Privacy Policy

EMG, operated by EMGLINK TECHNOLOGY PTY LIMITED and its affiliates (“EMG”, “we”, “our” or “us”) provides payment processing services (“Service”) for our clients (the “Merchants”). In provision of Service, EMG will need personal information to process specific transactions. This Privacy Policy describes how we collect, use, store and disclose personal information, as well as how you can exercise your rights regarding your personal information.

EMG may process personal information of the following subjects in the provision of Service who will be collectively referred to as “you” in this Privacy Policy:

• Merchants, or individuals employed or associated with Merchants;
• Your Payment Service Providers and other service providers, or individuals employed or associated with such organizations that assist us in the provision of Service;
• Visitors that log on or use our website https://www.emgpay.com/; and
• End-user of Merchants. For the purpose of the Service, we process the personal information of end-users of Merchants on behalf of the Merchants. Accordingly, Merchants are ultimately responsible for the processing and protection of end-users personal information.

Please note that this Privacy Policy does not apply to information collection activities by third parties (including but not limited to Merchants or Your Payment Service Providers). You should refer to the privacy policies of those third parties for further information. We are not responsible for the data privacy or security practices of such third parties with whom you choose to share your personal information directly.

Please read through this Privacy Policy carefully and fully understand the entire content of this Privacy Policy before using the Service. By accessing and using the Service, you acknowledge that you have read and understood the terms of this Privacy Policy, and consent to our processing of your personal information for the purposes described within and in accordance with this Privacy Policy.

We may amend this Privacy Policy at any time by posting an updated version to reflect any changes to the way we process your personal information or following the developing legal requirements. The most current version of this Privacy Policy will govern our use of your information. By agreeing to and continuing to use the Service, you agree to the contents of this Privacy Policy as it is at the date you use the Service.

We process personal information that you provide to us in the following ways. In some instances, it is necessary for you to provide us with personal information for legally required compliance checks, for security and other reasons to allow you to access the Service as described above. Otherwise, we may not be able to provide you with all or part of our Service.

a. Information that you provide

When we provide the Service and interact with you, when you access our website, or when we onboard you as a merchant or you provide services to us as a vendor, to the extent legally required, the personal information we receive, collect and process may include (i) if you are an individual, your name, email, phone number, billing address, bank account information, transaction IP address, device used to process transaction, proof of identity and proof of address; and (ii) if you are the representative of an enterprise, your name, contact information (such as phone number or email), business registration information, identity information of your business owner and beneficiary which is legally required for registration with EMG.

Specifically, for the purpose of providing the Service and facilitating your payment, we may collect information about the transaction from you depending on the payment method you choose to make or receive a payment, including:

• bank card information such as name on the card, card type, card number, card verification value (when required in certain jurisdiction), expiration date or information about the account you open with Your Payment Service Providers;
• identification information including, if applicable, your identity number or tax number, user identity generated by Merchants to verify and process the transactions, or to meet anti money laundering, counter-terrorism funding reporting requirements and/or fraud prevention checks; or
• transaction information such as amount and time of transaction, currency and language which is used.

b. Information that we obtain from third-party sources

We may also collect and use your personal information from your organizations, public channels, or other third-party sources as necessary for provision of Service. For example, we may obtain certain personal information about you from:

• Your Payment Service Providers or cooperating banks, such as the transaction information, as necessary for us to provide Service; or
• third parties including government agencies, information service providers, fraud monitoring and prevention service providers, or from publicly available records to carry out due diligence and other legally required compliance checks, such as know-your-customer (“KYC”) process, anti-money laundering (“AML”) checks and Specially Designated Lists (“SDN List”). SDN List refer to sanctions lists published by government authorities (such as the U.S. Treasury’s Office of Foreign Assets Control) that name individuals, companies, or organizations that are subject to trade restrictions or asset freezes.

c. Information collected automatically through your device

We will collect the following personal information from your device when you use Service to carry out data analysis and to protect you from fraud, phishing or other misconduct, including your IP address, app version, system version and type, device model, device manufacturer, device type, system language, network type, carrier, device identity, browser setting, and browser type. We may also collect certain information through the use of cookies. Please refer to the “Cookies and Similar Technologies” section for more information.

Please do not send to us or disclose any sensitive personal information (“Sensitive Personal Information”), unless such information is necessarily required by the Service or for legal compliance checks (e.g. KYC/AML requirements). Sensitive Personal Information, depending on the specific provisions under applicable data protection laws, includes information related to your e-wallet password, credit or debit card password, racial or ethnic origin, political opinions, religion or other beliefs, health, sexual orientation, criminal background or membership in past organizations including trade union memberships.

Notwithstanding the purposes set forth under clauses a-c above, we may also use the personal information we collect from you for the following purposes:

• to keep our Service secure, for example, to assess account security and transaction risks, detect and prevent fraud and other security incidents;
• to comply with regulatory, compliance obligations, legal requirements or to assist the investigation conducted by law enforcement or other government authorities;
• to prevent, detect, investigate or resolve disputes, complaints, claims, crime, fraud, security breaches or potentially illegal activities;
• to seek professional advice (e.g. legal advice) or enforce your obligations to defend the rights of us, Merchants, or third-party service providers;
• to respond to your questions and assist you with issues you may have while using the Service;
• to conduct market or satisfaction surveys, trend analysis and data analytics;
• if you have opted-in where required by law, to send you marketing information or otherwise get in touch with you, e.g., offering or promoting our services to you by text message, email or other means; or
• for other purposes related to the aforementioned matters with your consent or as otherwise set out in the specific terms and conditions that govern our relationship with you.

Subject to applicable data protection laws that provide other legal grounds besides consent, we may process your personal information in connection with any of the purposes set out above on one or more of the following legal grounds:

• to perform our obligations under a contract with you or your organization;
• to comply with our legal obligations, as well as to keep records of our compliance processes or tax records;
• to pursue our legitimate interests or those of a third-party recipient of your personal information, provided that those interests are not overridden by your interests or fundamental rights and freedoms. Specifically, we have legitimate interest in (i) promoting and marketing our Services to existing and potential users/merchants; (ii) maintaining user accounts for efficient operation of our business; (iii) keeping our information, trade secrets and confidential data safe and secure; and (iv) handling complaints and claims to protect our business, etc.
• based on your consent to process your personal information in that manner; or
• other available legal justification as applicable under applicable data protection laws.

This section explains how we use cookies and similar technologies (“Cookies” or “Cookie”) to recognize you when you use our Service. It explains what these technologies are and why we use them, as well as your rights to control them.

Cookies are small amounts of data that your browser receives and stores on the local drive of your computer or mobile device, which enable your device to be recognized when you visit a website or application. We make use of Cookies to provide you with a better, faster and safer user experience. Some Cookies are strictly necessary to make our Service work and to ensure data and IT security and prevent fraudulent activities, which are referred to as “Operationally Necessary Cookies”. Other Cookies may enable us to tailor our website to our users’ preference and to monitor the malfunctioning of our website, which are referred to as “Preference Cookies” and “Analytical Cookies”.

Operationally Necessary Cookies are strictly necessary to enable you to access and use of our Service and you cannot disable them. You have the right to decide whether to accept, reject or customize Preference Cookies or Analytical Cookies by selecting the appropriate settings on your browser or change your Cookies preferences. If you disable non-operationally necessary Cookies, you can still use our Service although your use of certain features and access to certain functions of our Service may be limited.

To the extent necessary, we will only disclose your personal information with third parties in the following circumstances:

a. Our Affiliates in different jurisdictions, Your Payment Service Provider and other service providers: We may share (or provide access to) your personal information with our affiliates in various countries or regions, Your Payment Service Provider or other service providers to enable us to provide you with the Service or certain functions or features of the Service. For example:

• we may exchange your transaction information or bank information with Your Payment Service Provider as necessary to provide Service and facilitate your payment;
• we may provide your personal information to financial institutions, credit reference agencies, regulatory bodies or other third-party institutions for the purpose of AML/KYC checks, credit risk reduction and fraud and crime prevention;
• we may also engage other third-party service providers (e.g. cloud storage providers) who will process personal information for any of the purposes listed above on our behalf and following our instructions only.

b. Merchants. When you make a purchase or transaction with a Merchant, we will make certain personal information about you available to the Merchant you purchase from or transact with to facilitate the payment therein.

c. Courts, law enforcement authorities, regulators, government officials or other competent authorities where it is reasonably necessary:

• to comply with applicable law or regulations;
• to exercise, establish or defend our legal rights;
• to protect your vital interests or those of any other person;
• to detect, prevent or otherwise address security, fraud or technical issues;
• to protect the rights, property or safety of us, our users, third parties or the public as required or permitted by applicable laws. For example and to the extent applicable, we may provide your company name, contact information and any other transaction information to competent authorities as necessary for us to comply with mandates of Financial Action Task Force (“FATF”) and local Anti-Money Laundering/Countering the Financing of Terrorism (“AML/CFT”) requirements.

d. Actual or proposed sellers or buyers (and their agents and advisers) in connection with any actual or proposed purchase or sale, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy.

If we (i) sell, buy, merge, are acquired by, or partner with other companies or businesses, or go into bankruptcy liquidation; or (ii) sell some or all of our assets, your personal information may be among the transferred assets. In the abovementioned event involving transfer of personal information, the acquiring party must undertake the equivalent obligations as us, protecting and using your personal information in accordance with this Privacy Policy.

Retention Period

Your personal information will be retained only for as long as necessary for purposes for which information was collected, except where (i) necessary to meet applicable regulatory or legal obligations such as licensing requirements, KYC/AML requirements and counter-terrorism funding reporting requirements; (ii) to establish, exercise or defend potential legal claims; or (iii) to pursue our legitimate interests. When the necessary retention period is expired, we will either delete or anonymize the relevant personal information.

Retention Location and International Data Transfers

The information we collect from you is stored in Huawei Cloud International (Hong Kong Region). To provide you with the Service globally and for other purposes specified in this Privacy Policy, the personal information we collect may be transferred to, processed and stored in countries or regions other than where you use the Service. These countries or regions may have different data protection rules than where you are located.

If required by applicable laws, we will endeavor to take all necessary measures to protect your personal information during the transfer in accordance with this Privacy Policy and applicable data protection laws. We will also require the recipients of your personal information to provide adequate protection measures to safeguard the security of your information. For example, we may enter into appropriate data processing agreements with the recipients and, where necessary, enter into standard contractual terms, or implement alternative data transfer mechanisms approved by local regulatory authorities. If you wish to enquire further about these safeguarding measures, please contact us using the details set out below of this Privacy Policy.

We care about safeguarding the confidentiality of your information. We will apply all necessary administrative, physical and electronic measures designed to protect your information from unauthorized access and use in accordance with applicable data protection laws. Although we have taken the aforesaid reasonable and effective measures, please be aware that no security measures that we take to protect your information are absolutely guaranteed to avoid unauthorized access or use of your information, which is impenetrable.

In the event of a security incident related to personal information and to the extent required by applicable laws, we will (i) report to the competent authorities, conduct timely problem identification and take emergency measures; and (ii) reach out to impacted individuals by various means such as calling and texting users, posting publicly on our website to inform users and mitigate data breach where required by applicable data protection laws.

Depending on the applicable data protection laws, you will have the right to:

• obtain access to and/or request a copy of your personal information;
• to have your personal information we hold rectified or deleted;
• to restrict our processing of that information;
• to object to our processing of personal information;
• to have your personal information transferred to you or another organization, where the preconditions to exercise such rights are met under applicable data protection laws; and
• to lodge a complaint with a relevant data protection authority.

Where you have provided us with consent for the processing, you may be able to withdraw it provided that such withdrawal will not impact the processing activities that have been carried out with your consent. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, particularly in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

To withdraw your consent or to exercise any of the rights above (as applicable), you should use our contact details set out below. We will respond to all requests we receive from individuals who intend to exercise their rights to personal information according to the applicable data protection laws. To protect the security of your personal information, we may ask you to provide certain additional information for identify verification before we respond to your requests. Under some circumstances, we may refuse to respond to your request as permitted by applicable law. For example, we may refuse to comply with your request if complying with your request is against our obligations under applicable laws or regulations. In the case above, we will explain why we refuse to comply with your request in our response. We may also charge a reasonable fee for complying with your request in accordance with applicable law.

To ensure that the personal information we hold is accurate and up to date, where relevant, please advise us of any changes to your information by emailing us using contact details set out below.

We do not knowingly collect personal information from or about children under the age of 18 (or the legal age of majority in your jurisdiction). If you are under 18 (or the legal age of majority in your jurisdiction), please do not use the Service or send any personal information about yourself to us.

If we learn that we have collected personal information from a child, we will delete that information as soon as possible. If you believe that an end-user who is below this minimum legal age may have provided us with his or her personal information, please contact us using contact details provided below.

If you have any questions, complaints or comments about this Privacy Policy or our privacy practices, or to report any violations of this Privacy Policy, please contact us via the following contact information:

Address: OFFICE NO.4 19/F, SINGGA COMMERCIAL CTR 144-151, CONNAUGHT RD WEST SAI YING PUN, HK

Email address: dpo@emgpay.com

Among other matters, if you are dissatisfied with our processing of your personal information, you may file a complaint with the data protection authority in your country. Please consult your local data protection authority for more details.