JZ GoldHKGXC&ED

Scan to Download the App

More Methods
JZ Gold

Privacy Policy and Personal Data (Privacy) Ordinance Statement

Last Updated:2026-03-24

Introduction

JZ GOLD Company Limited ("JZ GOLD"), a limited company incorporated under the laws of the Hong Kong Special Administrative Region, together with its successors and assigns, has formulated this Privacy Policy and Statement in accordance with the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) (the "Ordinance") to explain the collection, use, retention and transfer of personal data, as well as your related rights.

By using the over-the-counter (OTC) precious metals trading services and other related services provided by JZ GOLD, you acknowledge that you have read, understood and agreed to be bound by the terms set out in this document.

Part I Children and Sensitive Personal Data

This website is not targeted at children under the age of 18. We do not knowingly contact or collect personal information or sensitive personal data (such as "race or ethnic origin, political opinion, religious or philosophical belief, trade union membership, genetic data processing, biometric data used to uniquely identify a natural person, data about health or a natural person's sex life or sexual orientation") from children under the age of 18. If you believe we have unintentionally collected such information, please contact us immediately so that we can obtain your specific consent or delete such information.

Part II Purpose and Necessity of Personal Data Collection

  1. The personal data you provide (as defined under the Ordinance) is necessary for JZ GOLD to establish, maintain and manage an appropriate and effective business relationship with you, including but not limited to opening and maintaining trading accounts for securities, futures, margin precious metals and leveraged foreign exchange, as well as providing financial services, advisory services and related financial facilities.

  2. If you fail to provide the required information in a complete and accurate manner, it may affect the efficiency of JZ GOLD"s service provision and may even result in JZ GOLD being unable to open or maintain your account or continue to provide you with relevant financial services.

Part III Scope and Methods of Personal Data Collection

1. Types of Data Collected

  1. Identity information: name, identification number, passport number, address, contact number, email address, etc.

  2. Financial information: bank card number, trading account information, financial background, credit status, trading patterns, and information on products and service portfolios, etc.

  3. Usage data: IP address, browser type, access date and time, webpage browsing records, app usage logs, and device attribute information (including hardware model, operating system version, unique device identifier, etc.).

  4. Other necessary information: supplementary data required for fulfilling legal obligations or providing services, including but not limited to guarantor information and identity verification documents.

2. Methods of Collection

  1. Provided directly by you: including information submitted during account opening applications, service inquiries and information updates, as well as content voluntarily entered through the website, app and other channels.

  2. Automatically collected during service use: when you use the JZ GOLD website, app or trading platform, the system automatically records your usage behavior and device information.

  3. Provided by lawful third parties: where your consent has been obtained or where permitted by law, information may be obtained from credit reference agencies, financial partners, law enforcement authorities or regulatory bodies, and other sources.

Part IV Purpose of Use of Personal Data

The personal data collected by JZ GOLD will only be used for the following lawful purposes:

  1. Providing and Maintaining Services: This includes routine business purposes such as opening trading accounts, processing deposits and withdrawals, executing trading instructions, responding to customer service requests, and ensuring the normal operation of services.

  2. Credit and Risk Management: This includes ensuring your creditworthiness, reviewing loan applications (if any), assessing debt levels, determining creditor-debtor relationships, and detecting and preventing illegal or irregular activities.

  3. Debt Collection: Collecting outstanding amounts from you and those who provided guarantees or collateral, and assisting other financial institutions in credit reviews and debt collection when necessary.

  4. Marketing (Direct Marketing):

    • Data Usable: Your name, contact details, product and service portfolio information, transaction patterns, financial background, and demographic data.

    • Promotional Content: Financial services and related products provided by JZ GOLD, its group companies, and business partners.

    • Right to Object: You may exercise your right to object free of charge to JZ GOLD's use or transfer of your personal data for direct promotional purposes; this arrangement will not affect the provision of other services.

  5. Legal and Regulatory Compliance: To comply with relevant laws, rules, regulations, or disclosure requirements of regulatory agencies, and to respond to legitimate inquiries from law enforcement or government departments.

  6. Service Optimization and Security: This includes improving the quality of existing services, developing new products or services, optimizing user experience, preventing cybersecurity risks, and ensuring the security of transactions and data.

  7. Other Related Uses: Other necessary uses directly related to the above purposes, including but not limited to data statistics, anonymization analysis, and contract fulfillment

Part V Transfer and Disclosure of Personal Data

1. Recipients of Transfer

JZ GOLD will properly safeguard your personal data; however, for the purposes listed in Part III above, JZ GOLD may transfer such data to the following persons or institutions and will require the recipients to observe corresponding confidentiality obligations:

  1. Members of the JZ GOLD group: including branches, subsidiaries, holding companies, affiliated members and relevant group companies, for service provision or product promotion.

  2. Internally authorized personnel: including JZ GOLD"s directors, supervisors, employees or other representatives, and only within the scope necessary for carrying out the company"s business.

  3. Third-party service providers: including agents, contractors or other third parties providing JZ GOLD with administrative, telecommunications, computer, payment, securities settlement, agency, custody and data processing services.

  4. Financial and cooperating institutions: including financial institutions with which you have established or intend to establish a business relationship and their affiliated institutions, credit reference agencies, and debt collection agencies in the event of default.

  5. Legal and regulatory parties: including legal, regulatory, governmental, tax and law enforcement authorities, or financial self-regulatory organizations, whether within or outside Hong Kong; where disclosure is required by applicable law, court order, regulatory requirement or contractual commitment, JZ GOLD may disclose data in accordance with the law.

  6. Other relevant parties: other persons or entities that have entered into confidentiality agreements with JZ GOLD for the purposes set out in this document.

2. Cross-border Transfer

Where necessary to achieve the purposes of data collection or directly related purposes, JZ GOLD may transfer certain personal data outside the Hong Kong Special Administrative Region. Any such transfer will be carried out in strict compliance with the relevant provisions of the Ordinance, and appropriate measures will be taken to safeguard data security.

Part VI Protection and Retention of Personal Data

1. Protection Measures

  1. Technical security: industry-standard encryption technologies (such as SSL), firewalls, authentication systems, data isolation and desensitization technologies are adopted to prevent unauthorized access to, use of or modification of data.

  2. Management standards: a data classification framework, security management standards and development standards are established; strict access control and multi-factor authentication are implemented; and confidentiality agreements, monitoring and audit mechanisms are used to protect data security.

  3. Personnel management: ensuring that all employees and third-party service providers comply with confidentiality obligations and relevant requirements, and that only authorized personnel may access personal data.

2. Retention Period

  1. General retention principle: JZ GOLD will retain your personal data for the period necessary to fulfill the purposes for which the data was collected, or for the minimum retention period required under applicable laws and regulatory requirements.

  2. Data of deregistered users:

    • If you voluntarily deregister your account, a 15-day cooling-off period will apply. The day following the expiry of the cooling-off period will be the effective date of formal deregistration. In the case of compulsory deregistration, the day following the effective date of the deregistration decision will be the formal effective date.

    • After formal deregistration takes effect, JZ GOLD will securely and thoroughly delete or anonymize the personal data within 7 years.

    • If laws, regulatory requirements or judicial decisions require retention for more than 7 years (for example, trading records or financial information), JZ GOLD will retain the data for the legally prescribed period and delete or anonymize it after the expiry of such period.

  3. Exceptional circumstances: where necessary to fulfill outstanding legal obligations, exercise legal claims or defenses, or as otherwise required by law, JZ GOLD may continue to retain necessary data after the above periods and will strictly limit access to such data.

3. Description of Device Permission Usage

To ensure the normal operation of the app and the provision of services, JZ GOLD may need to access certain permissions on your device, as described below:

  1. Storage permission: used to store app runtime files, logs and media files, and to support image selection for functions such as profile photo changes and feedback submission.

  2. Device information permission: used to enable message notifications, such as promotions, announcements and trading alerts.

  3. Phone permission: used to avoid service interruption during calls and to support direct dialing of customer service numbers or receipt of return calls.

  4. Camera permission: used to support profile photo capture, screenshot feedback, live photo capture, and image/video upload functions.

  5. Microphone permission: used to support private voice messaging.

  6. MAC address permission: used to identify users, analyze usage and optimize advertising delivery.

  7. Location permission: used to support location-based service inquiries and notifications.

  8. Clipboard access: used for data transfer and copy-paste functions, and to assist in optimizing advertising delivery.

You may decide whether to enable the above permissions at your discretion. Failure to enable such permissions will generally not affect the use of other core services. Device information and log data alone are usually insufficient to identify a specific natural person; however, where they are used in combination with other personal data, they may be regarded as personal data and will be anonymized or de-identified in accordance with applicable requirements.

Part VII Application permissions

We have detailed the various permissions required by our mobile applications and their purposes. This approach aims to increase transparency, help you understand how we collect, use, and protect your personal information, and ensure you have full knowledge and control over your data.

11.1 Android Application Permissions

    ➣ android.permission.INTERNET: Allows the application to access the internet for data communication with the server.

    ➣ android.permission.ACCESS_NETWORK_STATE: Allows the application to obtain network connection status, ensuring the application can adjust its behavior according to network conditions.

    ➣ android.permission.ACCESS_WIFI_STATE: Allows the application to access WiFi network status information for network status monitoring and data transmission optimization.

    ➣ android.permission.CHANGE_WIFI_STATE: Allows the application to change the WiFi state to ensure stable data communication with the server.

    ➣ android.permission.CHANGE_NETWORK_STATE: Allows the application to change the network state to maintain continuous data communication with the server.

    ➣ `android.permission.WRITE_EXTERNAL_STORAGE`: Allows the application to write to external storage, primarily for saving images captured by the user when using the sharing function.

    ➣ `android.permission.READ_EXTERNAL_STORAGE`: Allows the application to read data from the external storage device, used for loading user-uploaded avatars or images sent to the community.

    ➣ `android.permission.CAMERA`: Allows the application to access the camera to take photos and videos, used for user-uploaded avatars and images shared in the community.

    ➣ `android.permission.READ_MEDIA_IMAGES`: Allows the application to read all images on the device, used for user-uploaded avatars or images shared in the community.

    ➣ `android.permission.READ_MEDIA_VISUAL_USER_SELECTED`: Allows the application to read images selected by the user, used for uploading photos for community sharing or KYC verification.

    ➣ `android.permission.FLASHLIGHT`: Allows the application to control the device's flashlight, used when the user takes photos or scans QR codes.

    ➣ `android.permission.POST_NOTIFICATIONS`: Allows the application to send or receive notifications, used for receiving push notifications.

    ➣ `android.permission.MOUNT_UNMOUNT_FILESYSTEMS`: Allows the application to mount or unmount the file system, used for saving images or files to local storage.

    ➣ `android.permission.WAKE_LOCK`: Allows the application to prevent the device from entering sleep mode, ensuring that live streaming or other long-running applications are not interrupted.

    ➣ `android.permission.RECEIVE_USER_PRESENT`: Allows the application to receive notifications when the user unlocks the device, used for providing timely information updates.

    ➣ `android.permission.VIBRATE`: Allows the application to control device vibration, used for immediate feedback on successful transactions or important notifications.

    ➣ `android.permission.READ_PHONE_STATE`: Allows the application to access phone status, such as device ID and call status, often used to verify device legitimacy or perform device statistical analysis.

    ➣ `android.permission.FOREGROUND_SERVICE`: Allows the app to run services in the foreground, ensuring critical services such as live streaming are not interrupted by background processing.

    ➣ `android.permission.BLUETOOTH`: Allows the app to use Bluetooth to support related device connectivity and data transfer.

    ➣ `com.google.android.gms.permission.AD_ID`: Allows the app to access Google Ads IDs for ad tracking and personalized ad display.

    ➣ `android.permission.SYSTEM_ALERT_WINDOW`: Allows the app to create a floating window that allows users to watch live streams while using other apps.

    ➣ `android.permission.GET_TASKS`: Allows the app to retrieve information about currently or recently running tasks to maintain app performance and proper resource management.

    ➣ `android.permission.KILL_BACKGROUND_PROCESSES`: Allows the app to terminate background processes for quick recovery in case of errors or performance issues.

    ➣ `android.permission.RECEIVE_BOOT_COMPLETED` allows your app to receive a boot-up broadcast after the device has finished booting, enabling automatic resumption of necessary background services or app settings.

    ➣ `com.google.android.c2dm.permission.RECEIVE` allows your app to receive push notifications from Google Cloud Messaging for real-time information notifications.

    ➣ `com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE` allows your app to use Google services to receive installation source data for analyzing marketing effectiveness and app performance.

    ➣ `android.permission.READ_CALENDAR` allows your app to access your calendar information to confirm whether live course reminders have been added to your calendar, facilitating your study schedule.

    ➣ `android.permission.WRITE_CALENDAR` allows your app to create reminders in your calendar to add live course notifications, ensuring you don't miss important learning times.

11.2 iOS App Permissions

    ➣ Access to the Network: Allows the app to access the network, ensuring effective data communication with the server.

    ➣ System Notifications: Allows the app to send and receive system notifications, used to receive push notifications from various services.

    ➣ Ad ID: Allows the app to obtain an Ad ID for personalized advertising and analytics.

    ➣ Use Camera: Allows the app to use the camera to take photos and videos, commonly used for users uploading profile pictures, posting images to communities, uploading identification documents, and linking bank cards for deposits and withdrawals.

    ➣ Access to the Photos: Allows the app to access photos and videos in the Photos app, used for users uploading profile pictures, posting images to communities, uploading identification documents, and linking bank cards for deposits and withdrawals.

    ➣ Use Picture-in-Picture Mode: Allows the app to play videos in picture-in-picture mode in front of other apps or events, commonly used in live streaming apps, allowing users to continue watching live videos while using other apps.

    ➣ Access Calendar Allows the app to access your calendar to add or manage calendar reminders for stock ex-dividend dates and live classes, helping you manage your time efficiently.


Part VIII Third-Party Service Providers

We may use third-party service providers to monitor and analyze our services and website/mobile application usage to improve and enhance the quality of our services. In addition, we may utilize the technologies and services of other third-party service providers to enhance the overall user experience of our website/mobile application. These measures help us better understand user needs and continuously optimize our products and services.


➣ Firebase SDK

Firebase is a development platform provided by Google for collecting crash logs, behavioral statistics, and analyzing user behavior after application crashes and user clicks on pinned features.

(a) Types of personal information involved: Device system, device model, operating system, version number, device identifier

(b) For more information on the types of information collected, please visit the Firebase Privacy Policy.


➣ GeeTest Behavioral Verification SDK

The GeeTest Behavioral Verification SDK provides human-machine recognition services to enhance the security of login, registration, and CAPTCHA acquisition functions.

(a) Types of personal information involved: Device system, IP address, device information, operating system

(b) For more information on the types of information collected, please visit the GeeTest Behavioral Verification Privacy Policy.


➣ GeeTest Device Verification SDK The GeeTest Device Verification SDK provides registration and login protection and device risk assessment to ensure user account security.

(a) Types of personal information involved: Device system, device model, device brand, device screen size, IMEI, Android ID and location information, jailbreak identifier, emulator identifier, debug identifier.

Please note that this application does not obtain accurate geolocation information. We only read the location information in the device settings or SIM card, which does not represent the user's actual geolocation. According to the default settings of the phone system, reading this type of data does not require the user's explicit authorization.

(b) For details on the types of information collected, please visit the GeeTest Device Verification Privacy Policy.


➣ Adjust SDK Adjust provides user origin attribution analysis to help application developers optimize advertising and marketing strategies.

(a) Types of personal information involved: Device system, device model, operating system, version number, unique identifier

(b) For details on the types of information collected, please visit the Adjust Privacy Policy.


➣ Facebook SDK The Facebook SDK allows users to share and log in via Facebook, enhancing the social functionality of applications.

(a) Types of Personal Information Involved: Device type, brand, and model; device operating system information; detailed information about device hardware and software; device unique identifier; IP address; network information; location information.

Please note that this application does not obtain precise geographic location information. We only read the location information in the device settings or SIM card, which does not represent the user's actual geographic location. According to the default settings of the mobile phone system, reading this type of data does not require the user's explicit authorization.

(b) For detailed information on the types of information collected, please visit the Facebook Privacy Policy.


➣ Baidu Face Security Collection SDK: Used to provide real-name authentication and security verification functions such as face recognition and liveness detection in this product, for example, in scenarios such as real-person authentication, face login, or transaction risk control.

(a) Types of Personal Information Involved: Face images/videos and the facial feature information generated therefrom; name and ID card number used for identity verification (provided when you choose to use related functions); device and network information (such as device model, operating system and version, unique device identifier, network status, IP address, etc.). (b) For more information on the types of information collected, please visit the Baidu Face Security Collection SDK Privacy Policy.


Part IX Third-Party Websites

We may, at our sole discretion, add links (web links) from our website to other websites. These websites may be operated by third parties using separate, independent proprietary policies. Therefore, we are not responsible for any content, activities, or privacy policies of these linked websites. We recommend that you read the privacy policy of each website you visit.

Part X Customer Rights

Under the Ordinance, you enjoy the following rights in relation to your personal data:

  1. Right of access: to ascertain whether JZ GOLD holds your personal data and to request access to such data.

  2. Right of correction: where personal data is inaccurate or incomplete, you have the right to request JZ GOLD to correct it.

  3. Right of inquiry: to inquire about JZ GOLD"s policies and practices regarding data retention and the types of personal data it holds.

  4. Right to object to marketing: to refuse JZ GOLD"s use or transfer of your personal data to relevant group companies and other persons for direct marketing purposes, free of charge.

  5. Right to withdraw consent: provided that you have no outstanding indebtedness to JZ GOLD, you may contact JZ GOLD to withdraw your consent to this Privacy Policy. After withdrawal, JZ GOLD will no longer use the relevant data based on such consent; however, any use prior to withdrawal will not be affected, and withdrawal may result in your inability to continue using relevant services.

How to Exercise Your Rights

  1. Applications for access to, inspection of or correction of data: you must complete the Data Access Request Form provided by the Office of the Privacy Commissioner for Personal Data, Hong Kong, and send it together with a copy of your signed identity document to the Compliance Department at JZ GOLD"s registered office.

  2. Exercising the right to object to marketing or withdraw consent: this may be done through the online customer service system, by calling customer service, or by written notice to JZ GOLD.

  3. Fee statement: JZ GOLD reserves the right to charge you a reasonable fee for data access requests.

Part XI Obligation to Notify Changes in Information

If your personal data (such as your address or contact information) changes, or if any information that may affect the provision of services is adjusted, you should notify JZ GOLD as soon as reasonably practicable to ensure data accuracy and the proper provision of services.

Part XII Policy Revisions

JZ GOLD may revise this Privacy Policy and Statement from time to time. When this document is amended, JZ GOLD will publish the changes and the effective date on its official website, app or through other appropriate channels. Your continued use of JZ GOLD"s services after the changes take effect constitutes your agreement to be bound by the updated document.

Part XIII Contact Information

If you have any inquiries, complaints or requests regarding this document, you may contact JZ GOLD through the following means:

  1. Contact department: Compliance Department of JZ GOLD

  2. Contact address: Room 804, Empire Centre, 68 Mody Road, Tsim Sha Tsui East, Hong Kong

  3. Customer service hotline: (+852) 2818 0080

  4. Other channels: online customer service system or other officially designated contact methods

JZ Gold
  • Contact Number: +852 2818 0080
  • Support Email: cs@jz-gold.com
  • Business Hours: Mon-Fri 9:00-17:00 (closed on public holidays)
  • Company Address: Room 804, Empire Centre, 68 Mody Road, Tsim Sha Tsui East, Hong Kong

Markets

Trading

Download

Learn

About

Friendly Reminder: Markets involve risk. Invest prudently.

Risk Warning: Margin precious metals are leveraged financial products and may result in losses exceeding your deposits. You do not actually own or hold any underlying assets. Please read our Risk Disclosure Statement carefully before trading. Make sure you fully understand the risks involved before trading and manage your risk exposure prudently. We accept no liability for any consequences arising from any person's action or inaction based on this website or the information on it.

This website is accessible globally and is not directed at any specific entity. It is primarily intended to facilitate the centralised display and comparison of information. Your actual rights and obligations will be determined by the entity and jurisdiction you choose. Local laws and regulations may prohibit or restrict your right to access, download, distribute, transmit, share or otherwise use any or all documents and information published on this website. The information on this website is not intended for residents of the United States, Belgium or Canada, or for any person in any country or jurisdiction where such distribution or use would be contrary to local laws or regulations. Apple, iPad and iPhone are trademarks of Apple Inc., registered in the US and other countries and regions. App Store is a service mark of Apple Inc.

COPYRIGHT (©) 2026 JZ Gold. All rights reserved. Reproduction prohibited.