Home
Our services
About us
EN

PrivacyPolicy

I. General Overview

Welcome to the official website of KASTLE LIMITED (hereinafter referred to as "we") (hereinafter referred to as "this website").

We fully understand the importance of personal information to you and are committed to protecting your privacy. To this end, we will take appropriate security measures to protect and ensure the security and control of your personal information as required by law and regulation. In view of this, we have developed this Privacy Policy ("Policy") to help you fully understand how we collect, use, share, store and protect your personal data in the course of your use of the Service and how you can manage your personal data so that you can make better and more appropriate choices.

We undertake to comply with the provisions of the Personal Data (Privacy) Ordinance, Cap 486 ("PDPO") 486of the Laws of Hong Kong in relation to personal data to ensure the privacy, confidentiality and security of the personal data held by us. We are committed to ensuring the privacy, confidentiality and security of the personal data we hold.

If you do not agree with any of the contents of this policy, you may immediately discontinue accessing the Site.
This policy will help you understand the following (details of which will be set out in turn).
1. What personal data we collect from you
2. The way we collect personal data
3. How we use your personal data
4. Personal Data Retention
5. How we use cookies and similar technologies
6. How we share, transfer, disclose your personal data
7. How we protect your personal data
8. Your rights and privacy choices
9. How we protect the information of minors
10. Direct Marketing
11. European Union's General Data Protection Regulation (GDPR)
12. Updates to this policy
13. How to contact us

I. What kind of personal data we collect from you

We may collect personal data that is necessary and not excessive for our business purposes to carry out our essential function of providing trust services. Personal information includes any information that can be used (directly or indirectly) solely through that information or in combination with other information that we process or can reasonably access to enable us to identify, locate or contact you to complete our fiduciary due diligence work. You have the right to choose not to provide such information, but it may result in our inability to provide the Services to you, or parts of it may not be displayed.
If you choose us as your trust service provider, we may collect the following types of personal data.
(i) Your personally identifiable information (including your name and identification details, nationality, tax information, personal data available in the public domain, and other information that we use to provide our services, complete our customer due diligence process, and meet our obligations in combating money laundering and counter-terrorism financing activities).
(ii) Contact information that enables us to communicate with you, such as your telephone number, e-mail address, residential address, or other address that allows us to send you information; we may use the contact information you leave with us to send you notices of the status of the Service. In addition, we may send you announcements when necessary, such as when a service is suspended for system maintenance. You may not be able to unsubscribe from these announcements, which are not in the nature of advertisements.
We will not collect and process some of your personally sensitive information (including, for example, information relating to race, religious beliefs, physical or mental health or sexual orientation) unless we have obtained your express consent as required by applicable law. If there are legal or regulatory requirements, or in order to prevent or prohibit illegal or unlawful activities, we also need to collect personal data from you accordingly, and store and/or count the said information as required.

Second, the way we collect personal data

In most cases, we collect personal information directly from you or from third parties, including your authorized representatives, consultants, or your workplace. In order to better serve you, to protect you from the risks associated with your use of our services, or to determine liability for breach of contract, we may use third-party organizations to access and verify your relevant information.
If you contact us online, we will use cookies and other similar technical tools to collect information about your computer and your use of our website. When this information is linked to your contact information, we will treat it as personal data. For more information about cookies and similar technologies, please see the "How we use cookies and similar technologies" section below.

III. How we use your personal data

We may use your personal data to.
1. to implement the functions of the trust services we provide.
2. to meet your or our corporate clients' requirements for the provision of services or related matters.
3. provide you with direct marketing communications and service and product materials from us and, in some cases, our partners, including promotional offers based on your interests, business characteristics and location, and, in each case, obtain your consent (including an indication of no objection) in accordance with applicable law.
4. comply with the laws, regulations and guidelines applicable to us and/or other members of the Group.
5. determine whether you are eligible to use certain services; and
6. Manage our daily business needs.
We may compile statistics on browsing visits to the Site and may share these statistics with the public or third parties to demonstrate overall usage trends on the Site. However, these statistics do not contain any identifying information about you.

IV. Personal data preservation

We will retain personal information only as long as reasonably necessary to meet the purposes for which we collect it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
To determine the appropriate retention period for Personal Data, we will consider the volume, nature and sensitivity of the Personal Data, the potential risk of harm that may result from unauthorized use or disclosure of the Personal Data, the purposes for which we process the Personal Data and whether we can otherwise achieve those purposes, and applicable legal, regulatory, tax, accounting or other requirements.

V. How we use cookies and similar technologies

(i) Cookies
A cookie is a small text file created by a web server and saved on the user's browser, which allows the website to access cookie information when the user visits the web server. cookies can be used to store personal data and track the user's access behavior, in addition to being commonly used to confirm the user's identity.
We do not collect and track any information or behavior of users through cookies, except for the use of cookies to confirm the identity and login status of users.
You can manage and delete cookies according to your preferences, and most browsers have features that allow you to disable or delete cookies from the official website. It is important to note that blocking cookies may result in certain features of our website not working effectively or not being available, which may affect your experience.
(ii) Cookie-like technology
In addition to cookies, we use other similar technologies on our website such as Authorization or "Web Beacon", which is an HTTP protocol header that is transmitted behind the Internet browser and the Internet server and can be used in place of cookies to count users or access certain cookies. We may use Authorization to record your identity and collect information about your web browsing activity through Web Beacons, such as Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), pages visited, operating system, date/time stamp, and the Internet Protocol (IP) address. pages, operating systems, date/time stamps, and clickstreams so that we can learn more about and improve our products or services.

VI. How we share, transfer and disclose your personal data

(i) Sharing
We are committed to keeping your information strictly confidential and will not share your personal data with companies, organizations and individuals outside of KASTLE LIMITED, except for the following.
1. shared with your consent.
2. Sharing in legal circumstances: We may share your personal data with external parties as required by law or regulation, as necessary to resolve litigation disputes, or as required by law by judicial or administrative authorities, for example, if we are obliged to disclose your personal data to comply with any legal or regulatory obligations, such as our obligations in relation to anti-money laundering and counter-terrorist financing activities, or if we agree to assist in enforcing any tax or other regulatory filing requirements.
3. certain products or services may be provided by third parties or jointly by us and third parties, and therefore we need to submit your (necessary) personal data to the third parties we work with (online signing, courier mailing, legal services, accounting services, etc.) in order to provide the products or services you require.
4. Sharing with our partners: Your personal data may be shared with KASTLE LIMITED's partners (i.e. the brokerage firms and/or their onward brokerage firms that we interface with in order to provide the appropriate services in the event that you have further exercise or vesting needs). We will only share personal data that is necessary and subject to the purposes stated in this policy. If any of the above-mentioned partners wish to change the purpose of processing personal data, your authorized consent will be sought again.
5. When you have questions that we need to answer, complaints against us, complaints against others or complaints by others, in order to protect the legitimate rights and interests of you and others, we may save your name and contact information, complaints and communication-related content in the customer service system provided by the third-party provider, and may provide it to the consumer rights and interests protection department and regulatory authorities in order to timely resolve complaints and disputes, except that laws and regulations clearly except for those that are prohibited from being provided.
6. other agreements for information sharing.
If we need to share your information with a third party in order to provide our services to you, we will assess the legality, appropriateness and necessity of the information collected by the third party. We will require the third party to take protective measures for your information and to strictly comply with relevant laws, regulations and regulatory requirements. In addition, we will obtain your consent or confirm that the third party has obtained your consent in the form of confirmation agreements, textual confirmation in specific scenarios, pop-up reminders, etc., as required by laws, regulations and national standards.
(ii) Transfer
We will not transfer your personal data to any company, organization or individual, except for the following.
1. in accordance with laws and regulations or mandatory administrative or judicial requirements.
2. In the event of a transfer of assets, acquisition, merger, reorganization or bankruptcy and liquidation involving the transfer of personal data, we will inform you in writing about the situation and request the new company or organization holding your personal data to continue to be bound by this policy. In the event of a change in the purpose of use of personal data, we will require the company or organization to obtain your explicit consent again.
(iii) Public disclosure
In principle, we will not disclose your information publicly. If public disclosure is necessary, we will inform you of the purpose of the public disclosure, the type of information to be disclosed and the sensitive information that may be involved, and obtain your explicit consent.

Seven, how we protect your personal data

(a) We have taken reasonably practicable security measures in accordance with industry standards to protect your information from unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonably practicable steps to protect your personal data. We implement physical, technical and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure and alteration, including, but not limited to, transport layer data encryption, firewalls and encrypted storage, physical access controls, and information access authorization controls. We have security procedures in place to protect your information from theft by unauthorized access. For example, we ensure that all your network communications with us are protected by encryption using encryption technology (SSL). Your personal information is encrypted and stored on our servers using high-strength encryption measures. We use trusted protection mechanisms to prevent malicious attacks on personal data. We use various data desensitization techniques, including content substitution and SHA256, to enhance the security of personal data during use, such as personal data display and personal data association calculation. We use automatic code security checks and data access log analysis technologies to enhance personal data security audits.
(b) We have an industry-advanced data security management system that is data-centered and revolves around the data lifecycle, enhancing the security of the entire webpage in multiple dimensions from organization construction, system design, personnel management, product technology, etc. to protect your personal data. For example, we establish a data classification and grading system, data security management specifications, and security development specifications to regulate the storage and use of personal data. We require all employees to sign a confidentiality agreement. We hold training courses on security and privacy protection, and strengthen employees' awareness of the importance of protecting personal data and strictly follow the protection requirements by means of assessment, review and inclusion of data protection in the daily assessment of employees.
(c) We will take all reasonably practicable steps to avoid collecting irrelevant personal data, and we will only retain your personal data for as long as necessary to achieve the purposes described in this policy, unless an extended retention period is required or permitted by law. After the necessary period, we will delete your personal data, except where otherwise provided by law or regulation. In the event that our products or services are discontinued, we will notify you by push notification, announcement, etc.
(d) Please know and understand that the Internet is not an absolutely secure environment and you should also take steps to protect your personal information. Please remember to log off the website and close your browser window when you have finished your work. This is to ensure that other people who have access to your computer cannot access your personal information and communications. If you discover that your personal information has been compromised, please contact us immediately using the contact information provided in this policy so that we can take appropriate action.
(e) We have set up a transparent system for handling data leakage incidents. In the unfortunate event of a personal data security incident, we will inform you of the basic situation and possible impact of the security incident, the measures we have taken or will take to deal with it, suggestions for your independent prevention and risk reduction, remedial measures for you, etc. in accordance with the requirements of laws and regulations. We will inform you of the incident by email, letter, telephone and/or push notification, etc. If it is difficult to inform each user individually, we will take a reasonable and effective way to make an announcement. At the same time, we will also report the disposition of information security incidents in accordance with the requirements of regulatory authorities.

VIII. Your rights and privacy choices

You have the following rights with respect to our processing of personal data about you.
1. the right of access to personal data.
2. the right to correct personal data.
3. the right to restrict the use of personal data.
4. the right to request the deletion of personal data.
5. the right to object to the processing (including the sharing or transfer) of personal data.
6. the right to withdraw from direct marketing; and
7. the right to withdraw consent to the processing of your personal data at any time.
You may make such a request through the contact information at the end of this policy. In accordance with the Privacy Policy, we reserve the right to charge a reasonable fee for processing such a request for access.
In addition, you have the right to file a complaint with your local supervisory authority regarding the way we process your personal data or the way we process your rights.
Please note that even if you choose to opt out of receiving direct marketing emails, we may still need to contact you with important information in connection with services or products that we are providing or will provide to you or your workplace.

IX. How we protect the information of minors

We take the protection of personal data of minors very seriously and if we find ourselves collecting personal data of minors without prior verifiable parental or guardian consent, we will delete the relevant data as soon as practicable.

X. Direct marketing

In connection with direct marketing, we may use your personal information, including but not limited to your name and contact information, business characteristics and geographic location, in order to send you marketing messages about the services and products we and our partners offer from time to time by telephone, text (SMS), email, postal, fax and push notifications and any other electronic means. Such services and products may include, but are not limited to, business, corporate, fiduciary services and related inquiries.
We will obtain your informed consent (including an indication of no objection) before using your personal data for direct marketing or providing data to third parties for direct marketing.
If at any time you do not want us to continue to use or provide your personal data to others for direct marketing purposes and do not wish to receive any direct marketing messages, you may opt out of direct marketing messages by notifying us at the contact information at the end of this policy.

XI, the European Union's General Data Protection Regulation (General Data Protection Regulation)

If we/data controller is not established in the European Economic Area ("EEA") but processes personal data for a data subject located in the EEA, the relevant conduct will be governed by the General Data Protection Regulation if one of the following applies.
1. provide products or services to data subjects in the EEA; or
2. Monitor the behavior of the data subject as long as the relevant behavior occurs within the EEA.
This processing of personal data includes any operation or series of operations, whether automated or not, carried out on personal data or a series of personal data.
As stipulated under the General Data Protection Regulation, we/data controller will have a designated representative in one of the Member States where the data subject is located to communicate with the data subject or relevant authorities.
We/Data Controller shall process personal data in at least one of the following circumstances.
1. The data subject has consented to the processing of his or her personal data.
2. Processing is necessary for the execution of a contract or for the preparation of a contract (to which the data subject is a party) at the request of the data subject;
3. To comply with the legal obligations, it must be processed;
4. Processing is necessary to protect the data subject;
5. The processing is necessary for the performance of a task of public interest or the exercise of public authority; or
6. This must be done when the legitimate interests of the data controller take precedence over the rights, freedoms and guarantees of the data subject.
We/Data Controller will take appropriate technical and organizational measures in compliance with the General Data Protection Regulation to safeguard the security of the personal data processed.
In accordance with the provisions of the General Data Protection Regulation, we provide a systematic approach to the protection of personal data and have a Data Protection Officer who is fully responsible for the protection of your data.
We will evaluate all requests and complaints we receive and provide you with a timely response. We may ask you to provide a copy of a valid identification document in order for us to fulfill our security obligations and prevent unauthorized disclosure of data. If your request for access to data is manifestly unfounded or extraordinary, we reserve the right to refuse to process the request.
For personal data protected by the General Data Protection Regulation, we may transfer your personal data outside the EEA for specific permitted purposes. We will ensure that any such international transfers are appropriately protected in accordance with the General Data Protection Regulation, the New Standard Contractual Clauses and/or other relevant laws.
We/Data Controller will carry out the transfer of personal data to countries outside the EEA in accordance with the relevant legislation and under one of the following conditions.
1. The data subject expressly agrees to the transfer of the relevant information.
2. A transfer of data necessary for the performance of a contract between the data controller and the data subject.
3. A transfer of information necessary for the performance of a contract entered into to protect the interests of the data subject; or
4. A transfer of data necessary for the performance of a duty to protect the vital interests of the data subject, regardless of the data subject's capacity to give consent.
Your rights under the General Data Protection Regulation with respect to personal data protected under the General Data Protection Regulation include, but are not limited to, the following.
(i) To obtain information about the processing of your personal data and to access the personal data you have kept with us. Please note that in some cases we have the right to refuse requests for access to copies of personal data (in particular, information that is specifically protected by law and regulations).
(b) If your personal information is inaccurate or incomplete, you may request us or we have the right to request corrections, and if we need you to provide copies of valid identification documents to prove the authenticity of your identity information, please cooperate in providing them.
(c) You may request us to delete your personal data under certain circumstances. Please note that we have the right to retain your personal data even if you ask us to delete it in certain circumstances (e.g. for purposes of public interest, public health or scientific and historical research, or as otherwise provided by law).
(d) to object in certain circumstances to our processing of your personal data and to request that we restrict the processing of your personal data. Likewise, we have the right to refuse your request even if you object or ask us to restrict the processing of your personal data in certain cases that comply with the law. We also have the right to continue to use or process without your permission if there are other legitimate legal reasons for doing so.

XII. Update of this policy

(a) We may update this Policy from time to time to reflect changes in the way we process your personal information or changes in legal requirements. If we make such changes to this Policy, we will post or otherwise make available the revised Privacy Policy on our official website. The revised Privacy Policy will be effective as of the date it is posted on our official website.
1.
(b) We recommend that you periodically check this page for updates to our privacy policy. Your continued use of our products and services offered on the Site will be deemed acceptance of the updated Privacy Policy.

XIII. How to contact us

KASTLE LIMITED 嘉士圖有限公司
E-mail address: operation@kastlehk.com
Postal Address: Room 1904-1907, Hip Shing Hong Sheung Wan Centre19 Building, No. 1
Wing Lok Street93103, Sheung Wan, Hong Kong
Phone number: (852) 6821 0942

Please provide the following information about your business needs to help us serve you better. This information will enable us to route your request to the appropriate person.
op_hk@kastlehk.comtel: +852 2760 2534
© Copyright 2022 Inc. All rights reservedprivacy policyDisclaimer and Risk Warning