UUPay 私隱政策聲明
UUPay Privacy Policy Statement

最新更新日期 / Last Updated: 23 September 2025

1. 總則 / General Provisions

1.1 制訂主體與效力範圍 / Formulating Entity and Scope of Effect

本私隱政策(以下簡稱「本政策」)由 Universe Action Limited(以下簡稱「本公司」,香港註冊私營公司,註冊地址:香港九龍灣宏照道 39 號企業廣場 3 期 47 樓)制訂,旨在規範本公司在提供「UUPay 服務」(以下簡稱「本服務」,含移動應用、網站及其他相關渠道)過程中,對服務用戶(包括商戶公司及其董事、股東、僱員、外包方、代理,以下統稱「商戶」)及終端用戶(以下簡稱「終端用戶」)信息的收集、使用、轉移、披露及保護行為。

本政策適用於全球範圍內所有使用或與本服務進行交互的行為;若用戶不同意本政策全部或部分內容,應立即停止使用本服務。

1.2 語言效力 / Language Validity

本政策包含中英文兩個版本,除法律另有規定外,兩版本內容不一致時,以英文版本為准。本政策最新更新日期為 2025 年 9 月 23 日(Last Updated: 23 September 2025)。

2. 定義 / Definitions

2.1 終端用戶(End User)

指代表商戶使用本服務的個人用戶,或通過本服務接收資金轉移的收款人。

2.2 信息(Information)

指「個人信息」(Personal Information)及本政策第 3 條所界定的各類數據,包括但不限於身份識別信息、交易數據、設備信息等。

2.3 商戶(Merchant)

指作為本服務用戶的商戶公司及其代表(Representative),其中「代表」包括商戶公司的董事、股東、僱員、外包方及代理。

2.4 合作夥伴(Partner)

指與本公司合作提供產品及服務的機構;本公司向合作夥伴提供的終端用戶數據,僅限於與雙方及終端用戶活動相關的範圍,且合作夥伴對該數據的管理應遵循其自身私隱政策,不適用本政策。

2.5 個人信息(Personal Information)

指可直接或間接識別特定個人身份的信息,包括但不限於姓名、出生日期、政府頒發身份證件副本(如護照、當地身份證)及聯繫方式。

2.6 服務(Services)

指由 UUPay 提供的各類技術及服務,包括線下交易信息查閱、結算信息管理及其他相關功能。

3. 數據控制者 / Data Controller

本政策中,「本公司」「我們」「我方」及「UUPay」均指代 Universe Action Limited,其作為數據控制者,對用戶信息的處理行為承擔法律責任,註冊地址及聯絡信息詳見本政策第 12 條。

4. 信息收集範圍與方式 / Scope and Methods of Information Collection

4.1 用戶主動提供的信息 / Information Voluntarily Provided by Users

為履行服務協議及法律義務,用戶需向本公司主動提供以下必要信息,未提供或提供不真實信息可能導致本服務無法正常使用:

  • 賬戶與檔案信息(Account and Profile Information):用於註冊賬戶、開通服務功能的個人或商戶信息,包括姓名、出生日期、身份證件副本、公司註冊證書、月均營業額等;
  • 交易數據(Transaction Data):用於完成資金轉移的交易相關信息,包括交易金額、時間、貨幣類型、支付方式、收付方信息等;
  • 客服支持信息(Customer Support Information):用於處理咨詢、投訴的記錄,包括通話錄音、書面溝通文件等;
  • 自願提供的額外信息(Voluntary Additional Information):用戶參與調查、反饋、促銷活動時主動提交的信息(非強制性)。

4.2 服務使用中自動收集的信息 / Information Automatically Collected During Service Use

基於合法利益(包括防範欺詐、優化服務體驗、保障系統安全),本公司在用戶使用本服務時自動收集以下信息:

  • 交易與收款人信息(Transaction and Beneficiary Information):交易流水、收款人銀行賬戶信息、資金來源及交易原因;
  • 設備與使用信息(Device and Usage Information):用於訪問本服務的設備型號、操作系統版本、瀏覽記錄、偏好設置、位置數據(可通過設備設置關閉);
  • 日誌與通信數據(Log and Communication Data):服務器訪問記錄、第三方網站跳轉記錄、與本公司的通信內容(如電子郵件、短信、通話錄音)。

4.3 從第三方獲取的信息 / Information Obtained from Third Parties

本公司可從以下外部來源獲取用戶信息,並與直接收集的數據進行整合,用於履行服務義務及風險管理:

  • 金融合作夥伴、支付服務提供商、信用參考機構、防欺詐平台;
  • 官方註冊庫、公共數據庫、債務追收機構;
  • 商業合作夥伴及其他合法公開渠道。

5. 信息使用規則 / Rules for Information Use

本公司對用戶信息的使用嚴格遵循「目的限制」原則,僅用於以下經授權或法律允許的範圍:

5.1 服務提供與賬戶管理

  • 創建用戶賬戶及許可體系,處理支付、結算及退款操作;
  • 驗證用戶身份,授權賬戶訪問權限,評估服務申請資格;
  • 提供客服支持,響應用戶咨詢及請求。

5.2 風險防控與合规履行 / Risk Prevention and Compliance Fulfillment

  • 識別、監控及防範欺詐、濫用服務等行為,管理服務及渠道風險;
  • 遵守反洗錢、稅務申報、金融監管等法律義務,提交必要報告;
  • 核查用戶身份真實性,保障服務及系統安全。

5.3 服務優化與通信通知 / Service Optimization and Communication Notification

  • 分析用戶使用習慣,開發新產品、優化現有服務功能;
  • 發送服務更新、安全警報、交易確認等管理類通知;
  • 在獲取用戶同意後,推送市場營銷及促銷信息。

6. 信息轉移與披露 / Information Transfer and Disclosure

6.1 跨境數據轉移 / Cross-Border Data Transfer

用戶信息可存儲及處理於香港特別行政區及其他司法管轄區,部分轄區的數據保護法律可能與香港《個人資料 (私隱) 條例》存在差異。用戶使用本服務即視為同意此類跨境轉移;若拒絕,本公司將無法提供服務。本公司可根據當地執法機關合法要求,披露用戶信息。

6.2 第三方披露 / Disclosure to Third Parties

僅在以下必要情形下,本公司可向第三方披露用戶信息,且所有接收方均需受合同約束,僅可依本政策約定使用信息:

  • 集團內部:向 Universe Action Limited 關聯企業披露,用於協同提供服務,並遵循集團內部數據處理協議;
  • 合作夥伴:向金融機構、支付處理商、生態系統合作夥伴披露,用於完成交易及服務;
  • 服務提供商:向技術支持、雲存儲、審計機構披露,用於維護服務運營;
  • 監管與司法機構:按法律程序要求,向監管部門、法院、執法機構披露,用於履行法律義務。

6.3 企業重組中的轉移 / Transfer in Corporate Restructuring

若本公司發生合併、收購、資產出售、破產清算等企業重組情形,用戶信息可作為業務資產的一部分轉移給第三方;若信息將受不同私隱政策約束,本公司將盡合理努力提前通知用戶。

7. 數據留存 / Data Retention

本公司將根據以下原則確定信息留存期限:

  • 留存至「履行服務義務、遵守法律規定、滿足內部業務需求」所需的最短期限;
  • 用戶注銷賬戶後,仍可留存信息至以下情形終止:完成未結交易、遵守反洗錢等法律規定、防範欺詐、收取應付費用、解決爭議;
  • 留存期限屆滿後,本公司將銷毀用戶信息或進行匿名化處理(去除可識別元素),確保無法追溯至特定用戶。

8. 用戶權利 / User Rights

若用戶位於香港特別行政區,在適用法律允許範圍內,可行使以下權利:

  • 信息訪問權:申請獲取本公司處理的用戶信息副本,本公司可就該服務收取合理費用;
  • 信息更正權:申請更正不準確、不完整的用戶信息;
  • 反對營銷權:反對將個人信息用於直接市場營銷目的;
  • 權利咨詢權:就信息處理行為向本公司提出咨詢,要求解釋處理依據。

9. 安全保障措施 / Security Protection Measures

本公司採取技術與管理相結合的多層次安全措施,保護用戶信息免遭未經授權訪問、丟失或濫用:

  • 技術防護:使用 AES-256 加密算法存儲敏感數據,部署防火牆及入侵檢測系統,實施嚴格的訪問權限控制;
  • 管理規範:定期開展安全審計與漏洞掃描,僅授權人員可接觸用戶信息,建立信息安全事件應急響應機制;
  • 風險提示:互聯網數據傳輸存在固有風險,用戶應妥善保管賬戶密碼(建議每 90 天更換),發現未授權訪問時立即聯繫本公司。

10. 政策更新 / Policy Updates

本公司保留修訂本政策的權利,修訂後的版本將通過 UUPay 網站發布,並更新「最新更新日期」。用戶在政策更新後繼續使用本服務,即視為接受修訂內容;若不同意修訂,可隨時注銷賬戶。

11. 聯繫方式 / Contact Information

若用戶對本政策有疑問,或需行使信息權利,可通過以下方式聯繫本公司:

官方網站:https://www.uupay.hk/

郵寄地址:香港九龍灣宏照道 39 號企業廣場 3 期 47 樓 Universe Action Limited 客戶服務部

12. 其他 / Miscellaneous

本政策構成用戶與本公司就信息處理事宜的完整協議,取代此前所有口頭或書面約定。若本政策任何條款被認定為無效或不可執行,不影響其他條款的效力。

1. General Provisions

1.1 Formulating Entity and Scope of Effect

This Privacy Policy (hereinafter referred to as "the Policy") is formulated by Universe Action Limited (hereinafter referred to as "the Company" --- a private company registered in Hong Kong with registered address: 47/F, Enterprise Square Three, 39 Wang Chiu Rd, Kowloon Bay, Kowloon, Hong Kong). It is intended to regulate the Company's collection, use, transfer, disclosure, and protection of information of service users (including merchant companies and their directors, shareholders, employees, contractors, and agents, collectively referred to as "Merchants") and end users (hereinafter referred to as "End Users") in the course of providing "UUPay Services" (here in after referred to as "the Services", including mobile applications, websites, and other relevant channels).

The Policy applies to all acts of using or interacting with the Services worldwide; if a user does not agree to all or part of the Policy, they shall immediately cease using the Services.

1.2 Language Validity

The Policy is available in both English and Chinese versions. Unless otherwise specified by law, in case of any inconsistency between the two versions, the English version shall prevail. The latest update date of the Policy is 23 September 2025.

2. Definitions

2.1 End User

An individual user who uses the Services on behalf of a Merchant or who is the recipient of funds transferred via the Services.

2.2 Information

Refers to "Personal Information" and various types of data defined in Clause 3 of the Policy, including but not limited to identification information, transaction data, and device information.

2.3 Merchant

A merchant company that is a user of the Services and its Representatives, where "Representatives" include directors, shareholders, employees, contractors, and agents of the merchant company.

2.4 Partner

Institutions that cooperate with the company to provide products and services; the End User data provided by the Company to Partners is limited to the scope related to the activities of the parties and the respective end users, and the management of such data by Partners shall be governed by their own privacy policies, not this Policy.

2.5 Personal Information

Information that can identify a specific individual directly or indirectly, including but not limited to name, date of birth, copies of government-issued identification documents (e.g., passport, local ID card), and contact information.

2.6 Services

Various technologies and services provided by UUPay, including offline transaction information inquiry, settlement information management, and other related functions.

3. Data Controller

In this Policy, "the Company", "we", "our", and "UUPay" all refer to Universe Action Limited. As the data controller, it assumes legal responsibility for the processing of user information. For the registered address and contact information, please refer to Clause 12 of the Policy.

4. Scope and Methods of Information Collection

4.1 Information Voluntarily Provided by Users

To fulfill service agreements and legal obligations, users shall voluntarily provide the following necessary information to the Company; failure to provide or providing untrue information may result in the inability to use the Services normally:

  • Personal or merchant information used for account registration and activation of service functions, including name, date of birth, copies of identification documents, company registration certificates, average monthly turnover, etc.
  • Transaction-related information used to complete fund transfers, including transaction amount, time, currency type, payment method, information of payers and payees, etc
  • Records used to handle inquiries and complaints, including call recordings, written communication documents, etc.
  • Information proactively submitted by users when they participate in surveys, provide feedback, or take part in promotional activities (non-mandatory).

4.2 Information Automatically Collected During Service Use

Based on legitimate interests (including fraud prevention, optimizing service experience, and ensuring system security), the Company automatically collects the following information when users use the Services:

  • Transaction records, the beneficiary's bank account information, fund sources, and transaction reasons.
  • Device model, operating system version, browsing history, preference settings, and location data (which can be disabled via device settings) used to access the Services.
  • Server access logs, third-party website redirect records, and communication content with the Company (such as emails, text messages, and call recordings).

4.3 Information Obtained from Third Parties

The Company may obtain user information from the following external sources and integrate it with directly collected data for fulfilling service obligations and risk management:

  • Financial partners, payment service providers, credit reference agencies, anti-fraud platforms
  • Official registers, public databases, debt collection agencies
  • Business partners and other legally public channels

5. Rules for Information Use

The Company's use of user information strictly adheres to the "purpose limitation" principle and is only used for the following authorized or legally permitted scopes:

5.1 Service Provision and Account Management

  • Establish user accounts and permission systems, and process payments, settlements, and refund operations;
  • Verify user identities, authorize account access permissions, and evaluate eligibility for service applications;
  • Provide customer support and respond to user inquiries and requests.

5.2 Risk Prevention and Compliance Fulfillment

  • Identify, monitor and prevent fraud, service abuse and other such behaviors, and manage service and channel risks;
  • Comply with legal obligations such as anti-money laundering (AML), tax declaration and financial supervision, and submit necessary reports;
  • Verify the authenticity of user identities and ensure the security of services and systems.

5.3 Service Optimization and Communication Notification

  • Analyze user usage habits, develop new products, and optimize existing service functions;
  • Send administrative notifications such as service updates, security alerts, and transaction confirmations;
  • Send marketing and promotional information with user consent.

6. Information Transfer and Disclosure

6.1 Cross-Border Data Transfer

User information may be stored and processed in the Hong Kong Special Administrative Region and other jurisdictions, and data protection laws in some jurisdictions may differ from Hong Kong's Personal Data (Privacy) Ordinance. By using the Services, users consent to such cross-border transfers; if consent is withheld, the Company cannot provide the Services. The Company may disclose user information in accordance with the legal requirements of local law enforcement agencies.

6.2 Disclosure to Third Parties

The Company may disclose user information to third parties only in the following necessary circumstances, and all recipients shall be bound by contracts and may only use the information in accordance with the provisions of this Policy:

  • Intra-Group: Disclose to affiliates of Universe Action Limited for the collaborative provision of services and in accordance with intra-group data processing agreements;
  • Partners: Disclose to financial institutions, payment processors, and ecosystem partners for facilitating transactions and services;
  • Service Providers: Disclose to technical support providers, cloud storage providers, and auditing firms for maintaining service operations;
  • Regulatory and Judicial Authorities: Disclose to regulatory authorities, courts, and law enforcement agencies in accordance with legal procedures for fulfilling legal obligations;

6.3 Transfer in Corporate Restructuring

In the event of corporate restructuring such as merger, acquisition, asset sale, or bankruptcy liquidation of the Company, user information may be transferred to a third party as part of business assets; if the information will be governed by a different privacy policy, the Company will make reasonable efforts to notify users in advance.

7. Data Retention

The Company determines the information retention period in accordance with the following principles:

  • The retention period shall be the shortest period required to "fulfill service obligations, comply with legal provisions, and meet internal business needs";
  • After a user cancels their account, the Company may still retain the information until the termination of the following circumstances: completion of outstanding transactions, compliance with laws such as anti-money laundering, fraud prevention, collection of payable fees, and dispute resolution;
  • After the expiration of the retention period, the Company will destroy the user information or anonymize it (removing identifiable elements) to ensure that it cannot be traced to a specific user.

8. User Rights

If users are located in the Hong Kong Special Administrative Region, they may exercise the following rights to the extent permitted by applicable laws:

  • Right of Access to Information: Request access to copies of the user information processed by the Company; the Company may charge a reasonable fee for this service.
  • Right to Correct Information: Apply to correct inaccurate or incomplete user information.
  • Right to Object to Marketing: Object to the use of personal information for direct marketing purposes.
  • Right to Inquire About Rights: Inquire with the Company regarding information processing activities and request an explanation of the basis for such processing.

9. Security Protection Measures

The Company adopts multi-level security measures combining technology and management to protect user information from unauthorized access, loss, or abuse:

  • Technical Protection: Use the AES-256 encryption algorithm to store sensitive data, deploy firewalls and intrusion detection systems, and implement strict access permission control;
  • Management Norms: Conduct regular security audits and vulnerability scans, restrict access to user information to authorized personnel only, and establish an emergency response mechanism for information security incidents;
  • Risk Reminder: Internet data transmission carries inherent risks. Users shall keep their account passwords secure (recommended to change every 90 days) and contact the Company immediately if unauthorized access is detected.

10. Policy Updates

The Company reserves the right to revise this Policy. The revised version will be published on the UUPay website and the "Last Updated Date" will be updated. Users who continue to use the Services after the Policy update shall be deemed to accept the revised content; if they do not agree to the revision, they may cancel their account at any time.

11. Contact Information

If users have questions about this Policy or need to exercise their information rights, they may contact the Company through the following methods:

Official Website: https://www.uupay.hk/

Mailing Address: Customer Service Department, Universe Action Limited, 47/F, Enterprise Square Three, 39 Wang Chiu Road, Kowloon Bay, Kowloon, Hong Kong (Attention: Customer Service)

12. Miscellaneous

This Policy constitutes a complete agreement between users and the Company regarding information processing, replacing all previous oral or written agreements. If any clause of this Policy is deemed invalid or unenforceable, it shall not affect the validity of other clauses.