-identification.
(3)We have established a person responsible for personal information protection to carry out impact assessments of personal information security with respect to the collection, use, sharing and entrusted handling of personal information. At the same time, we adopt the principle of minimum sufficient authorization for staff who may have access to your information; we systematically monitor the behavior of staff handling your information, and continuously train staff on relevant laws and regulations and privacy security guidelines and security awareness reinforcement. In addition, our corresponding network systems have passed the national network security level protection assessment. We also regularly engage external third parties to assess our information security management system.
(4)In the unfortunate event of a personal information security incident, we will, in accordance with the requirements of laws and regulations, promptly inform you of the basic information security incident, the scope of impact, the measures taken or to be taken, remedial measures, independent prevention and risk reduction recommendations, etc., by means including but not limited to email, letter, telephone or push notification, etc. If it is difficult to inform the subject of personal information one by one due to special circumstances, we will take reasonable We will make public announcements in a reasonable and effective manner. At the same time, we will take the initiative to report the progress and status of the disposal of information security incidents to the higher supervisory unit in a timely manner.
(5)Please ensure that you keep your WIT App registration account, WIT trading account and other relevant identity elements in a safe place. When you use our services, we will identify you by your Westock Securities APP registered account,Westock Securities trading account and other relevant identification elements. If you disclose such information, you may suffer losses and legal consequences may arise against you. If you become aware that your login and/or other elements of your identity may be or have been compromised, you should contact us immediately so that we can take prompt action to avoid or mitigate your losses in this regard.
3.4. How we share, transfer and disclose your personal information
3.4.1. Sharing
We are committed to maintaining the confidentiality of your information. Except as otherwise provided in this policy and by law or regulation, we will only share your information with Westock affiliates, our suppliers or partners in any of the following circumstances. Our suppliers include organizations that provide technology services, telecommunications services, customer service, risk control services, audit services, legal services, etc. Our partners include financial institutions, e-commerce companies and platforms, offline merchants, etc. (vendors and partners are collectively referred to as "third parties").
(1)Share your information with third parties with your consent.
(2)Sharing your information is necessary to provide the services you require or to process your related transactions.
(3) The information you provide is used to administer a sweepstakes, competition or similar promotion. In these circumstances, if you win a prize, we may desensitise your mobile phone number or registered name and publish it on the winner's list or competition list. If the activity is jointly promoted by us and a third party, we may share with that third party personal information generated during the activity that is necessary to complete such activity (number of users participating in the activity, list of winners, contact details of winners) so that the third party can issue the prize to you or provide services to you in a timely manner.
(4) Reasonable purposes for adhering applicable laws, regulations and regulatory requirements;and safeguarding the public interest and personal safety or other legitimate rights and interests of our customers.
(5) In accordance with legal requirements and reasonable business practices, we may provide your information to the necessary subjects of investigation when we plan to merge with, be acquired by, or conduct other capital market activities (including, but not limited to, IPO) that require us to undergo due diligence from other subjects. In the aforementioned circumstances, we will require such subjects to take reasonable confidentiality measures in respect of your personal information by signing confidentiality agreements with them, etc.
(6) We will share your information with third parties in accordance with permitted laws and regulations and within the permission of your authorization after you authorize third parties to inquire and collect your information on the Platform from us.
3.4.2. Transfers
We will not transfer or provide your personal information to any company, organisation or individual, except where
(1)such transfer has been made with your prior express consent or authorisation.
(2) where such transfer is required to be provided to the relevant department, agency or organisation in accordance with applicable laws and regulations, mandatory administrative or judicial requirements.
(3) where the transfer is made in connection with a merger, acquisition or liquidation in bankruptcy. In the aforementioned cases, we will require the new company or organization holding your personal information to continue to be bound by this policy, or we will require such company or organization to seek your authorization or consent again.
(4) the transferred personal information has been de-identified to ensure that the recipient cannot re-identify the subject of the personal information.
3.4.3 Public disclosure
In principle, we will not disclose your information, except for the desensitised display of the winner's mobile phone number or registered name or nickname when announcing the list of winning events and competitions, unless you have expressly agreed otherwise.
3.5 How we protect your personal information
We are committed to keeping information secure to a reasonable level of security. To protect your information, we are committed to using various network security layer software (SSL) for encrypted transmission, encrypted storage of information, strictly limited access to data centres, use of dedicated network channels and network proxies and other security technologies and supporting management systems to prevent your information from being leaked, destroyed or lost.
Please understand that due to technical limitations and the possibility of malicious means, in practice there may be uncertainties in the protection of your information due to factors beyond our control. The Internet is not an absolutely secure environment, so please help us to keep your personal information safe by using complex passwords and a trusted online environment.
If we cease operations, we will promptly cease activities to collect your personal information and the personal information held will be deleted or anonymised.
3.6 Cancellation of accounts by personal information subjects
You may cancel your previously registered trading account (funding account) at any time. After the cancellation of your account, we will cease to provide you with products or services and, at your request, delete your personal information, except as otherwise provided by laws, regulations, self-regulatory rules, etc. The information provided or generated by you during the use of the Westock Services shall still be stored for the time required by regulation and shall cooperate with the relevant authorities in accordance with the law during the time of such storage, and you shall have the right to cancel your account at any time. You have the right to cancel your account at any time by following the Westock cancellation process or by consulting customer service.
3.7. Your rights
In accordance with the relevant Chinese laws, regulations and standards, as well as the prevailing practices in other countries and regions, we protect your right to exercise the following rights in relation to your personal information.
(1) Access to your personal information
You have the right to access your personal information, except for the exceptions provided by laws and regulations. If you wish to exercise your right to data access, you can do so yourself by using the following methods.
Account information - if you wish to access or edit your profile information and account information in your account, change your password, add security information, you can do so by accessing 'Security Settings'.
Search information - you can access or clear your search history and view relevant data in the search bar.
(2)Correcting your personal information
When you discover an error in the personal information we have processed about you, you have the right to request that we make a correction. You may contact our customer service at any time to respond to your request.
(3) Deletion of your personal information
You may make a request to us to delete personal information in the following circumstances:
a. if our handling of personal information violates laws and regulations.
b. if we collect or use your personal information without your consent.
c. if our handling of personal information is in breach of our agreement with you.
d. if you no longer use our products or services, or if you cancel your account.
e. if we no longer provide products or services to you.
If we decide to respond to your request for deletion, we will also simultaneously notify the entities from which we obtained your personal information to request its prompt deletion, unless otherwise required by law or regulation, or unless such entities have your independent authorization.
When you delete information from our services, we may not immediately delete the corresponding information from our backup systems, but will delete it when the backup is updated.
(4) Changes of your authorised consent
Each business function requires some basic personal information in order to be completed (see "Part I" of this policy). You may give or withdraw your authorised consent at any time for the collection and use of additional personal information collected. You can do this at any time by contacting our customer services. When you withdraw your consent, we will no longer process the corresponding personal information. However, your decision to withdraw your consent will not affect the processing of personal information previously carried out on the basis of your authorisation.
(5) Responding to your request above
For security purposes, you may be required to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.
In principle, we do not charge a fee for your reasonable requests, but we will charge a cost fee for repeated requests that exceed reasonable limits, as appropriate. We may refuse requests that are unnecessarily repetitive, require excessive technical means (for example, requiring the development of new systems or fundamental changes to current practice), pose a risk to the legal rights of others or are highly impractical.
We will not be able to respond to your request if we are required by law or regulation to do so in the following circumstances.
a. Directly related to national security or defence security.
b. Directly related to public safety, public health or vital public interest.
c. Directly related to crime investigation, prosecution, trial and sentence enforcement
d. Where there is sufficient evidence of subjective malice or abuse of your rights
e. Responding to your request will lead to serious damage to the legitimate rights and interests of you or other individuals or organisations
f. Where trade secrets are involved.
3.8 How we update the policy
Our privacy policy may change. We will not reduce your rights under this Privacy Policy without your express consent. We will post any changes made to this policy on this page.
We will also provide more prominent notice of material changes (including, for certain services, by sending a notice via a system announcement describing the specific changes to our privacy policy).
Material changes within the meaning of this policy include, but are not limited to.
(1) A material change in our service model. such as the purposes for which personal information is processed, the types of personal information processed, and the manner in which personal information is used.
(2) Significant changes in our ownership structure, organizational structure, etc. such as change of ownership caused by business restructuring, bankruptcy and merger, etc.
(3) Changes in the primary recipients of personal information sharing, transfer or public disclosure.
(4) Significant changes in your rights to participate in the processing of personal information and how they are exercised.
(5) When there is a change in the department responsible for handling the security of personal information, our contact details and complaint channels.
(6) When the security impact assessment report of personal information indicates a high risk.
4.Customers in their personal capacity are required to provide personal data ("Data") to Westock from time to time for the purposes set out in the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong). The Data (and other data) relating to the Client may be used for the following purposes: the day-to-day operation of the services and facilities provided to the Client;
(1) To conduct credit checks;
(2) To assist other institutions in conducting credit reviews;
(3) To ensure that the creditworthiness of the customer is maintained;
(4) To design financial services or related products for use by customers;
(5) Promoting financial services and related products to customers (see paragraph 6 below for further details);
(6) Determining the amount of debt owed to or by a customer;
(7) To meet the requirements for making disclosures under any law or regulation;
(8) and for any purpose related to any of the foregoing.
5. Data (and other data) held by Westock relating to its clients will be kept confidential, but Westock may disclose all data (and other data) to the following persons and it is a condition of Westock provision of services, products and data to its clients that the client agrees to disclose all data (and other data):
(1) Any officer, employee, agent, contractor or third party who provides administrative, credit data, debt collection, telecommunications, computer, payment or other services to Westock in connection with the operation of its business;
(2) Any financial institution with which the customer has or intends to have dealings;
(3) Regulatory or judicial authorities and other relevant governmental or statutory bodies;
(4) Any other person under a duty of confidentiality to Westock, including companies within Westock that undertake to maintain the confidentiality of such information.
(5) The use of customer data between companies within Westock is subject to strict internal security standards, confidentiality policies and applicable laws.
(6) We bind our employees to fully comply with such standards, policies and laws.
(7) We do not distribute data about our clients to other companies except for the purpose of conducting our business, complying with applicable laws, protecting against fraud, or making offers of products and services that we believe may be in the interests of our clients. We may also provide information to regulatory authorities and law enforcement officials in accordance with applicable law.
(8) We set extremely high standards to protect customer data from unauthorized alteration or destruction.
5.Part VIA of the Personal Data (Privacy) (Amendment) Ordinance 2012 introduces specific requirements to obtain your consent (including an indication of no objection) for us to use your personal data for direct marketing purposes. In this regard, you are reminded that:
(1) Your name, contact details, product and service portfolio information, trading patterns and behaviour, financial background and statistical information held by Westock from time to time may be used by Westock for direct marketing purposes;
(2) The following categories of services, products and promotional banners may be used for promotion
a. Financial, insurance, securities, commodities, investment and related services and products and credit;
b. Rewards, seniority awards or discount programs in connection with the categories of promotional banners described in paragraph 6(b)(i) above;
c. the provision of services and products by affiliated partners of Westock in relation to the promotional slogan categories mentioned in paragraph 6(b)(i) above (the names of such affiliated partners will be provided on the application form for the relevant services and products, as the case may be);
d. Donations and grants made for charitable and/or non-profit making purposes;
(3) The above services, products and banners may be provided or (in the case of donations and grants) solicited by Westock and/or the persons listed below:
Any member company of Weswtock
a. Third party financial institutions, underwriters, securities, commodity and investment service providers;
b. Third party reward, seniority award, affiliation or discount program providers;
c. Affiliate partners of Westock(the names of such affiliates will be provided on the application form for the relevant services and products (as the case may be));
(4) Charitable or non-profit organizations;
(5) In addition to its own promotion of the above services, products and banners, Westock intends to provide the data referred to in paragraph 6(a) above to all or any of the persons referred to in paragraph 6(c) above for use by such persons in promoting such services, products and banners (for which Westock may or may not be remunerated) and Westock shall obtain your written consent (including an indication of no objection) for such use; and (including an indication of no objection);
(6)If you do not wish Westock to use or provide your data to other parties for the above direct marketing purposes, you may exercise your right to refuse to participate in direct marketing activities by sending a written notice to Westock in the form of an online inquiry.
7. Westock may conduct the following activities in accordance with the Personal Data (Privacy) Ordinance and other applicable laws:
(1) Matching, comparing or exchanging any data or other data provided by or about the customer with data (or other data) held by Westock or any other person for the following purposes:
a. credit review;
b. Data (or other data) matching;
c. to present or verify data (or other data) that may be used at any time to take action against the customer or any other person;
(2) transfer such data (or other data) to any place outside Hong Kong (whether such or other data is processed, held or used outside Hong Kong).
8. Under and in accordance with the terms of the Personal Data (Privacy) Ordinance, each customer has the right to:
(1) Check whether Westock holds data about the customer and whether it has the right to use such data;
(2) to request Westock to correct any incorrect information concerning the Client;
(3) to ascertain the policies and practices of Westock with respect to data and to be informed of the types of personal data Westock holds about its customers.
9. Requests for access and/or correction of any data submitted by clients should be addressed to the following address:
(1) Room 9-10A, 10/F., Wing Tak Commercial Centre, 177-183 Wing Lok Street, Sheung Wan, Hong Kong to Customer Service Department of Westock.
(2) or call 852 3583 0090.
10.In accordance with the terms of the Personal Data (Privacy) Ordinance, Westock has the right to charge a reasonable fee for processing any request for access to data.
11.In Westock, information about our customers will only be used for the legitimate purposes of conducting our own business and for the design of products and offers that demonstrate our understanding of our customers and their needs.
12.As we further develop new products and services in the new technological age, we will continue to make every effort to ensure that customer data is used properly and is protected appropriately.