At Equilex Limited (legal name Equilex Limited, registration number 78733607, address Unit B, 11/F, 23 Thomson Road, Wan Chai, Hong Kong SAR China), protecting your personal data is our highest priority. Our commitment to privacy is based on the key principles established in the General Data Protection Regulation (EU) 2016/679 (GDPR). These values serve as the foundation for our internal processes and serve as the basis for all of our choices about how we handle your data. Each principle is covered in full below, along with an explanation of its practical application and your rights as a data subject. Please take note that our Privacy Policy contains comprehensive details on certain data processing techniques and security precautions.
We handle your personal information in a fair, transparent, and legal manner. This indicates that all data processing is done honestly, openly, and legally with you as the data subject. We follow the following procedures in accordance with this principle:
Lawfulness: We only gather and utilise your personal information where there is a legitimate and obvious reason for doing so. Stated differently, all data operations adhere to the law. Your informed consent (if necessary), contractual performance, legal compliance, or our legitimate business interests—all of which do not violate your rights—are among our legal justifications. The legal justification for processing your data will always be disclosed to you.
Fairness: We make sure that data processing is fair. This indicates that we don't get information dishonestly or use it against you. We never give you false information about why we are gathering information or how we plan to utilise it. Additionally, we take into account your rights and interests; for instance, we ensure that your rights (such the right to access your data) will be exercised without discrimination, irrespective of the terms of service. Data processing is done to protect your privacy from unwarranted harm.
Transparency: We are transparent about the reasons for and methods of using your data. Avoiding excessive legal jargon, all processing information is presented in straightforward English. You may always quickly check our privacy policy and other notices to learn what information we collect, why we gather it, and how we use it. We employ a multi-layered strategy to enlighten you as needed, emphasising important points and offering details via extra links or tooltips. To keep our information up to date and notify you of any important changes, we update it frequently. This openness guarantees that you are aware of the precise processing of your personal information.
We only gather and use personal information for specified, predetermined, and legal objectives, about which you are informed beforehand. This implies that your information will only be utilised for the reasons it was gathered. We never utilise personal data in a way that is inconsistent with its original intent. For instance, we won't give your email address to a partner for advertising without your knowledge and consent if you give it to us in order to receive updates about our service. Every processing objective is well-documented; we outline the justifications for gathering particular data in both our internal and public records, including the Privacy Policy. We will get your separate consent in advance or find another legal basis for processing if data needs to be used for a purpose that differs from the original one. You may therefore be sure that your personal information won't be utilised in ways that aren't anticipated or that go beyond the original intent.
We follow the data minimisation principle, which states that we only gather personal data that is absolutely required for the stated processing reasons. This is carried out in practice as follows:
We simply ask for the bare minimum of information required to complete a contract or deliver the requested service. Our website's surveys and forms aren't meant to gather extraneous data. For example, if all you need to register for a webinar is your name and email, we won't ask for any other irrelevant information.
We lower the dangers to your privacy by adhering to the "nothing extra" philosophy. The chance of leaks or illegal access decreases with the amount of data processed and stored. We don't gather data "just in case," gathering information that could be helpful later. Every request for information is thoroughly supported by a specific need.
Additionally, we routinely examine the information we gather, eliminating any requests or fields that are not necessary. Therefore, we make sure that we only ask for information that is actually required to accomplish the stated goals in every engagement.
Another important rule we adhere to is maintaining the accuracy and timeliness of personal data. Since this impacts the calibre of our services and your trust, we take every reasonable step to make sure the data we have about you is accurate, comprehensive, and up to date. The following procedures are put in place to guarantee accuracy:
Regular Updates: We quickly update our systems to reflect any changes to your personal information, such as an updated address or phone number. Our goal is to avoid making decisions based on inaccurate or out-of-date information.
Error Correction: You can always let us know if you find that any of your information is inaccurate or out-of-date, and we'll take care of it right away. Additionally, we completely respect your right to have inaccurate data corrected, and we provide easy means for you to let us know about any mistakes.
Verification of Critical Data: We may take extra precautions to check and confirm information in situations where data accuracy is crucial, such as for financial transactions or the delivery of legally critical services. This can entail asking for supporting documentation or double-checking information with you. All of these steps guarantee that our databases only include correct data.
Deletion of Inaccurate Data: GDPR mandates that incomplete or erroneous data that cannot be fixed be erased as soon as possible. We follow this guideline: in order to avoid any potential negative effects, we will remove any information that is deemed erroneous for processing purposes and cannot be remedied right away.
In order to maintain accuracy, your assistance is also essential. Please let us know if any of your personal information has changed or needs to be corrected. Since correct data is necessary for efficient service delivery and protecting your rights, we value your initiative.
We only keep personal information for as long as is required to fulfil the objectives for which it was gathered. According to the storage limitation concept, each type of data has a specified retention duration beyond which it is anonymised or securely erased. This is how we make sure this:
Clearly Defined Retention Periods: We set appropriate retention durations for different kinds of personal data, taking into account processing objectives, contractual and legal commitments, and relevant legal requirements. For instance, data obtained for a one-time service will be stored for a shorter period of time than transaction data, which may be kept as needed by tax or accounting rules. Our internal procedures reflect all retention durations, and we rigorously follow them.
Regular Reviews: We make sure our data retention rules are up to date by reviewing them on a regular basis. We modify the duration of data retention in accordance with modifications to laws or business operations. These audits assist in locating personal information that is no longer needed. We carry out audits to find unnecessary or out-of-date data and remove it if it is not required for any legitimate reason.
Secure Deletion: We destroy personal data in a manner that makes it impossible to recover or identify it when the retention periods have passed (or earlier, if data is no longer needed). In certain situations, we anonymise the data (removing it from your identify) before deleting it where practical, if quick deletion isn't possible owing to technological limitations. Only if legally allowed—for example, if the data is kept for archiving reasons in the public interest or for scientific or statistical purposes in accordance with Article 89(1) GDPR—may we keep the data past the specified retention period. Even in these situations, we provide suitable confidentiality protections.
We lower the chance of data misuse or vulnerability to breaches over time by reducing the length of time that personal data is kept on file. You may be confident that we consistently adhere to deadlines and don't keep your data longer than is necessary.
We take every precaution to guarantee the confidentiality and integrity of your personal information, shielding it from disclosure, alteration, unauthorised access, and destruction. Both organisational and technical methods are used to fully execute this data security policy. This is how we safeguard your information:
Modern Security Technologies: To safeguard personal information, we use the proper technical security measures, such as intrusion detection systems, firewalls, antivirus software, data encryption, and other cybersecurity technologies. These precautions are appropriate given the type and volume of data being handled as well as any possible hazards. Sensitive information might be encrypted, for instance, and only authorised users are permitted access to systems that hold personal information. To combat new threats, we update security measures and conduct risk assessments on a regular basis. We keep an eye out for vulnerabilities in our IT infrastructure and quickly apply updates and fixes to stop problems.
Organizational Measures and Access Control: In addition to technology, we have stringent organisational guidelines for managing data. Access to your personal data is limited exclusively to workers or authorized persons who need it to execute their activities (principle of “least privilege”). Every employee is trained on data security obligations and operates within their authority. We legally bind all employees and outside contractors who may have access to material to maintain confidentiality by entering into non-disclosure agreements (NDAs). To guarantee that employees are informed of the latest threats and preventative measures, frequent training sessions and briefings on data protection best practices are held.
Incident Response and Monitoring: For handling security incidents, we have internal protocols in place. Our response plan includes quick vulnerability mitigation and, if mandated by law, alerting supervisory authorities and affected data subjects in the unlikely event of a data breach or integrity violation. We keep track of any incident involving personal data and investigate its causes to stop it from happening again. In order to make sure that our security requirements are strong and current, we also frequently examine our security system through penetration tests, internal and external audits, and other evaluations.
We guarantee the highest security standards for the processing and storage of your personal data by following this concept. Confidentiality guarantees that information cannot be accessed by unauthorised parties, while data integrity guarantees that information stays correct and unaltered within the system. When combined, these safeguards enable us to uphold a high degree of security and confidence.
Equilex Limited is fully aware of its need to adhere to GDPR regulations and is able to prove it. According to the accountability principle, we can offer concrete, verified proof of our compliance in addition to following the rules. This is how our organisation implements accountability:
Built-in compliance: Every company procedure now complies with GDPR regulations. Every worker who deals with personal information is aware of and abides by data protection guidelines. Staff members are informed of our explicit policies and procedures governing the gathering, use, transfer, and storage of data. Our company culture is ingrained with GDPR principles, guaranteeing continuously high standards of data management across the board.
Internal audits and risk assessments: We frequently carry out internal audits to make sure our procedures adhere to GDPR regulations, and when needed, we also enlist the help of professional auditors. Potential privacy and security threats are examined, and remedial action is implemented in response to audit results. We can keep data protection measures current and quickly adjust to changes, whether they are brought about by new threats, growing data volumes, or legislative revisions, thanks to this continuous monitoring and enhancement method.
Training and awareness: We spend money educating staff members about data privacy issues. Periodically, newsletters, knowledge tests, and training sessions are held to make sure everyone is up to date on the most recent needs and advances in the sector. Since individual behaviour has a major impact on data security, we promote a culture where everyone is aware of their roles and obligations.
Readiness for reporting: We are ready to show you and the relevant authorities that we are in compliance with GDPR at any time. We are open and honest in this regard; you can ask for information about your data, and we will provide you all the information you need. In a similar vein, we have procedures and documentation ready to support our accountability in the case of a supervisory audit. Since we understand that our accountability directly affects client trust, this idea forms the basis of our business's operations.
This document may be updated or modified at any time to reflect modifications to our data processing procedures, laws, or regulatory obligations. Every update will be posted on this page, and the previous update date (seen below) will be modified appropriately. We advise checking this area from time to time to stay up to date on the latest iteration of our GDPR compliance guidelines. Please be aware that this document does not replace our Privacy Policy or other relevant papers; rather, it is a supplement to them. If there are any differences, the Privacy Policy will take precedence. Clarifying our approach to GDPR compliance is the goal of this informational publication.
Please get in touch with us if you have any queries, suggestions, or requests about the protection of personal data or how we handle your information. We value your input and are always here to help.
Company: Equilex Limited
Email: contact@canadian-msb.com
Phone: +44 73 5038 7544
Address: Unit B, 11/F, 23 Thomson Road, Wan Chai, Hong Kong SAR China
We make an effort to answer all questions in a timely and thorough manner. We will reply within the timeframe set by GDPR (usually within one month) if you request information regarding your data or the exercise of your rights. We appreciate you entrusting Equilex Limited with the protection of your data, and we make every effort to earn your confidence.
Your trusted partner for MSB registration, compliance, and fintech consulting in Canada and globally.
Unit B, 11/F, 23 Thomson Road, Wan Chai, Hong Kong SAR China
© 2025 EquiLex. All rights reserved.