Privacy Policy

Privacy & Policy

Your privacy is important to us. At Dragon Incorporation (BVI) Limited, (“Dragon Corporation”) we are committed to protecting the privacy, confidentiality and security of the personal information we collect and hold by complying with the requirements under the Hong Kong Privacy (Data Protection) Ordinance (Chapter 486 of the Laws of Hong Kong) (“PDPO”). We are equally committed to ensuring that all our employees and agents uphold these obligations.

This policy explains how we manage personal information within our organisation. It applies to Dragon Corporation and all its related companies and associates.

How do we collect personal information?

We collect personal information from you in the following circumstances: when you register a Dragon Corporation account with us, order products or services from us, subscribe to our newsletter; or complete any application form to us or submit a query or request to us. In some cases, we may be required by law to collect personal information about you. The personal information will generally be acquired through our channels, but we may, however, obtain information through a third party, such as representatives, agents or contractors who provide services to us, or third parties whom may refer you to us as they think you may be interested in our products or services.

What information do we collect?

The kinds of personal information that we collect and hold about you may include:

identifying information, such as your name and date of birth

contact information, such as your postal address, email address and telephone number

social media profile information that you make available to us or to the public

blockchain identifiers, such as blockchain addresses and public keys

usernames and passwords that you create when registering for an account with us

details of any products or services that we provide to you

information about how you use the products and services we provide

records of our communications with you, including any messages you send us.

Without this information, we may not be able to provide you with our products or services (or with all of the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.

You may, however, visit our site anonymously.

What do we use your personal information for?

We use personal data that we collect about you for the following purposes:

to verify your identity for the purpose of satisfying our Anti-Money Laundering obligation

to determine your eligibility for any of our products or services

to determine your compliance with the terms and conditions that apply to any of our products or services and applicable law

to enable us to provide our products and services

to improve our website based on your information and feedback

to answer your queries and requests

to comply with our legal and regulatory obligations

to carry out market analysis and research

to assess, maintain, upgrade and improve our products and services

to monitor use of our products and services

to carry out education and training programs for our staff

to manage and resolve any legal or commercial complaints or issues

to carry out planning and forecasting activities and other internal business processes

to keep you informed about our activities, including by sending out newsletters

EEA Residents: For individuals who reside in the European Economic Area (including the United Kingdom) or Switzerland (collectively “EEA Residents”), pursuant to Article 6 of the EU General Data Protection Regulation (GDPR) or any equivalent legislation (collectively “EEA Data Protection Law”), we process this personal information based on our contract with you to comply with our legal obligations, to satisfy our legitimate interests as described above and to satisfy on your consent.

Direct marketing

We may from time to time use your personal information in order to send you marketing materials about products or services that we think you may be interested in (including in some cases products and services that are provided by a third party). We may not use your personal information unless we have received your consent. You can opt-out of receiving marketing communications from us by contacting us using the contact details set out below.

We may use your following personal information for the purpose of direct marketing:

identifying information, such as your name and date of birth

contact information, such as your postal address, email address and telephone number

Products and services portfolio information and demographic data held by us from time to time

We may use your personal information to market the following products and/or services to you:

purchasing and/or trading digital assets

Software and hardware wallets for holding digital assets

Payment services

Other products or services related to digital assets and/or payment services

If we use your personal data in any direct marketing communications, you have the right to request that we provide you with the source of that personal data. There is no fee for requesting this information. We will provide you with the source of the personal data unless it is impracticable or unreasonable to do so.

Please indicate your consent to receiving information relating to the above by contacting us using the contact details set out below.

We may also use and disclose your information for other purposes in accordance with your requests or instructions.

Who do we disclose your personal information to?

We may share personal information about you with:

Your representatives, advisers, and others you have authorized to interact with us on your behalf

our staff who need the information to discharge their duties

related entities within our corporate group

our business partners, agents and service providers

payment system operators and financial institutions

prospective purchasers of all or part of our business or shares in our company or a related entity

professional advisers who we engage to provide advice on our business

government authorities who ask us to disclose that information, or to other people as required by law

Under this privacy policy, you consent to your personal information being disclosed in such circumstances.

In some cases, the people to whom we disclose your personal information may be located overseas. There may not be in place data protection laws which are substantially similar to, or serve the same purposes as Hong Kong. As such, your personal information may not be protected to the same or similar extent as in Hong Kong.

How do we protect and store your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We offer the use of a secure server. All personal information provided to us is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our database, which can only be accessed by those with special access rights to our systems, and are required to keep the information confidential. We update these physical and technical security processes and procedures from time to time to address new and emerging security threats that you become aware of.

Do we retain your personal information?

Yes, however, your personal data will not be kept longer than required.

We may retain your personal information for a period of at least 6 years from the date on which we collect the information until the last transaction is completed with you or our relationship ends (whichever occurs last). At our discretion, we may retain personal data for longer than this period if we consider it necessary or desirable to do so to meet our legal or regulatory obligations.

Can you access and correct your personal information?

Yes. If you want to access any of the personal information that we hold about you or to correct some aspect of it (e.g. because you think it is incomplete or incorrect), please contact us using the contact details set out below. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.

Even if you do not request access to and/or correct your personal data held by us, if we are satisfied that, having regard to the reasons for which we hold your personal data, that personal data is inaccurate, incomplete, out-of-date, irrelevant or misleading, we may take reasonable steps to correct that data.

Do we use cookies?

Yes, we use cookies on the Dragon Corporation website to monitor and observe your use of our websites, compile aggregate data about that use, and provide you with more effective service (which may include customising parts of our websites based on your preferences and past activities on those websites). “Cookies” are small text files created and stored on your hard drive by your internet browser software, in order to hold relevant information and the webpage you are currently viewing. Most internet browsers have a facility that will allow you to disable cookies altogether – please refer to your browser’s help menu to find out how to do this. While you will still be able to browse our websites with cookies disabled on your internet browser, some website functionality may not be available or may not function correctly.

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help the website analyse how users use our website.

The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties here required to do by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of our website. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Third party links

Occasionally, at our discretion, we may include links to third-party products or services on our website. These third-party sites have separate and independent privacy policies. Further, we do not verify their content. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Your Consent

By using our site, providing personal information and/or using any of our products or services, you agree that you consent to our privacy policy, as updated from time to time.

Changes to our Privacy Policy

We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will be available at

European Economic Area Users & Data

If you are a resident of the European Economic Area (the “EEA”), Dragon Corporation is the controller with respect to your personal information. We determine the means and purposes of processing data in relation to e-wallet and cryptocurrency transactions.

Legal bases for processing personal information

Our legal bases for processing under General Data Protection Regulation are described above in the sections entitled “What do we use your personal information for?”. We may process your personal information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of Dragon Corporation, our customers or others.

Direct Marketing

If you are a current customer residing in the EEA, we will only contact you by electronic means (email) with information about our services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.

If you are a new customer and located in the EEA, we will contact you if you are located in the EU by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to use your personal information in this way, or to pass your personal information on to third parties for marketing purposes, please contact us to opt-out immediately. You may raise such objection with regard to initial or further processing for purposes of direct marketing, at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services

Individual Rights

EEA residents have the following rights, which can be exercised by contacting us at [email protected] so that we may consider your request under applicable law.

All EEA users will have the following rights which can be exercised anytime by contacting us:

Right to withdraw consent. You have the right to withdraw your consent to the processing of your personal information collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of Dragon Corporation’s processing based on consent before your withdrawal.

The right of access to and rectification of your personal information. You have a right to request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to some fee associated with the gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal information held by Dragon Corporation that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.

Right to delete. You have the right to request deletion of your personal information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing that you previously consented, but later withdraw such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal information public and are obliged to delete the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the deletion of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws.

Right to data portability. If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your personal information.

Right to the restriction of or processing. You have the right to restrict or object to us processing your personal information where one of the following applies:

(a) You contest the accuracy of your personal information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal information.

(b) The processing is unlawful and you oppose the deletion of your personal information and request the restriction of its use instead.

(c) We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defense of legal claims.

(d) You have objected to processing, pending the verification whether the legitimate grounds of Dragon Corporation’s processing override your rights.

The restricted personal information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.

Notification of deletion rectification and restriction. We will communicate any rectification or deletion of your personal information or restriction of processing to each recipient to whom your personal information has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.

Right to object to processing. Where the processing of your personal information is based on consent, contract or legitimate interests you may restrict or object, at any time, to the processing of your personal information as permitted by applicable law. We can continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.

Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.

[email protected] so that we can try to resolve the issue or dispute informally. You can also complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In the UK, the relevant data protection authority is the Information Commissioner’s Office (ICO).

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, 0303 123 1113, [email protected]

Storage of your personal information. Dragon Corporation will try to limit the storage of your personal information to the extent that storage is necessary to serve the purpose(s) for which the personal information was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.

Your rights to personal information are not absolute. Access may be denied when:

Denial of access is required or authorized by law;

Granting access would have a negative impact on other’s privacy;

To protect our rights and properties; and

Where the request is frivolous or vexatious.


We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact us by using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation.

If we have not responded to you within a reasonable time or if you feel that your compliant has not been resolved to your satisfaction, you are entitled to make a complaint to the Hong Kong Privacy Commissioner for Personal Data. For EEA residents, you may refer to the above section for the complaint authority.

Contact details

If you want any further information from us on privacy matters, please contact us at:

Dragon Incorporation (BVI) Limited

Vanterpool Plaza, 2nd Floor, Wickhams Cay I, Road Town, Tortola, British Virgin Islands