Privacy Policy

1. Scope and Role of Tokyo HQ

Tokyo HQ defines Group-wide privacy rules and provides guidance to Hong Kong, Taiwan, Philippine and Japan Desks. Each Desk remains responsible for applying local legislation in its own jurisdiction.

2. Types of Personal Data We Handle

Depending on the situation, we may process:

• Identification data – name, job title, organization, contact details
• Business relationship data – inquiries, contracts, transaction history
• KYC/KYB data – registration documents, IDs where legally required, ownership and control information (UBO), sanctions screening results
• Technical data – IP address, browser type, access logs, basic cookie-related data for security and analytics
• Communication data – emails, meeting notes, call logs, relevant AI-assisted chat logs

We do not intentionally collect sensitive personal data (such as health, religion or political opinions) unless required by law or explicitly provided for a clear and limited purpose.

3. Purposes of Use

We use personal data mainly for the following purposes:

• Responding to inquiries and providing our services
• Performing and managing contracts and trade transactions
• Conducting KYC/KYB, AML and sanctions screening
• Managing risk, internal controls and audits
• Operating and improving our websites and systems
• Operating and monitoring our AI tools in a safe and compliant manner
• Responding to lawful requests from banks, auditors or authorities

4. Legal Basis (Where Applicable)

Depending on jurisdiction, our processing is typically based on:

• Performance of a contract or steps prior to entering into a contract
• Compliance with legal obligations (e.g., AML/KYC, record-keeping)
• Legitimate interests (e.g., risk management, service improvement, security)
• Consent, where required by local law for specific purposes

5. Sharing and Disclosure

We may share personal data with:

• Other ASIACOM Group entities and Desks
• Banks, shipping companies, logistics providers and professional advisors
• IT and cloud service providers under appropriate contracts
• Auditors, regulators, customs, courts or law enforcement where legally required

We do not sell personal data.

6. Retention

We retain personal data only for as long as necessary to fulfil the purposes described above and to meet legal, regulatory or contractual record-keeping obligations. Retention periods vary depending on data type and applicable law.

7. Security

We take reasonable technical and organizational measures to protect personal data from loss, destruction, damage, and unauthorized access, use or disclosure. These measures include access controls, encryption where appropriate, logging and regular review of internal procedures.

8. Cross-Border Transfers

Because ASIACOM operates across Hong Kong, Japan, Taiwan and the Philippines, personal data may be transferred between these locations. Where required by law, we apply appropriate safeguards such as contractual protections and restrict access to those with a business need-to-know.

9. Your Rights

Subject to local law, you may have rights such as access, correction, deletion or restriction of your personal data, objection to certain processing, and the right to lodge a complaint with a competent authority. Requests will be handled by Tokyo HQ in coordination with the relevant Desk.

10. Contact

For questions or requests regarding this Privacy Policy, please contact the designated contact point shown on the relevant ASIACOM website. Tokyo HQ will coordinate with the appropriate Desk where necessary.

11. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will be published on our websites and indicate the effective date.