Privacy Policy

Effective Date: 19^th May 2025
Last Updated: 19^th May 2025

1. Introduction

Metalex Ecosystem Technology Limited ("we," "us," "our," "Company"), headquartered in Hong Kong SAR, China, is a FinTech company with registered address of RM C, UNIT 5A, SHUN CHEUNG IND BUILDING, 26 WING HONG STREET, CHEUNG SHA WAN, HONG KONG. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our metal ecosystem financing and trading platform (the "Platform").

This Privacy Policy applies to all users of our Platform, including metal producers, warehouse operators, financiers, metal samplers, and other market participants.

2. Information We Collect

2.1 Personal Information

We collect personal information you provide directly to us, including but not limited to:

Identity and Contact Information:

• Full name and business name
• Email address and phone number
• Business and residential addresses
• Date of birth and nationality
• Government-issued identification numbers

Business and Financial Information:

• Business registration documents
• Tax identification numbers
• Financial statements and credit information
• Bank account and payment information
• Financing / trading history and transaction records

Professional Information:

• Job title, role and associated companies
• Industry certifications and licenses
• Professional references
• Business relationships and affiliations

2.2 Technical and Usage Information

We automatically collect certain information when you use our Platform:

Device and Access Information:

• IP address and device identifiers
• Browser type and version
• Operating system information
• Device location (if permitted)

Platform Usage Data:

• Login times and session duration
• Pages visited and features used
• Trading activities and transaction patterns
• API usage and integration data

Communication Records:

• Customer support interactions
• Platform notifications and messages
• Training and educational engagement

2.3 Distributed Ledger Information

Information recorded on distributed ledger technology may include:

• Transaction hashes and metadata
• Digital asset ownership records
• Smart contract interactions
• Consensus mechanism participation

2.4 Third-Party Information

We may receive information from:

• Credit reporting agencies
• Regulatory databases
• Warehouse operators and metal samplers
• Business partners and service providers
• Public records and databases

3. How We Use Your Information

3.1 Primary Business Purposes

We use your information to:

Platform Operations:

• Provide and maintain Platform services
• Process transactions and manage accounts
• Facilitate trading and financing activities
• Enable API integrations and data sharing

User Authentication and Security:

• Verify user identity and prevent fraud
• Maintain account security
• Monitor for suspicious activities
• Implement access controls

Compliance and Risk Management:

• Conduct KYC (Know Your Customer) or KYB (Know Your Business) verification
• Perform AML (Anti-Money Laundering) screening
• Meet regulatory reporting requirements
• Assess credit and counterparty risk

3.2 Communication and Support

We use your information to:

• Send transaction confirmations and account updates
• Provide customer support and technical assistance
• Deliver educational content and platform updates
• Conduct user surveys and feedback collection

3.3 Analytics and Improvement

We analyze usage data to:

• Improve Platform functionality and user experience
• Develop new features and services
• Conduct market research and analysis
• Monitor Platform performance and security

3.4 Marketing and Business Development

With your consent, we may use your information to:

• Send promotional materials and newsletters
• Invite you to events and webinars
• Share relevant industry insights
• Develop business partnerships

4. Legal Basis for Processing

We process your personal data based on:

Contractual Necessity:

• Performance of our Terms of Service
• Execution of trading and financing agreements
• Provision of requested services

Legal Obligations:

• Compliance with financial services regulations
• Tax reporting and record-keeping requirements
• Court orders and legal processes

Legitimate Interests:

• Fraud prevention and security
• Platform improvement and development
• Business operations and administration

Consent:

• Marketing communications (if opt-in)
• Optional data sharing
• Biometric data processing (where applicable)

5. Information Sharing and Disclosure

5.1 Service Providers and Partners

We may share information with:

Technology Providers:

• Cloud hosting and storage services
• Payment processors and financial institutions
• API integration partners
• Security and monitoring services

Business Partners:

• Warehouse operators and storage facilities
• Metal sampling and testing services
• Credit agencies and lenders
• Market data providers

5.2 Legal and Regulatory Disclosure

We may disclose information when required by:

• Financial services regulators
• Law enforcement agencies
• Tax authorities
• Court orders and legal proceedings

5.3 Business Transactions

In the event of merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to confidentiality agreements.

5.4 Distributed Ledger Considerations

Information recorded on public or permissioned distributed ledgers may be:

• Permanently stored and immutable
• Visible to network participants
• Subject to different privacy protections
• Governed by blockchain protocols

6. International Data Transfers

6.1 Cross-Border Transfers

We may transfer your personal data internationally for:

• Global Platform operations
• Service provider arrangements
• Regulatory compliance requirements
• Business continuity purposes

6.2 Transfer Safeguards

International transfers are protected by:

• Adequacy decisions by data protection authorities
• Standard contractual clauses
• Binding corporate rules
• Certification mechanisms

7. Data Security

7.1 Security Measures

We implement comprehensive security measures:

Technical Safeguards:

• Data encryption in transit and at rest
• Authentication
• Access controls

7.2 Distributed Ledger Security

Distributed ledger data is protected by:

• Cryptographic security protocols
• Consensus mechanisms
• Decentralized validation
• Immutable record keeping

7.3 Breach Notification

In the event of a data security incident, we will:

• Assess the impact and severity
• Notify affected users in a reasonable timeframe
• Report to relevant authorities as required
• Implement remediation measures

8. Data Retention

8.1 Retention Periods

Outside distributed ledgers, we retain personal data for:

• Active accounts: Duration of relationship plus applicable retention periods
• Financial records: As required by financial services regulations
• Marketing data: Until consent is withdrawn
• Technical logs: As needed for security and operations

8.2 Distributed Ledger Data

Data recorded on distributed ledgers may be:

• Permanently stored and immutable
• Subject to technical limitations on deletion
• Retained indefinitely as part of the blockchain

8.3 Deletion and Anonymization

Upon expiration of retention periods, for data outside distributed ledgers, we will:

• Securely delete or anonymize personal data
• Remove identifying information where possible
• Maintain anonymized data for statistical purposes

9. Your Privacy Rights

9.1 Access and Portability

You have the right to:

• Access your personal data
• Receive a copy of your data in a structured format

9.2 Correction and Updates

You may:

• Correct inaccurate personal data
• Update your account information
• Request data corrections through customer support

This is subject to technical limitations of distributed ledger technology.

9.3 Deletion and Erasure

You may request deletion of your personal data, subject to:

• Legal and regulatory retention requirements
• Contractual obligations
• Technical limitations of distributed ledger technology

9.4 Processing Restrictions

You may request that we:

• Limit processing of your data
• Object to processing for certain purposes
• Withdraw consent for optional processing

9.5 Marketing Opt-Out

You may unsubscribe from marketing communications through:

• Email unsubscribe links
• Account settings
• Customer support requests

10. Cookies and Tracking Technologies

10.1 Types of Technologies

We use various tracking technologies:

Essential Cookies:

• Authentication and security
• Platform functionality
• Session management

Analytics Cookies:

• Usage statistics and trends
• Performance monitoring
• Feature usage analysis

Marketing Cookies:

• Interest-based advertising
• Campaign effectiveness
• User preferences

10.2 Management Options

You can control cookies through:

• Browser settings and preferences
• Platform cookie management tools
• Third-party opt-out mechanisms

11. Children's Privacy

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

12. Changes to This Privacy Policy

12.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in our practices
• Regulatory requirements
• Technology developments
• User feedback

12.2 Notification of Changes

We will notify you of material changes through:

• Email notifications
• Platform announcements
• Website postings

12.3 Acceptance of Changes

Continued use of the Platform after notification constitutes acceptance of the updated Privacy Policy.

13. Third-Party Services

13.1 External Links

Our Platform may contain links to third-party websites and services. We are not responsible for their privacy practices and encourage you to review their privacy policies.

13.2 Integrated Services

Third-party services integrated with our Platform have their own privacy policies and practices. We encourage you to review these policies before using such services.

14. Regional Privacy Considerations

We comply with applicable privacy laws in jurisdictions where we operate, including data localization and protection requirements.

15. Contact Information

15.1 Data Protection Officer

Our Data Protection Officer can be reached at:

• Email: dpo(at)meetmetal.tech
• Address: RM C, UNIT 5A, SHUN CHEUNG IND BUILDING, 26 WING HONG STREET, CHEUNG SHA WAN, HONG KONG

16. Effective Date and Acceptance

This Privacy Policy is effective as of the date listed above. By using our Platform, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure of your information as described herein.