Choose your appropriate geographic jurisdiction.
Your privacy is important to us. At [Hex] (“we”, “us” or “our”), we are committed to protecting the privacy, confidentiality and security of the personal information we collect and hold by complying with the requirements under the Hong Kong Privacy (Data Protection) Ordinance (Chapter 486 of the Laws of Hong Kong) (“PDPO”). We are equally committed to ensuring that all our employees and agents uphold these obligations.
This policy explains how we manage personal information within our organisation. It applies to us and all of our related companies, affiliates and associates.
We collect personal information from you in the following circumstances: when you register an account with us; order products or services from us; subscribe to our newsletter; or complete any application form to us or submit a query or request to us. In some cases, we may be required by law to collect personal information about you. The personal information will generally be acquired through our channels, but we may however obtain information through a third party, such as representatives, agents or contractors who provide services to us, or third parties whom may refer you to us as they think you may be interested in our products or services.
The kinds of personal information that we collect and hold about you may include:
Without this information, we may not be able to provide you with our products or services (or with all of the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.
We use personal data that we collect about you for the following purposes:
EEA Residents: For individuals who reside in the European Economic Area (including the United Kingdom) or Switzerland (collectively “EEA Residents”), pursuant to Article 6 of the EU General Data Protection Regulation (GDPR) or any equivalent legislation (collectively “EEA Data Protection Law”), we process this personal information based on our contract with you to comply with our legal obligations, to satisfy our legitimate interests as described above and to satisfy on your consent.
We may share personal information about you with:
Under this privacy policy, you consent to your personal information being disclosed in such circumstances.
In some cases, the people to whom we disclose your personal information may be located overseas. There may not be in place data protection laws which are substantially similar to, or serve the same purposes as Hong Kong. As such, your personal information may not be protected to the same or similar extent as in Hong Kong.
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.We offer the use of a secure server. All personal information provided to us is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our database, which can only be accessed by those with special access rights to our systems, and are required to keep the information confidential. We update these physical and technical security processes and procedures from time to time to address new and emerging security threats that you become aware of.
Yes, however your personal data will not be kept longer than required.
We may retain your personal information for a period of at least seven (7) years from the date on which we collect the information until the last transaction is completed with you or our relationship ends (whichever occurs last). At our discretion, we may retain personal data for longer than this period if we consider it necessary or desirable to do so to meet our legal or regulatory obligations.
Yes. If you want to access any of the personal information that we hold about you or to correct some aspect of it (e.g. because you think it is incomplete or incorrect), please contact us using the contact details set out below. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.
Even if you do not request access to and/or correct your personal data held by us, if we are satisfied that, having regard to the reasons for which we hold your personal data, that personal data is inaccurate, incomplete, out-of-date, irrelevant or misleading, we may take reasonable steps to correct that data.
Yes, we use cookies on our website/platform to monitor and observe your use of our websites, compile aggregate data about that use, and provide you with more effective service (which may include customising parts of our websites based on your preferences and past activities on those websites). “Cookies” are small text files created and stored on your hard drive by your internet browser software, in order to hold relevant information and the webpage you are currently viewing. Most internet browsers have a facility that will allow you to disable cookies altogether – please refer to your browser’s help menu to find out how to do this. While you will still be able to browse our websites with cookies disabled on your internet browser, some website functionality may not be available or may not function correctly.
Occasionally, at our discretion, we may include links to third party products or services on our website. These third-party sites have separate and independent privacy policies. Further, we do not verify their content. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
By using our site, providing personal information and/or using any of our products or services, you agree that you consent to our privacy policy, as updated from time to time.
We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will be available at kyc.hexcustody.com/privacy-policy.html
If you are a resident of the European Economic Area (the “EEA”), we are the controller with respect to your personal information. We determine the means and purposes of processing data in relation to e-wallet and cryptocurrency transactions.
Our legal bases for processing under General Data Protection Regulation are described above in the sections entitled “What do we use your personal information for?”. We may process your personal information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, our rights or safety and our customers or others.
If you are a current customer residing in the EEA, we will only contact you by electronic means (email) with information about our services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.
If you are a new customer and located in the EEA, we will contact you if you are located in the EU by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to use your personal information in this way, or to pass your personal information on to third parties for marketing purposes, please contact us to opt-out immediately. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services
EEA users have the following rights, which can be exercised by contacting us:
We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact us by using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation.
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Hong Kong Privacy Commissioner for Personal Data.
If you want any further information from us on privacy matters, please contact us at: ops@hexcustody.com
Hex Trust cannot guarantee the value of Virtual Assets and does not provide such assurance. You acknowledge and agree that the value of Virtual Assets is highly volatile, and trading or holding them involves a significant risk of loss. The value of virtual assets can fluctuate rapidly and may even decline to zero. Additionally, virtual assets may not be transferable or liquid, and there may be instances of fraud, manipulation, theft, or loss. Please note that Hex Trust never requests users to disclose their account passwords, online banking or ATM passwords, debit/credit card CVV numbers, or to make payments in person or via cash deposits or money transfers (Western Union, MoneyGram, etc.).
Hex Trust is concerned to ensure that all personal data submitted through Hex Trust website www.hextrust.com (“Hex Trust Website”) are handled in strict adherence to the internal Privacy policy.
Hex Trust will record the visits to Hex Trust Website by using cookies and page tagging without collecting any personal identifiable information of users.
A cookie is a small amount of data created in a computer when a person visits a website. It often includes an anonymous unique identifier. A cookie can be used to identify a device. It, however, is not used to collect any personal information. In other words, it does not have the function of identifying an individual user of the website. Cookies are used by Hex Trust to collect statistics about the number of visits of users to Hex Trust Website and the users’ preference of websites and online services offered on Hex Trust. Cookies are also used as set out below under the caption “Google Analytics”. You may choose to accept or reject cookies. If you reject the cookies, you will not be able to use some of the functions of Hex Trust , such as saving your preferences in using Hex Trust Website and accessing some online services on Hex Trust Website.
Hex Trust uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Download Google Analytics Opt-out Browser Add-on
Javascript and pixel tags are used to collect statistics on customer usage patterns of Hex Trust Website and Hex Trust online services offered on Hex Trust Website; and for tracking the performance of our online advertisements. A pixel tag is a transparent image placed on certain webpages to collect data on user activities. The collected data are aggregated and analysed for measuring the effectiveness, improving the usability of Hex Trust Website and the services provided on GovHK. No personal or identifiable information about a visitor would be collected. You may disable JavaScript on your device. Disabling JavaScript should not affect your access to Hex Trust Website, but you will not be able to use some of Hex Trust Website functions, such as changing text size and accessing Hex Trust online services offered through Hex Trust Website.
For different purposes and at different times you may be invited to provide personal data to Hex Trust through Hex Trust Website on a voluntary basis. Personal information may include your name, company name, telephone number or e-mail address. Hex Trust will specify the collection purpose and intended usage of your data when it invites you to provide such information. Unless permitted or required by law, Hex Trust will not disclose your personal data to any third parties without your prior consent. Hex Trust Website uses SSL protocol to encrypt data during network transmission to protect your personal data. All personal data you provide to Hex Trust via Hex Trust Website are secured, and access to them is restricted to authorised personnel only.
Reach out to us at privacy@hextrust.com for any general privacy related enquiries.
Reach out to us at privacy.italy@hextrust.com for any Italy privacy related enquiries.
Our e-mail message (including any attachments) is intended only for the named recipient(s). It may contain confidential information that is privileged or that constitutes attorney work product. We do not waive confidentiality if you have received this communication in error. Email from and to this address may be subject to monitoring and archiving procedures by Hex Trust. If you are not the intended recipient or you have received this e-mail in error, you are hereby notified that any use, dissemination, distribution, copying or any action taken in reliance of the content of this e-mail and any attachment(s) is STRICTLY PROHIBITED. In addition, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system.
All content in our email messages has been obtained from sources deemed to be reliable, but is subject to unintentional errors, omissions and changes without notice, and is not warranted by Hex Trust as to its accuracy or completeness and Hex Trust does not accept liability for any errors or omissions in the contents of its emails that arise as a result of email transmission. It is the responsibility of the recipients to independently confirm its accuracy and completeness. The sender undertakes no obligation to update or correct the information in any of its emails.
Any views or opinions presented are solely those of the author and do not necessarily represent those of Hex Trust. This message is for general information purposes only, and it is not and does not constitute any investment advice, offer to perform investment advisory services, any solicitation or offer to buy or sell any assets or financial product or instrument or an official confirmation of any transaction in any jurisdiction. You should not rely on the information contained herein, and should rely solely on, and carefully read, the appropriate offering and related subscription materials relating to any specific investment product before making any investment decision. To the extent the contents hereof contain performance data, please be advised that past performance is not indicative of future results. Any investment in digital asset involve significant risks (including but not limited to digital assets may decrease in value over time and/or lose all monetary value), all of which you should fully acknowledge and assume before making any investment.
The instruments that Hex Trust invests in, finances, intermediates or risk-transfers are not suitable for all investors and trading in these instruments is considered risky and is appropriate only for institutional investors. All offering of services will be subject to Hex Trust policies and procedures, including ongoing credit and risk approvals and subject to change at any time. Any information contained herein or attached about Hex Trust products or services is for use by institutional investors only.
VL/23/08/002
Virtual Assets Custody Services - Authorised to serve Institutional Investors and Qualified Investors.
Office 426, Level 4, Convention Tower, Dubai World Trade Centre, Dubai, UAE.
Responsible Individuals: Alessio Quaglini, Filippo Buzzi
Compliance Officer and Money Laundering Officer: Miles Corney
View our Knowledge Base here.
View Our VA Standards here.
This Risk Disclosure Statement provides Clients with critical information regarding the risks associated with Virtual Assets. Clients are strongly encouraged to carefully read and fully understand this statement before engaging in any products or services offered by Hex Trust.
This statement does not purport to disclose all risks associated with Virtual Assets but offers a high-level overview of material risks to assist Clients in making informed decisions. Clients should conduct their own due diligence, seek independent professional advice where appropriate, and carefully consider their financial situation, objectives, experience, and risk tolerance before engaging in Virtual Asset activities.
Engaging in Virtual Asset activities involves significant risks, including but not limited to the following:
Virtual Assets are subject to high levels of price volatility and market uncertainty. Unlike traditional fiat currencies or regulated financial instruments, Virtual Assets often lack intrinsic value foundations, making their valuations susceptible to speculation, sentiment, and market dynamics.
Historically, Virtual Assets have demonstrated extreme price fluctuations over short periods, sometimes driven by limited liquidity, speculative trading, regulatory announcements, technological developments, or broader economic factors. As a result, Clients should be prepared to sustain substantial losses, including the possibility of a total loss of value.
Virtual Asset transfers may not always be possible or may encounter restrictions. Some Virtual Assets may have compatibility issues between different blockchain protocols, wallet formats, or platform requirements. Additionally, once a transaction is broadcast and confirmed on a blockchain network, it is typically irreversible.
Errors in inputting wallet addresses, incorrect transfer details, or fraud by malicious actors may result in a permanent loss of Virtual Assets without recourse or recovery options.
Liquidity risk refers to the difficulty in selling, exchanging, or realizing value for Virtual Assets at desirable prices. Not all Virtual Assets have active or deep secondary markets. In times of market stress or for niche or emerging Virtual Assets, liquidity may evaporate quickly, resulting in difficulty executing trades or converting assets to cash.
Limited liquidity can exacerbate price volatility, widen bid-ask spreads, and delay trade execution.
Transactions involving Virtual Assets are typically recorded on public Distributed Ledger Technologies (DLTs), such as blockchains, which are transparent and immutable. While public blockchains often do not record personal identifying information directly, wallet addresses and transaction histories are publicly visible and may be linked to individuals or organizations through blockchain analytics or regulatory reporting measures.
This transparency may conflict with Clients’ expectations of privacy and could expose transactional histories to regulatory authorities, cyber attackers, competitors, or other third parties.
The digital and decentralized nature of Virtual Assets exposes them to heightened risks of fraud, market manipulation, theft, hacking, and cybercrime. Unlike traditional financial systems, the Virtual Asset ecosystem often lacks the robust consumer protections and regulatory safeguards that protect investors in fiat or securities markets.
Holders of Virtual Assets rely heavily on the security of private keys and wallet integrity. Loss of private keys due to negligence, theft, hacking, or fraud can result in permanent loss of access to Virtual Assets. Moreover, in many cases, there are no legal mechanisms for reversing unauthorized transactions or recovering stolen Virtual Assets.
Client Virtual Assets ("Client VAs") held by Hex Trust MENA FZE benefit from any form of deposit protection or guarantee scheme offered by the Virtual Assets Regulatory Authority or any other component authority in the United Arab Emirates.
If you have any questions regarding this Risk Disclosure Statement or wish to seek further clarification about Virtual Asset risks, please contact us at hello@hextrust.com.
At Hex Trust MENA FZE, we are committed to ensuring a fair, transparent, and responsive process for addressing client complaints in accordance with regulatory requirements. We value client feedback and view it as an essential part of maintaining trust and continuously improving our services.
We have made it easy for you to submit a complaint. You may:
We accept complaints through multiple channels and formats to ensure accessibility. You are not required to use a specific form for your complaint to be recognized.
If your complaint involves a third-party service provider linked to our Virtual Asset Activities, we will work directly with the third party to address your concerns. However, we will remain responsible for ensuring your complaint is fully resolved.
We do not impose any fees or charges for submitting or handling complaints.
At Hex Trust MENA FZE, client satisfaction and regulatory compliance are of utmost importance. We are committed to addressing all concerns promptly, fairly, and professionally.
For any queries regarding our complaints handling process, please contact us at complaints.mena@hextrust.com.
At Hex Trust MENA FZE, we are committed to conducting our business with the highest standards of integrity, transparency, and ethical conduct. We recognise that maintaining the trust and confidence of our clients, partners, employees, and stakeholders is critical to our success. As part of this commitment, we have implemented a robust Anti-Bribery and Corruption Policy that reflects our strict zero-tolerance approach to any form of bribery or corruption.
The Company, its Board of Directors, and all Staff must act professionally, fairly, and with integrity in all business dealings and relationships, both internally and externally. We expect the same high standards from all third parties acting on our behalf.
Failure to comply with our Anti-Bribery and Corruption Policy will result in immediate disciplinary action, including the potential termination of employment without notice. In addition, any instances of non-compliance must be immediately reported to the Virtual Asset Regulatory Authority (VARA) for evaluation, in line with our regulatory obligations.
We remain fully committed to upholding a culture of integrity and ensuring that bribery and corruption have no place in any aspect of our operations.
At Hex Trust MENA FZE, we are committed to upholding the highest standards of integrity, transparency, and ethical conduct across all areas of our operations. We foster a culture of accountability and compliance, encouraging all employees, stakeholders, and business partners to adhere to the principles that define our organization.
Maintaining an open and ethical environment is vital to our success and to maintaining the trust of our clients, employees, regulators, and partners. To support this, we have implemented a comprehensive Whistleblowing Policy that enables the reporting of any suspected misconduct, unethical behaviour, or regulatory violations.
Hex Trust MENA FZE actively encourages all employees, contractors, vendors, clients, and other stakeholders to report concerns or suspected wrongdoing, including but not limited to:
Reports may be made openly, confidentially, or anonymously. While we encourage open or confidential reporting to facilitate effective investigation and remediation, we also recognize that some individuals may prefer to report anonymously. In such cases, whistleblowers are asked to provide sufficient detail or supporting evidence to allow a responsible investigation to proceed.
Hex Trust MENA FZE has a strict zero-tolerance policy against retaliation. Any individual who reports a concern in good faith will be fully protected from any form of adverse action, discrimination, harassment, or retribution. Protection extends not only to the identity of the whistleblower but also to any identifying information that could indirectly reveal their identity, recognising that certain facts may act as a "signature."
All concerns reported will be treated with the highest degree of confidentiality and sensitivity. Investigations will be conducted thoroughly, fairly, and impartially, and where misconduct is substantiated, appropriate corrective and disciplinary actions will be taken.
No final finding of misconduct will be made solely based on anonymous allegations unless they are independently corroborated through investigation.
Hex Trust MENA FZE provides secure and confidential channels for whistleblowers to raise concerns safely.
If you suspect wrongdoing, unethical behaviour, or regulatory non-compliance, you can report your concerns securely via:
Email: whistleblowing@hextrust.com
All concerns will be escalated appropriately and handled by designated Compliance and Risk Officers to ensure a professional and impartial review.
At Hex Trust MENA FZE, we value and appreciate the essential role whistleblowers play in safeguarding our organisation’s ethical foundation. Your voice helps protect our integrity, ensure regulatory compliance, and build a stronger, more transparent future.
At Hex Trust MENA FZE ("Hex Trust MENA"), we are committed to maintaining the highest standards of integrity, transparency, and regulatory compliance. As a regulated entity authorised by the Virtual Assets Regulatory Authority (VARA) in the Emirates of Dubai to provide Custody Services, we recognise the critical importance of identifying, managing, and mitigating any actual, potential, or perceived conflicts of interest that may arise in the course of our operations.
Hex Trust MENA has established a comprehensive Conflicts of Interest Policy designed to:
We are committed to acting honestly, fairly, and professionally in accordance with the best interests of our clients at all times.
We have implemented the following key measures to ensure transparency, fairness, and client protection:
Client assets are held in segregated custody accounts, separate from the firm's own assets, ensuring clear asset ownership and eliminating risk of misuse.
Our risk and compliance frameworks provide for independent oversight by senior management and committees, ensuring objective decision-making and escalation procedures.
Hex Trust MENA does not provide preferential treatment to any client. All clients are treated fairly and equitably under consistent operational standards.
Hex Trust MENA does not engage in proprietary trading of Virtual Assets. Our sole focus is on safeguarding client assets in a neutral and conflict-free manner.
Employees are required to comply with a Code of Conduct that mandates disclosure of external interests, prohibits personal trading that could give rise to conflicts, and requires immediate reporting of any potential conflict situations.
Staff undergo regular training on conflicts of interest, ethical behaviour, and regulatory obligations to reinforce a culture of compliance and client-first responsibility.
Where an unavoidable conflict of interest is identified that cannot be fully eliminated, Hex Trust MENA will:
In all cases, we prioritise client protection, fairness, and regulatory compliance in line with VARA expectations and principles.
At the time of this statement, Hex Trust MENA FZE confirms that it has no known actual or material conflicts of interest arising from its custodial activities.
We remain committed to operating with full transparency and integrity, upholding the trust placed in us by our clients, regulators, and stakeholders.
Hex Trust MENA FZE ("Hex Trust MENA") confirms that it does not maintain any client accounts, funds, or Virtual Assets with third parties.
All client assets are held directly under Hex Trust MENA’s custody, fully segregated from the firm's own assets, and maintained in accordance with our regulatory obligations.
We ensure full control, transparency, and protection of client assets through robust custody operations, comprehensive internal controls, and adherence to the highest standards of security, governance, and regulatory compliance.
VL/23/08/003
Broker-Dealer Services and Management and Investment Services - Authorised to serve Institutional Investors and Qualified Investors.
Office 425, Level 4, Convention Tower, Dubai World Trade Centre, Dubai, UAE.
Responsible Individuals: Alessio Quaglini, Filippo Buzzi
Compliance Officer and Money Laundering Officer: Miles Corney
View our Knowledge Base here.
View Our VA Standards here.
HT Markets MENA FZE determines the prices of Virtual Assets quoted to clients using a combination of real-time data from multiple Tier-1 liquidity providers, market makers, and exchanges. Pricing is derived algorithmically by aggregating bid/ask spreads and order book depth to ensure fair market value, with applied spreads disclosed to clients where relevant.
HT Markets MENA FZE routes client orders to a network of liquidity providers and OTC counterparties based on best execution principles, which consider price, speed, reliability, and settlement risk. As of the date of this disclosure, no single liquidity source accounts for 20% or more of routed client orders on a sustained basis.
HT Markets MENA FZE does not currently hold or maintain client funds or Virtual Assets, nor does it provide clearing or settlement services on behalf of other VASPs offering Broker-Dealer Services.
HT Markets MENA FZE does not hold client Virtual Assets or fiat funds directly. All client assets are held in segregated accounts under the custody of Hex Trust MENA FZE, an affiliated and regulated entity licensed to provide Virtual Asset Custody Services under the VARA framework. These arrangements are structured to ensure that client ownership is fully protected, with legal title and beneficial ownership remaining with the client at all times.
HT Markets MENA FZE does not maintain any accounts, funds, or Virtual Assets with third-party custodians or intermediaries. All client asset arrangements are conducted through internal group infrastructure and regulated counterparties, including Hex Trust MENA FZE, in accordance with applicable regulatory obligations.
This Risk Disclosure Statement provides Clients with critical information regarding the risks associated with Virtual Assets. Clients are strongly encouraged to carefully read and fully understand this statement before engaging in any products or services offered by Hex Trust.
This statement does not purport to disclose all risks associated with Virtual Assets but offers a high-level overview of material risks to assist Clients in making informed decisions. Clients should conduct their own due diligence, seek independent professional advice where appropriate, and carefully consider their financial situation, objectives, experience, and risk tolerance before engaging in Virtual Asset activities.
Engaging in Virtual Asset activities involves significant risks, including but not limited to the following:
Virtual Assets are subject to high levels of price volatility and market uncertainty. Unlike traditional fiat currencies or regulated financial instruments, Virtual Assets often lack intrinsic value foundations, making their valuations susceptible to speculation, sentiment, and market dynamics.
Historically, Virtual Assets have demonstrated extreme price fluctuations over short periods, sometimes driven by limited liquidity, speculative trading, regulatory announcements, technological developments, or broader economic factors. As a result, Clients should be prepared to sustain substantial losses, including the possibility of a total loss of value.
Virtual Asset transfers may not always be possible or may encounter restrictions. Some Virtual Assets may have compatibility issues between different blockchain protocols, wallet formats, or platform requirements. Additionally, once a transaction is broadcast and confirmed on a blockchain network, it is typically irreversible.
Errors in inputting wallet addresses, incorrect transfer details, or fraud by malicious actors may result in a permanent loss of Virtual Assets without recourse or recovery options.
Liquidity risk refers to the difficulty in selling, exchanging, or realizing value for Virtual Assets at desirable prices. Not all Virtual Assets have active or deep secondary markets. In times of market stress or for niche or emerging Virtual Assets, liquidity may evaporate quickly, resulting in difficulty executing trades or converting assets to cash.
Limited liquidity can exacerbate price volatility, widen bid-ask spreads, and delay trade execution.
Transactions involving Virtual Assets are typically recorded on public Distributed Ledger Technologies (DLTs), such as blockchains, which are transparent and immutable. While public blockchains often do not record personal identifying information directly, wallet addresses and transaction histories are publicly visible and may be linked to individuals or organizations through blockchain analytics or regulatory reporting measures.
This transparency may conflict with Clients’ expectations of privacy and could expose transactional histories to regulatory authorities, cyber attackers, competitors, or other third parties.
The digital and decentralized nature of Virtual Assets exposes them to heightened risks of fraud, market manipulation, theft, hacking, and cybercrime. Unlike traditional financial systems, the Virtual Asset ecosystem often lacks the robust consumer protections and regulatory safeguards that protect investors in fiat or securities markets.
Holders of Virtual Assets rely heavily on the security of private keys and wallet integrity. Loss of private keys due to negligence, theft, hacking, or fraud can result in permanent loss of access to Virtual Assets. Moreover, in many cases, there are no legal mechanisms for reversing unauthorized transactions or recovering stolen Virtual Assets.
Client Virtual Assets ("Client VAs") held by Hex Trust MENA FZE benefit from any form of deposit protection or guarantee scheme offered by the Virtual Assets Regulatory Authority or any other component authority in the United Arab Emirates.
If you have any questions regarding this Risk Disclosure Statement or wish to seek further clarification about Virtual Asset risks, please contact us at hello@hextrust.com.
At Hex Trust MENA FZE, we are committed to ensuring a fair, transparent, and responsive process for addressing client complaints in accordance with regulatory requirements. We value client feedback and view it as an essential part of maintaining trust and continuously improving our services.
We have made it easy for you to submit a complaint. You may:
We accept complaints through multiple channels and formats to ensure accessibility. You are not required to use a specific form for your complaint to be recognized.
If your complaint involves a third-party service provider linked to our Virtual Asset Activities, we will work directly with the third party to address your concerns. However, we will remain responsible for ensuring your complaint is fully resolved.
We do not impose any fees or charges for submitting or handling complaints.
At Hex Trust MENA FZE, client satisfaction and regulatory compliance are of utmost importance. We are committed to addressing all concerns promptly, fairly, and professionally.
For any queries regarding our complaints handling process, please contact us at complaints.mena@hextrust.com.
At Hex Trust MENA FZE, we are committed to conducting our business with the highest standards of integrity, transparency, and ethical conduct. We recognise that maintaining the trust and confidence of our clients, partners, employees, and stakeholders is critical to our success. As part of this commitment, we have implemented a robust Anti-Bribery and Corruption Policy that reflects our strict zero-tolerance approach to any form of bribery or corruption.
The Company, its Board of Directors, and all Staff must act professionally, fairly, and with integrity in all business dealings and relationships, both internally and externally. We expect the same high standards from all third parties acting on our behalf.
Failure to comply with our Anti-Bribery and Corruption Policy will result in immediate disciplinary action, including the potential termination of employment without notice. In addition, any instances of non-compliance must be immediately reported to the Virtual Asset Regulatory Authority (VARA) for evaluation, in line with our regulatory obligations.
We remain fully committed to upholding a culture of integrity and ensuring that bribery and corruption have no place in any aspect of our operations.
At Hex Trust MENA FZE, we are committed to upholding the highest standards of integrity, transparency, and ethical conduct across all areas of our operations. We foster a culture of accountability and compliance, encouraging all employees, stakeholders, and business partners to adhere to the principles that define our organization.
Maintaining an open and ethical environment is vital to our success and to maintaining the trust of our clients, employees, regulators, and partners. To support this, we have implemented a comprehensive Whistleblowing Policy that enables the reporting of any suspected misconduct, unethical behaviour, or regulatory violations.
Hex Trust MENA FZE actively encourages all employees, contractors, vendors, clients, and other stakeholders to report concerns or suspected wrongdoing, including but not limited to:
Reports may be made openly, confidentially, or anonymously. While we encourage open or confidential reporting to facilitate effective investigation and remediation, we also recognize that some individuals may prefer to report anonymously. In such cases, whistleblowers are asked to provide sufficient detail or supporting evidence to allow a responsible investigation to proceed.
Hex Trust MENA FZE has a strict zero-tolerance policy against retaliation. Any individual who reports a concern in good faith will be fully protected from any form of adverse action, discrimination, harassment, or retribution. Protection extends not only to the identity of the whistleblower but also to any identifying information that could indirectly reveal their identity, recognising that certain facts may act as a "signature."
All concerns reported will be treated with the highest degree of confidentiality and sensitivity. Investigations will be conducted thoroughly, fairly, and impartially, and where misconduct is substantiated, appropriate corrective and disciplinary actions will be taken.
No final finding of misconduct will be made solely based on anonymous allegations unless they are independently corroborated through investigation.
Hex Trust MENA FZE provides secure and confidential channels for whistleblowers to raise concerns safely.
If you suspect wrongdoing, unethical behaviour, or regulatory non-compliance, you can report your concerns securely via:
Email: whistleblowing@hextrust.com
Internal Reporting Form
All concerns will be escalated appropriately and handled by designated Compliance and Risk Officers to ensure a professional and impartial review.
At Hex Trust MENA FZE, we value and appreciate the essential role whistleblowers play in safeguarding our organisation’s ethical foundation. Your voice helps protect our integrity, ensure regulatory compliance, and build a stronger, more transparent future.
At Hex Trust MENA FZE ("Hex Trust MENA"), we are committed to maintaining the highest standards of integrity, transparency, and regulatory compliance. As a regulated entity authorised by the Virtual Assets Regulatory Authority (VARA) in the Emirates of Dubai to provide Custody Services, we recognise the critical importance of identifying, managing, and mitigating any actual, potential, or perceived conflicts of interest that may arise in the course of our operations.
Hex Trust MENA has established a comprehensive Conflicts of Interest Policy designed to:
We are committed to acting honestly, fairly, and professionally in accordance with the best interests of our clients at all times.
We have implemented the following key measures to ensure transparency, fairness, and client protection:
Client assets are held in segregated custody accounts, separate from the firm's own assets, ensuring clear asset ownership and eliminating risk of misuse.
Our risk and compliance frameworks provide for independent oversight by senior management and committees, ensuring objective decision-making and escalation procedures.
Hex Trust MENA does not provide preferential treatment to any client. All clients are treated fairly and equitably under consistent operational standards.
Hex Trust MENA does not engage in proprietary trading of Virtual Assets. Our sole focus is on safeguarding client assets in a neutral and conflict-free manner.
Employees are required to comply with a Code of Conduct that mandates disclosure of external interests, prohibits personal trading that could give rise to conflicts, and requires immediate reporting of any potential conflict situations.
Staff undergo regular training on conflicts of interest, ethical behaviour, and regulatory obligations to reinforce a culture of compliance and client-first responsibility.
Where an unavoidable conflict of interest is identified that cannot be fully eliminated, Hex Trust MENA will:
In all cases, we prioritise client protection, fairness, and regulatory compliance in line with VARA expectations and principles.
At the time of this statement, Hex Trust MENA FZE confirms that it has no known actual or material conflicts of interest arising from its custodial activities.
We remain committed to operating with full transparency and integrity, upholding the trust placed in us by our clients, regulators, and stakeholders.
Hex Trust MENA FZE ("Hex Trust MENA") confirms that it does not maintain any client accounts, funds, or Virtual Assets with third parties.
All client assets are held directly under Hex Trust MENA’s custody, fully segregated from the firm's own assets, and maintained in accordance with our regulatory obligations.
We ensure full control, transparency, and protection of client assets through robust custody operations, comprehensive internal controls, and adherence to the highest standards of security, governance, and regulatory compliance.
Hex Trust MENA FZE undertakes comprehensive due diligence to guarantee the adherence of all supported Virtual Assets to our VA Standards. The considerations we take into account for each virtual asset are those listed in the following list. In the best interest of our valued Clients, we recommend familiarising themselves with the available standards pertaining to all supported virtual assets.
For each Virtual Asset we take into consideration:
Nel caso in cui sorga una controversia tra il Cliente e la Società riguardo ai servizi offerti, il Cliente può inviare una comunicazione alla Società tramite il seguente indirizzo email:
Il Cliente può utilizzare l'email sopra indicata per inviare il Modulo di Reclamo.
Continuando ad accettare, il Cliente acconsente che i dati personali forniti siano trattati da Hex Trust in qualità di Titolare del trattamento per rispondere alla sua richiesta attraverso processi parzialmente automatizzati, che prevedono anche l'intervento umano. Si prega di fare riferimento alla Politica sulla Privacy pubblicata su questo sito.
Per ulteriori dettagli o per consultare la versione originale, visita la pagina ufficiale: https://www.hextrust.com/legal-privacy/italy-legal-claims.
I dati forniti dall’Interessato per lo svolgimento del rapporto contrattuale (di seguito congiuntamente “dati personali”) vengono trattati da Hex Trust Italia Srl (di seguito, “la Società”), con sede legale in via Corso Magenta 74, 20123 a Milano, in qualità di Titolare del trattamento. L’Interessato è informato da Hex Trust Italia Srl sul trattamento dei suoi dati che verrà posto in essere, nel rispetto del principio di prudenza e responsabilità (“accountability”). Hex Trust Italia Srl fornisce, a tal fine, l’informativa prevista dall’art. 13 paragrafo 1 e dall’art. 14 paragrafo 1 del Regolamento UE n. 2016/679 (in seguito, “GDPR”), informando l’Interessato che i suoi dati saranno oggetto di trattamento secondo le specifiche nel prosieguo indicate. Parimenti, si precisa che, ai sensi della citata normativa, l’Interessato sarà destinatario di opportuno aggiornamento in merito all’eventuale modifica delle finalità di un nuovo trattamento prima di procedere con lo stesso.
Il Titolare del trattamento tratta i dati personali (nel prosieguo, anche “dati”) dell’Interessato (a titolo esemplificativo e non esaustivo: nome, cognome, indirizzo, telefono, e-mail, riferimenti bancari e di pagamento) per un interesse legittimo che costituisce la base giuridica del trattamento stesso in quanto riconducibile ad un rapporto contrattuale.
L’Informativa non è obbligatoria se:
I dati personali forniti dall’Interessato sono trattati da Hex Trust Italia Srl per le seguenti finalità:
A. Senza consenso espresso – ex art. 6 lett. b), e) del GDPR) - per le seguenti finalità di servizio:
B. Con consenso preventivo specifico (art. 7 del GDPR) per le seguenti finalità commerciali:
Qualora presso l’Interessato i dati personali siano raccolti:
Il trattamento dei dati è realizzato mediante le operazioni indicate all’art. 4 n. 2) del GDPR, in particolare: raccolta, registrazione, organizzazione, conservazione, consultazione, elaborazione, modificazione, selezione, estrazione, raffronto, utilizzo, interconnessione, blocco, comunicazione, cancellazione e distruzione dei dati. Ciò con esclusione della
diffusione. Il trattamento dei dati personali non comporta, allo stato, processi decisionali automatizzati: all’occorrenza, il Titolare provvederà a specificarlo e ad indicare la logica di tali processi decisionali e le conseguenze previste per l'Interessato. I dati personali sono sottoposti a trattamento cartaceo ed elettronico.
Non risulta necessario specificare le categorie dei dati personali oggetto di trattamento allorquando la loro raccolta sia effettuata senza il tramite di soggetti terzi all’uopo delegati dal Titolare.
Il Titolare tratterà i dati personali per il tempo necessario all’adempimento delle finalità di cui sopra e comunque per un periodo non superiore ai 10 anni dalla cessazione del rapporto e non oltre 2 anni dalla raccolta dei dati per le finalità di cui al punto 2.B.
Il Titolare del trattamento può comunicare i dati personali - anche all’estero - a dipendenti e collaboratori di Hex Trust Italia Srl (in qualità di incaricati e/o responsabili interni del trattamento e/o amministratori di sistema) ovvero a soggetti terzi (in qualità di autonomi titolari o responsabili esterni del trattamento) per:
I nominativi dei soggetti Terzi a cui i dati possano essere comunicati sono riportati in uno specifico elenco aggiornato dal Titolare del trattamento e disponibile presso la sede di Hex Trust Italia Srl.
I dati personali sono conservati su server ubicati esternamente all’Unione Europea. Il Titolare, qualora necessario, si riserva la facoltà di spostare i server anche all’interno dell’Unione Europea. Cio’ posto, il Titolare assicura sin d’ora che il trasferimento dei dati extra-UE risulta conforme alle disposizioni di legge applicabili alla luce delle clausole contrattuali standard previste dalla Commissione Europea. In particolare, alla luce dell’art. 49 del GDPR, il Titolare del Trattamento informa il Soggetto Interessato al Trattamento che un trasferimento di dati personali verso un paese terzo o un'organizzazione internazionale può essere effettuato in assenza di una decisione di adeguatezza ai sensi dell'articolo 45, paragrafo 3, o di garanzie adeguate ai sensi dell'articolo 46, comprese norme vincolanti d'impresa, a condizione che l'Interessato abbia esplicitamente acconsentito al trasferimento proposto, dopo essere stato informato dei possibili rischi di tali trasferimenti per l'interessato a causa dell'assenza di una decisione di adeguatezza, conformemente agli Orientamenti n. 2/2018 sulle deroghe all'articolo 49 a norma del regolamento (UE) 2016/679 definiti dal Comitato Europeo sulla Protezione dei Dati.
Il Titolare del trattamento può comunicare i dati, senza necessità di espresso consenso (art. 6 lett. b) e c) del GDPR), per gli scopi di cui all’art. 2.A), in quanto obbligatori. In assenza di ciò, il Titolare non potrà garantire i servizi di cui al citato art. 2.A). Il conferimento dei dati per le finalità di cui all’art. 2.B) è, invece, facoltativo. L’Interessato può, quindi, decidere di non conferire alcun dato o di negare successivamente la possibilità di trattare dati già forniti: in tal caso, non potrà ricevere newsletter, comunicazioni commerciali e materiale pubblicitario inerenti i Servizi offerti dal Titolare, pur continuando ad avere diritto ai Servizi di cui all’art. 2.A).
Non è presente alcun processo decisionale automatizzato.
L’Interessato, ai sensi e per gli effetti dell’art. 15 del GDPR, ha il diritto di:
Il Titolare del trattamento si impegna a comunicare, tempestivamente, all’Interessato ogni caso di violazione dei propri dati personali che possa presentare rischi elevati connessi ai suoi diritti e libertà.
L’Interessato potrà, in qualsiasi momento, esercitare i diritti inviando anche in modalità alternativa:
Il Titolare del trattamento dei dati personali è Hex Trust Italia Srl (di seguito, “la Società”), Hex Trust Italia Srl, Corso Magenta 74 – 20123 Milano.
In the event that a dispute arises between the Client and the Company regarding the services offered, the Client may submit a communication to the Company through the below account:
claims.eu@hextrust.com
The Customer can use the above indicated email to send the Claim Form.
By continuing to accept, the Client agrees that his/ her personal data provided will be processed by Hex Trust as Data Controller to respond to his/ her request through partially automated processes, which also involve human intervention. Please refer to Privacy Policy published on this site.
The data provided by the interested party for the performance of the employment relationship (hereinafter jointly "personal data") are processed by Hex Trust Italia Srl (hereinafter, "the Company"), with registered office in Corso Magenta 74, 20123 in Milan, as Data Controller. The interested party is informed by Hex Trust Italia Srl on the processing of his data that will be carried out, in compliance with the principle of prudence and responsibility ("accountability"). To this end, Hex Trust Italia Srl provides the information required by art. 13 paragraph 1 and art. 14 paragraph 1 of EU Regulation no. 2016/679 (hereinafter, “GDPR”), informing the interested party that his/her data will be processed according to the specifications indicated below. Likewise, it is specified that, pursuant to the aforementioned legislation, the interested party will be the recipient of an update regarding any change in the purposes of a new processing before proceeding with the same.
The Data Controller processes the personal data (hereinafter also "data") of the interested party (by way of example and not limited to: name, surname, address, telephone, e-mail, bank and payment details) for a legitimate interest. which constitutes the legal basis of the processing itself as it is attributable to a contractual relationship.
The information is not mandatory if:
Your personal data is processed by Hex Trust for the following purposes:
A. Without your express consent – pursuant to art. 6 lett. b), e) GDPR) - for the following Service Purposes:
fulfilment of obligations established by law; by regulations; by community legislation (e.g. anti-money laundering law, which provides for customer profiling and various other obligations); by the Decree of the Ministry of Economy and Finance of 02/17/2022 (also "VASP Decree") which introduced the "Italian Register of Virtual Asset Suppliers" ("VASP Register") in relation to which it specified content, methods and frequency of transmission of information relating to the operations carried out as regulated by the Body of Agents and Mediators ("O.A.M."); execution of the activities necessary and strictly connected and instrumental to the management of contractual relationships (e.g., prevention of fraud also through tools identity verification).
B. Only subject to your specific and distinct consent (art. 7 GDPR) for the following Marketing Purposes:
If personal data is collected from the interested party:
The data processing is carried out through the operations indicated in the art. 4 no. 2) of the GDPR, in particular: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. This excludes diffusion. The processing of personal data does not currently involve automated decision-making processes: if necessary, the Data Controller will specify this and indicate the logic of such decision-making processes and the expected consequences for the interested party. Personal data is subjected to paper and electronic processing.
It is not necessary to specify the categories of personal data being processed when their collection is carried out without the intermediary of third parties delegated for this purpose by the Data Controller.
The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case for a period not exceeding 10 years from the termination of the relationship and no later than 2 years from the collection of data for the purposes referred to in point 2.B.
The Data Controller may communicate personal data - even abroad - to employees and collaborators of Hex Trust Italia Srl (as persons in charge and/or internal data processors and/or system administrators) or to third parties (as of independent data controllers or external data processors) for:
The names of third parties to whom the data may be communicated are reported in a specific list updated by the Data Controller and available at the headquarters of Hex Trust Italia Srl.
Personal data is stored on servers located outside the European Union. The Owner, if necessary, reserves the right to move the servers within the European Union. Having said this, the Data Controller hereby ensures that the transfer of non-EU data complies with the applicable legal provisions in light of the standard contractual clauses envisaged by the European Commission. In particular, in light of art. 49 of the GDPR, the Data Controller informs the Subject Interested in the Processing that a transfer of personal data to a third country or an international organization may be carried out in the absence of an adequacy decision pursuant to Article 45, paragraph 3, or of adequate guarantees pursuant to Article 46, including binding corporate rules, provided that the interested party has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the interested party due to the absence of an adequacy decision, in accordance with Guidelines no. 2/2018 on derogations from Article 49 pursuant to Regulation (EU) 2016/679 defined by the European Data Protection Board.
The Data Controller may communicate the data, without the need for express consent (art. 6 letter b) and c) of the GDPR), for the purposes referred to in the art. 2.A), as they are mandatory. In the absence of this, the Owner will not be able to guarantee the services referred to in the aforementioned art. 2.A). The provision of data for the purposes referred to in art. 2.B) is, however, optional. The interested party may, therefore, decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, he/she will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Data Controller, while continuing to have right to the Services referred to in the art. 2.A).
There is no automated decision making.
The interested party, pursuant to and for the purposes of art. 15 of the GDPR, you have the right to:
The Data Controller undertakes to promptly communicate to the interested party any case of violation of their personal data which may present high risks connected to their rights and freedoms.
The interested party may, at any time, exercise the rights by also sending in an alternative way:
The Data Controller of personal data is Hex Trust Italia Srl, Corso Magenta 74 – 20123 Milan.
This Data Protection Notice (“Notice”) sets out the basis which [Hex Trust Pte Ltd (including its related corporations] (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
1. As used in this Notice:“customer” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us; and“personal data” means data, whether true or not, about a customer who can be identified:(a) from that data; or (b) from that data and other information to which we have or are likely to have access.
2. Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name and identification information such as your NRIC number, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information and financial information such as credit card numbers, debit card numbers or bank account information.
3. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).
4. We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
5. We may collect and use your personal data for any or all of the following purposes:(a) performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;(b) verifying your identity;(c) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you; (d) managing your relationship with us;(e) processing payment or credit transactions;(f) sending your marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions;(g) complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;(h) any other purposes for which you have provided the information;(i) transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and(j) any other incidental business purposes related to or in connection with the above.
6. We may disclose your personal data:(a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you; or(b) to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in clause 5 above for us.
7. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
8. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
9. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving It.
10. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 8 above.
11. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
12. If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
13. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
14. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
15. To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
16. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
17. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
18. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
19. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
20. We generally do not transfer your personal data to countries outside of Singapore (but please see clause 21 below). If we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
21. We use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies, which are small amounts of data created in a computer when a person visits a website, to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Download Google Analytics Opt-out Browser Add-on
22. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, you may contact us at dpo.sg@hextrust.com.
EFFECT OF NOTICE AND CHANGES TO NOTICE
23. This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
24. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.