Privacy Policy

Effective Date: January 19,2023

This Privacy and Security Policy ("Privacy Policy" or "This Policy") sets out the basis on which we（"XTransfer"）, together with our subsidiaries, our holding company, affiliated company (Our Group) from time to time, collect, use, store, share and protect your personal or company information as you use our website (https://www.xtransfer.com) or any other Uniform Resource Locators ("URL"), application and tools (collectively, the "Our Platform") through or on which we provide services offered to you. Based on the specific services you use, different subjects may provide you with corresponding services, the entities that provide different services are called relevant service parties, in order to comply with relevant laws, regulations and regulatory requirements, and to provide you with services or improve your service experience, relevant service parties will collect, use, store and share your personal information and company information, and relevant service parties will process your personal data and company information in accordance with this policy.

We strongly suggest you to read this policy carefully and prudently since what stated in this policy is very important to your rights and benefit.We ask for your attention to important provisions which shall materially affect your benefit, obligation or responsibilities by virtue of bold and underlining provisions aforementioned, if you have any question, please contact us through contact information stated in this policy.

If you have any queries regarding this Policy or our use of personal data, please refer to contact information at the end of this Policy.

1. Policy Statement

1.1 This Policy provides you with notice as to how and why your personal data is collected, how it is intended to be used, to whom your personal data may be transferred to, how to access, review and amend your personal data, and our policies on direct marketing and the use of Cookies, etc.

1.2 We collect and process your personal data in compliance with the Personal Data (Privacy) Ordinance, Chapter 486 of the Laws of the Hong Kong Special Administrative Region ( "Ordinance"). Terms like "data", "personal data", "data user", "processing", "disclose" and other terms defined by the Ordinance are used in this Policy in accordance with the definitions given by the Ordinance.

1.3 You may be asked to consent to this Policy when you access, or interact with us via our platform. Otherwise, by using our platform, you are accepting the practices and statements in this Policy. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to provide information and Services to you or to respond to your enquiries.

1.4 Please read the following carefully to understand our policy and practices regarding how your personal data will be treated. This Policy may from time to time be revised.

2. How we collect data

2.1 We will collect your personal data that you voluntarily provide to us through your user account on our platform or using our or Our Group’s or our business partners’ services. Based on laws or your authorization, we may also collect your personal data from third parties (e.g., marketing agencies, market research companies, our suppliers, contractors and consultants at our group companies, your colleagues and business contacts, public websites and public agencies) or sent to us automatically when using our platform and services.We, and our third party service providers ，automatically collect your information about your use of our Website and our Services through cookies, web beacons, and other technologies.

2.2 How we use Cookies

Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your web browser for record-keeping purposes,The information collected (including but not limited to: your IP addresses (and domain names), browser software, types and configurations of your browser, language settings, geo-locations, operating systems, referring website, pages and content viewed, etc.) will be used to ensure operation of the website and enable you to log in securely, for compiling aggregate statistics on how our visitors reach and browse our websites for web enhancement and optimization purposes, and to help us understand how we can improve your experience on it.

You can edit your browser options to block cookies. Visitors to our Website who disable their web browsers’ ability to accept cookies will still be able to browse our Website. However, most website features will not function correctly, if you disable all cookies (including essential cookies) and you may not even be able to login to use our Services. More information can be found in our Cookie policy.

3. When Does XTransfer Collect Your Information

We may collect and store any information you provide us when you use our Services, including when you add information on a web form, add or update your account information, participate in dispute resolutions, or when you otherwise correspond with us regarding our Services.

4.Why we collect your data and what kind of data we collect

4.1 Realize the necessary functions of our Services

When you use our Services, you may need to provide or authorize us to collect your data required for the corresponding Services in the following conditions. If you refuse to provide data required for some Services, you may not be able to access to these Services, but it will not affect your normal use of our other Services.

(a) Registration and certification

When you register for an XTransfer account, you need to provide us with your phone number, email address and set a password to create an XTransfer account. We will verify whether your information is valid by sending a SMS verification code or verification email.

After logging in to your XTransfer account, you can independently complete and enter your phone number, contact address and other personal data. After completing the registration and before using our services, you also need to complete the corporate certification. When performing corporate certification, you need to provide us with basic corporate information, corporate license and the identity information as well as the photocopy or photo of the relevant license of the corporate-related natural person(s) (including legal person, director, actual controller, etc.) .

(b) Sending/Money Transfer

In order to realize the function of sending/money transfer, you are required to provide your own bank account information to upload money, the bank account information of the recipient/beneficiary and related business information (including contracts or invoices, etc.).

(c) Payment Collection

In order to provide you with payment collection services, you need to provide trade-related materials (including contracts or invoices, etc.) to credit the payment. If required for risk compliance review, we may request you to provide more transaction-related information based on specific circumstances.

(d) Regulatory Domestic Reporting and Fund Disbursement

In order to realize the function of regulatory domestic reporting and funds disbursement, you must first bind your account, which requires your financial information (including debit card or bank account information). In addition to your financial information and trade-related materials provided at the time of your service request, you need to provide payee’s identity information, transaction-related logistics documents or logistics-related supporting materials based on the delivery situation. If required for risk compliance review, we will request you to provide more transaction-related information based on specific circumstances.

(e) Payment Withdrawal(if applicable)

In order to realize the function of payment withdrawal, you must first bind your account, which requires your financial information (including debit card or bank account information).

4.2 Optimize of Service Experience, Customer Service, Protection of User Rights and Interests(additional functions)

For the purpose of optimizing your Service experience, providing you with better customer Service and protecting your rights as our user, we and our third-party service providers may collect the following information about you, in case that you do not provide or agree with our retention of the aforementioned information, we may not be able to provide you with certain Services related to the optimization of service experience, customer service and user rights protection, but it will not affect your use of our other Services.

(a) Optimize of Service Experience

We and our third-party service providers may collect the following information from you: your domain name, your browser type and operating system, your Internet Protocol (IP) address, the duration of your visit to our website or use of our services, your activities on our platform, and the referring URLs or pages that lead you to our platform.

(b) Communications of Customer Service

In order to respond to inquiries and assist you when offering customer Services, we may collect your XTransfer account information (including phone number, corporate basic information and your position, etc.) and related transaction information to verify your identity. Under certain occasions, in the need of check the authenticity of the transaction and complete the collection, we may collect name, ID number and bank account information of legal person’s spouse.

Meanwhile, in order to ensure the quality of Service, protect the rights and interests of our users, prevent fraud, and check the accuracy of the information you provide in the process of our customer Service, we will record the calls you receive and make to our customer service hotline. The chat history information between you and our online customer service will also be collected. The aforesaid call recordings and chat history information will be deleted after being retained for a certain period of time, unless preserved due to the needs of compliance requirements or legitimate interest needs.

(c) Protection of User Rights and Interests

From time to time, we may collect feedback/recommendations information or the information you provided during reporting.

5. Use of data

Our primary purpose in collecting personal data is to provide you with a secure, smooth, efficient, and customized experience. We may use your personal data for the following purposes:

(a) to validate your identity;

(b) to process and administer your XTransfer account, to implement and effect the requests or transactions contemplated by the forms available on our platform or any other documents you may submit to us from time to time;

(c) to exercise our rights and perform our obligations relating to your contract with us, to communicate with you about our Services or any changes in the Service’s terms and conditions that apply to you;

(d) to respond to your inquiries and offer you customer Services;

(e) to administer our Services for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

(f) to protect our customers, employees or property - for instance, to investigate fraud, harassment or other types of unlawful activities involving us or other companies that we operate business with;

(g) to monitor your use of the platform and conduct analysis of the use of the platform in order to operate, evaluate and improve the platform and our Services, understand your preferences and troubleshoot any problems;

(h) to assist in law enforcement purposes, investigations by police or other government or regulatory authorities and to meet requirements imposed by applicable laws and regulations or other obligations committed to government or regulatory authorities;

(i) to personalize the appearance of our platforms, provide recommendations of relevant products, information and services and provide targeted advertising on our platform or through other channels;

(j) other purposes as notified at the time of collection; and

(k) other purposes directly relating to any of the above.

6. Personal Data Sharing and Disclosures

As a global company, XTransfer may share data with its group of companies, business partners, or government authorities, etc. XTransfer applies caution when contracting with data processors, performs the relevant activities and puts all the safeguards in place, as required to comply with the Ordinance.

6.1 With Our Group

We share personal data with Our Group as necessary to provide the Services or perform usual technological activities. Personal data shared within Our Group are granted a Ordinance level of protection. Access to personal data within Our Group is restricted to those individuals who need to access the information for our business purposes.

6.2 With Business Partners

We may share certain clients’ data (such as basic corporate information, bank account information, etc.) with our business partners (such as bank, payment institution, etc.). In addition, we will sign strict confidentiality agreements with business partners that we shared your information with, requiring them to process and use data in accordance with this Policy and take strict data security measures.

6.3 With Government Authorities

We may provide personal data to government authorities as requested by public authorities, auditors or institutions competent to exercise inspections on XTransfer, based on their legal obligations, which may ask us to provide information. In addition, we may provide personal data to comply with a legal requirement or to protect the rights and assets of XTransfer or other entities or people, such as courts of law, or enforcement authorities.

6.4 With Potential Acquirers or Investors

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email, account message and/or a prominent notice on our platform of any change in ownership or uses of your personal data, as well as any choices you may have regarding personal data.

6.5 To Protect us and Others

We may disclose your information when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our Services’ terms and conditions or this Policy, or as evidence in litigation in which we are involved.

6.6 With Analytic and Search Engine Providers

We may disclose your information to analytic and search engine providers that assist us in the improvement and optimization of our platform.

For our policy on sharing of your personal data for promotional and marketing purposes, please see the section entitled "Use of Personal Data for Direct Marketing Purposes".

7. Use of Personal Data for Direct Marketing Purposes

7.1 In addition to the purposes set out above, where permitted by law, XTransfer may use your name and contact details for promotional or marketing purposes including sending you promotional emails and conducting direct marketing in relation to our products, services, or activities or, as appropriate, those of Our Group or other companies with whom we have partnered.

7.2 For the purposes of direct marketing, we may, where permitted by law, provide your personal information to marketing and call center providers so that they can send you promotional materials and conduct direct marketing in relation to our Services (these materials may be sent to you by SMS, email or other means).

7.3 Before using or providing your personal data for the purposes and to the transferees set out in this section, we may be required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use and provide your personal data for any promotional or marketing purpose.

7.4 If your consent is required, and you provide such consent, you may thereafter withdraw your consent to the use and provision to a third party by XTransfer of your personal data for direct marketing purposes and thereafter XTransfer shall cease to use or provide such data for direct marketing purposes.

7.5 If you have provided consent and wish to withdraw it or if you prefer not to receive marketing communications from us in any form, please contact us as described in this Policy.

8. Data Transfers and Global Processing

Due to the nature of our global business and the technologies required, your personal data may be transferred to third-party service providers outside Hong Kong. We are committed to take all reasonably necessary steps and exercise all due diligence to make sure all personal data collected, held, stored, used, or otherwise processed outside Hong Kong are treated securely, in accordance with this Policy and in compliance with the Ordinance.

9. Personal Data Security

XTransfer uses reasonable methods to secure all personal data by a variety of methods, including restricting access to such personal information only to those people who have a legitimate need to know in order to discharge their job responsibilities on behalf of XTransfer, securing access to the facility where the personal data is stored and the use of technology and physical controls to secure the personal data. XTransfer is required to disclose personal information in response to lawful requests by public authorities including to meet national security or law enforcement requirements. If you have questions about the security of your personal data, please contact us as described in this Policy.

10. Personal Data Retention

Your personal data will be stored on third-party servers in China.We will store your personal data for a limited period of time, as necessary to achieve the purposes of the personal data processing, as described in this Policy, and in accordance with our legal and contractual obligations, or industry practices.

Once the retention period expires for a specific category of data, XTransfer will delete, archive, anonymize or destroy it, in accordance with our internal policies and procedures, unless prohibited by the Ordinance or other applicable law.

You may request to have your personal data deleted at any time by contacting us using the contact details as described in this Policy.

11. How Does XTransfer Store and Protect Your Information

We will strictly abide by relevant laws and regulations to respect and protect users’ privacy rights. Unless in accordance with XTransfer General User Terms and Conditions, Privacy and Security Policy, Website Terms of Use, and other published guidelines on our platform, we will not disclose and reveal your personal information without your authorization.

We take security measures in respect of physical, electronic, and management that comply with industry standards to protect your personal information. We manage the storage and use of standardized information by establishing data hierarchical management, system security management, and data security development specifications.We conduct comprehensive security control of data by signing confidentiality agreements with information receivers, completing monitoring and internal management systems.

We will take all reasonable and feasible measures to protect your personal information. For example, the data exchange between your browser and XTransfer is protected by SSL encryption; encryption technology is used to ensure the confidentiality of data; two -factor authentication is used to protect account security; a trusted protection mechanism is used to prevent malicious attacks on accounts; conduct network information security training and assessment regularly for relevant personnel to make them fully realize the importance of network security and strictly abide by corresponding rules and regulations.

If you accidentally disclose your login account and password, you shall contact us via the contact information on our platform or our customer service hotline as soon as possible for us to lock the user’s operating authority timely to prevent any third -party from illegal operation. Besides, you can reset your password and resume to normal use after providing valid identification and relevant credentials which have been reviewed and verified by us.

12. How Does XTransfer Protect the Information of Minors?

We attach great importance to the protection of minors' personal information, and the services of our platform are mainly for adults. If you are a minor, it is recommended for your parents or guardians to read this policy and you can only use our services or provide us with your information after the consent of your parents or guardians. If your guardian does not agree that you use our services or provide us with information in accordance with this policy, please stop using our services immediately and notify us as soon as possible so that we can take corresponding measures. We will ensure the confidentiality and security of minors' personal information in accordance with relevant laws and regulations.

For minors' personal information collected during the use of our products or services with the consent of parents or guardians, we will only use, share, transfer or disclose such information if it is permitted by laws and regulations, there is express consent of parents or guardians or it is necessary to protect minors.

13. Data Subject Rights

You have the following rights with respect to your personal data under the Ordinance, which you may exercise at any time by contacting us using the contact details as described below.

(a) verify whether XTransfer holds any personal data about you and to access any such data;

(b) require XTransfer to correct any personal data relating to you which is inaccurate;

(c) withdraw your consent for use or provision of personal data for direct marketing;

(d) make a complaint about XTransfer’s data processing; and

(e) enquire about XTransfer’s policies and practices in relation to personal data.

Requests for access, correction, complaints, or other queries relating to your personal data should be addressed to the contact details as described in this Policy.

Under applicable laws and regulations, XTransfer has the right to charge costs which are directly related to and necessary for the processing of any personal data request.

14. Changes to this Policy

XTransfer will occasionally update this Policy as it could become necessary. XTransfer encourages you to periodically review this Policy to be informed of how XTransfer is protecting your personal data.

15. Contact Information

If you want to exercise your rights as set out in this Policy, or have any queries regarding this Policy or our processing of personal data, please contact us at:

Xtransfer Limited

Address: 6/F, Bank of America Center, 12 Harcourt Road, Central, Hong Kong

Email: privacy@xtransfer.com

16. Definition

We, means Xtransfer Limited

Affiliated Companies, means Shanghai Duohui Network Technology Co., Ltd and Shanghai Duochang Network Technology Co., Ltd.

17. Special Terms

If you are located in mainland, China or you will use the relevant services or functions through your current website, web link, application or tool to our mainland website, web link, application or tool (Mainland Site), you will additionally apply the following terms.

(a) Regarding personal data, the personal data referred to in this Policy are consistent with personal information as defined in the Personal Information Protection Law of the People's Republic of China.

(b) Article 7 "Use of Personal Data for Direct Marketing Purposes" in this Policy does not apply.

(c) Device Permissions invoked to Provide Additional Functions

In order to provide you with convenient and high -quality services, we may need to invoke some permissions on your device. When you use the corresponding function, you will see a pop -up reminder asking you whether to authorize it. You can choose to turn off some or all permissions in the settings of your mobile device. Based on different mobile device operating systems, the opening and closing methods of the above permissions may be different. For details, please refer to the instructions or guidelines of the device and system developers. If you would like to see more details on our access to your device permissions, please refer to the appendix 2 "Invocation List of Device Permission" .

Besides, we may also need additional commercial and/or identification information from you e.g. if you send or receive certain high -value or high -volume transactions or as needed to comply with our anti-money laundering obligations under applicable law.

In providing the personal data of any individual (other than yourself) to us during your use of our Services, you promise that you have obtained consent from such individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data, for the purposes set out in this Privacy Policy.

We do not, however, collect and process any types of personal sensitive data without your prior consent or unless we are required to by law, for e.g. details about your race or ethnic origin, religious beliefs, personal health information, etc.

(d) Cooperation between XTransfer and Third -party Software Development Kit (SDK) Service Providers

In order to ensure the stable operation of the client and the realization of functions, so that you can use and enjoy more services and functions, our application will embed the SDK of authorized partners or other similar applications. You can use the "Third Party SDK Directory" (See Annex 1) View the SDK details of our authorized partners. We will conduct more stringent security tests on the application programming interface (API) and software tool development kit (SDK) for authorized partners to obtain relevant information, and agree strict data protection measures with authorized partners to comply with this policy and other Any relevant confidentiality and security measures to handle personal information. If you find that these SDKs or other similar applications are at risk, it is recommended that you immediately terminate the relevant operations and get in touch with us in time.

(e) Regarding data sharing, the following terms shall also apply:

Sharing with advertisers, media and other partners, we may cooperate with the aforementioned partners to use the processed masking data in various forms for commercial purposes, including optimizing advertising and improving marketing effectiveness. We will not share your identity information with the aforesaid partners unless otherwise authorized by you. We may provide these partners with ad serving strategy data or advertiser ad performance data instead of providing any personally identifiable information, otherwise we will aggregate this information so that it cannot be identifiable;

Your personal data collected and generated during our operations in the People's Republic of China will be stored on a third-party cloud server in mainland China.Based on the necessity of providing services, we may share your information with partners outside mainland, China or our affiliates, and we will obtain your authorization on the aforementioned sharing upon your request for using specific services, and you will be informed of the recipient of your information on the display page of the specific service.

We will use commercially reasonable efforts to make sure that the transfer and disclosure of your personal data meets the applicable local laws and regulations under the premise of complying with PRC laws , regulations and requirements. Meanwhile, we will also take all the reasonably necessary steps(including but not limited to encrypted transmission, limiting the scope of access, signing a data processing agreement with the data recipient or a cooperation agreement containing data processing terms to clarify the data protection responsibilities and obligations of both parties) to ensure that your personal data is processed securely and in accordance with the protection provisions of this Policy.

(f)Regarding Contact Information

If you have any questions, comments or suggestions about this Policy or data processing, you can contact us by email or phone via the following contact information:

Tel: 400-998-9930

E-mail: privacy@xtransfer.cn

You have the right to cancel your XTransfer account, you can send us a cancellation application through your registered email address 30 days in advance, and note the reason for cancellation to email:service@xtransfer.cn, we will process your cancellation request upon receipt.

(g)Regarding Definitions

We, means Shanghai Duohui Network Technology Co., Ltd and Shanghai Duochang Network Technology Co., Ltd.

Affiliated Companies, means Xtransfer Limited.

(h) Annexes

Annex 1 <Third Party SDK Directory>

Annex 2 <Invocation List of Device Permission>

Please be aware:

1. In order to ensure the realization and operation of XTransfer App functions in safe and sable ways/ provide you with personalized services, we may apply to invoke certain permissions of your mobile device.

2. This list will show the possible mobile device permissions that we may apply to invoke. With the upgrade of XTransfer App/our functions, such as changes in the type and purpose of device permissions applied for or used, we will update this list in time.

3. Please be aware that some third -party SDKs we use may also apply for to invoke certain permissions of your mobile device.

Invocation List of Device Permission for Android System

Invocation List of Device Permission for IOS System