top of page

UniPay Privacy Policy

Effective Date: July 10, 2024

This Privacy Policy ("Policy") explains how UniPay ("we", "us", or "our") collects, uses, discloses, and protects your personal information in compliance with applicable data protection laws, including but not limited to the Personal Information Protection Law of the People’s Republic of China (PIPL), the EU General Data Protection Regulation (GDPR), and other relevant privacy laws.

By using our services, you agree to the practices described in this Policy. If you do not agree with this Policy, please do not use our services.

1. Scope of Application This Policy applies to all personal data collected, stored, used, or shared by UniPay when you access our website, platform, products, or services, whether via web browser, mobile device, or any other method.

2. Types of Data Collected

2.1 Personal Data We collect personally identifiable information ("personal data") that can be used to identify or contact you, including but not limited to:

  • Full name, gender, date of birth;

  • Government-issued identification (e.g., ID card, passport, driver’s license);

  • Contact information (e.g., address, phone number, email);

  • Account details and transaction records;

  • KYC/AML verification documentation.

2.2 Sensitive Personal Data We may also collect sensitive personal data as defined under applicable laws, including biometric data, religious beliefs, financial account information, health and medical records, location data, and personal data of individuals under 14 years of age. Such data will only be collected when strictly necessary and with enhanced protective measures.

2.3 Aggregate and Anonymized Data We may collect and process de-identified and aggregated data for statistical or analytical purposes, which cannot be used to identify any individual.

2.4 Client Data Any files or content uploaded or processed through the services by our users, including information related to employment, payment, recruitment, or clients.

2.5 Cookies and Similar Technologies We use cookies and similar tracking technologies to enhance functionality, personalize content, analyze website usage, and support security. Cookies we may use include:

  • Essential Cookies: Required for basic platform functionality;

  • Analytical Cookies: Help us understand site usage and improve performance;

  • Functional Cookies: Remember preferences and enhance user experience;

  • Marketing Cookies: Used with your consent to deliver targeted advertisements.

You can control cookie preferences through your browser settings or our cookie management interface.

3. Purposes and Legal Basis of Processing We process your personal data based on legitimate interests, contractual necessity, compliance with legal obligations, and, where applicable, your consent. Purposes include:

  • Verifying your identity and conducting KYC/AML checks;

  • Managing your account and service usage;

  • Providing customer support;

  • Communicating important service updates;

  • Conducting marketing communications (with your consent);

  • Preventing fraud, illegal activity, or harm;

  • Fulfilling contractual and legal obligations.

4. Sharing of Data We may disclose your data to third parties in the following situations:

  • Service providers (e.g., hosting, payment, IT support);

  • Regulatory and government authorities (as required by law);

  • Auditors, legal and financial advisors;

  • Other users or organizations with your explicit consent.

All third parties are contractually obligated to maintain the confidentiality and security of your data and may not use it for unrelated purposes.

5. International Data Transfers Your personal data may be transferred to and processed in countries outside of your jurisdiction, including countries with differing data protection standards. Where applicable, we implement safeguards such as:

  • Standard Contractual Clauses approved by the European Commission;

  • Other lawful transfer mechanisms as recognized under applicable data protection laws.

If you are located in mainland China, cross-border transfers of your personal information will only be conducted in compliance with applicable Chinese laws, including PIPL filing, security assessments or certification obligations where required.

By using our services, you consent to such cross-border transfers as described in this Policy.

6. Data Retention We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and contractual obligations. In most cases, data will be retained for no more than 5 to 10 years, depending on applicable law.

In certain cases, personal data may not be immediately deletable due to:

  • Mandatory legal retention requirements;

  • Ongoing contractual obligations;

  • Technical constraints such as system backups;

  • Exercise or defense of legal claims.

Users may request deletion of their data by contacting us, and we will process such requests in accordance with applicable law.

7. Security Measures We implement appropriate technical and organizational security measures to protect your data, including:

  • Access control and role-based permissions;

  • Encryption and secure data transmission protocols;

  • Monitoring and response procedures for data breaches.

We also require all employees and contractors with access to personal data to maintain confidentiality.

8. Your Rights Depending on your location and applicable law, you may have the right to:

  • Access, correct, or delete your personal data;

  • Restrict or object to certin processing activities;

  • Withdraw consent at any time (where applicable);

  • Receive a copy or request portability of your data;

  • File a complaint with a data protection authority.

9. Children’s Privacy Our services are not intended for individuals under the age of 14 (or the applicable age of majority based on local law). We do not knowingly collect personal data from minors. If we become aware that personal information has been collected from a child without verified parental consent, we will delete such data.

We encourage parents and guardians to monitor their children's online activities. If you are a parent or legal guardian and believe your child has provided us with personal data, please contact us.

For jurisdictions where the definition of a child differs (e.g., under 13, 15, or 16 years old), we comply with the age limit as defined by the applicable local law.

10. EEA and UK Users – Additional Provisions If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), the following provisions apply in addition to the terms outlined above:

10.1 Data Controller UniPay is the data controller for personal data collected under this Policy, unless otherwise stated. You may contact our Data Protection Officer using the contact details in Section 11.

10.2 Lawful Basis We process your data based on the legal bases outlined in Article 6 of the GDPR and the UK GDPR, including your consent, contractual necessity, legal obligations, and our legitimate interests.

10.3 Data Transfers Where we transfer your data outside the EEA or UK, we ensure appropriate safeguards are in place, including:

  • The use of EU Standard Contractual Clauses;

  • The UK International Data Transfer Agreement (IDTA), or Addendum to the SCCs;

  • Transfers to countries deemed by the European Commission or UK Secretary of State to have adequate data protection.

10.4 Your Rights Under GDPR You have the right to:

  • Access your personal data;

11. Mainland China Users – Supplemental Provisions (For purposes of this section, "China" refers to mainland China or the People’s Republic of China (PRC), excluding the Hong Kong and Macau Special Administrative Regions and Taiwan.)

If you are a resident of China, the following provisions apply in addition to this Policy:

11.1 Definition of Personal Information “Personal Information” refers to all kinds of information, recorded electronically or otherwise, that can be used to identify a natural person either independently or in combination with other information. It excludes anonymized data. Examples include name, date of birth, national ID/passport number, biometric information, contact details, address, account and financial information, geolocation data, communication records and contents, login credentials, credit data, residence records, health or physiological data, and transaction information.

Information that, once leaked or misused, may endanger the safety of individuals or property, or infringe on personal dignity, is deemed “Sensitive Personal Information.” This includes biometric identifiers, ID numbers, religious beliefs, specific social identity, health records, financial account details, location data, and personal data of minors under the age of 14.

11.2 Cross-Border Transfers In order to deliver and improve our services, we may transfer your personal information outside of China. Such transfers will only occur if we ensure that the receiving party will provide protection equivalent to that under Chinese law or where legally required safeguards have been implemented, such as undergoing security assessments or certification procedures as prescribed by the PIPL.

11.3 Your Rights Under PIPL You have the following rights regarding your personal information:

  • Request access to your data. You may obtain copies of the data we store about you, subject to legal, confidentiality, or business constraints.

  • Request correction of inaccurate or incomplete data.

  • Adjust the scope of your prior consent.

  • Opt out of direct marketing communications.

  • Request erasure of your data in the following circumstances:

    • Where the processing violates law;

    • Where data was collected or used without consent;

    • Where processing purposes have been fulfilled or are no longer necessary;

    • Where we cease providing services to you;

    • Where you have withdrawn consent.

These rights may be limited where retention is legally mandated or technically infeasible.

11.4 Data Security Commitments UniPay is committed to ensuring the security of your data against loss, misuse, or unauthorized access or disclosure. We use encryption, anonymization, and other protective technologies, and we maintain internal policies, procedures, and training programs. Access to data is restricted to those who require it for legitimate business purposes and are bound by confidentiality.

11.5 Protection of Minors If you are under 18 years old, you should obtain prior consent from your parent or guardian before using our services or providing personal data. We will only process minors’ personal data in accordance with applicable laws and upon verified guardian consent.

If you are a parent or guardian and believe we may have collected personal data from your child without proper consent, please contact us immediately using the contact information in Section 12. We will delete such data promptly and ensure legal compliance in the handling of minors’ information.

  • Request correction or erasure of your data;

  • Restrict or object to processing;

  • Data portability;

  • Lodge a complaint with your local supervisory authority;

  • Withdraw consent where processing is based on consent.

bottom of page