Privacy Policy

Last Updated: September 2025

Atena-services, a company incorporated under the laws of Hong Kong with its registered address at Unit 1307A, 13/F, Two Harbourfront, 22 Tak Fung Street,

Hunghom, Kowloon, Hong Kong, together with other members of its group

(“Atena-services”, “we”, “us”, “our”), is committed to protecting the privacy of users (“you”, “your”) of the website https://www.atena-services.com (the “Site”).

This Privacy Policy (the “Policy”) explains what personal data we collect, how we process it, and how long we retain it. The Policy applies to all processing activities where we act as the data controller. When we collect personal data, we may provide additional notices that highlight specific uses and give you the ability to opt in or opt out of selected uses.

Please read this Policy before providing any personal data about yourself or any other person. Defined terms appear in the glossary at Appendix 1.

Our Site may contain links to third-party websites. If you follow a link, please note that those sites have their own privacy policies. We are not responsible for those policies or for the processing of your personal data by such third parties. Review their policies before submitting any information.

Certain parts of this Policy apply only to users who reside in the European Economic

Area (“EEA”). Where relevant, this is noted.

Table of Contents

  1. Important: Your Personal Data
  2. How We Collect Personal Data
  3. What Personal Data We Collect
  4. How We Use Personal Data
  5. How Long We Keep Personal Data
  6. Data Security
  7. Transfers Outside the EEA, EEA residents only
  8. Your Data Protection Rights
  9. Review of This Policy
  10. Contacting Us
  11. Appendix 1: Glossary
  12. Appendix 2: Legal Basis, EEA residents only

If you are viewing this Policy online, you can click the section headings above to jump to a specific part.

1. Important: Your Personal Data

By using the Site, you acknowledge and agree that we may not be able to fully comply with every request you make to exercise rights available under applicable data protection law. We will take steps that are reasonable and practicable. If you do not agree, do not register for, or use, the Site.

2. How We Collect Personal Data

We collect personal data about you, either directly or from third parties such as your employer when you act on its behalf, when you:

  • visit and use the Site;
  • register for, and use, the Site;
  • provide information during registration or otherwise;
  • contact or communicate with us through the Site or other channels;
  • enter into a contract with us or with other participants on the Site;
  • engage in any other interaction or relationship with us or our services.

3. What Personal Data We Collect

The personal data we collect and process may include:

  • Registration information: name, personal or work address, personal or work email, personal or work telephone number, date of birth, nationality, details of your employer when acting on its behalf, and Site user
  • Credit, identity and anti-fraud information: information about your financial situation and creditworthiness, and information related to criminal or fraudulent activities, including documents that establish your identity such as driving licences, passports, and utility bills, credit ratings from credit reference agencies, and inclusion on fraud, offences, politically exposed person, or sanctions
  • Correspondence: records of communications when you contact
  • Surveys: information you choose to provide in research
  • Website and communication usage: details of visits to the Site and data collected through cookies and similar technologies, including IP address, domain name, browser and operating system, device information such as device type, OS type and version, network provider, mobile browser, language, time zone, and network Information about interactions with apps and websites, mobile advertising identifiers such as iOS IDFA and Android Advertising ID, which may be associated with other information including data segments.
  • Precise location information: latitude and longitude or Wi-Fi information that we may associate with mobile IDs, which may be collected whether or not an app is in use. Traffic data, web logs, other communication data, and the resources you access.

4. How We Use Personal Data

We use personal data collected via the Site for the following purposes. For users resident in the EEA, the legal bases are set out in Appendix 2.

  • User registration and support: to register you as a user, communicate with you, respond to queries, and perform obligations arising from agreements between you and This may include sharing your details with counterparties and service providers.
  • Fraud prevention and compliance: to investigate and prevent fraud as required by law, regulation, and best If false or inaccurate information is provided and fraud is identified or suspected, details may be shared with fraud prevention agencies and recorded by us or them.
  • Marketing: to send updates and offers where you have chosen to receive them. We may market our products and services and those of selected partners by email, SMS, or Where required by law, we will seek your consent at the time of collection. You can unsubscribe at any time using the link in our messages or by contacting us.
  • Legal and regulatory obligations: to comply with regulatory requirements, which may include disclosing personal data to courts, regulators, or law enforcement agencies in connection with enquiries, proceedings, or investigations, anywhere in the Where permitted, we will direct or notify you before responding, unless doing so would prejudice crime prevention or detection.
  • Business change: in connection with a sale, negotiation, or reorganisation of our business, we may transfer some or all personal data to the relevant third party or advisers during due diligence and, after completion, to the reorganised entity for the same purposes set out in this
  • Research and development: to analyse personal data to understand service and marketing needs, to improve our business, and to develop products and services.
  • Site delivery and security: to present Site content effectively and securely for you and your device, which may include sharing data with business partners, suppliers, and service

In addition to the above, we may share personal data with service providers, contractors, agents, advisers, law enforcement or regulatory bodies, and group affiliates that act on our behalf.

5. How Long We Keep Personal Data

We retain personal data only as long as necessary for the processing purposes described in this Policy, and for any related, permissible purposes, in accordance with our internal retention and deletion policy. Retention periods depend on the record type, its nature, business need, activity, and legal or regulatory requirements.

Typical periods include:

  • data collected to meet legal obligations such as AML: two years;
  • data collected under a contract or prior to contract formation: six years after contract termination, based on our legitimate interests in establishing or defending legal claims.

We may retain data for a longer period where necessary to comply with a legal obligation.

6. Data Security

We use commercially reasonable measures to protect personal data from accidental loss, unauthorised access, misuse, alteration, or disclosure. Access is limited to employees, agents, contractors, and service providers with a business need to know, who process data only under our instructions and are subject to confidentiality duties.

We maintain procedures to address suspected personal data breaches and will notify you and applicable regulators where legally required. You are responsible for keeping your password and private key confidential and for following any security procedures we provide. Do not share your password or private key.

7. Transfers Outside the EEA, EEA Residents Only

We may share personal data with employees, agents, contractors, and other third parties, including group companies, located outside the EEA where data protection laws may offer a lower level of protection. We do so only where a legal basis exists. We implement appropriate safeguards when a country is not recognised by the European Commission as providing adequate protection, for example contractual protections that allow you to enforce your rights. In some cases we may seek your explicit consent in writing, with full information about the reasons and your right to withdraw consent at any time. Contact us if you wish to see copies of the safeguards.

8. Your Data Protection Rights

Depending on your location, and in particular if you are an EU resident, you may have the following rights, subject to applicable exemptions:

  • right to information about processing, including source where not provided by you;
  • right to rectification of inaccurate data and completion of incomplete data;
  • right to erasure in certain circumstances;
  • right to restrict processing and right to object to processing, including while a complaint is under review;
  • right to data portability in certain circumstances;
  • right to object to direct marketing and to change marketing preferences at any time;
  • right to request access to a copy of the personal data we hold, subject to identity verification;
  • right to withdraw consent where processing is based on

To exercise your rights, contact us using the details below. We will assess your request and respond in most cases within one month.

If you are resident in the EEA and you are not satisfied with our response, you may lodge a complaint with your local data protection authority. A list of EEA regulators is available at:

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

9. Review of This Policy

We may update this Policy from time to time. When changes are made, we will notify business contacts and mailing list subscribers where appropriate, and we will

update the “Last Updated” date above. Review this Policy whenever you access or use the Site to stay informed about our practices and your choices. If you do not agree to the revised Policy, discontinue use of the Site.

10. Contacting Us

Atena-services is the data controller for this Policy. Questions about this Policy or your rights can be sent to:

Appendix 1: Glossary

  • Data Controller: the organisation that determines the purposes and means of processing personal Atena-services Limited is the data controller for this Policy.
  • Data Processor: an organisation that processes personal data on behalf of the data controller, excluding controller Service providers that handle personal data for the controller act as data processors.
  • Personal Data: any information relating to an identified or identifiable natural
  • Processing: any operation performed on personal data, whether automated or not, such as collection, storage, use, disclosure, alignment, restriction, or
  • Special Categories of Personal Data: data subject to stricter conditions, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for unique identification, health data, sex life, or sexual In the EU, data related to criminal convictions or offences may be processed only when authorised by EU or Member State law.

Appendix 2: Legal Basis, EEA Residents Only

  • Contract performance: processing required to enter into or perform a contract with you.
  • Legal obligations: processing required to comply with the
  • Legitimate interests: processing based on our legitimate interests or those of a third party, where these are not overridden by your data protection

Special categories of personal data may be processed only on specific grounds, for example:

  • Legal claims: establishing, exercising, or defending legal claims;
  • Substantial public interest: as permitted by EU or local law;

Explicit consent: where you give explicit consent for one or more specified purposes. You may withdraw consent at any time, however withdrawal may prevent us from providing a benefit or service that requires such data.