Privacy Policy
This Privacy Policy explains how FBA (collectively, the “Company”, “we”, “us”, or “our”), collects, uses, stores, shares, transfers, and otherwise processes personal information in connection with our websites, mobile applications, products, services, APIs, business relationships, onboarding, account administration, and communications (collectively, the “Services”).
Depending on where you are located or which Services you use, supplemental privacy notices, product-specific notices, or jurisdiction-specific disclosures may also apply.
By accessing or using our Services, submitting information to us, registering an account, or otherwise interacting with us, you acknowledge that you have read and understood this Privacy Policy.
1. Scope of this Privacy Policy
This Privacy Policy applies to personal information we collect:
- directly from you;
- from your employer, business, or organization;
- automatically when you access or use the Services; and
- in the course of providing products and services.
Where you use our Services on behalf of a company, enterprise, or other legal entity, references to “you” may also include your organization and, where relevant, its directors, shareholders, ultimate beneficial owners, authorized representatives, administrators, employees, payers, payees, beneficiaries, and other related persons whose information is provided to us.
2. Who We Are
The controller or responsible entity for your personal information will generally be the Company entity that provides the relevant Services to you or with which you interact.
For privacy-related questions, requests, or complaints, you may contact us at:
Privacy Contact
FBA International Finance Limited
Unit 2128, 21/F Tuen Mun Central Square, 22 Hoi Wing Road, Tuen Mun, Hong Kong
Email: privacy@fbaglobalpay.com
3. Personal Information We Collect
We collect personal information that is reasonably necessary for our business, compliance, and operational purposes.
3.1 Information you provide directly
Depending on the Services you use, we may collect:
(a) Identity and contact information, such as:
- full name;
- date of birth;
- nationality;
- residential/business address;
- email address;
- phone number;
- identification document/passport details;
- tax identification information;
(b) Business and organizational information, such as:
- company name;
- registration number;
- registered address;
- business activities;
- information about directors, beneficial owners, shareholders, and authorized representatives.
(c) Communications and support information, such as:
- emails, messages, chat content, forms, call recordings or transcripts, survey responses, complaints, and feedback.
3.2 Information collected automatically
When you access or use the Services, we may automatically collect:
- IP address;
- browser type and version;
- operating system;
- device type, model, and identifiers;
- app version;
- crash reports and diagnostics;
- access dates and times;
- clickstream and usage data;
- session information;
- cookie identifiers and similar technology data;
- security and fraud signals associated with your device or session.
3.3 Information from third parties
We may collect personal information from third parties, including:
- banks, payment institutions, card networks, intermediaries, and settlement partners;
- identity verification and authentication providers;
- sanctions, AML/CTF, fraud prevention, and risk intelligence providers;
- analytics and marketing service providers;
3.4 Information about other individuals
If you provide personal information about another person, you represent and warrant that you are authorized to do so and that you have provided any required notices and obtained any necessary consents for us to collect, use, disclose, and otherwise process that information as described in this Privacy Policy.
3.5 Sensitive information
We may process limited categories of sensitive information, such as identification numbers, financial account details, sanctions/AML screening results, or information necessary to comply with legal and regulatory obligations. We process such information only where necessary and subject to appropriate safeguards.
4. How We Use Personal Information
We may use personal information for the following purposes:
a. to provide, operate, administer, and improve the Services;
b. to open, maintain, and manage accounts;
c. to verify identity and eligibility;
d. to conduct onboarding, due diligence, KYC, AML/CTF, sanctions, fraud, and risk checks;
e. to process payments, collections, settlements, foreign exchange transactions, and related instructions;
f. to communicate with you about your account, transactions, support requests, changes to our Services, and service notices;
g. to provide customer support, resolve complaints, and maintain records of communications;
h. to secure the Services, monitor for misuse, investigate suspicious activity, and enforce our terms and policies;
i. to comply with legal, regulatory, tax, accounting, reporting, audit, and law enforcement obligations;
j. to conduct analytics, quality assurance, product development, testing, troubleshooting, and performance monitoring;
k. to personalize user experience, improve website functionality, and develop new products and features;
l. with your permission, to send marketing or promotional communications;
m. to establish, exercise, or defend legal claims;
n. to facilitate business restructurings, financings, acquisitions, disposals, mergers, or transfers; and
o. for other purposes disclosed at the time of collection or otherwise permitted by law.
5. Legal Bases for Processing
Where applicable law requires a legal basis for processing, we may rely on one or more of the following:
a. performance of a contract or taking steps at your request before entering into a contract;
b. compliance with legal or regulatory obligations;
c. our legitimate interests or those of a third party, including operating and improving our business, securing our Services, preventing fraud, and managing risk, where those interests are not overridden by your rights;
d. your consent, where required;
e. protection of vital interests of you or another person; and
f. any other lawful basis available under applicable law.
Where we rely on consent, you may withdraw it at any time, but this will not affect the lawfulness of processing carried out before withdrawal.
6. How We Share Personal Information
We do not sell personal information. We may, however, disclose or share personal information as follows where necessary for the purposes described in this Privacy Policy:
6.1 Within our corporate group
We may share personal information with our subsidiaries, affiliates, parent companies, and related entities for internal administration, service delivery, compliance, risk management, audit, reporting, security, and operational efficiency.
6.2 With service providers and processors
We may share personal information with vendors, contractors, and service providers that help us operate our business and provide the Services, such as cloud hosting providers, IT and security providers, analytics providers, customer support providers, communications vendors, document processing providers, identity verification providers, and professional advisers.
6.3 With financial institutions and transaction participants
Because of the nature of our Services, we may share personal information with banks, payment institutions, card schemes, correspondent banks, intermediary banks, beneficiary banks, remitters, beneficiaries, counterparties, settlement providers, liquidity providers, e-commerce platforms, and other transaction participants where necessary to execute or support a transaction or provide the requested Services.
This may include transaction details and, where required, identifying information such as your name, address, account information, or other payment-related data.
6.4 With regulators and authorities
We may disclose personal information to courts, regulators, supervisory authorities, tax authorities, law enforcement agencies, governmental bodies, and other competent authorities where required or permitted by applicable law, regulation, court order, subpoena, or lawful request.
6.5 For fraud prevention, security, and legal protection
We may disclose personal information where we believe it is necessary to detect, investigate, prevent, or respond to fraud, money laundering, terrorist financing, sanctions evasion, cyber incidents, unauthorized activity, violations of law, or breaches of our terms, or to protect the rights, property, safety, and security of the Company, our users, counterparties, or others.
6.6 Business transfers
We may disclose or transfer personal information in connection with an actual or proposed merger, acquisition, financing, reorganization, insolvency, asset sale, investment, or similar corporate transaction. In such cases, personal information may be among the transferred assets, subject to applicable confidentiality and legal protections.
6.7 With your consent or at your direction
We may share personal information where you request or authorize us to do so.
6.8 Aggregated or de-identified information
We may use, disclose, or commercialize aggregated, anonymized, or de-identified information that does not reasonably identify you, where permitted by law.
7. International and Cross-Border Transfers
We operate internationally and may transfer, store, access, or process personal information in jurisdictions other than the one in which it was collected, including jurisdictions that may not provide the same level of protection as your home jurisdiction.
Where required by applicable law, we will take appropriate steps to ensure that cross-border transfers are subject to adequate safeguards, which may include:
a. adequacy decisions or equivalent mechanisms;
b. standard approved transfer terms;
c. intra-group transfer arrangements;
d. data processing agreements and confidentiality obligations;
e. technical and organizational safeguards, including access controls and encryption; and
f. your consent, where permitted and appropriate.
8. Cookies, Tracking Technologies, and Analytics
We and our service providers may use cookies, SDKs, pixels, web beacons, local storage, and similar technologies to:
- operate and secure the Services;
- remember your preferences;
- authenticate users;
- understand usage and performance;
- improve navigation and user experience;
- analyze traffic and campaign effectiveness; and
- deliver relevant content or communications, where permitted.
9. Direct Marketing and Communications
Where permitted by law, we may send you service-related messages, updates, newsletters, event invitations, product information, and other marketing communications.
Where required, we will obtain your consent before sending marketing communications or before sharing your information with third parties for their own direct marketing purposes.
You may opt out of marketing communications at any time by using the unsubscribe mechanism in the message or by contacting us. Even if you opt out of marketing, we may still send you non-promotional communications relating to your account, transactions, security, legal notices, or ongoing business relationship.
10. Data Retention
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain business records, resolve disputes, enforce agreements, and comply with legal, regulatory, tax, accounting, AML/CTF, sanctions, and audit obligations.
Retention periods may vary depending on the type of information and the context in which it was collected. We may retain information for longer where necessary to establish, exercise, or defend legal claims or where required by law or regulation.
When personal information is no longer required, we will delete, anonymize, archive, or securely dispose of it in accordance with applicable law and our internal retention policies. Backup copies may be retained for a limited period as part of ordinary business continuity and disaster recovery processes.
11. Data Security
We implement reasonable and appropriate technical, administrative, and physical safeguards designed to protect personal information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
These safeguards may include, as appropriate:
- encryption in transit and at rest;
- firewalls and endpoint protection;
- access controls and least-privilege principles;
- logging and monitoring;
- vulnerability management and patching;
- data classification and internal policies;
No method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and notifying us promptly of any suspected unauthorized use.
12. Your Privacy Rights
You may have the following right(s):
- to request access to personal information we hold about you
- to request correction of inaccurate or incomplete information
- to withdraw consent where processing is based on consent
- to request information about how we process your personal information
These rights are not absolute and may be limited by applicable law, including where processing is necessary for legal compliance, security, fraud prevention, contractual performance, recordkeeping, or the establishment, exercise, or defense of legal claims.
13. Privacy of Minors
Our Services are not directed to children, and we do not knowingly collect personal information from children except where expressly permitted by law and necessary for a specific lawful purpose.
14. Third-Party Services and Links
Our Services may contain links to third-party websites, applications, plugins, integrations, payment gateways, identity providers, marketplaces, or other services that are not operated by us. This Privacy Policy does not apply to those third parties. Their data practices are governed by their own privacy notices and terms, and we encourage you to review them carefully.
15. Changes to this Privacy Policy
We may amend or update this Privacy Policy from time to time at our discretion to reflect changes in our business, Services, technologies, legal requirements, or data processing practices.
We will notify you of material changes by posting an updated version on the relevant website or application, through account notifications, email, or other reasonable means. The “Last Updated” date at the top of this Privacy Policy indicates when it was most recently revised.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our handling of personal information, please contact us at privacy@fbaglobalpay.com
17. Language
This Privacy Policy may be made available in multiple languages. In the event of any inconsistency or conflict between language versions, the English version shall prevail, unless otherwise required by applicable law.