Effective Date: July 21, 2025
This Privacy Policy (“Policy”) describes how Rukhex Technology (BVI) Limited (the “Company,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you access or use RWA Lab (the “Platform”). The Platform is a neutral information and resource hub for Real World Assets (“RWA”) issuance and investment, providing educational materials, curated project lists, and connections to intermediary services.
We are committed to protecting your privacy and handling your personal information in compliance with applicable data protection laws, including but not limited to the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) of Hong Kong, the General Data Protection Regulation (GDPR) where applicable, the California Consumer Privacy Act (CCPA), and other relevant regulations. By accessing or using the Platform, you consent to the practices described in this Policy. If you do not agree with this Policy, please do not use the Platform.
This Policy is designed to be clear, concise, and accessible, in line with the PDPO’s Data Protection Principles (DPPs), which emphasize fair collection, accuracy, appropriate use, security, transparency, and access rights. This Policy may be updated from time to time. We will notify you of material changes by posting the revised Policy on the Platform or through other communication channels. Your continued use of the Platform after changes constitutes your acceptance of the updated Policy.
1. Information We Collect
We collect personal information (as defined under the PDPO, meaning data relating to a living individual from which the individual’s identity can be directly or indirectly ascertained) to provide, improve, and secure the Platform’s services. Collection is limited to lawful purposes and is conducted fairly, with your informed consent where required. The types of information we may collect include:
a. Information You Provide Directly
- Account Information: When you register for an account, we may collect your name, email address, username, password, and other details you provide.
- Contact Information: If you contact us for support, inquiries, or feedback, we may collect your name, email address, phone number, and any other information you share.
- User-Generated Content: Comments, submissions, or other content you post on the Platform, which may include personal details.
- KYC/AML Information: In certain cases, to comply with regulatory requirements (e.g., for accessing specific features), we may collect identification documents, proof of address, or other verification data.
b. Information Collected Automatically
- Usage Data: Details about your interactions with the Platform, such as pages visited, time spent, search queries, clicks, and navigation patterns.
- Device and Log Data: IP address, browser type, operating system, device identifiers, referral URLs, and error logs.
- Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track user activity, store preferences, and analyze trends. You can manage cookie preferences through your browser settings.
- Location Data: Approximate location based on IP address (we do not collect precise geolocation without your consent).
c. Information from Third Parties
- Service Providers: Data from analytics providers, payment processors (if applicable), or integration partners.
- Public Sources: Information from publicly available sources or third-party services you connect to the Platform.
We do not intentionally collect sensitive personal information (e.g., racial or ethnic origin, political opinions, religious beliefs, health data) unless required for compliance purposes and with your explicit consent. All collection adheres to DPP1 of the PDPO, ensuring it is for specified purposes and not excessive.
2. How We Use Your Information
We use your personal information for the following purposes, in accordance with DPP3 of the PDPO (limiting use to the original collection purpose or directly related purposes, unless with your consent):
- To Provide and Maintain the Platform: Enable account creation, access to resources, and personalized features.
- To Improve Services: Analyze usage patterns to enhance functionality, content, and user experience.
- To Communicate: Send updates, newsletters, security alerts, or responses to your inquiries. You can opt out of non-essential communications.
- For Compliance and Security: Verify identities, prevent fraud, enforce Terms, and comply with legal obligations (e.g., KYC/AML checks).
- For Research and Analytics: Aggregate anonymized data for internal research, trend analysis, and Platform optimization.
- Marketing and Promotions: With your consent, promote relevant services or events. For direct marketing under the PDPO, we will obtain your explicit consent and provide an opt-out mechanism (you can withdraw consent at any time).
- Legal Purposes: Respond to legal requests, protect our rights, or resolve disputes.
We process your information based on legal grounds such as your consent, contractual necessity, legitimate interests, or legal obligations. We ensure accuracy of data (DPP2) and retain it only as long as necessary.
3. Sharing Your Information
We do not sell your personal information. Sharing is limited and complies with DPP3 of the PDPO. We may share it in the following circumstances:
- With Service Providers: Third-party vendors (e.g., hosting providers, analytics tools, email services) who assist in operating the Platform, bound by confidentiality and data protection agreements.
- With Affiliates: Within our corporate group for internal purposes, subject to this Policy.
- For Compliance: With regulatory authorities, law enforcement, or in response to legal processes (e.g., subpoenas).
- In Business Transfers: If we merge, acquire, or sell assets, your information may be transferred as part of the transaction.
- With Your Consent: For any other purpose with your explicit approval.
- Aggregated/Anonymized Data: Non-personal data shared for research or statistical purposes.
We ensure that any third parties receiving your information adhere to appropriate data protection standards. For cross-border transfers, we comply with PDPO requirements (including Section 33, if enforced) by using safeguards to ensure adequate protection in the recipient jurisdiction.
4. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, loss, misuse, or alteration, in line with DPP4 of the PDPO. These include encryption, access controls, and regular security audits. However, no system is completely secure, and we cannot guarantee absolute protection. You are responsible for maintaining the security of your account credentials.
In the event of a data breach involving personal data, we will notify the Privacy Commissioner for Personal Data (PCPD) and affected individuals as required under the PDPO amendments.
5. Data Retention
We retain your personal information only as long as necessary for the purposes outlined in this Policy, or as required by law, adhering to DPP2 of the PDPO. For example:
- Account data is kept while your account is active and for a reasonable period thereafter.
- Usage logs may be retained for up to 2 years for security and analytics.
- Compliance-related data (e.g., KYC) is retained as mandated by regulations.
When no longer needed, we securely delete or anonymize your information.
6. Your Rights and Choices
In accordance with DPP6 of the PDPO and other applicable laws, you have rights regarding your personal information, including:
- Access: Request a copy of your data (Data Access Request under PDPO).
- Correction: Update inaccurate information.
- Deletion: Request removal of your data (subject to legal exceptions).
- Objection/Restriction: Object to or restrict certain processing, including for direct marketing.
- Portability: Receive your data in a structured format (where applicable).
- Withdraw Consent: Revoke consent where processing is based on it.
- Opt-Out of Direct Marketing: You have the right to opt out of the use of your data for direct marketing at any time.
- Opt-Out of Sales/Sharing: Under CCPA/CPRA, opt out of any “sale” or sharing (though we do not sell data).
- Do Not Track: We respond to browser DNT signals where applicable.
To exercise these rights, contact us at [email/support address]. We may verify your identity before responding. Under the PDPO, Data Access Requests must be processed within 40 days, and we will not charge a fee unless the request is unfounded or excessive. Requests under other laws are processed within their respective timelines (e.g., 30 days under GDPR, 45 days under CCPA).
You can also manage preferences by adjusting account settings, unsubscribing from emails, or disabling cookies.
7. International Data Transfers
The Platform may be hosted in Hong Kong, and your information could be transferred to countries with different data protection laws. We use safeguards like contractual clauses or adequacy assessments to ensure compliance with PDPO requirements for cross-border transfers.
8. Children’s Privacy
The Platform is not intended for individuals under 18 years old (or the age of majority in your jurisdiction). We do not knowingly collect information from children. If we become aware of such collection, we will delete it promptly.
9. Third-Party Links and Services
The Platform may link to third-party websites or services (e.g., intermediary resources). We are not responsible for their privacy practices. Review their policies before interacting.
10. Contact Us
For questions, concerns, to exercise your rights, or to make a Data Access Request, contact us via “Contact Us”.
You have the right to lodge a complaint with the Privacy Commissioner for Personal Data (PCPD) in Hong Kong if you believe your rights have been violated.
11. Changes to This Policy
We may update this Policy to reflect changes in our practices or legal requirements. Changes will be posted on the Platform, and we encourage you to review it periodically.
By using the Platform, you acknowledge that you have read and understood this Policy.
