EPOCH RWA PRIVACY POLICY
Version Date: December 1, 2025
Introduction
We are Epoch Datatech(HK) Limited (referred to as the "Epoch","we","us"or"our")and we are committed to protecting our stakeholders' and
customers' personal data in accordance with the Personal Data (Privacy) Ordinance (Cap.486) of Hong Kong("PDPO") and other applicable data protection laws.
Personal data: means any data about an individual who can be identified from that data, as more specifically defined under the PDPO and other applicable data protection laws.
Our privacy policy (Privacy Policy) describes how we collect, use, store and protect personal data. The Privacy Policy also describes how you can control the personal data that we hold on you, and your rights on your personal data, where applicable.
We may from time to time update the Privacy Policy to ensure that it is consistent with future developments, industry trends and/or any changes in legal or regulatory requirements or as we deem appropriate. Such changes will be published here and effective upon publication. Please check the Privacy Policy regularly for updated information/version. Your continued access and/or use of our website, our mobile application, our products and/or our services and your submission of any contact details to us through any channel whatsoever will constitute your agreement to this Privacy Policy and any revisions thereto.
Information that we collect from you
We collect, use, store and transfer different kinds of personal data about or relating to you, including but not limited to the following:
(a) Identity and contact data, which
if you act in your individual personal capacity, includes your name, passport or other unique identification number, telephone number, mailing address, email address, social media profile information, images of your passport or identification document, your likeness (including selfies and biometric information),utility bill or driving license;
if you are a shareholder, beneficial owner, director,
employee, guarantor and authorized representative ("Relevant
Individual")of a corporate customer, your name, passport or
other unique identification number, telephone number,
mailing address, email address, social media profile
information, images of your passport or identification
document, your likeness (including selfies),utility bill or
driving license;
(b) Financial data, which includes information about your financial position, status and history, and payment account details (such as bank, credit, payment or other payment details);
(c) Transaction data, which includes details about fiat currency transfers, as well as issuance, transfer, administration, settlement, custody and recording activities in respect of digital assets or on-chain records to, from and amongst your accounts with us;
(d) Technical data, which includes details about the devices and technology you use including internet protocol address, your login data, and other technology on the devices you use to access our website, mobile application, products and/or services;
(e) Usage data, which includes information about how you use our website, products and/or services, including cookies, IP address, and account details; and/or
(f) Blockchain data, which includes blockchain addresses , public keys and related transaction information.
How we collect information from you
We collect personal data from or relating to you in various ways, including but not limited to the
following:
(a) when you access and/or use our websites, mobile applications (collectively the “Business Channels”), our verified channels with social media such as WhatsApp, WeChat, Facebook and X (collectively the “Social Media Channels”), products and/or services (or part thereof);
(b) when you submit forms relating to our website, mobile application and/or any of our products or services;
(c) when you register to attend any of our webinars;
(d) when you post, publish, transmit, or upload content on our business and social media channels or through our services;
(e) when you register for, use or access any of our social media channels, services on business channels owned and/or operated by us or when you register as a member of the business channels owned and/or operated by us, or use services on such business channels owned and/or operated by us
(f) when you interact with our personnel such as customer service officers, marketing representatives and agents;
(g) when you request that we contact you;
(h) when you ask to be included in an email or other mailing list;
(i) when you respond to our promotions and other initiatives;
(j) when you enter into agreements or business relations with us;
(k) when we receive references from business partners and third parties, for example, where you have been referred by them; and/or
(l) when you submit personal data to us for any other reason.
Purposes for the Collection, Use and Disclosure of Personal Data
Generally, Epoch collects, uses and/or discloses personal data, and you consent to such
collection, use and/or disclosure by Epoch, for the following purposes:
(a) to provide products and services to you;
(b) to communicate with you on matters relevant to your relationship with or interest in us;
(c) to assess and improve the products and services that you use or may use;
(d) to selectively send you information about our products, services, activities and/or events that may be relevant to you;
(e) to use in custom audiences tools and sharing functionalities to create custom audiences to whom Epoch may disseminate information about future activities and opportunities;
(f) to fulfil the contractual/legal obligations under the contracts or other legal arrangements entered into between us and you, or entered into between Epoch ’s related corporations, affiliates, partners and/or representatives and you;
(g) to protect and enforce our contractual and legal rights and obligations;
(h) to verify your identity;
(i) to prevent, detect and investigate crime, including fraud, money-laundering, terrorist financing and proliferation financing, and analyse and manage other commercial risks;
(j) to conduct audits, reviews and analysis of our internal processes, for action planning and managing commercial risks;
(k) to manage the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
(l) to comply with any applicable rules, laws and regulations (including any laws and regulations relating to anti-money laundering, countering the financing of terrorism, and tax reporting obligations), codes of practice or guidelines or to assist in law enforcement and investigations by relevant law enforcement agencies, regulatory authorities and other governmental agencies, anywhere in the world;
(m) to provide such personal data to issuers on our platform and/or their financial intermediaries (where applicable) to allow them to comply with any applicable rules, laws and regulations (including any laws and regulations relating to anti-money laundering, countering the financing of terrorism, and tax reporting obligations), codes of practice or guidelines or to assist in law enforcement and investigations by relevant law enforcement agencies, regulatory authorities and other governmental agencies (including tax authorities), anywhere in the world;
(n) to provide such personal data to:
the financial intermediaries;
professional advisors; and
other agents or service providers, engaged by the issuers on our platform, in order for such parties to continue providing their services from time to time, including but not limited to the processing of such personal data for the purposes of record keeping, compliance, regulatory, legal, audit, tax, analysis of their business and providing the holders / the investors with regular statements of account as well as other notices; and/or
(o) conduct research, surveys and data analysis relating to or with a view to enhancing any service or product provided by us (whether conducted by us or jointly with another party) which may be relevant to you (“Research Purpose”);
(p) any other purpose relating to any of the above.
We may share personal data with our regulators, related corporations, services providers, agents and other third parties for the purposes set out above and any other reasonable ancillary purposes, for legal reasons and regulatory purposes, or where permitted under the PDPO and other applicable laws, such as in response to law enforcement agencies.
If we transfer personal data to rigions outside HongKong , it will be done in accordance with the relevant provisions under Hong Kong laws and regulations. We will also comply with the relevant laws and regulations in relation to transfers of personal data outside countries where the personal data is collected.
Third Party Data
Where you disclose personal data of other individuals to us, you warrant that such individuals have consented to us collecting, using and/or disclosing such personal data for:
(a) he relevant purpose for which you made the disclosure or as was notified to you at the relevant time;
(b) the other purposes as described above in this Privacy Policy.
Marketing Communications
It is in our legitimate interests to process personal data to selectively contact you and/or send you information about our products, services, activities and/or events that may be relevant to you by email or short messages received through number-based messaging platforms (“Marketing
Communications”). However, to the extent that these Marketing Communications are addressed to a telephone number that is for your personal use, you have the right to deny or withdraw your consent to receive such Marketing Communications.
You may opt-out of receiving Marketing Communications by using the unsubscribe link contained in the relevant email or short message, or by contacting us at PrivacyService@epochrwa.com.
Cookies
When you browse our websites or use our mobile applications, we use cookies to store information about how you use these websites or mobile applications in order to improve the quality of service provided to you.
To understand what type of cookies we use and how these work when you use our websites, please refer to our Cookie Policy.
Retention of personal data
We retain personal data about or relating to you for as long as is necessary for the purposes for which such personal data was collected (including the purposes stated in section entitled “Purposes for the Collection, Use and Disclosure of Personal Data” above), and take reasonable measures to destroy any personal data that is no longer necessary to meet those purposes.
Security measures
All personal data is kept confidential and we take all reasonable measures to protect it from
unauthorised or accidental access, processing or loss, by implementing appropriate physical, electronic and supervisory controls.
How you can control your information
If you do not want us to contact you via electronic messaging – You may select the “unsubscribe” option in all our electronic communications with you. We also comply with the Hong Kong Unsolicited Electronic Messages Ordinance.
If you want to be removed from our customer database – You may email us at PrivacyService@epochrwa.com.
If you do not want us to collect, use or disclose your personal data for any Research Purpose – You may email us at PrivacyService@epochrwa.com.
If you believe we have inaccurate information about you and you want to correct such data – You may email us at PrivacyService@epochrwa.com.
If you wish to know what personal data we have on you in connection with your relationship with us and how your personal data has been used - You may email us at PrivacyService@epochrwa.com.
If you have any questions about this Privacy Policy, or our handling of your personal data - You may email us at PrivacyService@epochrwa.com.
It is important to note that we use personal data to provide you with the products and services you wish to use. We also comply with various regulatory requirements in doing so, including the requirements for customer due diligence. Withdrawal of consent for Epo ch to collect, use or disclose personal data means that we may need to stop these activities. The absence of certain key personal data, including but not limited to your name, address, email and/or telephone contacts, personal identification numbers or banking information, may cause us to be unable to continue providing the relevant products and services to you.
Your rights regarding your personal data
Under the Hong Kong Personal Data (Privacy) Ordinance, you may have the following rights:
(a) access to your personal data such as your full name, unique identification number, residential address, date of birth and nationality;
(b) rectification of such personal data; and
(c) lodge a complaint with the Privacy Commissioner for Personal Data in Hong Kong ;
To the extent that our processing of your personal data is subject to the European General Data
Protection Regulation, you may have the following rights:
(d) access to your personal data;
(e) rectification of your personal data;
(f) erasure of your personal data;
(g) restrict processing of your personal data;
(h) object to processing (including object to receiving marketing) of your personal data;
(i) data portability; and
(j) lodge a complaint with a EU supervisory authority.
If you wish to exercise these rights, or have any questions about these rights, you may email us at PrivacyService@epochrwa.com. We may charge a fee for processing your request for access. such a fee depends on the nature and complexity of your access request which you will be advised of prior to us acting upon the request.
Contacting us
If you have any questions about this Privacy Policy, or our handling of your personal data, please email our Data Protection Officer at PrivacyService@epochrwa.com.