1. 为帮助您更清晰地了解您在使用我们的产品及服务时,我们如何收集和使用您的个人信息和敏感个人信息,我们更新了《个人信息收集清单》,且涉及敏感个人信息的内容已加粗、加下划线突显,供您阅读了解。
2. 为避免造成您的困惑或误解,我们更新了第九章“您的个人信息如何在全球范围转移”的内容,向您介绍您所适用的数据跨境传输情况。
5、 请您理解,我们向您提供的功能和服务是不断更新和发展的,如果某一功能或服务未在前述说明中且收集了您的信息,我们会通过页面提示、交互流程、网站公告等方式另行向您说明信息收集的内容、范围和目的。
6、 我们可能从关联方、第三方合作伙伴获取您授权共享的相关信息。我们将在符合相关法律规定,并依据与关联方或者第三方合作伙伴的约定、确信其提供的信息来源合法的前提下,收集并使用您的这些信息。
7、 以上由您提供的信息中,可能包含您的敏感个人信息,例如银行账号、交易记录、虚拟财产信息、系统账号、邮箱地址及其有关的密码、电话号码、网页浏览记录、位置信息。请您谨慎并留意个人敏感信息,您同意您的敏感个人信息我们可以按本政策所述的目的和方式来处理。
8、 除了上述已列举场景,我们还会基于客服、账号管理等为您提供服务的目的收集、处理您的个人信息,您可通过点击《ESOP个人信息收集清单》详细了解我们收集及使用您的个人信息的具体情况。如果你不同意提供特定功能下的个人信息,你将无法使用该等功能或可能影响您使用本服务的全部功能和服务。
为使您获得更轻松的访问体验,您使用ESOP产品或服务时,我们可能会通过采用各种技术收集和存储您访问ESOP产品或服务的相关数据,在您访问或再次访问ESOP产品或服务时,我们能识别您的身份,并通过分析数据为您提供更好更多的服务,包括使用小型数据文件识别您的身份,这么做是为了解您的使用习惯,帮您省去重复输入账户信息的步骤,或者帮助判断您的账户安全。这些数据文件可能是Cookie、Flash Cookie,或您的浏览器或关联应用程序提供的其他本地存储(统称“Cookie”)。我们不会将 Cookie 用于本政策所述目的之外的任何用途。您可根据自己的偏好管理或删除 Cookie。有关详情,请参见 AboutCookies.org。您可以清除计算机上保存的所有 Cookie,大部分网络浏览器都设有阻止Cookie 的功能。但如果您这么做,在某些情况下您可能无法使用依赖于cookies的ESOP产品或服务的部分功能,则需要在每一次访问我们的网站时亲自更改用户设置。
除 Cookie 外,我们还可能在网站上使用网站信标和像素标签等其他同类技术。例如,我们向您发送的电子邮件可能含有链接至我们网站内容的点击 URL。如果您点击该链接,我们则会跟踪此次点击,帮助我们了解您的产品或服务偏好并改善用户服务。网站信标通常是一种嵌入到网站或电子邮件中的透明图像。借助于电子邮件中的像素标签,我们能够获知电子邮件是否被打开。
3、Do Not Track(请勿追踪)
很多网络浏览器均设有 Do Not Track 功能,该功能可向网站发布 Do Not Track 请求。目前,主要互联网标准组织尚未设立相关政策来规定网站应如何应对此类请求。但如果您的浏览器启用了 Do Not Track,那么我们会尊重您的选择。
影响类别 | 影响描述 | 影响程度 |
限定个人自主决定权 | 例如被占用额外的时间 | 低 |
引发差别性待遇 | 例如耗费额外的时间获取公平的服务或取得相应的资格等 | 低 |
个人名誉受损和遭受精神压力 | 例如被频繁打扰、产生厌烦和恼怒情绪等 | 低 |
人身财产受损 | 例如因个人信息更正而需执行额外的流程(或提供额外的证明性材料)等 | 低 |
ESOP个人信息收集清单 |
核心场景/业务功能 |
信息种类 |
收集/使用目的 |
保存期限 |
注册登录 |
姓名、手机号码、验证码、密码、身份证件号码(身份证号码、护照或其他证件)、电子邮箱、工号、税务信息 |
用于账号验证和登录 |
ESOP平台账户存续期间 |
设备信息(设备机型、操作系统及版本、客户端版本、设备分辨率、软硬件特征信息) |
用于识别设备的数据(如设备序列号)或关于设备的数据 (如浏览器类型);用于故障排除、系统更新、软件适配,提升用户体验 |
ESOP平台账户存续期间 |
账号管理 |
姓名、手机号码、身份证件号码(身份证号码或护照)、验证码、电子邮箱、人脸识别信息(若开通此功能) |
用于重置ESOP账号绑定的手机号码或电子邮箱,身份验证 |
ESOP平台账户存续期间 |
头像、昵称 |
用于完善网络身份标识、提供个性化展示 |
设备信息(设备机型、操作系统及版本、客户端版本等;历史登录设备信息) |
用于识别设备的数据(如设备序列号)或关于设备的数据 (如浏览器类型); 用于故障排除、系统更新、软件适配,提升用户体验; 用于管理登录设备,防止他人盗用 |
ESOP平台账户信息,如账号名称、用户名、密码 |
用于找回与修改密码、解锁、注销账号 |
用户行权与交易 |
姓名、身份证件号码(身份证号码或护照)、富途牛牛账号、用户ID、工号、流水记录(结汇信息,包括打款批次、发起结汇日期、结汇净收)、流水记录(税款信息,包括激励税款、已汇税款、本次结汇税款) |
用于提供结汇服务 |
适用法律法规规定的保存期限 |
姓名、身份证件号码(身份证号码或护照)、富途牛牛账号、国籍、银行账户信息(银行卡、开户名、银行国际代码(SWIFT CODE)、国际银行账户号码(IBAN)) |
用于满足富途的法定审查义务 |
适用法律法规规定的保存期限 |
客户服务 |
用户与客服的联系记录、ESOP平台账户信息、身份核验信息等为解决用户咨询事项所必须的信息 |
用于回应用户投诉建议、问题咨询及争议处理 |
ESOP平台账户存续期间 |
安全运行 |
日志信息,如登录帐号、搜索查询内容、IP地址、浏览器的类型、电信运营商、网络环境、使用的语言、注册年限、访问日期和时间、您访问的网页浏览记录、停留时长、刷新记录、操作记录 设备信息(设备机型、操作系统及版本、客户端版本等;历史登录设备信息) |
用于保障用户正常使用产品及服务、用户的账号安全、识别账号异常状态 |
ESOP平台账户存续期间 |
员工管理 |
姓名、工号、富途牛牛账号、电子邮箱、手机号码、身份证件号码(身份证或护照号码)、税务居民身份 |
用户基础信息管理 |
ESOP平台账户存续期间 |
授予管理 |
姓名、工号、富途牛牛账号、电子邮箱、手机号码、身份证件号码(身份证或护照号码)、税务居民身份 |
用于激励数据的管理、记录 |
ESOP平台账户存续期间 |
在线签署 |
姓名、工号、富途牛牛账号、手机号码、电子邮箱、人脸识别信息(若开通此功能)、身份证件号码(身份证或护照号码) |
用于协议签署通知及签署人身份验证 |
ESOP平台账户存续期间 |
报表管理 |
姓名、工号、富途牛牛账号、电子邮箱、手机号码、身份证件号码(身份证或护照号码) |
用于激励数据统计、持有情况统计 |
ESOP平台账户存续期间 |
序号 |
名称 |
共享信息种类 |
目的 |
数据接收方 |
链接 |
适用平台 |
1 |
上上签 |
用户身份信息,包括姓名、证件号码;合同信息 |
使用上上签在线签署,为客户生成专属的数字证书,用作在线协议签署;为客户生成电子协议 |
杭州尚尚签网络科技有限公司 |
官网链接:https://www.bestsign.cn/ 隐私政策链接:https://ent.bestsign.cn/account-center/legal-agreement/privacy-policy |
web |
2 |
腾讯云 |
用户身份信息,包括姓名、证件号码 |
使用腾讯云二要素认证、人脸核身服务,验证国内客户身份真实性,确保协议签署有效性 |
深圳市腾讯计算机系统有限公司 |
官网链接:https://cloud.tencent.com/ 隐私政策链接:https://cloud.tencent.com/document/product/301/11470 |
web |
Futu Employee Equity Incentive Plan (ESOP) Product Services
Personal User Privacy Policy
Last update time: June 20th 2023
Effective time: June 20th 2023
In order to fully protect your rights, we have updated the "Futu Employee Equity Incentive Plan (ESOP) Product Services Personal User Privacy Policy" ("Privacy Policy"), which is as set out below.
1. To help you understand how we collect and use your personal information and sensitive personal information when you use our products and the service, we have updated the ESOP Personal Information Collection Checklist. We also have bolded and underlined the contents of sensitive personal information for your information.
2. To help you understand the cross-border transfer of personal information, we have updated Section 9, "How your Personal Data is transferred globally", to provide you with more detailed information.
Your trust is very important to us. We are well aware of the importance of Personal Data to you. We will take corresponding security protection measures in accordance with the requirements of laws and regulations, and endeavour to keep your Personal Data safe and controllable. We are committed to maintaining your trust in us and protecting your Personal Information by adhering to the following principles: balancing rights with responsibilities, clear purpose, consent, minimum necessary, security, participation of PI Subjects, transparency. In view of this, Futu Network Technology (Shenzhen) Co., Ltd. And its affiliates, as the providers of services of Futu Employee Equity Incentive Plan (ESOP) Product and Services (referred to as "we" or "Futu") have formulated this "Privacy Policy" (hereinafter referred to as "this Policy") and would like to remind you that: This Policy applies to any use of the ESOP platform products and services. Before using the ESOP platform products and services, please be sure to read and thoroughly understand this Policy, and use related products or services only after confirming your full understanding and agreement to this Policy. Once you start using the ESOP platform products and services, you are deemed to have fully understood and agreed to this Policy.
If you have any questions, comments or suggestions about the content of this Policy, you can contact us by email at privacy@futunn.com. Our contact information is as follows:
Contact: Futu Data and Personal Information Protection Centre
Address: 25F, Building D1, Kexing Science Park, Nanshan District, Shenzhen
Postcode: 518000
This Policy will help you understand the following:
1. How we collect your Personal Data
2. How we use the Personal Data we collect
3. How we use cookies and similar technologies
4. How do we share, transfer and publicly disclose your Personal Data
5. How we protect your Personal Data
6. How we store your Personal Data
7. Your right to manage your Personal Data
8. How do we protect the Personal Data of minors
9. How your Personal Data is transferred globally
10. How our processing of your sensitive personal information may affect your rights
11. Information we may send you
12. Updates to this Policy
13. Scope of application of this Policy
14. How to contact us
1. How we collect your Personal Data
In order to provide services to you, maintain the proper functioning of the ESOP platform products and services, improve and optimize our service experience, and protect your account security, we may collect your personal information and information based on your use of ESOP products and services for the following purposes and in the manners described in this policy:
1.1 ESOP platform account login
Only when your company has entered into a partnership with the ESOP services and you are authorized to use the ESOP platform for the purpose of your company's incentive plan, can you log in and use the ESOP platform products and services.
To ensure the security of your account, you will be required to provide your mobile phone number and SMS verification code to complete initial account verification when you first log in to use the products or services on the ESOP platform;
After the verification, if you have already created a Futubull account and linked it to your mobile number, then you need to provide your password to complete the password verification to log in; if your mobile number is not linked to any Futubull account, the system will generate a Futubull account for you, and you can set a password for it.
To complete the final verification, you need to provide the last six digits of your ID number. Then you can login successfully. We collect your ID number and other information to complete multiple verifications to fully secure your account and provide the necessary information for ESOP platform account login and service creation. If you refuse to provide it, you will not be able to use our services.
1.2 ESOP equity incentive user services
1) Once your company has entered into a partnership with Futu ESOP services, the company ESOP administrator (usually an authorized person in the company) will provide Futu with your personal information to enable the ESOP platform and to complete the subsequent equity incentive service. Your personal information includes: name, mobile number, ID number, email, employee ID and tax information.
You confirm that you have authorized your company and authorized personnel to provide the above personal information to Futu for the purpose of providing ESOP platform products or services.
2) We may also be instructed by the company to collect your name, date of birth, user ID, ID number, nationality, bank account information, address, Futubull ID, stock positions, positions quantity, transaction history, funds records and tax information through the ESOP platform under the special arrangement model of certain incentive plans.
The personal information we collect through the above channels will be used to support the opening and subsequent operation of your employee option and long-term incentive plans to ensure that the ESOP service is available to you or continues to be available to you for exercise, trading, settlement, and other related services, and to meet the requirements of overseas statutory reviews. If you refuse to provide it, we will not be able to provide you and the Company with the appropriate exercise, trading, settlement, and other related services.
1.3 Secure operation of ESOP products and services
In order to protect the regular use of ESOP products and services, the safety of users' accounts, and to identify abnormal account status, we may collect the following personal information from you:
a) Log information: When you use the products or services provided by our website or client, we will automatically collect your detailed usage of our services and save them as relevant network logs. For example, your login account, search query content, IP address, browser type and version, language used, date and time of access, and web browsing records you visit, length of stay, refresh records, and operation records.
b) Device information: When you use the products or services provided by our website or client, we will receive and record the device-related information (such as operating system and version) you are using.
1.4 Other circumstances
In addition, we may collect and use your relevant Personal Data without asking for your authorization when we are required to do so in order to comply with applicable law or court order:
a) Directly related to national interests such as national security, national defense security, etc.;
b) Directly related to significant public interests such as public safety, public health and public right to know;
c) Directly related to crime investigation, prosecution, trial and execution of judgments;
d) For the purpose of protecting your life, property, reputation, and other significant legitimate rights and interests or those of other individuals but where it is difficult to obtain your consent;
e) Where the personal information collected is disclosed to the public by you;
f) Where personal information is collected from information that is lawfully and publicly disclosed, such as legitimate news reports, government information disclosure, and other channels;
g) Necessary for the signing and performance of a contract at your request;
h) Necessary for maintaining the safe and stable operation of the product or services, such as detecting and solving malfunctions of the product or services;
i) Necessary for the conduct of legitimate news reporting;
j) Necessary for statistical or academic research in the public interest and where it provides the results of academic research or descriptions to the public by de-identifying the personal information contained in the results;
k) Other circumstances as provided by law and regulations.
1.5 Please understand that the functions and services we provide to you are constantly being updated and developed. If a function or service is not in the above description and your information is collected, we will notify you through page prompts, interactive processes, and website announcements. The content, scope and purpose of information collection will be explained to you separately by other means.
1.6 We may obtain relevant information that you authorize to share with our affiliates and third-party partners. We will collect and use your information under the premise of complying with relevant laws and regulations, in accordance with the agreement with affiliates or third-party partners, and on the premise that the sources of information provided by them are legal.
1.7 Information provided by you may include your personal sensitive information, such as bank account numbers, transaction records, virtual property information, system account numbers, email addresses and their related passwords, phone numbers, web browsing records, and location information. Please be careful and pay attention to sensitive Personal Data, and you agree that we can process your sensitive Personal Data in accordance with the purposes and methods described in this Policy.
1.8 In addition to the scenarios already listed above, we may also collect and process your personal information for the purposes of providing services to you, such as customer service, account management, etc. You can learn more about how we collect and use your personal information by clicking on the "ESOP Personal Information Collection Checklist". If you do not agree to provide personal information under certain features, you will not be able to use those features, or it may affect your access to the full range of features and the services.
2. How we use the Personal Data we collect
Based on the provisions of relevant laws and regulations, and for the purpose of providing you with services and improving service quality, and providing you with a safe, smooth, efficient and personalized experience, we will strictly abide by the provisions of laws and regulations regulating Personal Data and this Policy.
1) To provide you with various services;
2) To understand how you access and use the services and to meet your customized needs;
3) Development and service optimization: To optimize and develop our services. For example, when our system fails, we will record and analyze the information generated;
4) To send you marketing information to promote Futu services or third-party goods and services, recommend information and information you are interested in, and issue notifications related to Futu services;
5) To evaluate and improve our promotion campaigns and assess their effectiveness;
6) To improve our management software. For example, software certification, software upgrade, etc.;
7) To invite you to participate in surveys about our services;
8) To prevent, detect, investigate acts that are fraudulent, or which infringes the rights of any person, or which jeopardizes security, or is illegal, or violates any agreements, policies or rules with us or any of our affiliates; or to protect the legitimate rights and interests of any user, or the public, as well as us and/or our affiliates. We will use and/or integrate your Personal Data, service usage information, device information, log information, and information that our affiliates and partners have obtained from you with your authorization or shared in accordance with the law to comprehensively analyze your account and transaction risks, and identity verification; to detect and prevent security incidents; and to take necessary recording, auditing, analysis, and disposal measures in accordance with the law;
9) To ensure the security of the service and help us better understand the operation of our application. We may record relevant information, such as the frequency of your use of the application, crash data, overall usage, performance data and the source of the application, but we do not combine the information we store in the analytics software with the personally identifiable information you provide in the app;
10) Any other purpose authorized by you.
If we use your Personal Data beyond the scope of the purposes listed above that is directly or reasonably related to the any of the above purposes at the time of collection, we will inform you again and obtain your express consent before using your Personal Data for such purposes.
3. How we use cookies and similar technologies
3.1 Cookies
In order to provide you with an easier access experience, when you use ESOP platform products or services, we may use various technologies to collect and store data related to your access to ESOP platform products or services. When visiting ESOP platform products or services, we can identify your identity, and provide you with better and more services by analyzing data, including identifying your identity using small data files, in order to understand your usage habits, to save you the step of repeatedly entering account information, or to help determine the security of your account. These data files may be cookies, Flash cookies, or other local storage provided by your browser or associated application (collectively, "Cookies"). We will not use Cookies for any purpose other than those described in this policy. You can manage or delete Cookies according to your preferences. See AboutCookies.org for details. You can clear all Cookies saved on your computer, and most web browsers have a Cookie-blocking feature. However, if you do this, in some cases you may not be able to use some functions of the ESOP platform products or services that rely on cookies, and you need to personally change the user settings every time you visit our website.
3.2 Web Beacons and Pixel Tags
In addition to Cookies, we may also use other similar technologies such as web beacons and pixel tags on our website. For example, an email we send you may contain a click URL linking to the content of our website. If you click on the link, we will track the click to help us understand your product or service preferences and improve customer service. A web beacon is usually a transparent image embedded in a website or email. With the help of pixel tags in emails, we can tell if an email has been opened.
3.3 Do Not Track
Many web browsers have a Do Not Track feature that issues a Do Not Track request to a website. Currently, no major Internet standards organization has established policies governing how websites should respond to such requests. But if your browser has Do Not Track enabled, then we will respect your choice.
4. How do we share, transfer and publicly disclose your Personal Data
1) Share
We will not share your Personal Data with companies, organizations and individuals other than service providers related to ESOP products or services, except in the following cases:
a) Sharing with your consent: After obtaining your explicit consent, we may share your Personal Data with other parties.
b) Sharing under statutory circumstances: We may share your Personal Data externally in accordance with laws and regulations, the need for litigation and dispute resolution, or as required by administrative and judicial authorities in accordance with the law.
c) When you choose to use the online signing function of the ESOP, only by revealing your Personal Data (such as your name and other identity information) can you receive the third-party products and services you require, or use such products and services together with the equity management platform. At present, the third-party services we access mainly include: third-party platform "Docusign" and "Tencent Cloud" services, which provide online signing related functions or services. Such access to third-party services is operated by the relevant parties and is subject to the third-party's own terms of service and information protection statement (not this "Privacy Policy"). You agree to us sharing your Personal Data with such third parties.
d) If a complaint regarding you has been received, or where you lodge a compliant against others, we will provide your Personal Data and other complaint-related information to the relevant regulatory agencies for the purpose of resolving complaints and disputes, unless the provision of such Personal Data is expressly prohibited by laws and regulations.
e) We may exchange information (including your Personal Data) with other companies and organizations in order to comply with laws, to enforce or apply the conditions of use of our services and other agreements, or to prevent fraud and other illegal activities, or to reduce credit risks.
f) Sharing with our affiliates: Your Personal Data may be shared with Futu's affiliates. We will only share necessary Personal Data and subject to the purposes stated in this Policy. If the affiliated company wants to change the purpose of processing Personal Data, it will ask for your authorization again.
g) Sharing with authorized partners: Some of our services will be provided by authorized partners only for the purposes stated in this Policy. We may share some of your Personal Data with our partners to provide better customer service and user experience. For example, when you participate in a reward activity we offer, we must share your Personal Data with our partners in order to arrange for rewards to be issued, or to arrange for partners to provide services. We will only share your Personal Data for legal, legitimate, necessary, specific and explicit purposes, and only share Personal Data necessary to provide services. Our partners are not authorized to use the shared Personal Data for any other purpose.
h) Share with third parties in accordance with the relevant agreements between the ESOP platform "Futu I&E User Service Agreement" and you. We may share your Personal Data with such third parties. If you wish to learn more about our sharing of information with third parties, please read the Third-Party Information Sharing Instructions.
i) Other agreements between you and us about information sharing.
For companies, organizations and individuals with whom we share Personal Data, we will sign strict confidentiality agreements with them, requiring them to process Personal Data in accordance with our instructions, this Policy and other relevant confidentiality and security measures, and in accordance with all applicable laws.
2) Transfer
We will not actively transfer your Personal Data to third parties except in the following circumstances:
a) Where your express consent has been obtained in advance;
b) If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include user information among our assets transferred to or acquired by a third party. You acknowledge and agree that such transfers may occur, and that any parties who acquire us may continue to use your Personal Data according to this Policy, or we will require the company, organization to obtain authorized consent from you again;
c) Where it is necessary to transfer your Personal Data in accordance with the provisions of laws and regulations, and/or the requirements of competent authorities.
3) Public disclosure
We will only publicly disclose your Personal Data in the following circumstances:
a) After obtaining your explicit consent;
b) Public disclosure based on law: We may publicly disclose your Personal Data if required by law, or any governmental authority or pursuant to any court order;
c) If we determine that you have violated laws and regulations or seriously violated the relevant agreement rules of ESOP products or services, or in order to protect the safety of any person or the safety of any property or the ESOP products or services, or the safety of us or any of our affiliates, or the safety of any other users, or to protect the public from your infringement, we may disclose your Personal Data with your consent in accordance with laws, regulations, and rules of the ESOP product or service-related agreements, including without limitation information regarding your violations and the measures that the ESOP products or services have taken against you
4) Exceptions to prior authorized consent for personal information sharing, transfer, and public disclosure
a) Directly related to national interests such as national security, national defense security, etc.;
b) Directly related to significant public interests such as public safety, public health, and public right to know;
c) Directly related to crime investigation, prosecution, trial, and execution of judgments;
d) For the purpose of protecting your life, property, reputation, and other significant legitimate rights and interests or those of other individuals but where it is difficult to obtain your consent;
e) Where the personal information collected is disclosed to the public by you;
f) Where personal information is collected from information that is lawfully and publicly disclosed, such as legitimate news reports, government information disclosure, and other channels;
g) Please note that, according to the law, sharing or transferring personal information that has been anonymized and ensuring that the recipient can't recover and re-identify the subject of the personal information is not considered an act of sharing, transferring, or publicly disclosing personal information to the public. The storage and processing of such data will not require separate notification to you and your consent.
5. How we protect your Personal Data
1) We will take various preventive measures to protect your Personal Data to protect your Personal Data from loss, misappropriation and misuse, as well as unauthorized access, disclosure, alteration or destruction. To ensure the security of your Personal Data, we have strict information security regulations and procedures, and a dedicated information security team strictly implements the above measures within the company.
2) We take security protection technologies and procedures such as system encryption measures, access management control and restriction, timely deletion or desensitization of relevant data, etc., to protect users' personal data from unauthorized access, use or disclosure, and to protect data and personal data. information security. Our data security and personal information protection capabilities have achieved certifications including but not limited to the following: ISO29151: certificate of practice for personally identifiable information protection, ISO27701: certificate of privacy information management, ISO27001: certificate of information management, SOC1 Report, and Certification of Information security technology cybersecurity protection 3.0.
3) We will take all reasonable and feasible measures to ensure that irrelevant personal data is not collected. We will only retain your Personal Data for as long as is necessary to achieve the purposes described in this Policy, unless an extension of the retention period is required or permitted by law.
4) We will establish an emergency response plan. If a security incident such as Personal Data leakage occurs, we will activate an emergency plan to prevent the expansion of the security incident. We will promptly notify you of the relevant information of the event by email, letter, telephone, push notification, etc. When it is difficult to inform the subject of Personal Data one by one, we will take a reasonable and effective way to publish an announcement.
5) The Internet environment is not 100% secure. Although we have these security measures, please note that there are no "perfect security measures" on the Internet, and we will try our best to ensure the security of your information. You can prevent your password from leaking and endanger your account security by not disclosing your login password or account information to anyone (unless the person is officially authorized by you). We recommend that you do not use the service on any device or operating system that has been modified outside the scope of the device vendor's license or warranty (eg, a "jailbroken" mobile device). The use of this service on the aforementioned devices or operating systems may lead to the risk of Personal Data leakage. We are not responsible for security omissions caused by third parties accessing your Personal Data due to your failure to keep it private. Notwithstanding the foregoing, you should notify us immediately of any unauthorized use of your account by any other Internet user or of any other security breach. Your assistance will help us protect the privacy of your Personal Data. At the same time, we will also proactively report the handling of Personal Data security incidents in accordance with the requirements of regulatory authorities.
6. How we store your Personal Data
1) We will store your Personal Data collected in China in accordance with relevant laws and regulations, and keep such information strictly confidential in accordance with the law. In some cases, we may transmit the relevant user Personal Data to our affiliates and other third parties in other jurisdictions. We will implement any such transmission in accordance with all applicable laws, and through effective measures such as signing agreements and on-site inspections.
2) Generally speaking, we only keep your Personal Data for the shortest time necessary to achieve the purpose. However, in the following cases, we may change the storage time of Personal Data to meet legal requirements:
a) In order to comply with applicable laws and regulations and other relevant regulations;
b) To comply with court judgments, rulings or other legal procedures;
c) To comply with the requirements of relevant government agencies or legally authorized organizations;
d) Where it is reasonable and necessary to do so for the purposes for the implementation of relevant service agreements or this Policy, the protection of the persons and property, the protection of other users, our employees, us and/or our affiliates, and/or to protect any other legitimate rights and interests.
7. Your right to manage your Personal Data
1) During your use of ESOP products or services, in order for you to access, correct and delete your Personal Data more conveniently, and to protect your right to withdraw your consent to the use of Personal Data and cancel your account, you can manage your Personal Data by:
a) Access your Personal Data: if you wish to access the Personal Data in your account, you can view it on the personal information page after logging in to the ESOP system;
b) To correct your Personal Data: if you want to correct your email address, you can go to the personal information page to correct after logging in to the ESOP system. If you want to correct any other Personal Data, you can contact the ESOP administrator, and that administrator will contact Futu for assistance to correct your Personal Data;
c) To delete your Personal Data: you can contact the ESOP administrator, and that administrator will contact Futu for assistance to delete your Personal Data;
d) To cancel the account: you can contact the ESOP administrator, and that administrator will contact Futu for assistance to delete your account;
e) To withdraw your consent to the processing of Personal Data: you can contact the ESOP administrator, and that administrator will contact Futu to withdraw your consent granted to Futu to process your Personal Data;
f) To obtain your Personal Data: you can contact the ESOP administrator, and that administrator will contact Futu to obtain your Personal Data stored with Futu;
g) To release the account binding: you can contact the ESOP administrator and ask the administrator to release the binding relationship between your Futubull account and the products or services of the ESOP products and services. After such unbinding, you can no longer log in to ESOP system.
2) If you find that our collection and use of your Personal Data violates the provisions of any applicable laws or any agreement between us, you can contact us at privacy@futunn.com and request to delete your data that has been collected under such violations.
3) If you find that your Personal Data collected and stored by us is wrong, you can contact us at privacy@futunn.com and ask us to correct it in time.
8. How do we protect the Personal Data of minors
We attach great importance to the protection of minors' Personal Data, but ESOP products, services and websites and services are mainly for adults, and we will not collect minors' Personal Data knowingly. If you find that we have unintentionally collected Personal Data of minors, please notify us immediately, and we will try to delete the relevant data as soon as possible.
9. How your Personal Data is transferred globally*
In general, the Personal Data we collect and generate in China will be stored in China.
Since we provide products or services through resources and servers all over the world, this means that, your Personal Data may be transferred to jurisdictions outside the country/region where you use the products or services, or subject to access from these jurisdictions. Such jurisdictions may have different data protection laws or even no relevant laws. In such cases, we shall ensure that any Personal Data transferred outside of China will be afforded a standard of protection that is comparable to the protection required under the PDPA. For example, we will request your individual consent for cross-border transfers of personal information, sign cross-border transfer agreements with foreign receivers, and implement security measures such as data de-identification before cross-border data transfers to fully protect the rights and security of your personal information.
10. How our processing of your sensitive personal information may affect your rights
Qualitative assessment, for example, can be conducted according to the “Information Security Technology – Security Impact Assessment Guide of Personal Information” (“The guide”), and be based on four dimensions: (1) influencing personal self-determination rights, (2) causing differential treatment, (3) causing personal reputational damages and mental stress, and (4) damaging personal property. In the scenarios where we process your sensitive personal information in accordance with this policy, we assess the degree of impact on your personal rights as set out in the table below:
Impact Dimension | Impact Description | Degree of Impact |
Influencing personal self-determination rights | E.g., extra time costs. | Low |
Causing differential treatment | E.g., extra time costs to acquire fair services or qualifications, etc. | Low |
Causing personal reputational damages and mental stress | E.g., frequent nuisance, weariness and annoyance, etc. | Low |
Damaging personal property | Such as, extra procedures (or providing extra evidentiary documents) to correct personal information, etc. | Low |
Note: This assessment is only an indication of the relative adverse impact on your personal rights by referring to the guide. It does not mean that you will suffer such adverse impacts from our processing of your sensitive personal information.
11. Information we may send to you
1) When you use our services, we may send to you emails, text messages, information or push notifications. You can choose to unsubscribe from such notifications on your device by following our tips.
2) We may issue service-related announcements to you when necessary (for example, when a service is suspended due to system maintenance). You may not be able to cancel these service-related announcements that are not advertising in nature.
12. Updates to this Policy
We may from time to time update this Policy to take into account changes to the law, our business or any other relevant factors. Changes to this Policy will be posted on our website, and by the posting of any revised Policy on our website, you shall be deemed to have been notified of the changes made to the Policy and you shall agree to be bound by such updated Policy. If you are unsure whether you are reading the most current version, please contact us. Without limiting the foregoing, if you continue to use our services, you agree to be bound by the revised and updated Policy.
13. Scope of application of this policy
1) This policy applies to the products and services of the ESOP products and services of Futu that you use, except for services that we expressly state that our other specially formulated separate privacy policies or terms apply. However, some services have set their specific privacy guidelines/statements according to their needs. If there is any inconsistency between this policy and the privacy guidelines/statements of specific services, please refer to the specific privacy guidelines/statements.
2) The titles of all clauses of this Policy are for reading convenience only, have no actual meaning in themselves, and cannot be used as the basis for the interpretation of the meaning of this policy.
14. How to contact us
If you have any questions, comments or suggestions about this Policy or data processing, you can contact us by email at privacy@futunn.com, our contact details are as follows:
Contact: Futu Data and Personal Information Protection Centre
Address: 25F, Building D1, Kexing Science Park, Nanshan District, Shenzhen
Postcode: 518000
Email: privacy@futunn.com
Under normal circumstances, we will reply within fifteen days after receiving your relevant contact information and verifying your identity.
ESOP Personal Information Collection Checklist |
Core Scenarios/Business Functions |
Information Types |
Collection/Use Purpose |
Retention Period |
Registration and login |
Name, mobile number, verification code, password, (ID number, passport number or other identification), email, employee number, tax information |
Account verification and login |
During the existence of ESOP account |
Device information (device model, operating system and version, client version, device resolution, hardware and software information) |
Data to identify the device (e.g., device serial number) or data about the device (e.g., browser type); Troubleshooting, system updates, and software adaptations to enhance the user experience |
During the existence of ESOP account |
Account management |
Name, mobile number, password, ID number (resident ID number or passport number),verification code, email, face recognition information (if enabled) |
Reseting the mobile number or email linked to your ESOP account and identify verification |
During the existence of ESOP account |
Profile photo and name |
Improving online identity and providing customized displays |
Device information (device model, operating system and version, client version, device resolution, historical login device information) |
Data to identify the device (e.g., device serial number) or data about the device (e.g., browser type); Troubleshooting, system updates, and software adaptations to enhance the user experience; Manage login devices to prevent others from stealing your account |
ESOP platform account information, such as account name, username, password |
Retrieving and changing the password, unlocking and canceling the account |
Exercise and trading |
Name, ID number (resident ID number or passport number), Futubull ID, user ID, employee ID, account statement (settlement information: payment batch, initiate date of settlement, settlement net income), account statement (tax information: incentive tax, remitted tax, current tax settlement) |
Foreign exchange settlement services |
Retention periods stipulated by applicable laws and regulations |
Name, ID number (resident ID number or passport number), Futubull ID, nationality, bank account information (bank card, account name, bank international code (SWIFT CODE), international bank account number (IBAN)) |
Futu' statutory review |
Retention periods stipulated by applicable laws and regulations |
Customer services |
Contact records with customer service, ESOP account information, identity verification information, and other information necessary to resolve user inquiries |
Responding to user complaints and suggestions, inquiries and disputes |
During the existence of ESOP account |
Safe operation |
Log information such as login account, search query content, IP address, browser type, telecom operator, network environment, language used, registration years, access date and time, web browsing history you visited, length of stay, refresh record, operation record, device information (historical login device information such as device model, operating system and version, client version, etc.) |
To ensure the regular use of products and services, the security of users' accounts, and to identify abnormal account status |
During the existence of ESOP account |
Employees management |
Name, employee number, Futubull account, email, mobile number, ID number (resident ID number or passport number), tax residence identity |
User basic information management |
During the existence of ESOP account |
Grant management |
Name, employee number, Futubull account, email, mobile number, ID number (resident ID number or passport number), tax residence identity |
User basic information management |
During the existence of ESOP account |
E-signing |
Name, employee number, Futubull account, mobile number, email, face recognition information (if enabled), ID number (resident ID number or passport number) |
Used for protocol signing notification and signatory identity verification |
During the existence of ESOP account |
Report management |
Name, employee number, Futubull account, email, mobile number, ID number (resident ID number or passport number) |
Used for incentive data statistics and holdings statistics |
During the existence of ESOP account |
For the purposes of user verification, mobile device security, receiving information pushes, account verification and login, and information security, the ESOP platform may share information with third parties in the course of providing services to you. We have listed below the names of these third-party service providers, the purposes, links to their websites, and privacy policies.
1. SDK
2. Non-SDK
No. |
Name |
Info Type |
Purpose |
Receiver |
Link |
Platform |
1 |
Docusign |
User identification information, including name and ID number; contract information |
Using the online signatures of Docusign to generate a unique digital certificate for the client and to use it for online agreement signing; generating electronic agreements |
Hangzhou BestSign Network Technology Co.,Ltd. |
Website: https://www.bestsign.cn/ Privacy Policy: https://ent.bestsign.cn/account-center/legal-agreement/privacy-policy |
web |
2 |
Tencent Cloud |
User identification information, including name and ID number |
Use two-factor authentication and face ID service from Tencent Cloud to verify domestic clients' identities and ensure the validity of agreement signing |
Shenzhen Tencent Computer Systems Company Limited |
Website: https://cloud.tencent.com/ Privacy Policy: https://cloud.tencent.com/document/product/301/11470 |
web |