Security & Compliance

Overview

This End User License Agreement (“EULA”) is a legal and binding agreement between Salt Edge Inc., including its subsidiary Salt Edge Limited, respective affiliates, related companies, unaffiliated partners and/or licensors (together herein referred to as “Salt Edge”) and you or the company, organization or other legal entity that you represent (“Licensee”) and governs Licensee’s use of the functionality enabling access to financial account for the purpose of (i) receiving financial data aggregation and enrichment services, or (ii) initiating a payment transaction through the Developer Application (as defined below), in each case delivered via application programming interfaces (including without limitation the Spectre API), software development kits, and any other services, content, tools and features as made available by Salt Edge from time to time (collectively, the “Aggregation Services”). By using the Aggregation Services, either directly or through a Developer Application, Licensee agrees to be bound by the terms of this EULA. Licensee shall not use the Aggregation Services if Licensee does not agree to all of the terms and provisions of this EULA.

If Licensee is a company, corporation, organization or other legal entity (“Legal Entity”), then all provisions hereof shall be applicable to such Legal Entity except for the provisions limited by the context to individuals.

If Licensee uses the Aggregation Services on behalf of a Legal Entity, Licensee agrees to this EULA for that Legal Entity and represents and warrants that Licensee has the authority to bind that Legal Entity to this EULA. In that case, “Licensee” shall refer to that Legal Entity.

Licensee acknowledges and agrees that this EULA is in addition to and not in lieu of the General Terms of Service applicable to Licensee.

1. Definitions

For the purposes of this EULA, in addition to the capitalized terms defined elsewhere in this EULA, the following terms shall have the meanings ascribed to them as follows:

1.1. “Account Data” means data relating to Licensee’s financial account in Financial Institution including:
A: Financial account details (including by way of example and without limitation account number, type, currency, balance);
B: Transactions details (including by way of example and without limitation transaction amount, date, description, currency); and
C: Financial account holder details (including by way of example and without limitation name, address, email, phone number) to the extent that such information is made available, in whole or in part, by the respective Financial Institution.

1.2. “Consent” of Licensee means any freely given, specific, informed and unambiguous indication of Licensee’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the access to Licensee’s financial account by Salt Edge on its own behalf and/or on behalf of Developer, as applicable, for the purpose of retrieving Account Data and/or Developer initiating a payment transaction via Developer Application.

1.3. “Developer” means the third-party owner or provider of the Developer Application.

1.4. “Developer Application” means the web, desktop and/or mobile application used or intended to be used by Licensee as made available by or on behalf of Developer and which allows Licensee to access and use its own financial data in a consolidated way and/or to initiate payment transactions via that application. 1.5. “Developer Services” means the services provided by Developer to Licensee through the Developer Application.

1.6. “Financial Institution” means a legal entity engaged in the business of dealing with financial transactions, including without limitation banks, building societies, credit institutions, payment system providers, loan companies, mortgage companies, investment companies, utilities/bills providers and other financial service providers located worldwide.

1.7. “Financial Institution Account Data” means Licensee Access Information and Account Data.

1.8. “Financial Institution Services” means services offered by Financial Institutions and/or their related third parties, including but not limited to application programming interfaces (APIs), online banking, online payment, online investment, account and/or file download, online bill pay, online trading.

1.9. “Licensee Access Information” means personalized features, including without limitation username, password, access number, security questions and answers, token/SMS codes and multifactor information, provided by Financial Institution to Licensee for the purposes of authentication, including but not limited to strong customer authentication and dynamic linking.

1.10. “Licensee Information” means any personal data relating to Licensee that is either (i) accessed, collected or generated from Licensee’s access to and use of the Aggregation Services, or (ii) provided by Developer to Salt Edge in connection with the provision of the Aggregation Services to which the Developer Application requests access to on behalf of Licensee, or (iii) provided by Licensee either as part of the Registration Information when registering a user account, or when contacting Salt Edge by electronic mail or otherwise through the online channels offered with the Aggregation Services. The Licensee Information includes but is not limited to Financial Institution Account Data, Registration Information, Payment Order Data (if applicable) and Session Information.

1.11. “Session Information” means the technical information collected by Salt Edge during the duration of a Licensee’s interaction with the Aggregation Services and stored in log files for the purpose of providing, maintaining, protecting and improving the Aggregation Services and meeting the applicable regulatory compliance and audit requirements. The Session Information may include, but is not limited to, the IP address, location information and device information (e.g., browser type and version, operating system and version).

1.12. “Third-Party Service Providers” means Salt Edge’s third-party service providers subcontracted by Salt Edge in connection with the operation, maintenance and hosting of the Aggregation Services.

2. License Grant

The Aggregation Services are protected by copyright, trade secret, and other intellectual property laws. Salt Edge hereby grants Licensee a personal, limited, non-exclusive, revocable, non-sublicensable, non-transferable right and license to use the Aggregation Services during the term of this EULA in accordance with the terms and provisions of this EULA. Except for rights expressly granted to Licensee in this EULA, Salt Edge reserves all other rights, title and interest in and to the Aggregation Services and the underlying technology used to provide the Aggregation Services, including without limitation all software and any copies, corrections, bug fixes, enhancements, modifications or new versions thereof and all research and development and experimental development in respect thereto (“Salt Edge Technology”). No rights are granted by implication, estoppel or otherwise. Licensee acknowledges that only Salt Edge shall have the right to maintain, enhance or otherwise modify the Aggregation Services and Salt Edge Technology.

3. Restrictions

4. Licensee's Responsibilities

The license granted by Salt Edge to Licensee under this EULA is conditioned on Licensee’s compliance with its responsibilities set forth herein:

a. Licensee is solely responsible for maintaining the confidentiality and security of the Licensee Access Information that Licensee uses to access the Aggregation Services.

b. Licensee is solely responsible for compliance with the applicable laws, rules and regulations in the jurisdiction(s) Licensee uses the Aggregation Services in and Salt Edge hereby expressly disclaims any liability arising from Licensee’s failure to do so.

c. Licensee is solely responsible for ensuring that its use of the Aggregation Services does not violate any applicable terms and conditions, policies, guidelines, regulations and restrictions of its Financial Institution(s). Licensee hereby acknowledges and agrees that it is solely responsible for verifying compliance of the Aggregation Services with its Financial Institution’s terms and conditions, policies, guidelines, regulations and restrictions and Salt Edge hereby expressly disclaims any liability arising from Licensee’s failure to do so.

d. If Licensee uses the Aggregation Services directly, Licensee is solely responsible for any communication and information submitted to Salt Edge, such as Licensee’s name and email address provided as part of user account registration (“Registration Information”), including by electronic mail or otherwise through the online channels offered with the Aggregation Services. Salt Edge assumes that any communication received through use of the Licensee’s Registration Information was sent or authorized by Licensee and that any communication Licensee sends is compliant with applicable laws, including anti-spam laws.

e. Licensee agrees to immediately notify Salt Edge if Licensee becomes aware of any loss, theft or unauthorized use of any Licensee Access Information. Salt Edge reserves the right to deny access to the Aggregation Services (or any part thereof) if Salt Edge reasonably believes that any loss, theft, or unauthorized use of Licensee Access Information has occurred. Such denial of access may without limitation enable Salt Edge to investigate said loss, theft or unauthorized use of any Licensee Access Information.

5. Use of Personal Data

5.1. Licensee hereby acknowledges, agrees and consents to the fact that Salt Edge, in connection with the provision of the Aggregation Services, will access, collect, use, process, adapt, store, transfer and delete Licensee Information (including without limitation Licensee’s Financial Institution Account Data) in accordance with Salt Edge’s Privacy Policy. Licensee further acknowledges that Salt Edge may engage Third-Party Service Providers in connection with the Aggregation Services, including without limitation the operation, maintenance, hosting and security of the Aggregation Services.

5.2. Licensee acknowledges and agrees that Salt Edge and its Third-Party Service Providers, in connection with the provision of the Aggregation Services, may access, use, gather, process, transfer and store Licensee Information (including without limitation Licensee’s Financial Institution Account Data) in jurisdictions other than Licensee’s country of residence and/or the jurisdiction(s) Licensee uses the Aggregation Services in. The processing and transfer of personal data of any EU/EEA residents will be subject to the requirements of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) and will be carried out as set forth in the Privacy Policy.

5.3. Licensee hereby acknowledges and agrees that Salt Edge has the right to make anonymized data based on or derived from Licensee Information and combine the anonymized data with that of other users of the Aggregation Services in a way that does not identify Licensee or any individual person, and to use such anonymized aggregate data, both during the term of this EULA and after its termination, for any purpose, including but not limited to: – providing, maintaining, supporting and improving the Aggregation Services; o conducting analytical research, compiling statistical reports and performance tracking; o developing and/or improving other Salt Edge’s services and products; and o sharing such anonymized aggregate data with Salt Edge’s affiliates, agents or other third parties with whom Salt Edge has a business relationship.

6. Developer Services

6.1. Licensee acknowledges that the Developer Application may request access to the Aggregation Services for the purpose of providing the Developer Services to Licensee. In order to utilize the Developer Application that uses or gathers information through its integration with the Aggregation Services, Licensee hereby authorizes Salt Edge to share Licensee’s Account Data with Developer and transmit it to the Developer Application. Moreover, Licensee expressly accepts that Developer may give certain Licensee Information to Salt Edge to use in connection with the Aggregation Services. Licensee represents and warrants that it has the rights and mandate to offer such authorization to Salt Edge and Developer.

6.2. Licensee acknowledges that Developer’s access, use, processing and storing of Licensee’s Account Data for the purpose of providing the Developer Services to Licensee shall be governed exclusively by the provisions of the applicable end user license agreement or terms of service between Developer and Licensee and Developer’s privacy policy. Licensee acknowledges that Developer shall be solely liable for any liability arising from any access, use, distribution, storage, dissemination, or holding of Licensee Information (including without limitation Licensee’s Account Data) by Developer and that Salt Edge expressly disclaims any liability arising from Developer’s use of Licensee Information (including without limitation Licensee’s Account Data). LICENSEE FURTHER AGREES AND UNDERTAKES TO INDEMNIFY AND HOLD HARMLESS SALT EDGE AND ITS THIRD-PARTY SERVICE PROVIDERS IN RESPECT OF ANY LOSSES, CLAIMS, DAMAGES, LIABILITIES, COSTS AND EXPENSES ARISING FROM DEVELOPER’S USE OF LICENSEE INFORMATION (INCLUDING WITHOUT LIMITATION LICENSEE’S ACCOUNT DATA) AND/OR LICENSEE’S USE OF THE DEVELOPER APPLICATION OR DEVELOPER SERVICES.

6.3. Licensee acknowledges and agrees that when using the Aggregation Services for the purpose of initiating a payment transaction through the Developer Application, Developer will provide to Salt Edge the payment order data associated with the initiated payment transaction (“Payment Order Data”). Such Payment Order Data includes date, amount, currency, description and payee details. Salt Edge will transmit the Payment Order Data to Licensee’s Financial Institution in order for the latter to execute the transaction and return execution status to Developer.

7. Access to Licensee's Financial Account

7.1. Licensee acknowledges and agrees that Salt Edge will collect, use, process and store Licensee Information for the purpose of providing the Aggregation Services to Licensee.

7.2. Licensee expressly authorizes Salt Edge, in connection with the provision of the Aggregation Services, to use certain Licensee Information in order to: (i) collect Licensee’s Account Data; (ii) reformat, organize, structure, alter and adapt certain Licensee Information; (iii) create and provide hypertext links to Financial Institution(s); (iv) access the Financial Institution Services using Licensee Access Information; (v) update and maintain the information in Licensee’s user account created in connection with the Aggregation Services within Salt Edge’s systems, including performing offline updates (without Licensee’s interaction); (vi) address errors or service interruptions; (vii) enhance the type of data and services Salt Edge can provide in the future; and (viii) take such other actions as are reasonably necessary to perform the actions described in (i) through (vii) above, each in connection with the provision of the Aggregation Services.

7.3. BY GIVING HIS/HER CONSENT AND USING THE AGGREGATION SERVICES LICENSEE REPRESENTS AND WARRANTS THAT LICENSEE IS THE LEGAL OWNER OF THE FINANCIAL INSTITUTION ACCOUNT DATA AND THAT LICENSEE HAS THE AUTHORITY TO APPOINT AND DOES HEREBY EXPRESSLY APPOINT SALT EDGE AS LICENSEE’S AGENT WITH LIMITED POWER OF ATTORNEY TO ACCESS LICENSEE’S FINANCIAL ACCOUNT IN READ-ONLY MODE IN ORDER TO RETRIEVE THE ACCOUNT DATA ON LICENSEE’S BEHALF AND/OR ENABLE DEVELOPER TO INITIATE PAYMENT TRANSACTIONS ON LICENSEE’S BEHALF THROUGH THE DEVELOPER APPLICATION.

7.4. Licensee further acknowledges that Salt Edge does not review or analyze the Account Data and Licensee agrees that Salt Edge is not responsible for its completeness or accuracy. Any transactions or activities performed in any Financial Institution Services are not made through the Aggregation Services and Salt Edge assumes no responsibility for such transactions or activities. Licensee acknowledges that Developer may use the Aggregation Services to initiate payment transactions on Licensee’s behalf via the Developer Application, in which case Salt Edge will transmit the Payment Order Data corresponding to the initiated payment transaction from the Developer Application to Licensee’s respective Financial Institution. Licensee agrees that it is solely responsible for any changes to Licensee’s Financial Institution Account Data, and that any such changes must be made in the respective Financial Institution Services.

8. Information from Financial Institution Services

9. Changes to Eula

Salt Edge reserves the right to change this EULA at any time and from time to time to reflect changes in the applicable laws, technical or security requirements, or the functionality of the Aggregation Services. If Salt Edge decides to change this EULA in the future, Salt Edge will post an appropriate notice at the top of this page and/or give reasonable advance notice to Licensee through the Aggregation Services or by other means (e.g., via email notification). Any non-material change (such as clarifications) to this EULA will become effective on the date the change is posted and any material changes will become effective thirty (30) days from their posting on Salt Edge’s website. The date of the last update of this EULA is set out at the top of this document. Licensee acknowledges and agrees that Licensee’s continued use of the Aggregation Services after the date of changes to this EULA indicates Licensee’s agreement to such changes.

10. Termination

Licensee acknowledges and agrees that Salt Edge in its sole discretion and without notice may terminate this EULA and Licensee’s use of the Aggregation Services for any reason, including upon Licensee’s breach of any of its obligations and license rights granted under this EULA. Upon termination, all use of the Aggregation Services by Licensee must cease and all rights granted to Licensee under this EULA are terminated. Upon termination, Licensee’s user account created in connection with the Aggregation Services shall be terminated and all Licensee’s Financial Institution Account Data provided, accessed, collected processed or stored in connection with the provision of the Aggregation Services shall be deleted in accordance with Salt Edge’s data deletion procedure set forth in the Privacy Policy. Licensee acknowledges that in the event of termination of this EULA Sections 1 through 15 shall survive and remain in effect.

11. Disclaimer of Warranties

LICENSEE HEREBY ACKNOWLEDGES AND AGREES THAT THE AGGREGATION SERVICES AND ANY DATA PROVIDED THROUGH THE AGGREGATION SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE”. SALT EDGE DOES NOT ACCEPT RESPONSIBILITY OR LIABILITY FOR ANY USE OF OR RELIANCE ON THE AGGREGATION SERVICES, OR FOR ANY DISRUPTIONS TO OR DELAY IN THE AGGREGATION SERVICES. SALT EDGE MAKES NO EXPRESS WARRANTIES OR REPRESENTATIONS AS TO THE QUALITY AND ACCURACY OF THE AGGREGATION SERVICES AND ANY DATA PROVIDED THROUGH THE AGGREGATION SERVICES, AND SALT EDGE DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY OF ANY KIND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. IN ADDITION, SALT EDGE AND ITS THIRD-PARTY SERVICE PROVIDERS DO NOT MAKE ANY REPRESENTATIONS AS TO THE ACCURACY, COMPREHENSIVENESS, COMPLETENESS, QUALITY, ERROR-FREE NATURE, COMPATIBILITY, SECURITY, LACK OF VIRUSES, DATA LOSS, ACCESSIBILITY, NON-INTERFERENCE WITH OR NON-INFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHTS, OR FITNESS FOR A PARTICULAR PURPOSE OF THE AGGREGATION SERVICES AND ANY DATA PROVIDED THROUGH THE AGGREGATION SERVICES TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. LICENSEE ACKNOWLEDGES AND ACCEPTS THAT ANY USE OF THE AGGREGATION SERVICES AND DATA PROVIDED THROUGH THE AGGREGATION SERVICES WILL BE AT LICENSEE’S EXCLUSIVE JUDGEMENT AND LICENSEE’S SOLE RISK. SALT EDGE AND ITS THIRD-PARTY SERVICE PROVIDERS DO NOT GUARANTEE THE ADEQUACY OF THE AGGREGATION SERVICES OR COMPATIBILITY AND SECURITY THEREOF TO LICENSEE’S COMPUTER EQUIPMENT AND DO NOT WARRANT THAT THE AGGREGATION SERVICES, THEIR INFRASTRUCTURE, OR ANY EMAILS OR COMMUNICATIONS TRANSMITTED VIA THE AGGREGATION SERVICES WILL BE FREE OF VIRUSES OR SECURE AGAINST HACKING ATTACKS. IF THE APPLICABLE LAW DOES NOT ALLOW THE EXCLUSION OF SOME OR ALL OF THE ABOVE WARRANTIES TO APPLY TO LICENSEE, THE ABOVE EXCLUSIONS WILL APPLY TO LICENSEE TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

12. Limitation of Liability

LICENSEE EXPRESSLY UNDERSTANDS AND AGREES THAT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SALT EDGE AND ITS THIRD-PARTY SERVICE PROVIDERS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, FAILURES OF TELECOMMUNICATIONS, THE INTERNET, ELECTRONIC COMMUNICATIONS, CORRUPTION, SECURITY, LOSS OR THEFT OF DATA, VIRUSES, SPYWARE, LOSS OF BUSINESS REVENUE OR INVESTMENT, OR OTHER INTANGIBLE LOSSES, RESULTING FROM THE USE OR INABILITY TO USE THE AGGREGATION SERVICES OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA. THE ABOVE LIMITATIONS APPLY EVEN IF SALT EDGE AND ITS THIRD-PARTY SERVICE PROVIDERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING ANY DAMAGES THAT LICENSEE MIGHT INCUR FOR ANY REASON WHATSOEVER (INCLUDING WITHOUT LIMITATION ALL DAMAGES REFERENCED ABOVE AND ALL DIRECT OR GENERAL DAMAGES), THE ENTIRE LIABILITY OF SALT EDGE AND ANY OF ITS THIRD-PARTY SERVICE PROVIDERS UNDER THIS EULA AND LICENSEE’S EXCLUSIVE REMEDY FOR ALL OF THE FOREGOING SHALL AT ALL TIMES BE LIMITED TO A MAXIMUM OF $100 (ONE HUNDRED UNITED STATES DOLLARS).

13. Laws and Jurisdiction

This EULA is governed by and shall be interpreted in accordance with the laws of the Province of Ontario, Canada, and the federal laws applicable thereto, excluding all conflict of laws provisions and excluding the 1980 United Nations Convention on Contracts for the International Sale of Goods.

14. Disputes

LICENSEE AGREES THAT ANY DISPUTE, CONTROVERSY OR CLAIM ARISING OUT OF OR IN CONNECTION WITH THIS EULA SHALL BE RESOLVED BY BINDING ARBITRATION UNDER ONTARIO LAW, RATHER THAN COURT LITIGATION. Such arbitration shall be before one (1) arbitrator appointed from the roster of the ADR Chambers applying the Ontario Arbitration Act. The arbitrator shall be selected by ADR Chambers from the list of arbitrators with experience in resolving complex commercial contract matters. Any arbitration will be governed by the Province of Ontario laws and regulations. This arbitration provision shall survive termination of this EULA. LICENSEE AND SALT EDGE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN THEIR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. BY ENTERING INTO THIS EULA AND AGREEING TO ARBITRATION, LICENSEE AGREES THAT LICENSEE AND SALT EDGE ARE EACH WAIVING THE RIGHT TO FILE A LAWSUIT AND THE RIGHT TO A TRIAL BY JURY. IN ADDITION, LICENSEE AGREES TO WAIVE THE RIGHT TO PARTICIPATE IN A CLASS ACTION OR LITIGATE ON A CLASS-WIDE BASIS. LICENSEE AGREES THAT LICENSEE HAS EXPRESSLY AND KNOWINGLY WAIVED THESE RIGHTS. To begin an arbitration proceeding, Licensee must send a letter requesting arbitration and describing Licensee’s claim to: Salt Edge Inc. 40 King Street West, Suite 2100 Toronto, Ontario Canada M5H3C2tion Services are protected by copyright, trade secret, and other intellectual property laws. Salt Edge hereby grants Licensee a personal, limited, non-exclusive, revocable, non-sublicensable, non-transferable right and license to use the Aggregation Services during the term of this EULA in accordance with the terms and provisions of this EULA. Except for rights expressly granted to Licensee in this EULA, Salt Edge reserves all other rights, title and interest in and to the Aggregation Services and the underlying technology used to provide the Aggregation Services, including without limitation all software and any copies, corrections, bug fixes, enhancements, modifications or new versions thereof and all research and development and experimental development in respect thereto (“Salt Edge Technology”). No rights are granted by implication, estoppel or otherwise. Licensee acknowledges that only Salt Edge shall have the right to maintain, enhance or otherwise modify the Aggregation Services and Salt Edge Technology.

15. Severability

If any term or provision of this EULA is held to be illegal, invalid, void or unenforceable, in whole or in part, by any court of competent jurisdiction, the remainder of the terms and provisions set forth herein shall remain in full force and effect and shall in no way be affected, impaired or invalidated thereby. Such illegal, invalid, void or unenforceable term or provision or part thereof shall be deemed modified to the extent required to render it enforceable; failing which, it shall be severed from this EULA, which shall continue in full force and effect and be binding upon Licensee.

We take the privacy of our App users very seriously. We ask that you read this privacy policy (“Privacy Policy“) carefully as it contains important information about how we will use your personal data. This Privacy Policy forms part of the Terms governing your use of the App. (including any products and services that may be provided to you through the App).

1. Data User

The App is provided by Areix Analytics Limited (Areix) (” we“, “our” or “us “). Our registered office is Lion Rock 72, 1/F, InnoCentre, 72 Tat Chee Avenue, Kowloon Tong, Hong Kong.

2. Collection of Personal Data

We may collect and process personal data (as defined in the Personal Data (Privacy) Ordinance (“PDPO“)) about you when you register for, install, download, access or use the App, or contact us in relation to the App. However, we will only use your personal data as set out below and always in accordance with the PDPO, and while we are not based in the European Economic Area (“EEA“) nor do we actively offer our goods and services to, or monitor the behaviour of, individuals in the EEA, we also comply with the European Union’s General Data Protection Regulation 2016/679 (“GDPR“) as a matter of best practice:

2.1 When you register for and use the App, we collect your email address and/or mobile number, date of birth, and track your device ID, which we use as follows:

to help us identify you and any accounts you hold with us;
to provide you with goods and services via the App;
to respond to communications from you;
to customise the App and its content to your particular preferences;
to advertise promotions or offers to you via the App – please see the section on ‘Marketing and opting out’ below for further information;
to accept or redeem any promotions or offers that you may choose to accept via the App;
to carry out research and statistical analysis and create market reports on an anonymised or aggregated basis (which means that we will not identify you individually for the purpose of such research, analysis or reports) to help us better understand our users, and to enhance and develop our App, its content, products and services; and
to notify you of any changes to the App or to our services that may affect you.

2.2 You agree that all personal data provided by you to us may be used and retained by us for the purposes as stated in section 2.1.1 or as required by any applicable laws and regulations from time to time. If we intend to use your personal data for any new purposes not listed in section 2.1.1 above, we will inform you in advance and you will have an opportunity to refuse to allow us to do so.

2.3 When you use the App to access or connect to your online accounts (including online banking accounts), we may collect and process details such as your bank account number, credit card number, transaction history, payment dates and names and addresses of goods and services providers that appear in your account, for the purpose of displaying the account information and transaction feed to you on the App. We or Salt Edge may collect and/or store your usernames, passwords or other authentication details for such online accounts (“Credentials“) for the purpose of allowing the App to interface with information protected by your Credentials.

2.4 When you accept or redeem any offers or promotions available through the App that result in a payment to be made to you, we will collect your name and bank account number for the purpose of performing the relevant bank transfer to you.

2.5 We will not use your personal data for any unlawful purpose. We will not retain your personal data for longer than is necessary. We will keep your personal data while you make use of our services, which may include keeping your personal data for as long as is necessary to respond to any questions, complaints or claims that may be made by you or on your behalf, to show that we treated you fairly, and/or to keep records as required by law.

2.6 We do not collect special category personal information as defined in the GDPR, i.e. personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation.

2.7 We may seek your consent to this Privacy Statement and our use of your personal data in a number of ways depending on the medium in which you interact with us, such as via your signature to confirm you have read our Privacy Statement, verbal consent over the telephone, via an online checkbox or by registering an account for the App.

3. Disclosure of Your Personal Data

3.1 We may disclose your personal data to:

other companies within our group, for the purposes set out at section 2 above; and
law enforcement and regulatory agencies as may be required by law,

3.2 We may also disclose and transfer your personal data (whether in Hong Kong or abroad) to our agents, contractors or vendors (“Service Providers”), provided that they are under a duty of confidentiality to us and we have imposed contractual obligations to ensure they can only use your Personal Data to provide services to us and to you. Such Service Providers may provide administrative, data processing, research and marketing, distribution, telecommunications, shipping, financial, consultancy, professional or other similar services to us to enable us to better fulfil customer orders, manage, store and enhance customer data, and comply with postal regulations. We may also provide your personal data to actual or proposed assignees or transferees of our rights with respect to you in connection with a merger, sale or transfer (whether of assets or shares).

3.3 In particular, software and services provided to us by Salt Edge Inc., a company duly incorporated and existing under the laws of Canada with its registered address at 40 King Street West, Suite 2100, Toronto, Ontario, M5H 3C2, Canada (“Salt Edge“) are required for the functioning of the App. We may therefore disclose metadata to Salt Edge, and where such metadata includes your personal data, such disclosure will be solely for the purpose of Salt Edge providing the software and services required for the App, and for their related internal (support, management, audit) and regulatory compliance uses. Please note that when we process your personal data, we remain solely responsible for doing so and Salt Edge shall not be liable for any liabilities that may arise. Once you delete your account with us, we will no longer use the software and services from Salt Edge for the purpose of acquiring and/or accessing your Personal Data, and also procure the deletion of all links between your account and the relevant financial institutions.

3.4 Other companies (“third parties“) may also forward to us additional personal information, (such as, for example, names, mailing addresses and email addresses, as well as demographic and other usage information), when we have news or product offerings that may be of special interest to those individuals. We work to ensure that these third parties have obtained consent before they pass such personal information on to us. Please inform us if you believe we have acquired your personal data this way and you have not given your consent for the third parties to do so, as it is not our intent to make use of personal data which has not been legitimately acquired.

3.5 We do not disclose your personal data (whether your name, email address, mobile number, date of birth, bank account or credit card numbers) to any other third parties. Whilst we may create market reports and provide them to third parties, the reports will only show and be based on anonymised or aggregated data so that users will not be personally identified in these reports. Please see the section on ‘Marketing and opting out’ below for further information.

4. Storage of Personal Data

4.1 We may store your personal data in the following locations:
4.1.1 Amazon Web Services Hong Kong and Singapore
4.1.2 in accordance with Salt Edge’s Privacy Policy (https://www.saltedge.com/pages/privacy_policy).

4.2Your personal data may be held at our offices and the Service Providers as described above. Please note that we are (and some of our Service Providers may be) based outside of the EEA and your personal data may be transferred to locations which do not have the same standards of data protection law as within the EEA, but we will ensure the holding and transfer of your personal data complies with equivalent standards of data protection law as best we can to ensure the privacy and security of your personal data. Your consent to this Privacy Statement confirms that you agree that your personal data may be transferred outside of Hong Kong and outside of the EEA accordingly. 4.3 We implement data retention policies and records to ensure that personal data will not be kept longer than is necessary in relation to the purpose for which it was collected. The retention period applied to various types of personal data that we hold varies dependent on the respective data collection/usage purpose and relevant legal requirements. We will keep your personal data while you make use of the App and while you have an account with us. Once you close your account with us, we will keep your personal data for as long as is necessary to respond to any questions, complaints or claims that may be made by you or on your behalf, to show that we treated you fairly, and/or to keep records as required by law.

5. Marketing and Opting Out

5.1 We intend to use your personal data for direct marketing (by email, text message, telephone or post) about our products and/or services, as explained in this section 4, but we cannot do so without your consent. You may will be asked separately and clearly to indicate your consent by choosing to opt in.

5.2 If you have indicated consent, we will be able to help you discover new financial products, and show you third party promotions and offers in your transaction feed displayed on the App. We refer to these promotions and offers as ‘native advertisements’ because they will generally relate to (and be displayed under) the same class of products, services, merchants and/or suppliers which are shown in your online account transaction history. For example, if your transaction history identifies a fashion merchant, we may show you promotions and offers available from that or other fashion merchants. Different classes of products, services, merchants and/or suppliers may include: health and beauty; banking and investment; computer software, hardware and accessories; e-commerce and cloud services; education; entertainment; electronics; fashion; food and beverages; gaming; household; music; sports; social media; technology; travel; and transportation.

5.3 As stated in section 3.5 above, we do not disclose your personal data to any third-party advertisers but may provide them with reports based on anonymised or aggregated data. For example, if you redeem an offer advertised via the App, we will provide the advertiser with information that an individual has redeemed the offer as well as the date and amount of the transaction relating the offer redemption, but we do not provide the advertiser with your name or phone number.

5.4 If you prefer not to receive any marketing communications, you can opt out at any time – please see the section on ‘Your rights’ below.

6. Keeping Your Data Secure

6.1 We will use technical and organisational measures to safeguard your personal data, for example:

access to your account is controlled by your email or mobile phone number and a password that is unique to you;
we encrypt your personal data;
any personal data that we process or store is done on secure servers.

6.2 All processing of your personal data shall be conducted according to the data protection principles as follows:

personal data must be processed lawfully, fairly and transparently;
personal data must be accurate and kept up to date with every effort to erase or correct;
personal data must be processed in a manner that ensures the appropriate security.

6.3 In addition, we have appropriate security measures in place to prevent personal data from being accidentally or unlawfully lost, used or accessed. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so or if there is a risk to your rights and freedoms.

7. Information About Other Individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

give consent on his/her behalf to the processing and transfer of his/her personal data; and
receive on his/her behalf any notices relating to data protection.

8. Your Rights

8.1 You have the following rights, which you can exercise free of charge:

Access and rectification: you have the right to know whether we hold your personal data and to request access to and/or correct any inaccuracies of your personal data held by us.
Right to be forgotten: you have the right to require us to delete your personal data.
Restriction of processing: you have the right to require us to restrict processing of your personal data in certain circumstances, such as if you contest the accuracy of the data.
Data portability: you have the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format and/or to instruct us to transmit that data to a third party.
Objection: you have the right to object at any time to your personal data being processed for direct marketing and in other certain circumstances, such as if we change our legitimate interests from the basis on which we initially collected and processed your personal data.
Not to be subject to automated individual decision-making: while we do not subject you to decisions based solely on automated processing that produces legal effects concerning you or otherwise significantly affecting you, should we ever engage in such processes, we will first notify you and you will have the right to object to such processing.

If you wish to exercise any of the above rights, or make any related complaint or request in relation to your personal data, please contact us in writing at: helloHK@areix-ai.com or at Areix, Lion Rock 72, 1/F, InnoCentre, 72 Tat Chee Avenue, Kowloon Tong, Hong Kong.

9. Our Contact Details

We welcome your feedback and questions. If you wish to contact us, please send an email to helloHK@areix-ai.com or you can write to us at Areix, Lion Rock 72, 1/F, InnoCentre, 72 Tat Chee Avenue, Kowloon Tong, Hong Kong.

10. Changes to This Privacy Statement

We may change this Privacy Statement from time to time. Any changes will be posted on our website or notified by us to you (by email or post, for example).

11. Questions

If you have any questions regarding our Privacy Statement, please contact us and we will do our best to answer them.

By accessing this website and any of its pages, you are agreeing to the terms set out below and by continuing to use this website following the posting of any changes to these terms will signify your consent to the changes made.

General

The products and services set out in this website are offered only in jurisdiction where and when they may be lawfully offered by Areix Analytics Limited (“the Company”). The material on these pages are not intended for use by persons located in or resident in jurisdiction which restricts the distribution of this material by us. Persons intending to access these pages are required to inform themselves about and observe any relevant restrictions. These pages should not be regarded as an offer or solicitation to provide products or services described therein to any person to whom it is unlawful to make such an offer or solicitation or where the local law or regulation does not permit the use of such products or services. The information contained in these pages is not intended to provide professional advice and should not be relied upon in that regard. It is strongly recommended that specific advice should be sought where the circumstances require. Any information, products or services supplied in this website may be withdrawn or amended at any time without advance notice at the discretion of the Company. The eligibility of clients for particular information, products or service is subject to the final and absolute discretion of the Company. It is your sole responsibility to prevent, safeguard and ensure that no computer virus enters your system and this website.

No Warranties

While every care has been taken in preparing the information and materials contained in this site, the Company makes no guarantee to its accuracy or completeness and expressly disclaims any liability whatsoever for any loss howsoever arising from or in reliance upon the whole or any part of such information.

Use and Disclosure of Personal Information

Unless restricted by applicable law, you agree that any and all personal information/data relating to you collected by the company from this website and the app from time to time may be used and disclosed for such purposes and to such persons as may be in accordance with the company’s current personal data privacy policy.

Hyperlinks

Hyperlinks to other Internet resources are at your own risk. We do not investigate, verify, monitor or endorse the content, accuracy, opinions expressed, and other links provided by these sources.

Interner Communications

Communication over the Internet may be subject to interruption, transmission blackout, delayed transmission or incorrect data transmission. The Company accept no liability for any damages incurred by users as a result of any delay, loss, diversion, alteration or corruption of any communication either sent to or received from the Company at the user’s request over the Internet. Under no circumstances will the Company be liable or bear the responsibilities for any loss or damages of any kind, whether direct, indirect, special, incidental or consequential losses, arising from accessing this website or otherwise.

Intellectual Property Rights

All contents of this website are owned by the Company and are protected by applicable copyright and other intellectual property laws.

Privacy

We are committed to protecting your personal data by complying with the requirements of the Ordinance and the relevant code of practice and guidelines issued by PCPD. We will take reasonable steps to ensure that all customer data we have is secure, including maintaining proper encryption protection.

Biometric Authentication

Login to AREIX and you must pass biometric authentication and/or enter a pin code to verify your identity, so only you can control your own AREIX account.

Encryption Technology

All financial records are encrypted by AES-256 technology and stored securely on the cloud server. No one can intercept data during data transmission.

Reliable Partner

The global trusted guardian of banking data used by the likes of ING, Societe Generale, BBVA and more. All data is processed by 256-bit Secure Sockets Layer Encryption (SSL) technology, coupled with bank-level security technology trusted by millions of people around the world.