Privacy policy
1. Overview
At WorldFirst, we pride ourselves on maintaining the highest level of security, transparency and integrity in our work, and recognise the importance of protecting and respecting your personal data.
To provide you with our services we need to know things about you. We will only collect information we need to provide you with the services you have requested or as permitted by applicable law. We will always handle your information with the utmost care.
Any information we receive about you will be subject to strict controls to minimise the risk of misuse – including unauthorised access to, or disclosure of, your personal data. This Privacy Policy applies to information that WorldFirst may collect about visitors to its website (even if you do not become a customer), companies and individuals who register for its services, and continue using its services, and any other person who contacts WorldFirst over the telephone or in writing.
Please read this Privacy Policy carefully, together with our World Account Asia Terms and Conditions and any other documents referred to within or provided to you when you sign up to our services or from time to time as you use our services. For the purpose of this Privacy Policy and in accordance with the Personal Data (Privacy) Ordinance (Cap. 486), the term “personal data” means any data relating directly or indirectly to a living individual, from which it is practicable for the identity of the individual to be directly or indirectly ascertained and in a form in which access to or processing of the data is practicable (for example, name, address and contact information). It does not include anonymous data or any data which cannot be linked back to you.
2. Who we are
We are World First Asia Limited (referred to in this Privacy Policy as “WorldFirst”, “we”, “us” or “our”) with our company address: 20/F, Tower One, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong.
WorldFirst acts as the “data controller” of your personal data for the activities described in this Privacy Policy. That means WorldFirst is the legal entity deciding why and how your personal data is collected and used.
If you would like to know more about any of the terms of this Privacy Policy, please contact our Privacy Office (please see Section 13 below) so that we can help you with any questions or concerns.
3. What information do we collect? And how do we collect it?
Information you provide to us
To open an account or use WorldFirst services, you will be asked to provide identifying information about yourself (e.g. name, address, contact details like email or phone number, date of birth) and your company (together, “Account Information”), together with documents to verify the information provided – such as, proof of identification such as identity card or passport details, proof of address, biometric information such as your facial image or voiceprint details, information about your employment, source of wealth and source of funds such as copies of your proof of income and business registration information (together, “Identification Information”). You will also be asked to provide “Profile Information” including your username and password.
In order to make payments, you will be asked to provide the information required to facilitate the payment – e.g. Payer/payee Information (see below) and certain Transaction Information (see below) – in particular, bank account details and source of funds.
Through the course of our business relationship, we may ask for additional evidence in order for us to comply with our legal obligations – e.g. anti-money laundering regulations. These can include, but are not limited to, documents required to verify any information provided or evidence of source of funds (“KYB/AML Information”).
Information we collect and generate when you use our website and services
Our website uses cookies to provide you with a better experience on our website, for fraud prevention and to provide internet-based advertisements such as banner advertisements on our website.
The WorldFirst user community participants will have their sessions recorded to allow us to capture the feedback to improve our services and help with the development of new products.
For the detection and prevention of fraud and cyber-crime, we will collect information, including session, device and IP address (“Device Information”) to help ascertain the legitimacy of the account login. We will also collect information about your activities on and use of our website including, for example, browser history, product engagement, IP address or other unique identifiers, and other information regarding your interaction with our website and our advertisements (“Usage Information”).
For the purposes of risk control and development of new products and value-added services, we may conduct data analysis based on your usage of our services, and generate information about your preferences and risk scores/tags (“User Portrait”).
Public information
For non-registered users, we may contact you using publicly available information or information from third parties (i.e., name and contact details), which you have consented to being shared, to let you know about products that could be relevant for your business. Such third party sources include, for example, social media platforms, company registration lists, and telephone and other publicly available directories.
Transactional information
Once your account is fully set up and you begin to transact with us we will collect, process and store your WorldFirst financial and transactional information. This information includes the amount, currency, type of transaction, source of funds, exchange rate, recipient name and bank details (together, “Transaction Information”). Such information may come from other banks and payment institutions.
Information about you that we receive from third parties (“Third-party Information”)
To protect ourselves and our customers against fraud, we verify the information you provide (e.g., the KYB / AML Information) with anti-fraud agencies, electronic identity verification services, government registries and other sources of public records. In the course of verification, we receive and process information about you from such services. It may include the collection of biometric information (via facial recognition technologies) used for real identity verification and authentication purposes.
Information may also be collected from our affiliates, credit reference agencies and risk analysis service providers, such as credit reports and risk scores/tags.
To facilitate the payment and/or other value-added services provided to you, we will collect information about you or your company from our business partners (e.g. the e-commerce platforms or financial service providers designated by you).
Communications
All calls (including video calls) are recorded and correspondence retained for the purposes of quality control, security and training, as evidence of transactions and to fulfill regulation requirements. Any information you disclose to us will be held on these recordings in compliance with applicable law (“Call Recording Information”).
Individuals who are not registered users of WorldFirst
- Connected parties
WorldFirst will collect information about connected parties to a WorldFirst client during the course of the business relationship from the client to comply with our legal obligations – e.g. directors, shareholders, ultimate beneficiary owners, and/or suppliers of a WorldFirst client (“Connected Party Information”). Where customers provide this information, they are responsible for bringing this Privacy Policy to the attention of the individuals concerned.
- Payers and payees
WorldFirst will collect information required to be able to send a payment to an individual or collect a payment from an individual, who may not be a WorldFirst client. This may include name, contact details and bank account details that are required to process the payment (“Payer/payee Information”).
4. What do we use your information for?
The purposes for which we process your personal data include:
| Category of Personal Data | Purpose of Processing |
|---|---|
| All personal data in Section 3 above other than Usage Information, User Portrait, Payer/payee;Information and Device Information | Registration and Administration: We use your personal data to enable you to register with us. Onceyou have an account with us we will use your personal data to contact you and to reply to any queries or requests. We will use your personal data in the administration of your account, which includes us contacting you in order to update your account details (this assists with keeping our records up to date or in order), to notify you of changes or improvements to our products or services that may affect our service to you, or to send you notices and disclosures as required by law – you cannot opt-out of the receipt of these service messages. |
| All personal data in Section 3 above other than Usage Information and Device Information | Provide Payment Services: We use your personal data in order to supply our products and services to you, including, enabling transactions and facilitating payments, and to meet our contractual obligations to you. This will include the sharing of your personal data with other financial institutions, including banks, money service operators and payment service providers, to manage risk and meet their legal and regulatory obligations, such as conducting verification checks on payers, payees and transactions (see Section 5 below). |
| Account Information, Identification Information, Profile Information, KYB/ AML Information, User Portrait, Transaction Information, Third-party Information, Connected Party Information | Provide Value Added Services: We cooperate with various business partners to offer value-added services for our clients, including but not limited to assisting your applications to open and manage a store on certain e-commerce market places or for financial products provided by our business partners. With your specific authorisation, we will share your personal data with trusted business partners designated by you. |
| Usage Information, Device Information, User Portrait | Improve Our Products and Services: To understand our customers’ actions, behaviours, preferences, transactions, expectations, and feedback in order to improve our products and services, develop new products and services, including to design financial services or related products for your use, and to improve the relevance of offers of products and services by us. |
| Account Information, Profile Information, Identification Information, KYB/AML Information, User Portrait, Payer/payee Information, Transaction Information, Third-party Information | Prevention and Detection of Crime: We are subject to strict anti-money laundering and counter-terrorist financing regulations which require us to undertake due diligence on our customers and their beneficiaries. This may include the conduct of soft searches through an identity-referencing agency and through other sources of information and the use of scoring methods to identify risk and to verify identity. These activities may involve the use of electronic verification tools (such as, facial recognition technologies) and the collection of biometric data. It may also include the sharing of personal data with police, law enforcement, tax authorities or other government and fraud prevention agencies. |
| Name and contact details, User Portrait | Direct Marketing: We may use your information to keep you up to date concerning WorldFirst Group Companies’ products and services, tell you about new products/ services or to ask about your experience with us. We may provide you with personalised advertising, to show you products and services that may be of interest to you or your business. You can opt-out from direct marketing or adjust your personal preferences at any time. The classes of services, products and subjects that may be marketed include money services, payment services, financial services, foreign exchange services, reward programmes, loyalty programmes, privileges, co-branding programmes and promotions for related products and services. |
| Call Recording Information | Monitoring: We record all our telephone, audio and video calls for security and training purposes, e.g., to assess the quality of our customer services and to provide staff training. |
| All personal data in Section 3 above | To defend and enforce our rights including, against legal claims that involve us or other WorldFirst Group companies, to manage regulatory matters, investigations, data breaches, and/or data subject requests, and to administer our business (including for legal, internal and external reporting and accounting purposes), including reporting and accounting within the WorldFirst Group Companies. |
| All personal data in Section 3 above | To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by us or any WorldFirst Group Company. |
| All personal data in Section 3 above | To enable analysis within the WorldFirst Group Companies in relation to any of the above purposes. |
| Designated information | With your instruction or consent from time to time, to share your personal data with third parties as independent controllers for the third party’s own use. |
5. Who do we share your data with?
We will only share your personal data with other companies in accordance with applicable data protection laws.
WorldFirst Group Companies
“WorldFirst Group Companies” refer to the companies owned (whether partially or wholly) by Ant Group. WorldFirst Group Companies will access and process your personal data categories included in Section 3 to assist in the provision of services to you including, for back-up purposes, to assist with compliance and anti-money laundering activities and for internal audit and risk control purposes. However, the way information is accessed, processed and transmitted and our level of security remains consistent across WorldFirst Group Companies.
Banking Partners
WorldFirst uses various banking partners around the world to ensure your payment can get to where it needs to go as quickly as possible. When you transact with WorldFirst, we will need to share your personal data with payment providers or banking partners, including those located outside of Hong Kong, such as intermediary or beneficiary banks – e.g. if you ask us to make a USD payment to China, the funds may be cleared through an intermediary bank in the United States before reaching China.
For transparency, verification and legal requirements, we are required to include certain information on the payment which could include: Account Information, Payer/payee Information, Identification Information, KYB/AML Information and Connected Party Information.
In addition, where you use the services of a banking partner of ours, and/or a banking partner requests us to provide certain data about you according to your authorisation, we may share your personal data with such banking partner to provide the relevant banking services to you.
Trusted Partners
We work with certain platforms, that refer merchants and participants to the services and platforms provided by us. If one of our trusted partners introduced you to us, we may provide them with your personal data that is necessary to fulfil our contractual obligations with the partner.
We may also cooperate with trusted partners to provide value-added services for you. Such value-added services may include, without limitation to, helping you to open and manage a store on designated e-commerce platform, or assisting your application for financial services provided by our trusted partners. We may share your personal data to such trusted partners, in order for them to evaluate and determine whether you are suitable for their services, and help detect and prevent fraud, money laundering and other criminal or abusive behaviour. We require trusted partners to undertake a strict confidentiality obligation and not to use your data that we share with them for any other purposes. We would also require trusted partners to adopt sufficient technical security measures to protect your data.
Additionally, we may share your contact details with a trusted partner for their direct marketing purposes if you have provided us with consent as required under applicable law. You may opt-out from direct marketing or adjust your personal preferences at any time.
Advertising Providers
We may share personal data with companies that help us with our marketing efforts, including social media platforms, advertising networks, and AdTech companies. This allows us to serve interest-based advertisements that may be more relevant to you.
Contractors, Professional Advisors and Service Providers
We may share any personal data identified in Section 3 above with our contractors, professional advisers and third party service providers who provide administrative, customer support, telecommunication, computing, remittance, background checks, web hosting, marketing and advertising services, audit and compliance, identity authentication, or other services to us in connection with the operation or maintenance of our products and services. We may also share your personal data with vendors to help detect and protect against fraud or data security vulnerabilities.
Regulators and law enforcement agencies
We may share your personal data as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. This may include all personal data identified in Section 3 above.
Other Parties
We may share your personal data with actual or proposed entities involved in any merger, acquisition, corporate reorganisation or financing, or similar transaction with us, including in the event of the sale of all or part of our assets. All personal data categories included in Section 3 may be disclosed on a need-to-know basis depending on our business needs and the type of corporate transaction.
Also, we may share your information with any person acting on your behalf provided that you have given us the permission to do so.
6. Transfer of your personal data outside of Hong Kong
Our operations are supported by a network of computers, servers and other infrastructure and information technology, including third party service providers – as identified in Section 5 above. Some of these are established in countries and regions outside of Hong Kong. Your personal data identified in Section 3 above, are transferred outside of Hong Kong as permitted by applicable data protection and privacy laws and regulations, including but not limited to the following countries and regions: Australia, Japan, the Netherlands, the United Kingdom, the United States, China, Singapore and Malaysia.
The laws and privacy regulations of each country / region may differ from Hong Kong. Where we share or transfer your data outside of Hong Kong, we will ensure that the recipient is based in a country or region with adequate data protections under local laws, or that we otherwise impose contractual obligations or require the recipient to be certified with a framework of protection deemed suitable by WorldFirst.
7. How long do we keep your personal data for?
WorldFirst will only retain your personal data for as long as is necessary for the purposes for which we have collected your personal data and will not hold or process your personal data for any longer than we are legally permitted to. The criteria used to determine the appropriate retention periods include:
- Regulatory requirements WorldFirst is subject to
- Limitation periods and whether legal claims may be brought against WorldFirst
- Necessity of information to provide our service to our customers or otherwise for the purposes of collection that we notified you
- The types of personal data being processed
- The legal basis for processing your personal data – e.g. consent
Information about connected parties and beneficiaries, which may not belong to a WorldFirst client, are stored for a period to comply with applicable legal requirements.
8. Direct marketing
Whether you are a registered WorldFirst user or a visitor to our website, WorldFirst Group Companies may, with your consent, use your personal data to perform direct marketing activities to keep you updated about our products, market or exchange rates and market updates.
We will seek your consent for direct marketing activities in accordance with applicable law.
If you change your mind on which communications you would like to receive or how you would like to receive them or you decide that you do not wish to receive direct marketing communications, you can unsubscribe at any time by:
- if you are a registered user, managing your preferences through the World First Online trading platform; or
- clicking the link to unsubscribe at the bottom of any direct marketing email that you receive.
You will not miss any service we provide by not choosing to receive marketing from us and you can change your mind whenever you like as often as you like.
9. What are your rights?
You have certain rights in respect of your personal data as outlined below:
- to ask for a copy of the information WorldFirst holds about you;
- to ask for information that WorldFirst holds about you to be corrected or updated without charge; and
- object to direct marketing (see Section 8 above).
If you would like to exercise any of the above rights, please contact our Privacy Office by emailing privacy@worldfirst.com or writing to the address below and we will respond to your request.
Address of WorldFirst
Privacy Office
20/F, Tower One, Times Square
1 Matheson Street, Causeway Bay
Hong Kong
However, please note that the above rights are not absolute and may be subject to limitations. Where we are legally permitted to, we may decline your request in full or in part, but we may provide an explanation with the response.
As necessary we will request you to provide proof of identity and to provide sufficient information to enable us to locate relevant information and verify that the person making the request is entitled to do so.
Non-registered users (e.g. website users, connected parties and payees) have the same rights as any registered users and may contact WorldFirst to request for any of the above.
10. Security of personal data
We store all data electronically and physically in a manner aimed at securing and protecting the data’s confidentiality, integrity and availability. Data is stored on servers which are protected by actively maintained firewalls. We make use of up-to-date anti-virus software and our servers have restricted access.
If you provide paper-based documentation for the purpose of identity verification these will be stored electronically and the original will be destroyed securely or returned to you.
Transmission of data on the internet can never be completely secure. We do not and cannot guarantee the security of information collected or transmitted electronically however, we take reasonable care to safeguard your personal data.
If you suspect any unauthorised use of or access to your account or information, please contact us immediately.
11. What if I am unhappy?
If at any time you are not happy with how we handle your personal data, you can make a complaint to us. For further information, please see our Complaints Policy.
We would really like the opportunity to set things right with you, but you also have the right to raise any data protection concerns directly with a data protection authority, including the Office of the Privacy Commissioner for Personal Data of Hong Kong.
12. External links
Our website may contain links to other third-party websites, which may have privacy policies/statements that differ from our own. We are not responsible for the activities and practices that take place on these websites.
Accordingly, we recommend that you review the privacy policies/statements posted on any website that you may access through our website.
13. Contact us
If you would like to get in contact with us, please contact our Privacy Office by sending an email to privacy@worldfirst.com or by writing to the address below.
Address of WorldFirst
Privacy Office
20/F, Tower One, Times Square
1 Matheson Street, Causeway Bay
Hong Kong
14. Changes to our Privacy Policy
We may change, amend or revise this Privacy Policy from time to time including, for example, in response to changing legal, technical or business developments. You can view the latest version of this Privacy Policy on our website at any time and you are encouraged and responsible for consulting the latest version of this Privacy Policy before making use of the services referenced in this Privacy Policy.
Once posted on our website the new Privacy Policy will become immediately effective.