Privacy Policy

Sors Technology Limited

Sors Technology Limited (“SORS”, “we”, “us”, “our”) takes its responsibilities under applicable data protection law, including the General Data Protection Regulation and implementing legislation (“Data Protection Law”) seriously. The purpose of this notice is to inform individuals (“you”, “your”) of the data relating to you that we may collect and use and the uses (including disclosures to third parties) we may make of your data in connection with considering applications for our ‘wallet’ services, including the Sorted Wallet account, and the ongoing provision and administration of those services (the “Virtual Asset Account”).

If you have any questions about our use of your personal data, please contact us at hello@sortedwallet.com.

1. What information do we collect

We collect, have transferred to us and process the following categories and types of personal data relating to you during the course of our relationship with you (and afterwards as set out below).

Personal data category Description
Wallet Address Your public wallet address
Contact Data Your name, email address, phone number, home address, other similar details
Communication Data Arising from your interactions with us (e.g. customer care queries or complaints), we will hold details of those interactions (e.g. email correspondence)
Wallet Account Data Account information, account numbers, account status, transaction history, transaction and payment details, bank account details, virtual asset details, other financial data
Marketing Data Communication Data and Contact Data as well as any direct marketing preferences expressed by you
Website and App Usage Data Statistic and Usage Information on usage of our website(s) and apps, including information generated to fix bugs and technical errors

2. Legal bases

The personal data described above is used by us and by third party service providers acting on our behalf. The legal bases on which we collect, process and transfer your personal data for these purposes are:

  • Your consent (“Consent”);
  • Where such processing is necessary for the performance of your contract with us (“Contract”);
  • Where such processing is necessary to comply with our legal and regulatory obligations (“Legal Obligation”); and
  • Where such processing is necessary our legitimate interests (“Legitimate Interests”).

Where we have listed legitimate interests as a legal basis for processing, we will not process your personal data for these purposes if our or the third party’s legitimate interests should be overridden by your own interests or fundamental rights and freedoms.

The condition on which we collect, process and transfer special categories of data relating to you, such as the fact that you are a politically exposed person, is that it is necessary for reasons of substantial public interest, on the basis of Union or Member State law.

3. Processing activities and associated legal bases

Generally, we use your personal data to provide you with our wallet and related services. We also need to use that personal data for other purposes, including to comply with relevant law. We set out below further details on the general purposes for which we use your personal data, the categories of personal data relevant to those purposes and the related legal basis (or bases, if more than one applies) under Data Protection Law for processing such personal data.

Purposes Categories of personal data Legal bases
Activating your Wallet Account and administering it, including:
  • Creating a Wallet Account for you
Identification Data, Contact Data, Communication Data, Financial Data Contract
Operating the Virtual Asset Account, including:
  • Completing Wallet Account transactions
  • Collecting any service fees from you
  • Sending you relevant information about changes/updates to our services and other non-marketing information
Identification Data, Contact Data, Communication Data, Financial Data Contract
Fulfilling our legal and regulatory obligations, including with regard to:
  • Undertaking ‘know your customer’ (“KYC”), ‘anti-money laundering’ checks (“AML”) and fulfilling our counter-terrorist financing (“CTF”) and financial sanctions obligations
  • Administering an account as required by law
Identification Data, Contact Data, Communication Data, Financial Data Legal Obligation
Preventing, investigating or detecting theft, fraud or other criminal activity Identification Data, Contact Data, Communication Data, Financial Data Our Legitimate Interests in preventing, investigating or detecting theft, fraud or other criminal activity in relation to us or a relevant third party
Operating our website and app Website and App Usage Data Our Legitimate Interests in conducting our business in a responsible and commercially prudent manner and in providing you with effective electronic access to our website and app
Providing customer services to you, including:
  • Responding to your requests for customer care assistance and dealing with complaints and litigation
  • Keeping records of such interactions
Identification Data, Contact Data, Communication Data, Financial Data Our Legitimate Interests in conducting our business in a responsible and commercially prudent manner
Management of our company and our services generally, including:
  • Internal operations concerning data analysis, testing
  • Risk monitoring and safeguarding our reputation and integrity
  • Monitoring and improving products
  • Business strategy, development and marketing
  • Ensuring the safety and transparency of our services and company systems
  • Establishing, exercising or defending our legal rights, property, or the safety of SORS, our customers
Identification Data, Financial Data Our Legitimate Interests in conducting our business in a responsible and commercially prudent manner
Marketing purposes, including: Sending marketing communications to you concerning our services and company Marketing Data Consent (where we rely on your express opt-in to marketing), Our Legitimate Interests in conducting our business in a responsible and commercially prudent manner (where we rely on an opt-out as provided for under the ePrivacy Regulations 2011)

4. Sources of data

The personal data relating to you that we hold is generally collected directly from you (e.g. when you make an application for a wallet account).

5. Recipients of data

We may disclose any of your personal data detailed in section 1 above to third party recipients in connection with the above purposes, including:

  • to third parties who we engage to provide services or benefits to us or to you, such as professional advisers, auditors, insurers and outsourced IT and other service providers, including those that we use to verify your information against sanctions or denied party lists through a database;
  • to competent government, regulatory and law enforcement authorities and other similar bodies as requested or required by law;

6. Retention

Generally, we will retain your personal data for the duration of our relationship with you and for such a period of time after this relationship ends as is necessary to comply with our obligations under applicable law and, if relevant, to deal with any claim or dispute that might arise in connection with our relationship with you. Further specific information on our retention practices in relation to the processing activities discussed above is provided below:

Purposes Categories of personal data Retention time / criteria
Activating your Virtual Asset Account and administering it Identification Data, Contact Data, Communication Data 5 years after account deletion or termination
Operating the Virtual Asset Account Identification Data, Contact Data, Communication Data, Financial Data 5 years after account deletion or termination
Preventing, investigating or detecting theft, fraud or other criminal activity Identification Data, Contact Data, Communication Data, Financial Data 5 years after account deletion or termination
Operating our website and app Website and App Usage Data 5 years after account deletion or termination
Providing customer services to you Identification Data, Contact Data, Communication Data, Financial Data 5 years after account deletion or termination
Management of our company and our services generally Identification Data, Financial Data 5 years after account deletion or termination
Marketing purposes Marketing Data 5 years after account deletion or termination

7. Necessity of provision of certain information and consequences

There are certain pieces of information that are required so that we can comply with legal obligations that apply to us (e.g. you must provide us with Identification Data in order that we can conduct KYC, CTF and AML checks prior). If we do not receive this information, this will impact our ability to deal with you in compliance with our obligations and internal policies.

8. Automated decision making

We do not currently use any processing systems which make decisions and produce legal effects for you, or which may otherwise significantly affect you, based solely on automated processing of your personal data.

9. Transfers Abroad

We may transfer your personal data outside of Hong Kong. If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include entering into a contract governing the transfer which contains the ‘standard contractual clauses’ approved for this purpose by the European Commission or transferring your personal data pursuant to binding corporate rules. Further details of the measures that we have taken in this regard are available from legal@sortedwallet.com.

10. Your rights and how to update your information

You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:

  • Right to access the data – You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
  • Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
  • Right to erasure – You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
  • Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
  • Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
  • Right to withdraw your consent – Where our processing of your personal data is based on you having provided your consent (e.g. your marketing preferences), you have the right to withdraw such consent.

These rights are not absolute, and are subject to certain restrictions and exemptions. For example, the right to erasure of personal data will not apply where we have a legitimate reason to continue to hold such data.

In order to exercise any of the rights set out above, please contact support@sorted.finance.

SORS is required to keep all data accurate and up to date. To enable us to do this more easily, please ensure that you keep us up to date with any changes to your personal data.

11. Complaints

If you are not happy with the way we have used your information or addressed your rights, you have the right to make a complaint to us.

12. Updates

We may amend this Privacy Notice from time to time. Any material changes we make to this Privacy Notice in the future will be posted to our website and app. This Privacy Notice was last updated on 10 February 2023.