info@hk.mygoldgrams.com

MY GOLD GRAMS HK LIMITED

2

Important Notice - Site inactive pending Bank Account Opening and Complete Store Setup

Privacy Policy / 私隱政策

Effective Date / 生效日期: 1 July 2025 / 2025年7月1日
Last Updated / 最後更新: 1 July 2025 / 2025年7月1日

English
Traditional Chinese

1. Introduction

MY GOLD GRAMS HK LIMITED, a company incorporated under the laws of Hong Kong ("we," "our," or "us"), is committed to protecting the privacy and personal data of our clients and website visitors.

MY GOLD GRAMS HK LIMITED(一家根據香港法律註冊成立的公司,以下簡稱「我們」或「本公司」)致力於保護客戶及網站訪客的私隱及個人資料。

This Privacy Policy outlines the principles and practices governing the collection, use, disclosure, and protection of your personal data when you access our website at hk.mygoldgrams.com or engage with our services.

本私隱政策闡述了您在訪問我們的網站 hk.mygoldgrams.com 或使用我們的服務時,我們如何收集、使用、披露及保護您的個人資料的原則及做法。

We ensure compliance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong ("PDPO") and, where applicable, international data protection frameworks, including the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA).

我們確保遵守香港《個人資料(私隱)條例》(第486章)(「私隱條例」),並在適用情況下符合國際數據保護框架,包括適用於歐洲經濟區(EEA)個人的《通用數據保護條例》(GDPR)。

This policy applies to all personal data processed by us, whether provided directly by you, collected automatically through our website, or obtained through lawful third-party sources.

本政策適用於我們處理的所有個人資料,無論是由您直接提供、通過我們的網站自動收集,還是通過合法第三方來源取得。

2. Information We Collect

We collect the following categories of information to provide our services and comply with legal obligations:

我們收集以下類別的資料,以提供我們的服務並履行法律義務:

2.1 Personal Data

  • Identity and Contact Information: Full name, residential address, email address, telephone number, and, where required, Hong Kong Identity Card number or passport details for Know Your Customer (KYC) compliance.
  • Financial Information: Bank account details, payment card information, or other financial data necessary for processing gold purchase transactions.
  • Verification Data: Video recordings or photographic evidence collected during video-based KYC procedures to verify identity.
  • Customer Communications: Records of correspondence, including inquiries, complaints, or feedback submitted to us.

2.1 個人資料

  • 身份及聯繫資料:全名、住宅地址、電郵地址、電話號碼,以及在需要時用於「認識你的客戶」(KYC)合規性的香港身份證號碼或護照詳情。
  • 財務資料:銀行賬戶詳情、支付卡資料或其他為處理黃金購買交易所需的財務資料。
  • 驗證資料:在視頻KYC程序中收集的視頻錄像或照片證據,用於驗證身份。
  • 客戶通訊:包括您提交的查詢、投訴或反饋的通訊記錄。

2.2 Technical and Usage Data

  • Device and Network Information: Internet Protocol (IP) address, browser type and version, operating system, and device identifiers.
  • Website Interaction Data: Pages visited, time spent on the website, referral sources, and clickstream data.
  • Cookies and Tracking Technologies: Data collected via cookies, web beacons, and similar technologies to enhance user experience and analyze website performance. You may manage cookie preferences through your browser settings or our cookie consent tool.

2.2 技術及使用資料

  • 設備及網絡資料:互聯網協議(IP)地址、瀏覽器類型及版本、操作系統及設備識別碼。
  • 網站互動資料:訪問的頁面、在網站上花費的時間、引薦來源及點擊流數據。
  • Cookies及追蹤技術:通過cookies、網絡信標及類似技術收集的資料,以提升用戶體驗及分析網站性能。您可通過瀏覽器設置或我們的cookie同意工具管理cookie偏好。

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes, grounded in lawful bases under the PDPO and, where applicable, the GDPR:

  • Service Delivery: To process gold purchase transactions, manage orders, and provide related services (based on contractual necessity).
  • Regulatory Compliance: To fulfill KYC and Anti-Money Laundering (AML) obligations under Hong Kong’s Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) (AMLO) (based on legal obligation).
  • Fraud Prevention and Security: To verify identity and protect against fraud, unauthorized access, or other illicit activities (based on legitimate interests).
  • Customer Support: To respond to inquiries, provide support, and address complaints (based on contractual necessity and legitimate interests).
  • Account Notifications: To send important updates about your account, transactions, or service changes (based on contractual necessity).
  • Service Improvement: To analyze website usage and enhance our services, including through aggregated and anonymized data (based on legitimate interests).
  • Marketing: To provide tailored offers or updates, where you have provided consent or where permitted under applicable law (based on consent or legitimate interests).

3. 處理目的及法律依據

我們根據私隱條例及在適用情況下GDPR的合法依據,為以下目的處理您的個人資料:

  • 服務提供:處理黃金購買交易、管理訂單及提供相關服務(基於合同需要)。
  • 法規遵從:履行香港《打擊洗錢及恐怖分子資金籌集條例》(第615章)(AMLO)下的KYC及反洗錢(AML)義務(基於法律義務)。
  • 防欺詐及安全:驗證身份並防止欺詐、未經授權的訪問或其他非法活動(基於合法利益)。
  • 客戶支援:回應查詢、提供支援及處理投訴(基於合同需要及合法利益)。
  • 賬戶通知:發送有關您的賬戶、交易或服務變更的重要更新(基於合同需要)。
  • 服務改進:分析網站使用情況並提升我們的服務,包括通過聚合及匿名化數據(基於合法利益)。
  • 市場推廣:在您提供同意或適用法律允許的情況下,提供定制優惠或更新(基於同意或合法利益)。

4. Disclosure of Personal Data

We may disclose your personal data to the following recipients, subject to legal and contractual safeguards:

  • Service Providers: Third-party vendors, such as payment processors, IT service providers, or KYC verification platforms, acting as data processors on our behalf.
  • Regulatory Authorities: Government or regulatory bodies in Hong Kong or other jurisdictions to comply with legal obligations, including AML and KYC requirements.
  • Professional Advisors: Legal, financial, or other advisors bound by confidentiality obligations.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the relevant third party, subject to appropriate safeguards.

We do not sell or share your personal data for commercial purposes unrelated to our services.

4. 個人資料披露

在遵守法律及合同保障措施的前提下,我們可能會向以下接收者披露您的個人資料:

  • 服務提供商:第三方供應商,例如支付處理商、IT服務提供商或KYC驗證平台,作為我們的數據處理者。
  • 監管機構:香港或其他司法管轄區的政府或監管機構,以遵守法律義務,包括AML及KYC要求。
  • 專業顧問:受保密義務約束的法律、財務或其他顧問。
  • 業務轉讓:在合併、收購或資產出售的情況下,個人資料可能會轉讓給相關第三方,但須遵守適當的保障措施。

我們不會為與我們的服務無關的商業目的出售或分享您的個人資料。

5. Cross-Border Data Transfers

Your personal data may be transferred to and processed in jurisdictions outside Hong Kong, including countries that may not provide the same level of data protection as Hong Kong or the EEA.

您的個人資料可能會被傳輸至香港以外的司法管轄區進行處理,包括可能無法提供與香港或EEA相同數據保護水平的國家。

In such cases, we implement appropriate safeguards, such as standard contractual clauses (SCCs) approved by the European Commission or binding corporate rules, to ensure compliance with applicable data protection laws.

在此類情況下,我們會實施適當的保障措施,例如經歐盟委員會批准的標準合同條款(SCCs)或具有約束力的企業規則,以確保符合適用數據保護法律。

6. Data Retention

We retain personal data only for as long as necessary to achieve the purposes outlined in this policy, comply with legal obligations, resolve disputes, or enforce agreements.

我們僅在實現本政策所述目的、遵守法律義務、解決爭議或執行協議所需的時間內保留個人資料。

Specifically:

  • KYC and AML-related data, including video recordings, are retained for a minimum of 5 years, as required under AMLO, or longer if required by law.
  • Transaction records are retained for 7 years to comply with tax and financial regulations.
  • Other personal data, such as customer communications, are retained for the duration of our relationship with you and up to 2 years thereafter, unless otherwise required by law.

具體而言:

  • KYC及AML相關資料,包括視頻錄像,根據AMLO要求至少保留5年,或在法律要求下保留更長時間。
  • 交易記錄保留7年,以符合稅務及財務法規。
  • 其他個人資料,例如客戶通訊,在我們與您的關係期間及之後最多保留2年,除非法律另有要求。

Upon expiration of the retention period, personal data is securely deleted or anonymized.

保留期滿後,個人資料將被安全刪除或匿名化。

7. Data Security

We implement robust technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

我們實施強大的技術及組織措施,以保護您的個人資料免受未經授權的訪問、更改、披露或銷毀。

These measures include:

  • Encryption: Use of Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocols for data transmission and encryption of sensitive data at rest.
  • Access Controls: Role-based access restrictions to ensure only authorized personnel can access personal data.
  • Secure Infrastructure: Hosting on secure servers with regular security audits and vulnerability assessments.
  • Incident Response: Established procedures to detect, respond to, and report data breaches in accordance with PDPO and GDPR requirements.

這些措施包括:

  • 加密:使用安全套接層(SSL)/傳輸層安全(TLS)協議進行數據傳輸,以及對靜態敏感數據進行加密。
  • 訪問控制:基於角色的訪問限制,確保只有授權人員可以訪問個人資料。
  • 安全基礎設施:在定期進行安全審計及漏洞評估的安全服務器上托管。
  • 事件響應:建立檢測、響應及報告數據洩露的程序,符合私隱條例及GDPR要求。

Despite these measures, no system is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

儘管採取了這些措施,沒有任何系統是完全安全的,我們無法保證絕對安全。您有責任維護您賬戶憑證的保密性。

8. Your Rights Under PDPO and Applicable Laws

Under the PDPO, and where applicable, the GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Restriction: Request restriction of processing in certain circumstances, such as during a dispute.
  • Objection: Object to processing based on legitimate interests, including for direct marketing purposes.
  • Data Portability: Request transfer of your personal data to another entity, where technically feasible.
  • Withdraw Consent: Withdraw consent for processing where consent is the legal basis, without affecting prior lawful processing.

8. 您在私隱條例及適用法律下的權利

根據私隱條例及在適用情況下GDPR,您對您的個人資料擁有以下權利:

  • 查閱:要求獲取我們持有的您的個人資料副本。
  • 更正:要求更正不準確或不完整的個人資料。
  • 刪除:要求刪除您的個人資料,但須遵守法律保留義務。
  • 限制:在某些情況下要求限制處理,例如在爭議期間。
  • 反對:反對基於合法利益的處理,包括用於直接營銷目的。
  • 數據可攜性:在技術上可行的情況下,要求將您的個人資料轉移到另一實體。
  • 撤回同意:在同意為法律依據的情況下撤回處理同意,不影響之前合法處理。

To exercise these rights, contact us using the details in Section 10. We will respond to requests within 30 days (or 40 days for complex requests under PDPO), subject to verification of your identity.

如欲行使這些權利,請使用第10節中的聯繫詳情與我們聯繫。我們將在30天內(或根據私隱條例對複雜請求為40天)回應請求,需驗證您的身份。

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality, analyze performance, and personalize content.

我們的網站使用cookies及類似技術,以增強功能、分析性能及個性化內容。

You can manage your preferences via our cookie consent tool or browser settings.

您可通過我們的cookie同意工具或瀏覽器設置管理您的偏好。

For more details, refer to our Cookie Policy at hk.mygoldgrams.com/cookies.

如需更多詳情,請參閱我們的Cookie政策,網址為 hk.mygoldgrams.com/cookies。

10. Contact Information

For privacy-related inquiries, to exercise your rights, or to lodge a complaint, please contact our Data Protection Officer:

Email: privacy@hk.mygoldgrams.com
Address: Unit 1501, 15/F, Tower 1, Admiralty Centre, 18 Harcourt Road, Central, Hong Kong

10. 聯繫資料

如有私隱相關查詢、行使您的權利或提出投訴,請聯繫我們的數據保護主任:

電郵:privacy@hk.mygoldgrams.com
地址:香港中環夏愨道18號海富中心第一座15樓1501室

If you are dissatisfied with our response, you may contact the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong at:

Website: www.pcpd.org.hk
Email: enquiry@pcpd.org.hk

如果您對我們的回應不滿意,您可聯繫香港個人資料私隱專員公署(PCPD):

網站:www.pcpd.org.hk
電郵:enquiry@pcpd.org.hk

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or operational needs.

我們可能會更新本私隱政策,以反映我們的做法、法律要求或運營需求的變更。

Significant changes will be communicated via email or a prominent notice on our website at least 14 days before taking effect.

重大變更將通過電郵或在我們的網站上顯著通知,在生效前至少14天進行通報。

The updated policy will be posted on this page with a revised "Last Updated" date.

更新後的政策將在此頁面上發布,並附上修訂的「最後更新」日期。