Privacy Policy Statement & Personal Information Collection Statement

Introduction

Payment Asia Services Limited trading under the brand name "Orbis" ("Orbis", "we", "us" and/or "our") is committed to protecting the privacy of personal data and this Privacy Policy Statement ("Policy") sets out our personal data privacy policies and practices in accordance with the provisions of the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) ("PDPO").

The content of this Policy is meant to provide a general overview. For further details, please refer to our Personal Information Collection Statement ("PICS"). For the avoidance of doubt, should there be any inconsistencies between this Policy and the PICS, the PICS shall prevail.

Kinds of Personal Data Held

We may collect personal data from you in connection with the matters and purposes set out in the PICS and this Policy. This may include:

• Contact information: Your name, address, phone number, email address, and any other contact details you provide to us.
• Personal characteristics: Information such as your gender, profession, job title, the name of your organization, or any other personal and technical characteristics or patterns necessary to identify you as a (prospective) client, vendor, business partner, or representative/employee of such entities.
• Video footage recording: We may conduct introductory video calls for KYC onboarding purposes, and these calls are recorded with additional consent.
• Communication data: Your requests, complaints, or any other data exchanged between us via email, telephone, in-person interactions, or any other means of communication.
• KYC information: As required by law, we collect specific information from Ultimate Beneficial Owners (UBOs) or executives including their first and family names, nationalities, Personal Data provided in a copy of their ID, tax residence, private/residential address, phone number, email address, date and place of birth, marital status, profession and actual function, range of annual income, range of estimated wealth, proof of source of wealth/funds, and, where applicable, a U.S. or other Taxpayer Identification Number.

Main Purposes of Collecting and Keeping Personal Data

We may collect your personal data from time to time in the ordinary course of your relationship with us for any of the following purposes:

1. Improving and expanding our offerings by way of research and development of new functions or other new products and services that we may offer from time to time.
2. Performing research, statistical analysis or surveys, whether orally or in writing, in order to manage and protect our business operation.
3. Subject to having obtained your consent in accordance with applicable law, we may provide direct marketing information to you relating to goods and services offered by us, Our Group Companies and affiliates, our business partners and selected third parties.
4. Managing risk, performing creditworthiness and solvency checks, or assessing, detecting, investigating, preventing and/or remediating fraud or other potentially prohibited or illegal activities.
5. Making such disclosures as may be required by any law or regulation of any country applicable to us or Our Group Companies, government official or other third party that Orbis has contractual or regulatory obligations to.
6. Making any disclosure to prevent any harm or financial loss, to report any suspected illegal activity or to deal with any claim or potential claim brought against us or Our Group Companies.
7. Enabling any due diligence and other appraisals or evaluations for actual or proposed merger, acquisition, financing transactions or joint ventures.
8. Any other legitimate business purposes, such as protecting lives, maintaining the security of our systems and products, and protecting any of our other rights and/or properties.
9. Any other purposes directly relating to the purposes listed above.

Retention of Personal Data

Personal data collected from you will not be kept longer than necessary for the carrying out of the purposes for which such data were initially collected, unless otherwise required or permitted by applicable laws or regulations. We will retain and procure our service providers to retain your personal data only for so long as is necessary for the purposes set out in the PICS and in accordance with the PDPO and all applicable regulatory requirements.

Security of Personal Data

We take all reasonable steps, including technical, administrative and physical safeguards to help protect your personal data that we process from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Disclosure of Data

We will comply with the applicable requirements and restrictions under the PDPO in disclosing personal data to any other person. We may, when appropriate and necessary, provide, transfer or disclose your personal data to Our Group Companies and any third party (whether within or outside Hong Kong) set out in the PICS for the purposes set out above and/or in the PICS.

Outsourcing Arrangement

We may appoint suppliers, agents, contractors, service providers and other contractual counterparties within or outside Hong Kong to process data collected by us, in order to provide administrative, telecommunication, computing, remittance or other services to us, such as in connection with the operation or maintenance of the Website or the provision of services and products, including for fraud prevention, payment settlement and transaction processing, insurance, bill collection, data entry, database management, promotion, marketing, customer service, technology service, product and service alerts and payment extension services.

All suppliers, agents, contractors, service providers and other contractual counterparties are required to comply with the applicable requirements and restrictions under the PDPO and personal data access will be restricted to authorised personnel on a need-to-know basis.

Direct Marketing

We may wish to use your personal data in direct marketing activities for the purposes set out above and/or in the PICS. We will comply with the applicable requirements and restrictions under the PDPO and the PICS in direct marketing activities.

We will not use your personal data unless we have received your consent. If you at any time you do not wish for us to continue to use or provide to other persons your personal data for direct marketing purposes as described herein, you may exercise your "opt-out" right by notifying us at contact@paymentasia.com.

Use of Cookies and Similar Technologies

Cookies are text files placed in a user's computer or mobile device Internet browser to collect and store information about the users of our websites and mobile applications. When you use or browse our website, information will be collected from you by cookies and other similar technologies including but not limited to super position model (SPM) technologies, web beacons and spotlight tags.

The information collected by using such technologies may include but is not limited to information about your electronic device, mobile device, browser details, IP address, and your preferences and habits on language, webpage layout and other matters. We will analyse and use the information collected to maintain, manage and enhance our websites, mobile applications, products, services and user experience.

Accessing Your Personal Data

You have the right to access and update your information and contact us. For example, you may:

1. Check whether we hold data about you and/or access such data;
2. Require us to correct any data relating to you which is inaccurate;
3. To the extent required in accordance with applicable laws and regulations, require us to correct inaccurate, or unlawfully collected or unlawfully processed data;
4. Ascertain our policies and procedures in relation to data and to be informed of the kind of personal data held by us; and
5. Request us not to use your personal data for direct marketing purposes, in which case we will cease to do so at no cost to you.