Let's Talk

Privacy Policy

Privacy Notice for Clients

Velbridge Asset Management Limited
Hong Kong

Data Protection Under the Personal Data (Privacy) Ordinance

To operate our business, Velbridge Asset Management Limited (“Velbridge”, “we”, “our” or “us”) processes information about individuals (“Personal Data”), including information about our current, former and prospective clients. Velbridge takes your privacy seriously. This Privacy Notice (“Notice”) contains information on what Personal Data we collect, what we do with that information, and what rights you have.

As part of our commitment to protect your Personal Data, we want to inform you in a transparent manner why and how Velbridge collects, uses and stores your Personal Data and what your rights are in relation to such processing and how you can exercise them.

Last updated: March 2026

1. What does this Notice cover?

This Notice applies to any and all forms of use (processing) of Personal Data by Velbridge Asset Management Limited in Hong Kong if you are a former, current or prospective client.

This Notice applies to individuals who:

  • Are current clients receiving our investment advisory or asset management services
  • Have been our clients in the past
  • Are prospective clients with whom we are in discussions or taking steps to enter into a contractual relationship
  • Are connected to our institutional or corporate clients (such as directors, representatives, beneficial owners, or authorized persons)

2. What types of Personal Data do we collect?

For prospective clients

To the extent permitted by applicable law, we may collect:

  • Personal identification details – Name, address, gender, nationality, date of birth
  • Contact information – Telephone number, email address, correspondence address
  • Family details – Marital status, information about dependents where relevant
  • Professional information – Directorship positions, employment details, professional networks
  • Financial background – Information related to company ownership, financial capacity, investment experience
  • Public registry information – Company register information, online identity such as professional network profiles

For current and former clients

For clients with whom we have entered into a contractual relationship, we collect (to the extent permitted by applicable law):

  • Personal identification details – Name, identification number (e.g., HKID, passport number), date of birth, nationality, domicile
  • Compliance and verification documents – Copy of national identity card or passport, proof of address, tax residency certificates
  • Contact details – Telephone number, mobile number, email address, correspondence address
  • Family details – Name of spouse or partner, dependents, family members relevant to estate planning
  • Financial information – Payment and transaction records, information relating to your assets (including fixed properties, securities holdings), financial statements, liabilities, tax documents, revenues, earnings, investments, investment objectives, risk tolerance, time horizon
  • Tax information – Tax domicile, tax identification numbers, tax-related documents required under applicable reporting obligations
  • Professional information – Job title, work experience, employer details, knowledge and experience in investment matters
  • Relationship details – Records of our interactions with you, products and services you use, electronic communications (emails, mobile app interactions), records of phone calls including phone log information and voice recordings where legally permitted
  • Nomination details – Information about persons you nominate for account access, authorised signatories, attorneys
  • Account identifiers – Client number, account number, business relation identifiers for internal tracking and accounting purposes
  • Technology and website data – When you access our website or applications, data transmitted by your browser or device (date and time of access, accessed files, data volume, device information, web browser, browser language, IP address, cookies and tracking technologies)

Special categories of data

In limited circumstances and where legally permitted, we may collect:

  • Biometric information (for identity verification purposes)
  • Health information (where relevant to insurance or estate planning arrangements)
  • Political affiliations (where required for compliance screening)

Sources of data

We collect Personal Data:

  • Directly from you (during account opening, ongoing relationship, forms, communications)
  • From public registers and sources (beneficial ownership registers, company registers, public administration records)
  • From third-party sources (wealth screening services, credit reference agencies, fraud prevention agencies, intermediaries, other financial institutions, introducing parties)
  • From affiliated entities within our group
  • Via cookies and tracking technologies on our website and applications

Data about connected individuals

Where you are an institutional or corporate client or investor, we may also collect information about:

  • Your directors, representatives, employees, shareholders, or beneficial owners
  • Account holders, additional authorized persons, signatories
  • Business partners, intermediaries, agents acting on your behalf
  • Dependents or family members (where relevant to the services provided)

Your obligation: Before providing Velbridge with Personal Data concerning other individuals, you must inform those individuals about this Notice and, where required, obtain their consent or ensure they are aware of the supply of their data.

Supply of Personal Data is voluntary except where indicated as mandatory (e.g., for regulatory compliance checks or to enter into investment management agreements). Where data provision is mandatory, failure to supply may result in our inability to onboard you as a client, process investment instructions, or provide services, in which case we will inform you accordingly

3. For which purposes do we process your Personal Data?

We always process your Personal Data for specific purposes and only process the Personal Data which is relevant to achieve those purposes. Within applicable legal limitations, we process Personal Data for the following purposes:

(a) Client onboarding

  • To verify your identity and assess your application for our services
  • To conduct suitability and appropriateness assessments as required by regulation
  • To assess credit risk and determine whether guarantees or other security arrangements are required
  • To conduct legal and regulatory compliance checks (see section (e) below)

(b) Client relationship management

  • To manage our relationship with you, including communicating about the products and services you receive from us
  • To handle customer service queries and complaints
  • To facilitate payment collection and debt recovery if necessary
  • To trace your whereabouts if we lose contact with you
  • To close dormant accounts in accordance with applicable law
  • To understand your preferences regarding products and services
  • To analyze your activity and interests in our services, websites, and applications

(c) Product implementation and execution

  • To provide advisory and asset management services to you in accordance with your mandate
  • To ensure proper execution of investment instructions, including custody arrangements, trade execution, settlement, and payments
  • To identify you for transaction purposes
  • To make payments to and from your accounts in accordance with your instructions
  • To provide reporting and account statements

(d) Business development and client servicing

  • To evaluate whether we may offer products, services or events that may be of interest to you
  • To provide information about our services
  • To contact you regarding service enhancements or changes
  • To facilitate client events and educational seminars

Note: We will only use your Personal Data for direct marketing (e.g., promoting our services or events) with your express prior consent, which you may withdraw at any time (see Section 7)

 (e) Compliance, risk management and crime prevention

  • To carry out legal and regulatory compliance checks, including anti-money laundering and counter-terrorist financing checks, sanctions screening, and know-your-client requirements
  • To meet ongoing regulatory and compliance obligations under Hong Kong and other applicable laws (including financial services regulations, anti-money laundering laws, tax reporting obligations)
  • To apply risk classification to business relationships
  • To make disclosures to tax authorities (including under automatic exchange of information and FATCA), financial regulators (including the SFC), and other regulatory, judicial and governmental bodies
  • To record and monitor communications as required by regulation
  • To respond to complaints, requests or reports from clients or third parties
  • To respond to proceedings, requests or inquiries from public or judicial authorities
  • To prevent, detect and investigate crime, including fraud, misuse of our services, and threats to the security of our IT systems

(f) Technology, systems and operations

  • To improve our products, services and use of technology
  • To test and upgrade systems and processes
  • To conduct market research to improve our offerings
  • To analyze effectiveness of our communications and service delivery

(g) Operational and prudential management

  • To support credit and risk management, technological operations, reporting, audit, systems training, and administrative purposes
  • To maintain building security, safety of staff and visitors, and protection of property and information (including building access logs, CCTV where applicable)
  • To enable business transfers, mergers or disposals involving Velbridge and to provide information to potential buyers, transferees, merger partners, and their advisers
  • To exercise our rights and duties under agreements with you or third parties

Automated processing

We use both automated (including artificial intelligence tools) and manual methods to process your Personal Data for the purposes above. Where automated decision-making significantly affects you, you will be informed and have the right to request human review (see Section 7).

Necessity of data provision

Where Personal Data is needed to meet legal or regulatory obligations or to enter into or perform an agreement with you, failure to provide this data may result in our inability to onboard you as a client or provide services to you, in which case we will inform you accordingly.

4. How do we protect Personal Data?

All Velbridge employees accessing Personal Data must comply with our internal rules and processes to protect your data and ensure confidentiality.

Velbridge has implemented technical and organizational measures to protect your Personal Data against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure, access and all other unlawful forms of processing.

These measures include:

  • Access controls limiting employee access to Personal Data on a need-to-know basis
  • Information security management systems and processes
  • Encryption of sensitive data in transit and at rest
  • Secure storage and disposal procedures
  • Physical security of premises and systems

We take reasonable steps to ensure Personal Data is accurate, complete and up-to-date, particularly financial and compliance information used for investment decisions.

5. Who has access to Personal Data and with whom are they shared?

5.1 Within Velbridge and affiliated entities

We may share Personal Data with affiliated entities within our corporate group for the purposes indicated in Section 3, in order to provide services to you and for internal administration and risk management purposes.

5.2 Outside Velbridge

Third parties involved in providing services to you

We share Personal Data with third parties as necessary to provide services to you, including:

  • Financial institutions and counterparties – Banks, custodians, sub-custodians, brokers, dealers, clearing houses, settlement systems, fund administrators, transfer agents
  • Payment systems – Payment recipients, beneficiaries, intermediaries, correspondent banks, payment platforms
  • Product-related parties – Issuers of securities you hold, fund managers, trustees, registrars
  • Your representatives and advisers – Persons acting on your behalf, your lawyers, accountants, tax advisers, introducing parties, intermediaries
  • Credit reference agencies – For creditworthiness assessments where relevant

Service providers

We engage service providers who process Personal Data on our behalf, including:

  • IT system and software providers, cloud service providers, data storage providers
  • Administrative service providers supporting our operations
  • Logistics, mail, courier, printing and document management providers
  • Marketing and communication service providers
  • Professional advisers (lawyers, auditors, accountants, consultants, insurers etc.)
  • Market data and research providers

When we engage service providers, we take steps to ensure they meet our data security standards through contractual obligations, including requirements on information security management, risk assessment, access controls, encryption, backup and recovery.

Public and regulatory authorities

Where required by law, regulation, or upon lawful request, we disclose Personal Data to:

  • Securities and Futures Commission (SFC) and other financial regulators
  • Hong Kong Monetary Authority (HKMA)
  • Tax authorities (including under AEOI and FATCA reporting)
  • Law enforcement agencies
  • Courts and parties to legal proceedings
  • Other governmental and regulatory bodies in Hong Kong or elsewhere

Business transfers

We may disclose Personal Data to potential buyers, transferees, merger partners or sellers and their advisers in connection with actual or potential transfers, mergers or acquisals involving part or all of Velbridge’s business or assets.

5.3 Data transfers to other countries

Personal Data transferred within or outside Velbridge as set out above may be processed in jurisdictions outside Hong Kong. We only transfer your Personal Data to countries which provide an adequate level of data protection, or where appropriate safeguards are in place (such as standard contractual clauses or other mechanisms recognized under applicable law).

Before transferring data internationally, we implement necessary legal, operational and technical measures and, where required by law, enter into appropriate agreements to protect your Personal Data.

6. How long do we store your data?

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory or internal policy requirements.

We apply criteria to determine appropriate retention periods based on:

  • The nature and sensitivity of the Personal Data
  • The purposes for which it was collected
  • Legal and regulatory requirements applicable to our business
  • The need to defend or bring legal claims

Typical retention periods:

  • Current clients: We keep your Personal Data for the duration of our relationship and for a period after the relationship ends
  • After relationship ends: Following account closure or termination of services, we typically retain data for up to 10 years or as required by applicable law or regulation
  • Longer retention: We may retain data beyond these periods where required by law, for ongoing legal proceedings, regulatory investigations, or to defend claims

If you wish to request deletion of your Personal Data, you may make a request as described in Section 7, which we will review in accordance with applicable law.

7. What are your rights and how can you exercise them?

7.1 Your rights

Under the Personal Data (Privacy) Ordinance, you have the following rights:

Right of access
You have the right to request access to the Personal Data we hold about you and to obtain information about how we process it.

Right to correction
If you believe any Personal Data we hold about you is incorrect or incomplete, you may request correction.

Right to object to direct marketing
You may require us to cease using your Personal Data for direct marketing purposes at any time, without charge, by:

  • Clicking the unsubscribe link in marketing emails
  • Emailing us at the address in Section 7.2

Right regarding automated decision-making
Where we use automated decision-making (including artificial intelligence) that significantly affects you, you have the right to:

  • Be informed of such automated processing
  • Receive an explanation of the criteria and procedures applied
  • Request human review of the decision

Important limitations

These rights are not absolute and exemptions may apply. When you make a request, we may ask you to verify your identity and provide information to help us understand your request. If we cannot comply with your request, we will explain why.

7.2 Exercising your rights

To exercise any of the above rights, please contact us at:

Email: info@velbridge.com.hk
Address: Velbridge Asset Management Limited
Unit No. 1207A, Level 12,
International Commerce Centre,
1 Austin Road West,
Kowloon, Hong Kong

Attention: Data Protection Officer

When submitting a request, please provide:

  • Your full name and contact details
  • Description of your request
  • Proof of identity (copy of HKID or passport)
  • Any relevant account or reference numbers

We will respond to your request within a reasonable timeframe as required under the PDPO. In accordance with the PDPO, we may charge a reasonable fee for processing data access requests.

7.3 Complaints

If you are not satisfied with how we process your Personal Data, we encourage you to contact us first so we can address your concerns.

If you remain unsatisfied after our response, you have the right to lodge a complaint with:

Office of the Privacy Commissioner for Personal Data
Address: 12/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong
Phone: +852 2827 2827
Fax: +852 2877 7026
Email: enquiry@pcpd.org.hk
Website: https://www.pcpd.org.hk

8. Changes to your Personal Data

We are committed to keeping your Personal Data accurate and up to date. If your Personal Data changes (including changes to your contact details, address, financial circumstances, investment objectives, or any other information you have provided), please inform us of the change as soon as possible by contacting us at the details in Section 7.2.

9. Updates to this Notice

This Notice was last updated in March 2026. We reserve the right to amend it from time to time to reflect changes in our practices, technology, legal requirements or for other operational reasons.

Any updates to this Notice will be made available on our website and, where appropriate, we will notify you directly of material changes.

We encourage you to review this Notice periodically to stay informed about how we protect your Personal Data.

The current version of this Notice is always available at: velbridge.com/privacy-notice

10. Contact information

If you have any questions, concerns or requests regarding this Privacy Notice or our data protection practices, please contact:

Data Protection Officer
Velbridge Asset Management Limited
Unit No. 1207A, Level 12,
International Commerce Centre,
1 Austin Road West,
Kowloon, Hong Kong
Hong Kong

Email: info@velbridge.com.hk
Phone: (852) 3848 5055

Regulatory information:
Velbridge Asset Management Limited holds CE No. BPD344 issued by the Securities and Futures Commission (SFC) in Hong Kong to conduct Type 4 and Type 9 (Asset Management) regulated activities under the Securities and Futures Ordinance (Cap. 571).

SFC License Number: CE No. BPD344

This Privacy Notice is provided to you pursuant to the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.