Privacy policy
A. What is the purpose of this Privacy Notice
Techpave. HK Limited ("we", "us", or "our") is committed to protecting your privacy. Whether you’re a customer, a visitor to our website, or simply getting in touch with us, we’re committed to protecting your personal data and handling it with care and transparency.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with us in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong ("PDPO"), including when you:
- Visit our website;
- Use our products or services;
- Contact us through forms, email, or chat;
- Sign up for newsletters or marketing;
- Apply for a job or partnership;
- Are referred to us or interact as an end user of a supported service.
B. Who We Are
Techpave. HK Limited is a company registered in Hong Kong Special Administrative Region of the People's Republic of China, with company registration number 78140383, whose registered office address is at 8/F 299QRC 287-299 Queen’s Rd Central Hong Kong.
If you are located within the European Union or European Economic Area (EU/EEA), Techpave. HK Limited operates as the Data Controller pursuant to the General Data Protection Regulation (GDPR), determining the purposes and means of processing your personal data.
If you reside in Hong Kong, we act as the Data User under the Personal Data (Privacy) Ordinance (PDPO), responsible for the collection, holding, processing, or use of personal data in accordance with Hong Kong privacy laws.
For individuals located in other jurisdictions, we commit to processing your personal data in compliance with applicable data protection and privacy regulations to the extent required by the relevant laws of those jurisdictions.
C. What Personal Data We Collect
We collect personal data to provide you with services, meet our legal obligations, and improve your experience with us. This data may be collected when you directly provide it, through your use of our services, or from third-party sources. We aim to limit collection to only what is necessary and relevant.
a) Information you provide directly
Identification: Name, date of birth, gender, marital status, passport, driving license, taxpayer ID;
Contact details: Address, email address, phone, social media handles;
Financial data: Bank account, card details, payment account numbers;
Recruitment data: CV, employment history, interview documents, criminal checks;
Marketing preferences: Consent and preferences for communications;
Any information submitted in forms, surveys, applications, or through customer support interactions;
b) Information collected through use of our services and website
Transaction data: Payment history, transaction monitoring, geo-location;
Technical data: IP address, browser type, device model, operating system type;
Usage data: Clickstream patterns, pages visited, searches performed, interaction metrics;
c) Information collected from other sources and third parties
Credit reference agencies, fraud prevention services: credit scores, business contact details, Sanctions lists, politically exposed persons (PEP) databases;
Public registries: Companies House, electoral rolls, professional directories;
Social media platforms and other publicly available online content;
Background screening providers;
D. How We Use Your Personal Data
| Purpose | Legal Basis |
|---|---|
| Provide payment services | Contractual necessity |
| Comply with legal/regulatory requirements | Legal obligation |
| Prevent fraud and financial crime | Legal obligation, legitimate interest |
| Communicate with you | Contractual necessity, legitimate interest |
| Improve services and run analytics | Legitimate interest |
| Send marketing communications | Consent (or legitimate interest, where applicable) |
| Process job applications | Contractual necessity, legal obligation |
E. With Whom We May Share Your Data
We only share your personal data when necessary and in accordance with applicable data protection laws. The categories of recipients with whom your data may be shared are listed below:
Payment networks and financial institutions: Such as Visa, Mastercard, American Express, and alternative payment providers (APMs) and / or Payment Institutions to facilitate payment processing and related services;
Regulatory and supervisory authorities: This includes financial regulators, tax authorities, data protection authorities, and law enforcement agencies, when disclosure is required by law or necessary to comply with legal obligations;
Credit reference and fraud prevention agencies: These agencies help us conduct credit assessments, verify your identity, and prevent fraudulent or suspicious activity;
Technology and IT service providers: They supply secure infrastructure, cloud storage, data analytics, cybersecurity services, and general IT support;
Appointed fintech service provider: We engage Payabl. Cy Ltd, a regulated fintech company to support core platform operations, payment infrastructure, and compliance services. Acting strictly under our instructions, this provider processes personal data on our behalf and is contractually bound to comply with the GDPR;
Marketing and event partners: These include marketing agencies, content creators, and event organizers that support us in delivering communications, promotional campaigns, and hosted events;
Professional advisors: Such as legal counsel, auditors, and consultants who help us meet our legal, regulatory, and business obligations;
Due diligence and compliance partners: This includes providers that perform identity verification, sanctions screening, and other onboarding-related checks.
All third parties and affiliated companies with whom we share data are contractually bound to maintain strict confidentiality and comply with relevant data protection requirements. This includes implementing appropriate technical and organizational safeguards.
F. Data Retention
We only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including maintaining our business relationship with you and complying with our legal, regulatory, and contractual obligations.
Generally, we retain your personal data for the duration of our relationship and up to 7 (seven) years after it ends, unless applicable laws, including those of the European Union/EEA and Hong Kong, require or permit a longer or shorter retention period. In certain circumstances, we may retain your data for a longer period. For example:
To comply with legal and regulatory requirements (e.g., tax, anti-money laundering, or financial reporting obligations);
To handle ongoing or potential disputes or complaints;
To enforce our agreements or protect our legal rights;
Where we are otherwise permitted or required by law.
We regularly review the data we hold and securely delete or anonymize it when it is no longer needed.
Your Rights
Under GDPR (for EEA residents):
If you are located in the EEA, you have the following rights:
Right of access – Request a copy of your personal data
Right to rectification – Correct inaccurate or incomplete data
Right to erasure – Ask us to delete your data ("right to be forgotten")
Right to restrict processing – Limit how we use your data
Right to data portability – Request your data in a usable format
Right to object – Object to processing based on legitimate interests
Right to withdraw consent – At any time, for processing based on consent
Right to lodge a complaint – With your national Data Protection Authority
Under the PDPO (for Hong Kong residents):
If you are located in Hong Kong, you have the right to:
Access personal data we hold about you
Request correction of inaccurate or incomplete data
To exercise any of the rights outlined above, you may contact us by email at dataprotection@techpave.com.
Please note that we may ask you to verify your identity before processing your request. Some rights may be subject to certain limitations or exceptions. For instance, we may not be able to fulfil a request if doing so would disclose personal data about another individual, or if we are legally required to retain the data, have overriding legitimate interests, or need the information to comply with our legal obligations.
Requests for access to your personal data must be submitted in writing. We aim to respond within a reasonable timeframe, typically within one month, though this may be extended to three months for complex or multiple requests.
Where requests are clearly unfounded or excessive, we reserve the right to charge a reasonable administrative fee or decline to act on the request.
We are committed to resolving any concerns you may have. However, if you remain dissatisfied with our response, you have the right to raise a complaint with the supervisory authority in your EU Member State. You can find the contact details of the competent authorities in the EEA at (https://www.edpb.europa.eu/about-edpb/about-edpb/members_en) or with the Office of the Privacy Commissioner for Personal Data in Hong Kong (https://www.pcpd.org.hk/).
Security Measures
We take the protection of your personal data seriously and have implemented appropriate technical and organizational measures to ensure its confidentiality, integrity, and availability. These measures include encryption, access controls, secure data storage, regular security audits, and staff training on data protection principles, among others. We also have procedures in place to detect, respond to, and recover from potential data breaches or security incidents. We regularly review and update our approach to align with industry best practices and evolving security threats.
G. International Transfers
As a Hong Kong-based company primarily targeting individuals in the European Union, we may transfer your personal data to countries outside the EEA or Hong Kong. This includes transfers to international organizations where there is a valid legal basis for the transfers. These transfers may occur to fulfill our contractual obligations to you, to comply with legal requirements, or based on your explicit consent.
Please note that some of these countries may not offer the same level of data protection as those within the EEA. In such cases, we take all appropriate technical and organizational measures to ensure that the transfer complies with the GDPR and that your data remains protected.
We only transfer personal data to countries that:
have been deemed by the European Commission to provide an adequate level of data protection; or
offer appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission; or
where applicable, follow other lawful mechanisms permitted under GDPR Articles 44–49.
Additionally, we ensure that any international data transfers are carried out in accordance with the principles of the Hong Kong Personal Data (Privacy) Ordinance (PDPO), especially when the transfer originates from or involves processing in Hong Kong.
Regardless of where your personal data is processed or stored, we remain committed to ensuring a high standard of data protection.
H. Use of Cookies
We use cookies to enhance user experience, analyze performance, and deliver personalized content. By following this link, you will be informed of our cookies policy for more details.
I. Children’s Privacy
Our services are not directed to individuals under the age of 18 (eighteen). We do not knowingly collect data from minors. If it comes to our attention that data has been submitted by someone below the age of 18, we will take immediate steps to remove it.
Jurisdictional Supplements
EU/EEA Residents
We are fully compliant with the GDPR and offer all rights and safeguards accordingly.
Hong Kong Residents
We comply with the PDPO and respond to requests for access and correction of personal data in accordance with its requirements.
J. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be posted on our website. Check this page regularly to see how we handle and safeguard your personal data.
K. How to contact Us
If you have any queries or concerns about the way we use your information, or if you have any other questions, requests, or complaints about this Privacy Policy you may contact the Data Protection Office at:
Email: dataprotection@techpave.com
Address: 8/F 299QRC 287-299 Queen’s Rd Central Hong Kong
Last Updated: 03/07/2025