Purpose of Processing EU Personal Data Acquired from Customers and Other Subjects Concerned
GMO-Z.com Bullion HK Limited (hereinafter referred to as "Company", “we”, “our” and “us“), as a Bullion and Precious Metal Trading Business processing EU personal data, in accordance with the General Data Protection Regulation (effective on May 25, 2018) prescribed by the European Commission, we shall process customers’ EU personal data only within the scope necessary for the intended use that is specified and publicized in advance. However, in the case where it is required by laws and regulations, we may process EU personal data of customers and other subjects beyond the scope necessary for achieving the intended use specified and publicized in advance. Moreover, providing EU personal data is indispensable for fulfilling contractual agreement, and therefore if EU personal data cannot be provided at each customer’s own discretion, providing services to such customer may be hindered.
We may use your data for the following purposes:
- processing the Client's applications for opening accounts, financial accommodation or credit facilities or other services or products;
- daily administering and operation of the accounts, services and facilities provided to Client;
- conducting client identification and verification procedures and credit checks at the time of application and from time to time during the continuation of the business relationship between the Client and us whether at special or regular reviews;
- meeting the disclosure requirements under any law, regulations, guidelines, codes of practice or court orders binding on, or applicable to, us or any of its group companies, including but not limited to disclosure requirements relating to prevention of money laundering and terrorist financing;
complying with the obligations, requirements or arrangements for disclosing and using data that apply to us or any of its group companies or that it is expected to comply according to:
- a) any law binding or applying to it within or outside the Hong Kong Special Administrative Region (“Hong Kong”) existing currently and in the future (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
- b) any guidelines, guidance or requests given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future (e.g. guidelines, guidance or requests given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information) and any international guidance, internal policies or procedures;
- c) any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers (together the "Authorities" ) that is assumed by or imposed on us or its group company by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
- d) any agreement or treaty between Authorities;
- assisting other financial institutions to conduct credit checks and collect debts;
- designing services and products for the Client's use;
- your name and contact details may be used for marketing Leveraged Foreign Exchange trading, Over-the- counter Gold Bullion/Silver trading ,financial or related services and products of us and/or its group companies;
- ensuring ongoing credit worthiness of the Client;
- determining amounts owed to or by the Client from time to time;
- collecting amounts outstanding from the Client and/or other persons providing security for the Client's obligations;
- provision of reference (status enquiries) relating to the Client;
- conducting matching procedures by comparing data for producing or verifying data that may be used for or against the Client;
- enabling an actual or proposed assignee of us or an actual or proposed participant, sub-participant or transferee of our rights in respect of the Client to evaluate the transaction intended to be the subject of the assignment, participation, sub-participation or transfer; and
- purposes relating to the above
Rights of Customers and Other Subjects Concerned
Each customer or the other subject concerned has the following rights regarding EU personal data about himself or herself.
- (1) Right to access to his or her own EU personal data and other information relating to its personal data.
- (2) Right to rectify inaccuracies of his or her EU personal data without undue delay
- (3) Right to erase his or her EU personal data without undue delay
- (4) Right to restrict processing of his or her EU personal data
- (5) Right to receive EU personal data provided by customer or other concerned subject by himself or herself in a general format that is readable on computers, and right to transfer (i.e. data portability) the EU personal data to other organizations in order for them to manage without hindering transferring process.
- (6) Right to object to public interest; processing for the interests of Company, a third party or both; and processing for direct marketing for EU personal data of customers and other subjects concerned.
(7) Right not to be subjected to assessments conducted or decisions made through automatic processing such as profiling that have serious impact including legal effects on individuals.
Note: We do not perform profiling.
- (8) Right to lodge a complaint with a supervisory authority
Conditions for Processing of EU personal data
We may process EU personal data when any one of the following cases is applicable, even if we has not obtained consents from customers and/or others concerned.
- (1) When the processing is necessary for the execution of the contract where a customer or other subject concerned himself or herself is the contracting party. Or when processing is necessary in accordance with request from a customer or other subject concerned at the stage when the contract is not concluded yet.
- (2) When the processing is necessary to comply with the legal obligation that we shall abide by; for example, when following information disclosure orders based on laws and regulations from government agencies etc.
- (3) When the processing is necessary to protect serious interests of customers, other subjects concerned, or both.
- (4) When it is deemed appropriate to investigate, prevent, or take measures against illegal acts or suspicious acts.
- (5) When processing is necessary for legitimate interests pursued by a third party and we to the extent that it’s not infringed the right and profit, the freedom concerning the privacy
International Transfer of EU Personal Data
EU personal data is transferred to our group companies and outsourcing contractors such as cloud provider and IT service vendor located in Japan, countries other than Japan, or both; and may be stored in servers located in those respective country.
Japan and Hong Kong have not been recognized and determined as countries providing adequate data protection by the European Commission, however we manage EU personal data of customers and other subjects concerned appropriately.
In order to appropriately manage EU personal data of customers and other subjects concerned and prevent leakage, loss and damage of those EU personal data, including other safety management approaches, we carry out technical, physical, organizational and human related safeguards.
We jointly control EU personal data customers and other subjects concerned that we hold with our group companies in order to promote activities such as service development and service guidance; and communication with customers and other subjects concerned.
In addition, when we jointly control EU personal data with our group companies, the scope of responsibility relating to the processing of the personal data of customers and other subjects concerned, and the contact point for inquiries shall be clearly defined among us and group companies.
Items of EU personal data that we jointly control are stated as follows:
- ・Email address;
- ・Phone number;
- ・Contract details;
- ・All information contained in the Account Application Form
- ・Any other items necessary in accordance with the purpose of use (*)
*For details, please refer to the above section 1, “Purpose of Processing EU Personal Data Acquired from Customers and Other Subjects Concerned”
The joint controllers are the group companies of us that are listed on:
Note: Group companies may be changed in the future due to new establishment, consolidation, abolishment and other reasons.
Transfer of EU Personal Data
EU personal data belonging to customers and other subjects concerned are transferred to our group companies and outsourcing contractors such as cloud provider and IT service vendor to which we have subcontracted our business operation to the extent necessary for service provision.
In addition, we request appropriate processing of the transferred EU personal data to those outsourcing contractors, and manage EU personal data of customers and other subjects concerned appropriately
Archiving, Deletion, Disposal of EU personal data
Except where otherwise specified by laws and regulations, we define the retention period of EU personal data of customers and other subjects concerned within the scope necessary for the purpose of use. The retention period is 7 years.
After the defined retention period has expired or the purpose of use has been achieved, we erase EU personal data of customers and other subjects concerned without delay
Group-wide Data Protection Officer and Group-wide Representative for EU Personal Data
<Group-wide Data Protection Officer for EU Personal Data (G-DPO)>
GMO Internet, Inc.,
Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya ku, Tokyo, 150-8512 , Japan.
Email address: email@example.com
Enquiry form: https://secure.gmo.jp/en/gdprform/
<Group-wide Representative for EU Personal Data>
GMO Internet, Inc
Sandling Road, Maidstone, Kent
ME14 2LP, United Kingdom
E-mail address: firstname.lastname@example.org
Enquiry form: https://secure.gmo.jp/en/gdprform/
Claims and Inquiries
Disclosure and other requests of EU personal data
Requests for Disclosure, correction, addition, deletion, suspension of use, suspension of provision of third party, transferring (data portability) shall be dealt with in the following manner.
Please be aware that we will not accept requests by telephone, fax, email, verbally or by any method other than that laid out below.
Please print out our prescribed form and fill in necessary information.
After filling in, please enclose the necessary documents, and send them to the following address by certified mail.
GMO-Z.com Bullion HK Limited
Suites 1607-8, 16/F, Tower 6,
The Gateway, Harbour City, Kowloon, Hong Kong
In case of disclosure, correction and deletion requests, please fill the information required in "Disclosure and Other Requests on EU Personal Data" form and send its form to us.
You can contact us from the URL stated below.