Privacy Policy


In this policy, “we,” “us,” “our” means Damasca Limited (BRN: 76517104), [15935857 Canada Inc., and Damasca Pty Ltd (ACN 641 281 307)], trading as Localcoin.


What is the Privacy Policy?

This Privacy Policy (Policy) sets out, in accordance with the Personal Data (Privacy) Ordinance (Cap.486) (PDPO), and other relevant codes of practices, guidance notes issued by the Office of Privacy Commissioner for Personal Data of the Hong Kong Special Administrative Region of the People’s Republic of China (Hong Kong) and any other legal or regulatory requirements (if applicable) (Privacy Law), the way in which we may collect, process, hold, use, disclose, transfer, manage, and protect your Personal Data.

The security of your Personal Data is important to us. We are committed to protecting the privacy, confidentiality, and security of the Personal Data held by us and complying with the requirements of the PDPO and the Privacy Law with respect to the collection, use, and management of Personal Data. We are equally committed to ensuring that our employees and agents uphold these obligations.

We do not provide our products and/or services to young persons under the age of 18, and you shall not provide us with your Personal Data. If a parent or guardian becomes aware that their minor has provided us with information, the parent or guardian should contact us as provided in section 17. We will delete such minor’s information from our files.

Website: When we refer to our Website, it includes localcoinatm.com.hk and all sub-domains.

By:

  • Using and engaging our services generally;
  • Accessing, subscribing to, downloading, or using content or functions of the Website[, mobile app, or other access device] and its services;
  • Requesting information on, enquiring about, using, receiving, or providing feedback in relation to our services (online, in writing, by telephone, or in person); or
  • Otherwise providing, or consenting to the collection of, Personal Data by us or our agents or employees,

After this Policy has been brought to your attention, you acknowledge and consent to the use, collection, processing, holding, storage, or disclosure of your Personal Data by us in accordance with this Policy, the PDPO, and the Privacy Law.

If you do not agree to us handling your Personal Data in the manner set out in this Policy, we will not be able to provide our services to you, and you should not provide us with any Personal Data.

What is Personal Data?

We apply the PDPO definition of Personal Data:

“Personal Data means any data –

  • Relating directly or indirectly to a living individual;
  • From which it is practicable for the identity of the individual to be directly or indirectly ascertained; and
  • In a form in which access to or processing of the data is practicable.”

What kinds of Personal Data might we collect and hold?

The Personal Data we may collect, hold, process, and use about you depends upon your relationship with us, the service you have requested from us, and how you interact with us. This information may vary depending on our specific needs.

Customers and Prospective Customers When you enquire about our services or when you become a client, a record is made which includes your Personal Data. We may collect the following kinds of Personal Data:

  • Personal and contact details, which include your name, gender, address, email address, telephone number, and other identification information (such as your Hong Kong identity card number or passport details);
  • Socio-demographic information such as age, date of birth, occupation, and nationality;
  • Identity documents;
  • Information about how you interact with us, such as details of when you call us, use our services, make an enquiry, provide feedback, or make a complaint;
  • Digital information including location information (if enabled on your devices), IP address, details of the device and software used to access our Websites, mobile app, and digital services;
  • Call records when you contact us (we will let you know at the start of each phone call if the call is being recorded);
  • Information relating to how you use our service such as transactions and transfers within our service;
  • Information required to provide a service or information you have requested; and
  • Any other information relating to you that you provide to us directly.

In some circumstances, we may be required to collect, hold, and process sensitive data (Sensitive Data). Sensitive Data may include but is not limited to data in relation to financial details, wallet information, banking and payment information (such as account numbers and transactions), when used for certain purposes.

We limit the collection of Sensitive Data and when the information is reasonably necessary for, and directly related to, our services and activities and with your consent. Sensitive Data that we collect may include health and medical information (including an individual’s disability). We will treat your Sensitive Data appropriately and with utmost confidentiality and respect.

We will only keep your Sensitive Data if you consent to us doing so, or if we are required or permitted to by law. Your Sensitive Data will not be shared with or transferred to any third party without your consent. If you want us to destroy or de-identify your Sensitive Data, you may request we do so in writing, and unless we are legally required to retain it or it is needed to protect our legal rights, we will do so promptly. This may limit our ability to provide services to you.

Prospective Employees, Volunteers, or Applicants We collect Personal Data when recruiting staff or volunteers, including but not limited to your name, contact details, qualifications, employment history, and information contained in your resume attached to your application. Generally, we will collect this information directly from you.

We may also collect Personal Data from third parties in ways you may reasonably expect (for example, from referees you have nominated or recruitment agencies). Before offering you a position, we may collect additional details such as information necessary to conduct background checks to determine your suitability for certain positions.

Market Research, Marketing, and Visitors to our Website You may visit our Website without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), your Personal Data will be managed in accordance with this Policy.

How do we collect Personal Data?

We collect Personal Data:

  • Directly from you, for example, when you provide that information to us, we contact you, or when you contact us;
  • When providing our services;
  • When you participate in our services, including marketing or promotional activities;
  • When you use our mobile apps (Android or iOS);
  • From third parties who you have authorized to provide us with information; and
  • From publicly available sources such as the internet and social media.

How do we hold, protect, and secure your Personal Data?

We may store your Personal Data digitally and in hard copy.

Digital Personal Data is secured using password-protected computers and databases. Any digital transfer of Personal Data is via secure channels, and any database we manage is only accessible through a local network connection. All confidential documents are securely shredded by a third-party provider after handling and storage is no longer necessary or required for our purposes. Once we receive your Personal Data, we will use strict procedures and security features to try to prevent unauthorized access.

Where we provide you with a service in Hong Kong, we will primarily use data storage providers located in [Hong Kong] such as Google Cloud services. Where appropriate, we have agreements with our storage providers to keep all Personal Data they hold, store, and secure using reasonable and appropriate security methods.

However, as an international organization, we may hold information relating to our services outside Hong Kong. Where this occurs, any information is likely to be held in our office in Canada.

We destroy or de-identify Personal Data in a secure manner when we no longer need it unless a longer retention period is required by applicable laws, rules, and regulations. For example, we generally destroy a record about a complaint after 7 years from when the complaint was resolved. For records received during the recruitment process, we will retain data of unsuccessful job applicants for a period not longer than two years from the date of rejection, unless the law requires otherwise.

We conduct regular audits of our compliance with this Policy, the PDPO, and Privacy Law to ensure that our privacy framework is in line with industry best practices.

Why do we collect, hold, use, process, and disclose Personal Data?

We collect Personal Data for a number of reasons, including:

  • Facilitating, maintaining, managing, and operating the daily operation of our products and/or services provided to you;
  • Verifying your identity for the purposes of providing our products and/or services to you;
  • Providing you or a third party with our services or information about our services;
  • Sending communications you request or contacting you and responding to your enquiries;
  • Providing third parties with information about you and your activities for the purpose of providing our products and/or services to you;
  • Ensuring consistency of service across our business and other internal business purposes;
  • Developing or refining our services as well as tailoring our services;
  • Notifying you about changes to our Website, services, or activities we offer or provide via our Website;
  • Providing you with marketing material or contacting you in relation to our business, networking, or promotional activities;
  • Assessing or investigating any complaints;
  • Publishing testimonials you provide us; and
  • Internal corporate purposes, corporate governance, auditing, and record-keeping.

Our use of Personal Data may extend beyond the uses described but will be restricted to purposes related to our functions and activities. For example, we may disclose your Personal Data as part of a corporate restructure or sale of our business.

We do not collect your Personal Data for the purpose of selling or providing it to third parties to directly market their services to you.

What do we do with your Personal Data?

If we collect Personal Data, we may:

  • Use that information for the purposes stated in this Policy and directly related purposes;
  • Hold, store, use, handle, and process that information in accordance with this Policy;
  • Pass your Personal Data to any of our parent, subsidiaries, and affiliates for purposes stated in this Policy and directly related purposes;
  • Pass that information amongst entities we work with, our members, associated organizations, business partners, or affiliates (such as digital assets liquidity and infrastructure providers, wallet providers, cloud providers, and/or agencies clearing payments);
  • Pass that information to third parties who provide products or services to us (including our bank(s), financial institution(s), payment provider(s), accountants, auditors, lawyers, IT contractors, and other service providers); and
  • Provide that information to third parties as required or allowed by law.

We will adopt contractual or other means to ensure the agents, contractors, or other third-party data processors who process Personal Data on behalf of us will take all reasonable steps to (a) keep all Personal Data secure against unauthorized or accidental access, processing, erasure, loss, or use of the data transferred; and (b) ensure any Personal Data transferred will not be kept longer than is necessary.

Do you use my information for Direct Marketing?

Where you have given consent and have not subsequently opted out, we may use your Personal Data to communicate directly with you to promote our services.

We use direct marketing to provide you with information about our services that we believe you may be interested in.

If you receive direct marketing material from us, and do not wish to continue receiving it, please contact us by any of the methods stated in this Policy, asking to be removed from all future direct marketing programs. Once we have received your opt-out request, we will remove you from our direct marketing programs as soon as reasonably practicable.

What about Cookies, Pixels, and Analytics?

When you access our Website, mobile apps, or social media channels, or when you use our services and products, we may receive information about you via automated methods, including (but not limited to) the use of a ‘cookie,’ a ‘pixel,’ or from other analytics software.

These are tools that our web server or mobile apps may direct your traffic to, send to your mobile, computer, or embed on a website when you visit our Website. These tools help us provide services and products to you, recognize when you re-visit the Website, show you customized content, and optimize your experience.

We generally do not collect Personal Data through these tools, though we may be able to access your IP address and information about your computer.

You may be able to change the settings of your browser so that Cookies are not accepted generally or so that you are provided with options to accept or reject them as they are sent to your browser. [However, do note that when you disable ‘cookies’ and ‘pixel’, it may limit certain features and functions in your use of our Website.]

Do we ever send your information overseas?

As an organization located internationally, your Personal Data will be transferred and stored in cloud servers (such as Google Suite of products) which may be located overseas, most likely in the United States of America and Canada. For more details, please refer to paragraph 5.3.

We may upload images and/or footage to our social media accounts or Website. The social media accounts and Website may be hosted on an overseas server.

Where applicable, in the event that your information is sent overseas, we will use our best endeavors, adopting contractual or other means to ensure that any overseas supplier, third-party data processors who process Personal Data on behalf of us, agents, or contractors will take all reasonable steps to:

  • Keep all Personal Data secure against unauthorized or accidental access, processing, erasure, loss, or use of the data transferred;
  • Ensure any Personal Data transferred will not be kept longer than is necessary.

Can you access your Personal Data or request it be corrected?

You may request access to the Personal Data that we hold about you by contacting us.

We will not provide you with access to Personal Data if we cannot verify your identity. An administrative fee may be charged to cover our costs in providing you with access to your Personal Data. This fee will be explained to you before it is incurred.

We will respond to your access request within a reasonable time by:

  • Providing you with access to your Personal Data;
  • Rejecting your access request, and providing you reasons for this rejection.

Access requests may be denied where:

  • We are unable to verify your identity;
  • The request is not in writing in the English or Chinese language;
  • The request follows two or more similar requests, and it is unreasonable for us to comply with the request in the circumstances;
  • We are entitled to reject your request by law;
  • You have not paid the administrative fee (if any).

If you believe that the Personal Data that we hold is inaccurate or otherwise requires correction, you may send us a correction request by contacting us. We will review your Personal Data and respond to the request within a reasonable period of time.

You may also request to delete your Personal Data by contacting us, with the exception that we may refuse your deletion request in certain circumstances, such as compliance with law or legal purposes. Please be noted that if you delete all or some of your Personal Data, we may be unable to provide you with certain aspects of our products and/or services.

Other Personal Data

We may collect Personal Data about other individuals who are not our customers, such as members of the public who participate in events we are involved with, service providers and contractors to support, and other individuals who interact with us on a commercial basis. The kinds of Personal Data we collect will depend on the capacity in which you are dealing with us. Generally, it would include your name, contact details, and information about our interactions with you.

What happens if you want to deal with us anonymously or using a pseudonym?

You can contact us anonymously or use a pseudonym. If you do so, we may not be able to provide you with accurate or useful information, and you may not be able to access a full range of our services, and we may not be able to investigate incidents or complaints you have made because we do not know who you are.

Corporate Restructure, Sale, or Transfer of Business

If we restructure our business, undergo a change of control, or we sell or negotiate the sale of our business to a buyer or prospective buyer, we may share your Personal Data with a third party, buyer, or prospective buyer. We will ensure the confidentiality of your Personal Data is maintained in accordance with this Policy.

If your Personal Data is transferred to the buyer or becomes subject to a different Privacy Policy, we will give notice to you by:

  • Notice posted on our Website;
  • Notice posted to our social media;
  • By electronic means, either email, text message, or other similar method; or
  • By ordinary pre-paid post.

You expressly consent to us issuing that notice via such methods.

Third-Party Websites

Our Website and mobile applications may contain links to third-party websites which are not maintained by us. These other websites are independent from our Website. This Policy only applies to our Hong Kong website. When visiting or linking to third-party websites, please read the privacy policies which will apply to your use of third-party websites.

Can this Policy change?

From time to time, we may make changes to this Policy. [When we do, we will highlight those changes in yellow highlight for a period of 14 days.]/[We will make available the updated Policy on our Website.] [Localcoin to confirm which option.] Please make sure you review our Policy each time you visit our Website to keep up to date on any changes. All communications, transactions, and dealings with us shall be subject to the latest version of this Policy in force at the time.

What happens if you have a question or complaint about how we have handled your Personal Data?

If you have a question or complaint, you can raise it with us by:

Email: [email protected]

We take all complaints seriously and will respond to you within a reasonable period, usually 30 days, unless we consider your complaint to be frivolous or vexatious or if we are unable to verify your identity.

If you are not satisfied with the way we have handled your complaint, you can make a complaint to the Office of the Privacy Commissioner for Personal Data, Hong Kong at [email protected]