Bitzaro Card – Privacy Policy 

Effective Date: 24 April 2025

This privacy policy aims to give you information on how Bitzaro collects and processes your personal data through your use of this website, including any data you may provide through this website when you purchase a product or service.

1.  Definitions

  • “Bitzaro,” “we,” “us,” or “our” refers to Bitzaro Limited., the entity responsible for managing and issuing the Bitzaro Card.
  • “Card” means the Bitzaro Card issued to users for making payments using fiat assets.
  • “Client” or “you” means an individual who has applied for or is using the Bitzaro Card.
  • “Personal Data” refers to any data that relates directly or indirectly to a living individual, from which it is practicable for the identity of the individual to be directly or indirectly ascertained, as defined under Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”).
  • “Processing” means any operation or set of operations performed on personal data, including collection, recording, storage, use, and disclosure.
  • “Service Providers” means third-party vendors engaged by Bitzaro to assist in delivering services related to the Card, including KYC providers, card issuers, and payment processors.
  • “PDPO” refers to the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong), which governs the collection, use, and handling of personal data in Hong Kong.

2.  Data Controller

We wish to inform you that the controller of clients’ personal data is Bitzaro Limited with its registered at Unit B of 9th Floor of Somptueux Austin, No.8 Austin Avenue, Tsim Sha Tsui, Kowloon, Hong Kong No. 76340539, is the data controller responsible for your personal data. For any privacy-related inquiries, please contact our Data Protection Officer at [communications@pcpd.org.hk].

3. Purposes and Legal Basis for Data Processing

Your personal data is collected and used in accordance with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) of Hong Kong for the following purposes:

  • Account Creation & Bitzaro Card Issuance: To set up your account and enable you to use the Bitzaro Card. The data is necessary for us to provide the requested services to you.
  • KYC/AML Compliance: To comply with applicable legal and regulatory obligations, including customer due diligence and anti-money laundering requirements under Hong Kong law and any relevant international standards.
  • Fraud Prevention & Security Monitoring: To protect the security and integrity of our systems, customer accounts, and services, including detecting and preventing fraud or unauthorized activities.
  • Marketing Promotion: Subject to your consent, we may use your personal data to send you promotional materials and service-related updates that may be of interest to you.
  • Customer Support: To manage inquiries, provide assistance, handle complaints, and maintain service quality and compliance records.

Each processing activity is carried out under one or more lawful bases, including your consent, our legal obligations, and our legitimate interests in operating the Bitzaro Card services.

4. Data We Collect

We may collect the following categories of personal data:

  • Identification data (e.g., name, date of birth, national ID/passport)
  • Contact details (e.g., email address, phone number, residential address)
  • Financial data (e.g., transaction records, account balance)
  • Biometric or photographic data for identity verification
  • Technical data (e.g., IP address, browser type, device information)
  • Usage data (e.g., access logs, clickstream data)

5. Data Recipients

We may share personal data with the following categories of recipients:

  • Internal staff of Bitzaro or within our corporate group, bound by confidentiality agreements.
  • Third-party verification providers used during KYC and AML processes.
  • IT infrastructure and card issuance partners essential for service delivery.
  • Law enforcement, regulatory, or public authorities, where required by law.
  • Marketing and analytics partners (only with your prior consent).

6. Cross-Border Data Transfers

In some cases, your personal data may be transferred outside Hong Kong. Such transfers will only occur:

  • Where necessary for providing our services (e.g., international card issuance).
  • Based on your explicit, informed consent.
  • Where we have ensured that appropriate contractual or other safeguards are in place to ensure that your personal data will be protected to a standard comparable to the protection under the PDPO.

7. Automated Decision-Making

Some aspects of our Know-Your-Customer (KYC) process may involve automated processing of your personal data. For example, your eligibility for card issuance may be assessed using automated systems designed to ensure compliance with regulatory requirements and risk management procedures.

8. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws and regulations in Hong Kong.

  • Visitors: Data collected via cookies and similar technologies is retained until cookies are deleted from your device or consent is withdrawn.
  • Interested Individuals: Personal data is retained until their inquiry is resolved or identity verification is completed.
  • Customers: Personal data is retained for the duration of the customer relationship and for at least 7 years thereafter, in accordance with applicable anti-money laundering and record-keeping obligations under Hong Kong law.
  • Biometric Data: Retained only for the duration of the verification process and securely deleted thereafter, unless otherwise required by law.
  • Transaction Data: Retained for 7 years to comply with anti-money laundering laws.

We take reasonable steps to ensure that personal data we hold is accurate, complete, not misleading, and used only for the purposes stated. We also implement data minimization practices, collecting only the data necessary for stated purposes.

9. Your Rights Under Personal Data (Privacy) Ordinance (PDPO)

Under the Personal Data (Privacy) Ordinance (PDPO), you have the following rights:

  • To check whether we hold your personal data and to access such data.
  • To request correction of any personal data that is inaccurate.
  • To be informed of the kind of personal data held by us and our policies and practices in relation to that data.
  • To withdraw your consent (where applicable) for specific uses of your data.
  • To object to the use of your personal data for direct marketing purposes.

All requests should be made in writing to our Data Protection Officer. Please note that certain exemptions under the PDPO may apply and limit your rights. To exercise your rights, please submit a written request to our Data Protection Officer via email. We will respond within 40 days in accordance with the PDPO. Reasonable fees may be charged for data access requests, as permitted by law.

10. Data Breach Notification

While not mandatory under the PDPO, we are committed to transparency. In the event of a data breach that may pose a significant risk to your rights or freedoms, we will notify affected individuals and the relevant authorities promptly.

11. Data Security

We implement a range of technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption, access controls, and regular security audits.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website for the following purposes:

  • Essential Cookies – Required for basic website functions such as login and navigation.
  • Analytical Cookies – Help us understand how users interact with our site to improve functionality and performance.
  • Marketing Cookies – Used for personalized advertising and promotions, only with your prior consent.

You may manage your cookie preferences via your browser settings or through our website’s cookie banner. Refusing or disabling cookies may affect your user experience.

13. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, technology, or our practices. Updates will be posted on this page with a revised effective date. You are encouraged to review this policy periodically.

14. Supervisory Authority

If you believe your data rights have been violated, you have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong.

15. Minor’s Data

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will take appropriate steps to delete the data.