1. About Serai and our Privacy Policy

1.1 Serai Limited (us, we, or Company) operates and provides Serai to you (you).

1.2 This Privacy Policy sets out how we collect, use and share personal data collected from you as a user of Serai.

1.3 This Privacy Policy also explains how we ensure that your personal data stays secure and confidential and how we comply with data protection laws.  
‍
1.4 Serai Limited is the data controller (or similar role as is used in applicable data protection laws) and can be contacted at Level 23, One Island East, 18 Westlands Road, Quarry Bay, Hong Kong or at privacy@seraitrade.com. 

1.5 Capitalised terms used in our Privacy Policy have the same meanings as those defined in our Terms of Use.

1.6 Reference to "personal data" in this Privacy Policy, shall also include reference to "sensitive personal data" (or such similar term), if any, as defined in applicable data protection laws.‍

2. The types of personal data we collect and how we collect personal data

2.1 For the purposes outlined in Clause 3, we may request, collect and process the following information about you:‍

(a) Information you give us (for example when you register for an account, sign up to newsletters or otherwise communicate with us)–, which may include personally identifiable information of you, your employees and individual shareholders such as

• names
• email addresses
• telephone numbers
• street addresses
• profession
• work titles
• work experience
• social media accounts
• solutions and products
• information and demographic data
• proprietary information about your business
• photographs
• audio responses
• any other personal information you give us
  ‍

(b) Information we automatically collect about you when you use Serai, for example:

• information about how you use Serai, including which solutions your have purchased, details of transactions conducted on Serai, what you click on and/or tap when using our services and transaction pattern behaviour
• general diagnostic and usage data, including various unique system or hardware identifiers, information about your device, operating system and application software
• if you enable location services, the real-time geographic location of your device and location search queries
• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet and your log-in information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
  
•  information about your visit, including the full Uniform Resource Locators (URLs), clickstream to, through and from Serai (including date and time), profiles and products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
  ‍
  

(c) Information you give us (for example when you register for an account, sign up to newsletters or otherwise communicate with us)–, which may include personally identifiable information of you, your employees and individual shareholders such as

• when you are being invited to join Serai
• provided to us by your employer or colleagues
• details of solutions you have purchased via Serai from our partners and external providers of Third Party Solutions
  ‍
  

2.2 We only retain personal data for so long as it is reasonably necessary to fulfil the purposes outlined in this Privacy Policy and as required under applicable data protection laws.

In some circumstances, we may retain your personal data for longer periods of time, for instance where we are required to do so to meet legal, regulatory, tax or accounting requirements. 
‍
In specific circumstances, we may also retain your personal data for longer periods of time (and where permitted to do so under applicable data protection laws), so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings.

2.3 Where you provide to us personal data about another person, you must give to that person a copy of this Privacy Policy and, in particular, tell him or her how we may use his or her data, and obtain their permission to share their details with us.

2.4 Certain personal data is required for the provision of our solutions and products. If you are unable to provide us with the personal data we require (for example, data which is marked as mandatory), we may not be able to provide you with all or some of our solutions and products.

2.5 For California, USA residents, please see Appendix B for the categories of personal data collected, and specific information required under applicable data protection laws.

Back to top ↑
‍

3. How we use personal data

3.1 We will only use your information where we have your consent or we have another lawful reason for using it. These reasons include where we: 

• need to process the information to enter into or carry out an agreement we have with you
• need to process the information to comply with a legal obligation
• need to pursue our legitimate interests
• believe the use of your information as described is in the public interest, e.g. for the purpose of preventing or detecting crime
• need to establish, exercise or defend our legal rights.

3.2 We use and intend to use the information we collect or hold about you for the following purposes:

• providing our services and solutions and products such as account creation and management, providing the search, connect and messaging functions on Serai and access to Third Party Solutions
• providing you with alerts, updates, materials or information about our services or other types of services or information
• conducting data analytics, such as analysing trends, usages and other user behaviours (whether on an individualized or aggregated basis to derive insights
• administrating your account, including sending push notifications from time to time in order to update you about your Serai account activities and service related information
• identifying your Account’s tier, subscriptions and purchased solutions
• communicating with you and responding to your questions or requests
• improving and designing new solutions
• improving and developing Serai, such as launching and supporting new features so we can present content and information on Serai in the most effective manner for you and for the device you use
• conducting big data analytics and commercial exploration of big data applications;
• verifying your identity
• detecting anomalies and preventing and/or remediating fraud or other potentially prohibited or illegal activities and otherwise protecting the integrity of Serai
• responding or taking part in legal proceedings, including seeking professional advice
• complying with laws and regulations applicable to us
• all other legitimate business purposes and purposes directly related or incidental to the above.
  ‍

3.3 We will notify you if we wish to use your personal data for purposes other than those stated in this Privacy Policy and, where required by applicable data protection laws, shall obtain your consent for such purposes.

3.4 Where you are a resident or place of work is in the European Economic Area (EEA), we need to have a lawful reason for processing your personal data. We have set out in Appendix A further details of how we will use your information, including the lawful reasons we rely on when processing your personal data as described in this Privacy Policy. Please note, that where you are in the EEA, we will not rely on your consent to the collection and processing of your personal data (other than for direct marketing).
‍

Back to top ↑
‍

4. Disclosure and transfer of personal data

4.1 We may disclose your personal data to the following categories of third parties:

• any agents, contractors, and service providers which provide services to us in relation to the operation of our business (including without limitation administrative, telecommunications, computer, payment, processing or investigation services)
• other users of Serai who may be associated with your Business for account creation and management purposes
• other users of Serai to perform searches and communicate with you
• any member of our group, which includes our ultimate holding company, and its subsidiaries or affiliates
• our partners and external providers of Third Party Solutions who may offer their solutions on Serai (on a need-to-know basis only and in order to connect your Account to your selected Third Party Solutions)
• any persons under a duty of confidentiality to us who requires the personal data in the course of their duties (including auditors and advisors)
• any person to whom we propose to sell, assign or transfer, or has sold, assigned or transferred, all or any part of our business and/or asset
• persons to whom we are required to make disclosure under applicable laws and regulations in or outside of the country or region of your residence or place of work (which may include the government, regulatory authorities or law enforcement bodies) or if a regulatory authority or law enforcement body so requires.

4.2 We use a third party payment processor (Payment Processor) to assist in processing your payment information when you make a purchase on Serai. Your payment details such as your credit card number and CVV are collected directly by our Payment Processor. We do not have visibility or store your credit card details and we do not control and are not responsible for the Payment Processor or their collection or use of your information. You may find out more about how our Payment Processor stores and uses your payment information by accessing our Payment Processor’s privacy policy.

We comply with data protection laws when we disclose or transfer personal data

4.3 All of the transfers referred to in Clause 4.1 may occur within or outside the country or region in which you live or work. All of our servers are located in Hong Kong. If we transfer your personal data outside such country or region, we will ensure a comparable degree of security in accordance with the applicable data protection laws and (where required under applicable data protection laws) ensure at least one of the following safeguards is in place:

• only transferring data to countries that have been approved by the relevant data protection regulatory authority as providing an adequate level of protection for personal data
• ensuring appropriate contractual protections with the entity to which we are transferring the personal data to as required under applicable data protection laws, which may include entering into standard contractual clauses or data processing agreements
• ensuring there is no unnecessary sharing of personal data
• tracking data that has been shared by way of a data log.

4.4 Where you are a resident or place of work is in the EEA, you have the right to ask us for more information about the safeguards we have put in place as mentioned above.

4.5 Where you are a California, USA resident, we need to provide you with information about why we disclose your personal data. Please see Appendix B. Where such disclosure constitutes a sale, you have the right to opt out of the sale of your data to such third party

5. Use of personal data for direct marketing

5.1 We intend to use your personal data in direct marketing, and in certain jurisdictions we can only do this with your consent. You undertake to us that you have the authority to provide personal data to us for this purpose. 

5.2 We may use your name, contact details (including address, contact number, email address, profession, social media accounts), solutions  information, transaction pattern and behaviour, background and demographic information for direct marketing. 

5.3 We may send you targeted and promotional offers, and invitations to events (such as seminars/webinars/tele-seminars, conferences or live programmes) via fax, email, direct mail, telephone (including push notification) and other means of communication. 

5.4 In jurisdictions where we are required by applicable data protection laws to inform you the specific categories of solutions which the direct marketing will relate to, the categories of solutions offered by us, our group members or our Third Party Solutions providers our business partners are:

•  financial, insurance, credit card, banking, risk and related solutions and products (including marketing affiliates programs we are a part of)
  
• business networking services, buyer/supplier discovery tools, import/export facilitation services, marketplace services, market research and competitor intelligence reports
• counterparty verification, search and insight tools and solutions
• reward, loyalty or privileges programmes
• solutions and services for which you have indicated interest for or which we believe may be of particular relevance to you.

5.5 We may also transfer your personal data to our group members so that they may also send you direct marketing on the solutions and products mentioned above. However, in certain jurisdictions we cannot do so without your consent.

You can opt out of our direct marketing

5.6 Where required under applicable laws, we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you. If at any time you, or any other person whose personal data you have provided to us (and provided such person has provided consent to direct marketing), do not wish us to use the personal data for direct marketing as described in Clauses 5.1 to 5.5 above, please contact us at unsubscribe@seraitrade.com, or use the unsubscribe link at the bottom of the direct marketing communication, and we will cease to do so, without charge.