Privacy Policy

Last updated: July 31, 2023

1. COMPANY AS THE DATA CONTROLLER

1.1 At Headquarters, we respect the privacy and confidentiality of the personal data of our clients, customers, visitors and all others whom we interact with. We are committed to ensuring that all personal data provided to us remains secure, and is only utilised for purposes that our customers have consented to. 

1.2 We have adopted this Privacy Policy to inform you about how we as the Data Controller collect, process, use and disclose your Personal Data derived from your access and use of our website (https://hq.xyz/) and other websites owned and/or operated by Headquarters (the “Website”) and the Services (as defined below). 

1.3 This Privacy Policy is incorporated as part of Headquarters’ Terms of Service, accessible at https://hq.xyz/terms-of-service (the “Headquarters Terms of Service”).

1.4 Headquarters is a web-based software-as-a-service platform which helps users who have created Headquarters accounts (“User(s)”) to share their content such as information, wallet addresses, files (“Content”) and analyse their pre-existing customers, prospective customers and third parties (“Viewer(s)”) on the basis of the content viewed by them. The Viewers are the non-registered users of the Services provided by Headquarters. We process your data in accordance with the applicable laws and regulations following industry best practices.  

1.5 If you have any questions about this Privacy Policy, or if you wish to access, update or correct your Personal Data or withdraw your consent to the use, collection and disclosure of your Personal Data in accordance with this Privacy Policy, please email us at: privacy@hq.xyz

2. General Definitions

2.1 In this Privacy Policy, unless the context otherwise requires, the following general definitions apply:

  1. Affiliate” means any entity controlling, controlled by, or under common control with the referenced entity, where the term “control” means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract, or otherwise.
  2. APIs” means any form of application programming interface that Headquarters makes available as part of its Subscription Services, which may include object code, software libraries, software tools, sample source code, published specifications, and any related developer documentation and other developer services, functions and features made available through such application programming interfaces by or on behalf of Headquarters. APIs shall include any future, updated or otherwise modified version(s) thereof;
  3. Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Website and the Services. 
  4. Data Protection Laws” means applicable laws and regulations relating to the use and/or processing of personally identifiable information and data and privacy.
  5. Personal Data” means:
  • data, whether true or not, about an individual who can be identified:
  • from that data; or
  • from that data and other information to which we have or are likely to have access; and
  1. data, whether true or not, about an individual who can be identified:
  1. Purposes” means the purposes for which we collect your Personal Data as set out in this Privacy Policy. 
  2. Services” means all services provided by Headquarters associated with: (i) the Website, (ii) the APIs, (iii) the Subscription Services, (iv) the Services Data, and (v) other related services made available by Headquarters from time to time, including but not limited to other content, software, and mobile applications made available by Headquarters.
  3. Services Data” means any content, images, photographs, illustrations, icons, texts, video, audio, written materials, software, sample codes, applications, specifications or other content, materials or data made available to you through the Website and/or the Subscription Services.
  4. Third Party Provider” means any third party providing services, products, applications or programmes which are accessible through the Website and/or the Services, and which is neither Headquarters nor an Affiliate of Headquarters. 
  5. User” or “you” means the individual accessing or using the Website and the Services. 

2.2 Except as otherwise defined above, capitalised terms in this Privacy Policy have the same meanings as those given in the Headquarters Terms of Service.

3. PURPOSE AND SCOPE

3.1 The Privacy Policy applies primarily to information that we collect online; however, it may apply to some of the data that you provide to us offline and/or through other means, as well (for example, via telephone).

3.2 The Privacy Policy documents and describes the manner in which our organisation collects information from all Users/Viewers of our Services. While providing our Services on behalf of our registered Users, we collect information related to Viewers. The use of information collected on behalf of our Users is governed primarily by our contract for the engagement with them and the privacy policies governing their organization. We are not accountable for the privacy policies and practices undertaken by our Users or any other third parties.

4. HOW WE COLLECT YOUR PERSONAL DATA

4.1 We may collect different types of Personal Data from or about you depending on how you use the Services:

  1. Personal Data provided by Users
Creation of Headquarters Account and login
When you create a Headquarters Account or login into your Headquarters Account, we collect Personal Data such as your first name, last name, and email address.
  1. Personal Data provided by Viewers
Access pre-existing User’s content
When you request to view a pre-existing User’s content, the User may ask for Personal Data such as an email address in order to open a Headquarters’ link. Headquarters collects and stores such Personal Data on behalf of its Users. When you provide such Personal Data, you do so in accordance with that User’s privacy practices and policies. Headquarters is not responsible for the privacy practices of its Users, and only processes this information in accordance with the applicable agreement it has with each User. For any issues pertaining to processing of such Personal Data, please contact the User directly.
  1. Personal Data collected through automated means
System data
This category of Personal Data collected refers to technical data about your computer or device, like device type, operation system and the IP address. Such data helps us improve the delivery of our Services and to measure traffic on the Website. The collection of data will also depend on the individual settings of your device and software. It is recommended to refer to the policies of your device manufacturer or software provider to learn about information they might share with us.
  1. User-generated Personal Data
Usage of Headquarters Account and Services
This category of Personal Data collected refers to information and material provided to us voluntarily by our Users or the Viewers to publish and process as part of our provision of the Services. Such Personal Data may include text, photographs and attachments associated with the relevant Headquarters Account, email address used to create the relevant Headquarters Account or to access links as Viewers.
  1. Personal Data collected when you enter into transactions with us (or express interest in doing so)
Transactional data
This category of Personal Data collected refers to information collected when you enter into transactions with us (or express interest in doing so), such as the following:

- types of Services requested;
- order details for the types of Services requested;
- payment and transaction information (such as the merchant's name, payment method and chargeable amount for the Services);
- date and time of providing the Services

4.2 In addition to the circumstances set out at Clause 4.1 above, we also receive your Personal Data when you:

  1. enter into any agreement with us or provide other documentation or information in respect of your interactions and transactions with us;
  2. interact with our employees, representatives, agents or appointed service providers (for example, via telephone calls, letters, face-to-face meetings, digital platforms, surveys, workshops, campaigns and/or emails); and/or
  3. contact or engage with us for any of the purposes listed in Clause 4.1 or in this Clause 4.2. 

4.3 In connection with the Services, and to the extent permitted by applicable laws (including Data Protection Laws), we may also be collecting from sources other than yourself, your Personal Data, for one or more of the Purposes, and thereafter using, disclosing and/or processing such Personal Data for one or more of the Purposes. 

4.4 We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the Purposes (depending on the types of information we receive). If you suspect that any of your Personal Data has not been lawfully disclosed to us, please contact us (details are set out at the start of this Privacy Policy).

4.5 Unless otherwise stated, this Privacy Policy does not cover any collection, use or disclosure by third-parties, including through any applications, websites, products or services that we do not control or own.

4.6 Other than as stated in this Privacy Policy, we do not collect or process any other Personal Data.

5. TYPES OF PERSONAL DATA WE COLLECT

5.1 In connection with your use of the Website or the Services, we may collect the following Personal Data from you:

  1. your contact and registration information such as your name, your organisation’s name, date of birth, email and mailing addresses and/or telephone number;
  2. geographical-specific information such as nationality and country of residence;
  3. specific usage data from your use of the Website and the Services; 
  4. technical information related to your use of the Website and the Services, such as IP addresses, browser information and mobile device information;
  5. if applicable, payment details in order to process payments for purchases and/or subscriptions made on the Website or as part of the Services; 
  6. if applicable, your blockchain wallet identifier from your use of the Services;
  7. aggregated information such as statistical or usage data (note that such aggregated and statistical data may be derived from your Personal Data but is anonymised);
  8. unique social media identifiers (e.g. profile names, in-game names) on certain social networking platforms (e.g. Facebook, Discord), where your use of the Services involves the use of third-party platforms or services; and/or
  9. any other information which you may provide to Headquarters.

5.2 Note on collection of your blockchain wallet identifier: We collect the blockchain wallet addresses for each cryptocurrency holding that you connect to the Services and the associated transaction history, including the dates and amounts of each transaction. Depending on how you configure your Headquarters Account, we may pull the transaction history directly from the blockchain, collect it from the exchange that processed the transaction for you (if you give us read access to your account at the relevant exchange) or get it from materials or information you upload through the Services.

5.3 Note on third-party features: The Website may include social media features, such as “liking” and “sharing” functions to third-party social media platforms, or links to groups formed on third-party social media platforms for the purpose of communicating information in relation to the Website or the Services. These features may collect your personal information and track your use of the Website. These social media features are either hosted by the third-party or hosted directly on the Website. Your interactions with these features are governed by the privacy policy of the company providing such functionality.

5.4 Note on collection of your national identification number (e.g. NRIC for Singapore Users): We are fully aware of the sensitive nature of your national identification number, and we only collect, use and disclose such information to the extent necessary under applicable laws and regulations, as well as in order to accurately establish and verify your identity to a high degree of fidelity. Please refer to the sections below for further information on how we use, disclose and maintain your Personal Data.

6. HOW WE PROCESS AND USE YOUR PERSONAL DATA

6.1 We may process and use your Personal Data for the following purposes:

  1. to perform obligations in the course of or in connection with our provision of the Services requested by you;
  2. to inform you of updates and announcements regarding the Website and the Services, including providing you with regular communications and newsletters from Headquarters; 
  3. to respond to your requests;
  4. for the creation or development of business intelligence or data analytics in relation to the Services provided by us (for this purpose we may share the Personal Data with certain software or tools available online);
  5. to manage our relationship with you;
  6. for internal record keeping;
  7. to provide you with authorisation to log into and use your Headquarters Account;
  8. to verify your identity;
  9. to facilitate and administer your use of the Website and the Services;
  10. to administer and keep track of your participation in the Services, including verifying your information in connection with your use of the Website and the Services to monitor and analyse your use of the Website and the Services; 
  11. to personalise your user experience on the Website and in your use of the Services; 
  12. to monitor and analyse your use of the Website and the Services;
  13. to enforce the Headquarters Terms of Service, including managing our licenses and partnerships;
  14. to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Website and the Services, and to take any action in any legal dispute or proceeding;
  15. to improve the Website and the Services;
  16. to ensure the security of our Website, by trying to prevent unauthorized or malicious activities; 
  17. to enforce compliance with our Headquarters Terms of Service and other policies;
  18. to enable automated handling of Subscriptions;
  19. to comply with our legal or statutory obligations;
  20. to tailor content, advertisements, and offers for you;
  21. to contact you with information in relation to your use of the Website and the Services, or at your request; and/or
  22. any other incidental business purposes related to or in connection with the above.

6.2 Our legal basis to process and use the Personal Data of Users as the Data Controller is where: 

  1. Users have given their consent for one or more specific purposes (such as the Purposes);
  2. Data Protection Laws permit a Data Controller to process Personal Data until the User objects to such processing (also known as opting-out), without having to rely on consent or any other legal basis. Note that this does not apply, whenever the processing of Personal Data is subject to the General Data Protection Regulation governing the Personal Data of Users from the European Union;
  3. processing and use of Personal Data is necessary for:
  • the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • the establishment, exercise or defence of legal claims or proceedings;
  • compliance with a legal and regulatory obligation to which the Data Controller is subject;
  1. processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Data Controller; 
  2. processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party; and
  3. where otherwise permitted or not prohibited under Data Protection Laws.

6.3 We may collect, use, disclose or process your Personal Data for other purposes that do not appear in this Privacy Policy. However, we will notify you of such other purposes at or before the time of obtaining your consent, unless processing of your Personal Data without your consent is permitted by Data Protection Laws.

6.4 Your Personal Data is processed at Headquarters’ operating offices and in any other places where the parties involved in the processing are located. Depending on the User's location, transfers of Personal Data may involve transferring the User's Personal Data to a country other than their own.

7. WHO HAS ACCESS TO YOUR PERSONAL DATA WITHIN OUR ORGANISATION

Within our organization, access to your data is limited to those persons who require access in order to provide you with the Services, which you purchase from us, to contact you, and to respond to your inquiries, including requests for refund. Those staff members may be on teams such as: marketing, events, product development, customer support. Employees only have access to data that is relevant to their team, on a ‘need to know’ basis.

8. HOW WE DISCLOSE OR EXPORT YOUR PERSONAL DATA

8.1 We may need to disclose your Personal Data to trusted third-parties, whether located within or outside Singapore, for one or more of the Purposes, as such third-parties, would be processing your Personal Data for one or more of the above Purposes (“Third-Party Processors”). In this regard, you hereby acknowledge, agree and consent that we are permitted to disclose your Personal Data to such Third-Party Processors (whether located within or outside Singapore) for one or more of the above Purposes and for the Third-Party Processors to subsequently collect, use, disclose and/or process your Personal Data for one or more of the above Purposes. Without limiting the generality of the foregoing, such Third-Party Processors include:

  1. any of our agents, contractors or third-party service providers that process or will be processing your Personal Data on our behalf including but not limited to those which provide administrative or other services to us;
  2. our professional advisers, for example, our auditors and lawyers, as well as our insurers;
  3. the Third Party Providers;  
  4. third-parties to whom disclosure by us is for one or more of the Purposes and such third-parties would in turn be collecting and processing your Personal Data for one or more of the Purposes; and
  5. any actual or proposed assignee or transferee of the business of Headquarters, or a merged entity in the event Headquarters is merged to create the said merged entity.

8.2 Where we disclose your Personal Data, we will do so only in accordance with Data Protection Laws. This includes taking steps to ensure the security and privacy of your Personal Data, and where required, it will be subject to contractual terms ensuring the security and protection of any Personal Data under any sub-processor or data intermediary, whether within or outside of Singapore.

8.3 A list of our current Third-Party Processors is set out at the end of this Privacy Policy. 

8.4 We may access, preserve and disclose your Personal Data in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process, audits or governmental request. We may also disclose information about you if we believe that your actions are inconsistent with our Headquarters Terms of Service or related guidelines and policies, or if necessary to protect the rights, property, or safety of, or prevent fraud or abuse of, Headquarters or others.

9. HOW WE MAINTAIN YOUR PERSONAL DATA

9.1 Security of your Personal Data is important to us. We will put in place reasonable security arrangements to ensure that your Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data. However, we cannot assume responsibility for any unauthorised use of your Personal Data by third-parties which are wholly attributable to factors beyond our control.

9.2 We will put in place measures such that your Personal Data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which your Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.

10. OUR POLICY CONCERNING CHILDREN AND THEIR PERSONAL DATA

Our Website and Services are not directed to children under the age of sixteen and we do not knowingly collect Personal Data from children or distribute such information to third parties. We screen users who wish to provide personal information in order to prevent children from providing such information. If we become aware that we have inadvertently received Personal Data from a child, we will delete such Personal Data from our records. If we change our practices in the future, we will obtain prior, verifiable parental consent before collecting any Personal Data from children.

11. COOKIES AND GOOGLE ANALYTICS

11.1 Cookies are pieces of information which are issued to your computer or mobile device when you visit a website, and which store and track information about your use of such website. We use cookies to store and track certain anonymous statistical information when you browse our Website. Disabling cookies in your browser will not affect your user experience. We may from time to time work with analytics from various third party service providers, which will include the use of cookies. We are currently working with Google Analytics.

11.2 Google Analytics is a web analytics service which undertakes the gathering, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analytics service collects data on which website a data subject has come to a website from (so-called referrers) and is mainly used to optimise a website and for the cost-benefit analysis of internet advertising. 

11.3 You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of the Website to the fullest extent possible.

11.4 In addition, you may prevent the collection of the data generated by the cookie and related to your use of the Website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. A cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

11.5 The Website also uses Google Analytics performance reports relating to demographics and interests and reports on Google Display Network impressions. You can disable Google Analytics for display advertising and customize the ads on the Google Display Network by visiting the ad settings at this link: https://adssettings.google.com.

11.6 For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy.

11.7 We also encourage you to review Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.

12. WHERE YOU PROVIDE US WITH THIRD-PARTY PERSONAL DATA

12.1 You should only provide us with Personal Data of third parties where expressly permitted under the Headquarters Terms of Service. Should you provide us with Personal Data of any individual other than yourself, you represent, undertake and warrant to us that: 

  1. for any Personal Data of individuals that you disclose to us, you would have prior to disclosing such Personal Data to us obtained consent from the individuals whose Personal Data are being disclosed, to:
  • permit you to disclose the individuals’ Personal Data to us for the Purposes; and
  • permit us to collect, use, disclose and/or process the individuals’ Personal Data for the Purposes;
  1. at our request, you will use such form(s) or document(s) provided by us in obtaining such consents from the individuals in question (for the avoidance of doubt, we are under no obligation to you to create any such form(s) or document(s));
  2. any Personal Data of individuals that you disclose to us are accurate; and
  3. for any Personal Data of individuals that you disclose to us, that you are validly acting on behalf of such individuals and that you have the authority of such individuals to provide their Personal Data to us and for us to collect, use, disclose and process such Personal Data for the Purposes.

12.2 Should you provide us with Personal Data of your child or children, you confirm, declare and agree that you are the parent and/or legal guardian of such child/children, and that we may collect, use and/or disclose your child’s or children’s Personal Data for the Purposes and in the manner as set out in this Privacy Policy. 

13. THIRD-PARTY LINKS

The Website may contain links to third-party websites and applications whose data protection practices may differ from ours. We are not responsible for the content and privacy policies of these third-party websites and applications, and we encourage you to consult their privacy policies before accessing or using the third-party websites and applications.

14. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA

14.1 If you have any questions about the processing of your Personal Data or about this Privacy Policy, if you do not accept an amended Privacy Policy, if you wish to withdraw any consent you have given us at any time, or if you wish to update or have access to your Personal Data, you are welcome to contact us through the contact details listed at the start of this Privacy Policy.

14.2 You have the right to access and/or correct any Personal Data that we hold about you, subject to exceptions under the law. This right can be exercised at any time by contacting us through the contact details listed at the end of this Privacy Policy. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. All requests for correction or for access to your Personal Data must be in writing. We will endeavour to respond to your request within 30 days, and if that is not possible, we will inform you of the time by which we will respond to you.

14.3 We may be prevented by law from complying with any request that you may make. We may also decline any request that you may make if the law permits us to do so.

14.4 In many circumstances, we need to use your Personal Data in order for us to enable your use of the Website and the Services. If you do not provide us with the required Personal Data, or if you do not accept an amended Privacy Policy or withdraw your consent to our use and/or disclosure of your Personal Data for the Purposes, it may not be possible for us to continue to enable your use of the Website and the Services.

14.5 We may charge you a fee for responding to your request for access to your Personal Data which we hold, or for information about the ways in which we have (or may have) used your Personal Data. If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received.

14.6 We are fully committed to protecting your Personal Data and ensuring that you are able to enjoy all the rights granted to you in relation to your Personal Data under Data Protection Laws. Nothing in this Privacy Policy should be construed as limiting any of your rights prescribed for under Data Protection Laws.

15. CHANGES TO THIS PRIVACY POLICY

15.1 We reserve the right to make changes to this Privacy Policy at any time by giving notice to Users on this page and possibly within the Website and/or, as far as technically and legally feasible, sending a notice to you via any contact information available to Headquarters. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. It is strongly recommended to review the Website and this Privacy Policy periodically for updates.

15.2 Should the changes affect the processing activities performed on the basis of your consent, Headquarters shall collect consent from you, where required under Data Protection Laws.

The Onchain Business Account.
Own the way you do business.
Payments & accounting of digital assets unified in one dashboard for full visibility & control.

Batch Token Payouts | Crypto-to-Fiat  | Treasury Reporting
Platform
Payments
Fiat-ramps
Cards
Pricing
Resources
Blog
Product Guide
Useful Links
Our Team
Join Us
Contact Us
SOC 1 & SOC 2
Type II Certified
© 2024 Headquarters XYZ Pte. Ltd.
TermsPrivacy