If you are visiting us from Taiwan, this Policy is subject to the Personal Data Protection Act of Taiwan（hereinafter, the "PDPA"） (last amended Dec 30th, 2015). If you are visiting us from the EU, this Policy complies with the EU General Data Protection Regulation 2016/679 (the “GDPR”). This Policy complies with similar personal data protection principles applicable to foreign government agencies.
1. What personal data is collected
1.1. For the purposes outlined in Clause 2 below, we may collect and process the following information about you when you visit the Sites or use any of our products and services:
(I) Data collected directly from you – This may be done through the Sites, use of our products and services, over the phone, email, or in person when you meet our staff or representative, when you report any problem(s) to us or request any support from us, or when you complete any survey or questionnaire that we send to you. Information that you provide us may include but is not limited to:
- a. your name, employment information, contact information including your (first and last) name, (billing and/or delivery) address, birthdate, email address and telephone number, etc., in accordance with Article 2 of the PDPA. We need your email address and telephone number so that we may contact you if we have questions or information for you regarding your order or the service that we are providing or will provide to you;
- b. other financial information required to be able to provide you with the products and services, such as credit card information, bank account information, and other personal description necessary to facilitate the same;
- c. if you have an account with us, the preferences and interests stored in such profile or account; and
- d. if you have contacted us, the details of the contact and the contact history.
(II) Data collected by automated means – Various technologies may be used on our Sites and/or products and services. Such technologies may lead to data being collected automatically by us. Such data may include but is not limited to:
- a. technical information, including the Internet protocol (IP) address used to connect your computer to the Internet and your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platfor
- b. information about your visit, including the full Uniform Resource Locators (URLs), clickstream to, through and from the Sites (including date and time), products and services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs); and
- c. methods used to browse away from the page, and any phone number used to call our customer service number.
(III) Data collected from third parties – We work with third parties and we may receive information about you from them, for example:
- a. business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information provider
- b. blockchain data; and
- c. public databases and credit reference agencies.
2. Uses made of the information
2.1. We may use your personal data for the following purposes, in accordance with Articles 8 and 9 of the PDPA:
- a. providing, improving, and developing the Sites and our products and services;
- b. researching, designing, and launching new features or products and services;
- c. presenting content and information in our Sites in the most effective manner for you and for the device you use;
- d. providing you with alerts, updates, materials or information about our services or other types of information that you requested or signed up to;
- e. enforcing obligations owed to us such as collecting owed payments in any part of the world;
- f. responding or taking part in any claims, actions, or legal proceedings (including but not limited to drafting and reviewing documents, transaction documentation, seeking legal advice, and facilitating dispute resolution) and/or protecting and enforcing our contractual and legal rights and obligations;
- g. complying with legal and regulatory obligations and requirements such as anti-money laundering laws across jurisdictions;
- h. accounting, risk management, compliance and record keeping purposes;
- i. staff training;
- j. communicating with you and responding to your issues, questions, requests or feedback, purposes directly related or incidental to the above;
- k. if you have consented, for the purposes of marketing products and services offered on our Sites; and
- l. matching any personal data held which relates to you for any of the purposes listed herein.
2.2. When using your personal data to contact you for the above purposes, we may contact you via regular mail, fax, email, SMS, telephone or any other electronic means.
2.3. If we need to use your personal data for any other purposes, we will notify you and obtain your consent beforehand, in accordance with the items listed in Article 7 of the PDPA. You will be given the opportunity to withhold or withdraw your consent for the use of your personal data for these other purposes.
3. Disclosure of your information
3.1. We will not sell your personal data to third parties.
3.2. We will keep your personal data we hold confidential, but you agree we may provide your personal data to:
- a. any member of our group, which means our affiliates and subsidiaries as defined in Article 369-1 and Article 369-3 of the Taiwanese Company Act (Chapter VI-I), to allow us to provide the products and services which you have requested;
- b. personnel, agents, advisers, auditors, contractors, financial institutions, and service providers in connection with our operations or provision of the products and services (for example, staff engaged in the fulfilment of your order, the processing of your payment and the provision of support services);
- c. our overseas offices, affiliates, business partners and counterparts (on a need-to-know basis only);
- d. persons or entities under a duty of confidentiality to us;
- e. persons or entities to whom we are required to make disclosure under applicable laws and regulations in any part of the world;
- f. actual or proposed transferees of our operations (or a substantial part thereof) in any part of the world;
- g. third parties where you have provided us consent and in the situations expressly set out in this Policy; and
- h. h. our strategic partners and business associates if you have consented to receiving marketing information from us.
3.3. You fully understand and consent that we may transfer your personal data to any location outside of Taiwan (R.O.C.) or the jurisdiction that we operate in for the purposes set out in this paragraph 3. When transferring your personal data outside of Taiwan (R.O.C.) or the jurisdiction that we operate in, we will protect your personal data to a standard comparable to the protection accorded to your personal data under the PDPA or GDPR by ensuring that the recipient is either in a jurisdiction which has comparable data protection laws, or is contractually bound to protect your personal data.
4. Storage and retention of your information
4.1 We only retain personal data for so long as it is necessary, which may be archived as long as the purpose for which the said data was used still exists. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
4.2 We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in Taiwan (R.O.C.) and elsewhere in the world where our facilities or our service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.
5.3. We use persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our websites or a partner site that uses our services. Session cookies only last for as long as the session (usually the current visit to a website or a browser session). All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.
5.4. We use the following cookies:
- a. Strictly necessary cookies – These are cookies that are required for the operation of our websites. They include, for example, cookies that enable you to log into secure areas of our websites, use a shopping cart or make use of e-billing services.
- b. Analytical/performance cookies – They allow us to recognize and count the number of visitors and to see how visitors move around our websites when they are using it. This helps us to improve the way our websites work, for example, by ensuring that users are finding what they are looking for easily.
- c. Functionality cookies – These are used to recognize you when you return to our websites. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- d. Targeting cookies – These cookies record your visit to our websites, the pages you have visited and the links you have followed. We will use this information to make our websites and the information displayed on it more relevant to your interests.
- e. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you do so, you may not be able to access all or parts of our websites.
- f. We may use third-party web services on our websites. The service providers that administer these services use technologies such as cookies (which are likely to be analytical/performance cookies or targeting cookies), web server logs and web beacons to help us analyze how visitors use our websites and make the information displayed on it more relevant to your interests. The information collected through these means (including IP addresses) is disclosed to these service providers. These analytics services may use the data collected to contextualize and personalize the marketing materials of their own advertising network.
6. Third-party sites
Our Sites or our communications with you may from time to time contain links to third-party websites over which we have no control. If you follow a link to any of these websites, please note that they have their own practices and policies. We encourage you to read the privacy policies or statements of these websites understand your rights. We accept no responsibility or liability for any practices of third-party websites.
7.1. All information you provide to us is stored on our secure servers.
7.2. Any payment transactions will be encrypted using TLS/SSL technology.
7.3. Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
7.4. We restrict access to personal information to our employees, service providers, agents, representatives, and contractors on a strictly need-to-know basis and ensure that those persons are subject to contractual confidentiality obligations.
7.5. We review our information collection, storage, and processing practices from time to time to guard against unauthorized access, processing, or use.
7.6. Please note, however, that the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Sites. Any transmission is at your own risk. We recommend that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.
7.7 If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorized person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorized transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorized and/or fraudulent use of your username and password.
8.1 For individuals who are located in the European Economic Area, United Kingdom or Switzerland at the time their personal data is collected, we rely on legal bases for processing your information under Article 6 of the GDPR. We generally only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business or to protect our or your, property, rights, or safety, or where we have obtained your consent to do so.
8.2 When processing your personal data as set out in this Policy, as we are located in various countries throughout the world, it will have been transferred outside the EU. However, if your personal data is originally collected from within the EU, it will only be transferred on one of the following bases: a. the country that we send the personal data to is approved by the European Commission as providing an adequate level of protection for personal data; or b. you have explicitly consented to the same. To find out more about international transfers by us of your personal data and the countries concerned, please contact our Data Protection Officer.
9 Your rights
9.1 If you have any questions, comments, or requests regarding the processing of your personal data or about this Policy, if you do not accept the Policy, if you wish to withdraw any consent you have given us at any time, or if you wish to update or have access to your personal data, please contact us at:
Attention it to the “Data Privacy Officer”
Office address: Levels 18, No. 206, Sec. 1, Keelung Rd., Xinyi Dist., Taipei City 11071
9.2. Your rights under the PDPA are the following, in accordance with the terms listed in Article 3 of the PDPA:
- a. check whether we hold personal data about you;
- b. access any personal data we hold about you; and
- c. require us to correct any inaccuracy or error in any personal data we hold about you.
9.3 Your rights under the GDPR are the following:
- a. To obtain access to, and copies of, the personal data that we hold about you;
- b. To require that we cease processing your personal data if the processing is causing you damage or distress;
- c. To require us not to send you marketing communications;
- d. To require us to erase your personal data;
- e. To require us to restrict our data processing activities;
- f. To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and
- g. To require us to correct the personal data we hold about you if it is incorrect. Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. If you are located in Europe, to find out more about your rights please refer to the EU regulator in the place where you are located (in the EU). If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact our Data Protection Officer.
9.4. Any request under Clause 9.2 and 9.3 may be subject to a small administrative fee to meet our cost in processing your request.
9.5 All requests for correction or for access to your personal data must be in writing. We will endeavour to respond to you request within 30 days, and if that is not possible, we will inform you of the time by which we will do so.
9.6 We may be prevented by law from complying with any request that you may make. We may also decline any request that you may make if the law permits us to do so.
9.7 In many circumstances, we need to use your personal data in order for us to provide you with products and services which you require or have requested. If you do not provide us with the required personal data, or if you do not accept the Policy or withdraw your consent to our use and/or disclosure of your personal data for these purposes, it may not be possible for us to continue to serve you or provide you with the products and services that you require or have requested.
10. Changes to our Policy
We may amend this Policy from time to time by posting the updated policy on our Sites. By continuing to use our Sites and products and services after the changes come into effect means that you agree to be bound by the revised policy.
In case of discrepancies between the English and other language versions of this policy, the English version shall prevail.
12. General Disclaimer and Limitation of Liability
12.1 To the maximum extent permitted by law, we shall not be liable in any event for any special, exemplary, punitive, indirect, incidental, or consequential damages of any kind or for any loss of reputation or goodwill, whether based in contract, tort (including negligence), equity, strict liability, statute or otherwise, suffered as a result of unauthorized or unintended use, access or disclosure of your personal data.
12.2 Our total aggregate liability to you (if any) for any individual claim or series of connected claims for losses, costs, liabilities or expenses which you may suffer arising out of, or in connection with, any breach of this Policy by GENSO shall be limited to a maximum aggregate value of the combined value of the Digital Currency and E-Money on deposit in your E-Money Wallet and your Digital Currency Wallet at the time of the relevant claim (kindly refer to the User Agreement for definitions of these terms). Where we are considering a specific claim relating to a specific transaction this sum shall be further limited to the purchase / sale amount (as relevant) of the transaction in dispute. We shall not be liable where the said liability has arisen from your negligence, gross negligence or fraud.
12.3 Any dispute, controversy, difference or claim arising out of, relating to, or in connection with this contract, or the breach, termination or invalidity thereof, shall be finally settled by arbitration referred to the Chinese Arbitration Association, Taipei in accordance with the Association's arbitration rules. The Seat of arbitration shall be Taipei, Taiwan. The language of arbitration shall be English. The arbitral award shall be final and binding upon both parties.