Privacy Policy
Last updated: July 2026
This Privacy Policy (Part B of our Terms of Use) explains how Dake Bromley Limited, trading as HarbiX Pay International, collects, uses, discloses, and protects personal data in connection with the Platform. This Policy is intended to comply with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong ("PDPO").
B.1 Who We Are
Dake Bromley Limited (HK Company No. 78791695), registered office at Unit 1009, 10/F., Hung Hom Commercial Centre, Tower B, 37 Ma Tau Wai Road, Hung Hom, Hong Kong, is the data user (data controller) responsible for personal data processed through the Platform under the HarbiX Pay International brand.
B.2 Personal Data We Collect
B.2.1 Information you provide to us
- Account and onboarding information: name, date of birth, nationality, contact details, business registration details, beneficial ownership information, and identification documents submitted as part of KYC/KYB verification;
- Financial information necessary for onboarding, such as bank account details submitted to our payment service provider(s) directly (we do not store full card or bank account numbers ourselves);
- Communications you send to us, including support requests and correspondence.
B.2.2 Information collected automatically
- Technical data such as IP address, browser type, device identifiers, and operating system;
- Usage data such as pages visited, features used, and timestamps of activity on the Platform;
- Cookie and similar tracking data, as described in our separate Cookie Policy.
B.2.3 Information from third parties
- Verification results from identity verification and screening providers;
- Transaction status and account information from our payment and financial service provider(s), to the extent necessary for us to operate the Platform;
- Sanctions, watchlist, and adverse media screening results from compliance data providers.
We do not collect or store full payment card numbers, card security codes, or full bank account credentials. Such data is collected and processed directly by our regulated payment service providers under their own privacy and security frameworks.
B.3 How We Use Personal Data
- To provide, operate, and maintain the Platform, including onboarding, payment-link generation, and dashboard functionality;
- To verify identity and conduct KYC/KYB checks, sanctions screening, and ongoing due diligence as part of our AML/KYC & Compliance Policy;
- To communicate with you about your account, transactions, and changes to this Agreement;
- To detect, investigate, and prevent fraud, unauthorized use, and violations of this Agreement;
- To comply with applicable legal and regulatory obligations, including requests from regulators, law enforcement, or our payment service providers;
- To improve and develop the Platform, including analytics on usage patterns;
- To establish, exercise, or defend the Company's legal rights, including in connection with any dispute or claim.
B.4 Data Protection Principles
In handling personal data, we observe the six Data Protection Principles under Schedule 1 of the PDPO, concerning: (1) the purpose and manner of collection of personal data; (2) accuracy and duration of retention; (3) use of personal data; (4) security of personal data; (5) openness about our data policies and practices; and (6) access to and correction of personal data.
B.5 Sharing and Disclosure of Personal Data
We may share personal data with:
- Our payment and financial service provider(s) (including any Provider integrated with the Platform from time to time and its affiliates), to the extent necessary to process transactions and comply with their onboarding and compliance requirements;
- Identity verification, sanctions screening, and fraud-prevention service providers;
- Professional advisors, including legal, accounting, and audit firms, on a need-to-know basis;
- Regulators, law enforcement, courts, or other governmental authorities, where required by law or in connection with a legal process;
- A successor entity in connection with a merger, acquisition, financing, or sale of all or part of our business, subject to appropriate confidentiality protections;
- Other third parties with your consent, or as otherwise permitted or required by law.
We do not sell personal data to third parties for their own independent marketing purposes.
B.6 Cross-Border Data Transfers
Because our Platform operates internationally and relies on payment service providers and infrastructure located outside Hong Kong, personal data may be transferred to, and processed in, jurisdictions outside Hong Kong, including the jurisdictions in which our Provider(s) and other service providers operate. Where we transfer personal data outside Hong Kong, we take reasonable steps to ensure that recipients provide a standard of protection comparable to that required under the PDPO. By using the Platform, you consent to such transfers.
B.7 Data Retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, KYC/AML record-keeping, or reporting requirements, or to establish, exercise, or defend legal claims. Identity verification and transaction-related records are generally retained for a minimum period following the end of the business relationship, in line with applicable anti-money laundering record-keeping expectations, after which such data is securely deleted or anonymized.
B.8 Data Security
We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction, including access controls, encryption in transit, and restricted internal access on a need-to-know basis. No method of transmission or storage is completely secure, and we cannot guarantee absolute security; to the fullest extent permitted by law, the Company disclaims liability for unauthorized access resulting from circumstances beyond its reasonable control.
B.9 Your Rights
Subject to the PDPO, you have the right to:
- Request access to personal data we hold about you;
- Request correction of inaccurate or incomplete personal data;
- Request information about our policies and practices in relation to personal data and the kinds of personal data we hold;
- Withdraw consent to certain processing, where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
To exercise these rights, please contact us at [email protected]. We may require proof of identity before acting on a request and may charge a reasonable fee for complying with a data access request, as permitted under the PDPO.
B.10 Cookies
The Platform uses cookies and similar technologies. Details of the categories of cookies used, their purposes, and how to manage your preferences are set out in our separate Cookie Policy.
B.11 Children's Privacy
The Platform is not directed at, and is not intended for use by, individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such data.
B.12 Changes to This Part
We may update this Part B from time to time in accordance with the acceptance mechanism described in the "Acceptance and Effective Date" section at the start of this Agreement.
B.13 Contact Us
If you have questions, concerns, or requests regarding this Part B or our handling of personal data, please contact our Data Protection contact at [email protected], or write to Dake Bromley Limited, Unit 1009, 10/F., Hung Hom Commercial Centre, Tower B, 37 Ma Tau Wai Road, Hung Hom, Hong Kong. You may also have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD).