Privacy Policy

Last Updated: July 2026

1. Introduction

Wanrong Technology (HK) Limited ("we", "our", "us", "the Company") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you access or use the AIOpayment platform and our Services.

This Privacy Policy is prepared in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of the Hong Kong Special Administrative Region ("PDPO") and other applicable data protection laws and regulations.

By using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described herein.

2. Personal Information Collection Statement (PICS)

In accordance with the PDPO, this Privacy Policy serves as our Personal Information Collection Statement. It informs you of:

a) The types of personal data we collect;

b) The purposes for which we collect and use your personal data;

c) Whether the supply of personal data is obligatory or voluntary, and the consequences of failure to supply;

d) The classes of persons to whom your personal data may be transferred;

e) Your rights to access and correct your personal data;

f) The contact details of the person responsible for handling data access and correction requests.

3. Types of Personal Data We Collect

We may collect the following categories of personal data:

3.1 Identity Information: Full name, date of birth, nationality, Hong Kong Identity Card number or passport number, and copies of identification documents.

3.2 Contact Information: Email address, telephone number, mailing address, and registered business address.

3.3 Business Information: Company name, business registration number, articles of incorporation, business license, shareholder and director information, ultimate beneficial owner information, and business activity descriptions.

3.4 Financial Information: Bank account details, transaction records, payment history, settlement information, and credit references.

3.5 Technical Information: IP address, browser type and version, operating system, device information, access times and dates, pages visited, and other diagnostic data.

3.6 KYC/CDD Information: Information collected as part of our Customer Due Diligence and Enhanced Due Diligence processes as required by applicable AML/CFT laws and regulations, including source of funds declarations and supporting documentation.

3.7 Transaction Information: Details of Transactions processed through our Platform, including payer and payee information, Transaction amounts, currencies, dates, and purposes.

4. How We Collect Your Personal Data

We collect personal data through the following means:

a) Directly from you when you register for an account, complete KYC/CDD forms, or communicate with us;

b) Automatically through your use of our Platform and Services (e.g., cookies, log files, analytics);

c) From third-party sources, including credit reference agencies, fraud prevention agencies, sanction screening databases, and publicly available sources, as necessary for compliance purposes;

d) From our business partners, such as acquiring banks, card networks, and payment service providers.

5. Purposes of Collection and Use

We collect and use your personal data for the following purposes:

5.1 Service Provision: To provide, maintain, and improve our Services, including processing Transactions, managing your account, and providing customer support.

5.2 Identity Verification and KYC: To verify your identity and conduct Customer Due Diligence as required by the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) and other applicable laws.

5.3 Compliance and Risk Management: To comply with our legal and regulatory obligations, including AML/CFT screening, sanctions screening, fraud detection and prevention, suspicious Transaction monitoring and reporting to the Joint Financial Intelligence Unit (JFIU), and other regulatory reporting.

5.4 Communication: To communicate with you about your account, Transactions, Service updates, and to respond to your inquiries.

5.5 Business Operations: To manage our business operations, including billing, accounting, auditing, and internal reporting.

5.6 Improvement and Analytics: To analyze usage patterns, improve our Platform and Services, and develop new products and features.

5.7 Marketing (with consent): To send you information about our products, services, and promotions, subject to your consent as required by applicable law. You may opt out of marketing communications at any time.

5.8 Legal Proceedings: To establish, exercise, or defend against legal claims.

6. Obligatory vs. Voluntary Supply of Data

The supply of certain personal data is obligatory to enable us to provide our Services and comply with our legal obligations. If you fail to supply such obligatory data, we may be unable to:

a) Establish or maintain your account;

b) Process your Transactions;

c) Comply with our regulatory obligations, which may result in the suspension or termination of your account.

Where the supply of personal data is voluntary, we will indicate this at the point of collection.

7. Disclosure and Transfer of Personal Data

We may disclose or transfer your personal data to the following classes of persons, as necessary for the purposes set out in this Privacy Policy:

7.1 Affiliated Companies: Our subsidiaries, affiliates, and related companies for operational and administrative purposes.

7.2 Financial Institutions and Payment Networks: Acquiring banks, issuing banks, card schemes (Visa, MasterCard, American Express, Discover, UnionPay International, JCB), correspondent banks, and other financial intermediaries involved in Transaction processing.

7.3 Service Providers and Data Processors: Third-party vendors who provide services on our behalf, including cloud hosting, data storage, IT support, identity verification, fraud detection, payment processing, and audit services. These providers are contractually bound to process your data only on our instructions and in compliance with applicable data protection laws.

7.4 Regulatory Authorities and Law Enforcement: The Hong Kong Customs and Excise Department, the Hong Kong Monetary Authority, the Joint Financial Intelligence Unit (JFIU), the Office of the Privacy Commissioner for Personal Data (PCPD), law enforcement agencies, courts, and other governmental or regulatory bodies as required by applicable law.

7.5 Professional Advisers: Our legal counsel, auditors, accountants, and other professional advisers, subject to confidentiality obligations.

7.6 Business Transferees: In the event of a merger, acquisition, reorganization, or sale of all or part of our business or assets, your personal data may be transferred to the successor entity, subject to this Privacy Policy.

7.7 With Your Consent: Any other person or entity with your explicit consent.

8. Cross-Border Data Transfer

8.1 Your personal data may be transferred to, stored in, and processed in jurisdictions outside the Hong Kong Special Administrative Region, including but not limited to Mainland China, the United States, the European Union, Australia, and Singapore, where we or our service providers maintain operations.

8.2 Data protection laws in these jurisdictions may differ from those in Hong Kong and may not provide the same level of protection as the PDPO.

8.3 We will take all practicable steps to ensure that any cross-border transfer of your personal data complies with applicable data protection laws and that appropriate safeguards are in place, including:

a) Entering into data transfer agreements with recipients that impose data protection obligations equivalent to those under the PDPO;

b) Obtaining your prescribed consent where required by law;

c) Conducting due diligence on recipients to ensure they can adequately protect your personal data.

8.4 By providing your personal data to us, you acknowledge and consent to the transfer of your personal data outside Hong Kong as described in this Privacy Policy.

9. Data Security

9.1 We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, damage, alteration, or disclosure. These measures include:

a) Encryption of data in transit (TLS/SSL) and at rest;

b) Access controls, including multi-factor authentication and role-based access;

c) Regular security assessments, penetration testing, and vulnerability scanning;

d) Physical security measures at our data centers and offices;

e) Staff training on data protection and information security;

f) Incident response and business continuity procedures.

9.2 While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

10. Data Retention

10.1 We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law.

10.2 In general, we retain your personal data for the duration of your business relationship with us and for a period of at least seven (7) years after the termination of that relationship, in accordance with Hong Kong statutory record-keeping requirements for MSO licensees under the AMLO.

10.3 When personal data is no longer required, we will securely destroy, erase, or anonymize it in accordance with our data retention and destruction policies.

11. Direct Marketing

11.1 We may use your personal data (including your name, email address, and telephone number) to send you marketing communications about our products, services, and promotions.

11.2 We will only use your personal data for direct marketing purposes if we have obtained your consent, or where permitted by applicable law.

11.3 You may opt out of receiving marketing communications at any time by:

a) Clicking the "unsubscribe" link in any marketing email;

b) Contacting us at the details provided in Section 14 below.

11.4 We will not transfer your personal data to any third party for their direct marketing purposes without your explicit consent.

12. Your Data Protection Rights

Under the PDPO, you have the following rights:

12.1 Right of Access: You have the right to request access to your personal data held by us. We may charge a reasonable fee for processing your access request.

12.2 Right of Correction: You have the right to request correction of any inaccurate personal data held by us.

12.3 Right to Withdraw Consent: Where we process your personal data based on your consent, you have the right to withdraw your consent at any time.

12.4 Right to Erasure: You may request the erasure of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal and regulatory obligations to retain certain data.

12.5 To exercise any of these rights, please contact us using the contact details in Section 14. We will respond to your request within the timeframes required by applicable law (generally within 40 days for access requests).

13. Cookies and Similar Technologies

13.1 Our Platform uses cookies and similar tracking technologies to enhance your browsing experience, analyze usage patterns, and deliver personalized content.

13.2 Essential Cookies: Required for the proper functioning of our Platform. These cannot be disabled.

13.3 Analytics Cookies: Help us understand how visitors interact with our Platform by collecting and reporting information anonymously.

13.4 Functional Cookies: Enable enhanced functionality and personalization.

13.5 You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Platform.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer:

Company Name: Wanrong Technology (HK) Limited

Address: SUITE 12 ROOM 1206A 12/F CHEUNG SHA WAN PLAZA TOWER 2, 833 CHEUNG SHA WAN ROAD, KOWLOON, HONG KONG

Email: services@wrhongkong.com

Phone: +852-47480764

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically.

16. Language

This Privacy Policy is published in both English and Chinese. In the event of any inconsistency or conflict between the two versions, the English version shall prevail.