Privacy policy

CONTENTS:

1. Data Collection

1.1 Data Provided by the User

1.2 Data Collected About the User

1.3 Data Received from Other Sources

2. Data Processing

2.1 Processing of Data Collected and Received

2.2 Data Disclosed About the User

3. Storage of Personal Data

4. User Access to Their Personal Data

5. Data Retention

6. Links to Other Websites

7. Contact Angra

8. Changes in Angra’s Privacy Policy

For the purposes of this policy:

• “the Company” or “Angra” means Angra HK Limited;

• “User” or “client” or “customer” means the persons to whom this policy applies;

• “applicable regulations” means the Hong Kong Personal Data (Privacy) Ordinance, the 

European Union General Data Protection Regulation (GDPR), as any and all regulations applying to the Company.

Angra takes the security of personal data very seriously. Angra complies with applicable regulations and has safeguards in place to protect the personal data it stores. This policy sets out the basis on which the Company collects, uses, discloses, processes and manages personal data. By visiting, registering and using Angra’s platform the user accepts and consents to the practices described in this policy.

1. Data Collected and Processed:

1.1 Data Collected Directly from the User

Information about the user may be collected by filling in forms on Angra’s website or by corresponding with Angra by phone, e-mail or other means. This includes information provided when the user registers on Angra’s website, subscribes to its services, places an order or transacts on its website or reports a problem with its website. The information provided to Angra may include the user’s: (a) personal particulars (such as name, contact details, address, DOB, identification documents); (b) financial details (such as SOF/SOW); (c) images and voice recordings of mutual communications; (d) employment details; (e) feedback regarding Angra’s products and website); (f) specimen signatures(s); (g) beneficiaries, shareholders, ultimate beneficial owners, trustees, directors; and/or (h) commercial and/or identification information allowing Angra to comply with its obligations in terms of anti-money laundering and anti- terrorist financing.

1.2 Data Collected About the User

Each visit to Angra’s website may automatically prompt the system to collect the following information: (a) technical information, including the Internet protocol (IP) address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; (b) the full Uniform Resource Locators (URL) clickstream to, through and from Angra’s website (including date and time); (c) products viewed or searched for; (d) page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call the Company’s customer service number.

1.3 Data Received from Other Sources

Angra works closely with third parties (including, for example, business partners, sub- contractors in technical, payment and delivery services, analytics providers, search information providers, credit reference agencies) and may receive information about a user from them. Where this is the case, Angra will ensure this will be in full compliance with applicable regulations.

2. Data Processing

2.1 Processing of Data Collected and Received

Angra will notably use this information for purposes such as:

(a) developing and providing facilities, products or services (whether made available by the Company or through it), including but not limited to: executing commercial or other transactions and clearing or reporting on these transactions; carrying out research; planning and statistical analysis; analytics for the purposes of developing or improving products, services, security, service quality, and advertising strategies;

(b) assessing and processing applications, instructions or requests;

(c) communicating with customers, including providing them with updates on changes to products, services and facilities (whether made available by Angra or through it) including any additions, expansions, suspensions and replacements of or to such products, services and facilities and their terms and conditions;

(d) managing Angra’s infrastructure and business operations and complying with internal policies and procedures;

(e) to carry out obligations arising from any contracts entered into between the customer and Angra and/or to provide customers with the information, products and services that they request;

(f) to provide customers with information about other products and services Angra offers; (g) to notify customers about changes to Angra’s service;

(h) to respond to any enquiry customers have made through the Company’s website, or via phone, e-mail or otherwise;

(i) to comply with legal obligations Angra is subject to as a data controller and regulated business;

(j) where required to protect customers’ vital interests or that of other natural persons;

(k) to administer Angra’s website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

(l) to improve Angra’s website to ensure that content is presented in the most effective manner for users and their computers;

(m) to allow users to participate in interactive features of Angra’s services, when they choose to do so;

(n) as part of the Company’s efforts to keep its website safe and secure;

(o) to respond to queries or feedback;

(p) to address or investigate any complaints, claims or disputes;

(r) to verify users’ identity for the purposes of providing facilities, products or services;

(s) to conduct screenings or due diligence checks as may be required under applicable law, regulation or directive;

(t) to comply with all applicable laws, regulations, rules, directives, orders, instructions and requests from any local or foreign authorities, including regulatory, governmental, tax and law enforcement authorities or other authorities;

(u) financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes;

(v) enforcing obligations owed to Angra; and/or

(w) seeking professional advice, including legal advice.

Information received from other sources may be combined with information provided by and collected about the user. Angra may use this information and the combined information for the purposes set out above (depending on the types of information received).

2.2 Data Disclosed About the User

Angra may from time to time share users’ personal information with selected third parties, whether located in Hong Kong or elsewhere. Any such sharing will be made in full compliance with applicable regulations. The following are the types of third parties Angra may share data with: 

(a) Business partners – suppliers and sub-contractors for the performance of any services that Angra provides or any agreement it enters with them. 

(b) Analytics – search engine and analytics providers that assist Angra in the improvement and optimisation of its website. 

(c) Compliance – companies which services Angra uses for the purposes of meeting its obligations in terms of anti-money laundering and anti-terrorist financing. 

(d) Data Storage – providers who supply physical or cloud-based storage services. 

(e) Banking and Payments Network – providers who support the Company’s payments network including banks, PSPs and liquidity providers. These providers will also have their own legal obligations when processing user data. Angra facilitates payments to numerous jurisdictions where it may not have a direct relationship with the businesses in these jurisdictions – for example the beneficiary bank. If a customer is making a payment to a beneficiary in a certain jurisdiction, their data will by default be processed by this entity. 

(f) Communications – providers who supply communications solutions both internally and externally. 

(g) Prospective Buyers and Sellers – Angra may transfer, store, process and/or deal with users’ personal data outside Hong Kong. In doing so, it will strictly comply with applicable regulations. 

The company will never sell customers’ personal data without their consent. Notwithstanding the foregoing, if the Company sells any business or assets, it may then disclose users’ personal data to the prospective buyer of such business or assets. If Angra sells its company or substantially all of its assets to a third party, users’ personal data may then be one of the transferred assets.

3. Storage of Personal Data

The data that is collected from users may be transferred to, and stored at a destination outside Hong Kong. It may also be processed by staff operating outside Hong Kong who work for Angra or for one of its suppliers. Such staff may be engaged in, among other things, the fulfilment of orders, the processing of payment details and the provision of support services.

4. User Access to Their Personal Data

Customers may contact [email protected], to exercise their rights. They may check whether Angra holds their personal data and request access to such personal data, or make corrections to personal data held by the Company. Subject to applicable regulations, Angra may charge a fee for processing a request for access. Such a fee depends on the nature and complexity of access requested. Information on any processing fees will be made available. GDPR also provides relevant individuals with additional rights including the right to obtain information on how Angra processes personal data, receives certain information provided in an electronic format and/or requests that these be transmitted to a third party, requests for user information to be erased, objects or restricts the use or processing of user information in some circumstances. These will be subject to ongoing obligations imposed on Angra pursuant to any applicable law or regulation, and/or the Company’s legitimate reason or entitlement to continue processing user information, and/or to refuse that request. Please contact Angra’s support team (point 7 below) for details.

5. Data Retention

The period for which customer data will be retained is dependent upon any statutory retention periods Angra is required to adhere to as a regulated organisation under applicable laws. After the expiration of that period, personal data shall be securely deleted, as long as it is no longer required for the fulfilment of any contract, initiation of a contract or in relation to other legal proceedings.

6. Links to Other Websites

Angra’s website may contain links to other websites which are not maintained by it. This policy only applies to Angra’s website. When visiting these third-party websites, customers should read their privacy policies which will apply to their use of the websites.

7. Contact Angra

Customers can contact Angra’s support team on any aspect of this policy, in relation to their personal information or to provide feedback, at [email protected].

8. Changes in Angra’s Privacy Policy

Any changes that may be made to this policy in the future will be posted on this page and, where appropriate, notified to customers by email