Thunder Career Advisors and its affiliates (“Thunder”),  (collectively, the “Company”, "Thunder", "we", "us", and "our") respect your privacy. Please read the following to learn more about our Privacy Policy (the "Policy" or the “Privacy Policy”). This Policy applies to the Company’s websites, applications, products, and services that display or provide links to this Policy.

In conducting our business at Thunder, we fully understand and respect the importance of your personal data about you and the appropriate safety protection measures will be adopted to protect your personal data in accordance with the requirements of the applicable laws and regulations. Our Policy is to inform you about your rights concerning the processing of your personal data. We will not use your personal data for any purpose not covered in this Policy without prior notification to you or obtaining your consent.

This Policy shall apply to all the products or services that we provide to you from time to time. You shall read this Policy carefully before using our products or services, you are advised to seek independent legal advice, if necessary. If you do not agree with or understand this Policy, please do not use or access our products or services. By using our products or services, you shall be deemed to have acknowledged, understood, and consented to be bound by this Policy, including any subsequent modifications to this Policy from time to time.

This Policy describes how we process your personal data but it may not address all possible personal data processing scenarios. A dedicated privacy policy or notice may be issued for a specific business in our websites, applications, products, or services to explain about how we process your personal data and how you can exercise your rights and to contact the data controller, therefore, you are advised to read such dedicated privacy policy or notice in conjunction with this Privacy Policy before using the specific websites, applications, products, or services.

This Policy describes:

(1) How We Collect & Use Your Personal Data

(2) How We Use Cookies & Similar Technologies

(3) How We Disclose Your Personal Data

(4) How to Access & Control Your Personal Data

(5) How We Protect & Retain Your Personal Data

(6) How We Process Children's Personal Data

(7) Third-Party Providers and Their Services

(8) International Transfers of Your Personal Data

(9) Advertisement and Personal Data

(10) Updates to This Policy

(11) How to Contact Us

(1) How We Collect & Use Your Personal Data

 In this Policy, the personal data means any data that, either on its own or jointly with other data, can be used to identify an individual. Depending on how you interact with us, you may need to provide us with such data when you use our websites, applications, products, or services. In some cases, you can choose not to provide such data, but this may prevent us from providing you with the corresponding products or services, or may mean that we cannot respond to or resolve any issues you have raised to us. Depending on your country, our representative office that you interact with will be responsible for handling your data.

A． How We Collect Your Personal Data

We will collect your personal data only for the purposes described in this Policy. The following are some but not all the examples of personal data that we may collect from you.

A1. Information that you may provide to us

(i) Account information, such as your account ID, password, name, email address, phone number, and country. If you use a social media account to log in, we will collect your OpenID and related information.

(ii) Personal contact information, such as your name, nationality, date of birth, residential address, proof of address (eg. bank statement, utility bills, tax statement etc.), phone number, email address, country, city, company, position, other identification information such as copy of driving license, passport and/or any other government issued identification documents (“Personal Identification Information”).

(iii) If you are a legal entity ie. other than individual, we may collect from you the company legal name and registration number, and copy of business documents such as certificate of incorporation, company’s constitution, shareholding structure, organisation chart, UBO (ultimate beneficial ownership) statement (“Corporation Identification Information”).

(iv) User experience feedback, such as any feedback you provide about the use of our products and services, purchase requirements, comments, and satisfaction.

A2. Information obtained during your use of products and services

(i) Device and browser data. When you use our products and services, we will collect information about your device. This includes the operating system, IP address, browser type and version, device information, device manufacturer, system version, IMEI, device fingerprint information, location, system activity, number and length of visits and page interactions and other technical information that varies depending on the products and services. Browser information, such as domain name, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform etc.

(ii) Transactional and banking information. When you access and/or use our products or services, we may collect certain transactional and banking information from you, which include, but not limited to account balances, trading activity, deposits, withdrawals and customer service interactions; bank account details and debit card, charge card or credit card information.

(iii) Interaction information.

• When you watch webinars, click ads, or open or click marketing or service notification emails we send to you, we will collect the generated interaction records.

• When you interact with our customer communication channels (such as pre-sales or after-sales service centres or platform) whether face-to-face, online, or via phone or email, we will record the communication process, including your phone number, recordings, and chat logs.

• When you participate in our offline activities, such as exhibitions and summits, we may collect your attendance records, photos, and audio and video files.

• When using location-based products or services, you may need to authorize us to obtain your location information.

• When you use our products or services, we automatically collect and store necessary log information, such as the time of access, access count, IP addresses, and events (such as access success or failure).

(iv) Information from third-party sources

As permitted by law, we may also obtain information about you from public and commercial third-party sources. For example, we may obtain the alias you use when logging in to our websites from a third-party social media platform.

We may collect information from third parties relating to you, which may include, but not limited to, information from:

(a) your bank when you make a bank transfer to use the services;

(b) advertising, search and analytics providers;

(c) public databases, credit bureaus and identification verification partners;

(d) authorities relating to a potential investigation relating to your use of the services; and

(e) other information which we may collect from time to time,

together, the “Third Party Information”.

We may use the Third Party Information for the following purposes:

(a) to assist with internal and/or external investigations;

(b) to fulfil our legal or regulatory obligations;

(c) personal data processing activities, such as identity verification, payment processing, compliance with court orders, other reporting obligations and anti-money laundering or combating the financing of terrorism policies; and

(d) other purposes which we may deem necessary from time to time.

Before obtaining the Third Party Information, we require the third parties to obtain your prior consent in accordance with any applicable laws, rules and regulations before collecting the Third Party Information. We shall use the same level of protective measures as those used for the Personal Information to protect the Third Party Information.

(v) Collection and use of non-personally identifiable information (PII)

Non-PII is information that cannot be used to identify a particular individual. For example, statistical data, such as the number of visits to our website, is non-PII. We collect this data to understand how people use our websites, applications, products, and services so that we can improve our quality of service and better meet user requirements.

We may collect, use, process, transfer, or disclose non-PII for other purposes at our own discretion. We will try best to isolate your personal data from non-PII and use them separately. If non-PII is mixed with your personal data, it will be treated as personal data.

B． How We Use Your Personal Data

B1. Purposes of using personal data

We collect and use personal data to provide better product and service experience for you. We may use your Corporate Identification Information and the Personal Identification Information (collectively, the “Identification Information”) for the following purposes:

(i) to assist in the registration of your account with the platform;

(ii) for you to access and use the services;

(iii) to facilitate our contact with you;

(iv) for the safety and security of the platform, including protecting the integrity of the platform;

(v) to assist us in any legal proceedings;

(vi) to enable us to comply with any legal and regulatory framework to combat money-laundering and/or financing of terrorism;

(vii) to send marketing communications;

(viii) for internal business purposes and record keeping; and/or

(ix) other purposes which we may deem to be necessary from time to time.

Other usage of Identification Information includes:

(i) Authentication. When you use our products or services, you may need to provide personal data in order to create an account and for subsequent authentication and permission management.

(ii) With your consent, we may contact you to inform you about products and services of interest, and inviting you to join our activities and surveys. You can opt out of receiving such information at any time.

(iii) To confirm your participation requests, to send marketing campaign information, and to collect survey information, either by us or our authorized partners when you have signed up for our online or offline marketing campaigns.

(iv) With your consent, to share your hashed user ID with third-party social media platforms to present our products or services to you.

(v) To fulfil contracts, to handle payments, to arrange shipment, and to provide delivery and maintenance services related to our products or services.

(vi) To provide technical support and after-sales services for our products or services based on contractual obligations or according to your requirements. This includes resolving any issues you raise and providing solutions or suggestions.

(vii) To organize and to manage our certification exams and online learning, and to manage the training and ICT competitions organized by us or authorized partners.

(viii) To qualifying, to manage, to communicate, and to conduct business with suppliers and business partners.

(ix) To provide you with the personalized experience and content.

(x) To carry out internal audits, data analysis, and research; analysing business operations efficiency and to measure market share; and to improve our products and services.

(xi) To ensure the security of your personal data and that of our products and services, and to execute and to improve our loss-prevention and anti-fraud plans.

(xii) To comply with and to enforce the applicable laws.

B2. Legal basis for processing data

We process your personal data following the requirements of applicable laws based on an appropriate legal basis, including:

• Your consent;

• Necessity for the performance of a contract;

• Necessity to comply with and fulfil legal obligations.

• Necessity for the protection of our or a third party's legitimate interest.

Legitimate interests include for example enabling us to more effectively manage and operate our business and provide our products and services; protecting the security of our businesses, systems, products, services, and customers; and other legitimate interests;

(2) How We Use Cookies & Similar Technologies

A. Cookies

To ensure our websites and applications work correctly, we may need to place a small piece of data known as a cookie on your computer or mobile device. A cookie is a text file stored by a web server on a computer or mobile device. The content of a cookie can be retrieved or read only by the user or server that creates the cookie. A cookie often consists of identifiers, site names, and some numbers and characters. Cookies are unique to the browsers or applications you use, and enable websites or applications to store data such as your preferences or items in your shopping cart.

Like many other websites or Internet service providers, we use cookies to improve user experience. Cookies allow websites or applications to remember your settings such as language, preferred font size, or other browser preferences. This means that you do not need to set your preferences on every visit. If you disable cookies, websites will treat you as a new visitor every time you load a web page. For example, if you navigate away from a website you are logged in to and then return to it, you will need to log in to it again.

We will not use cookies for any purpose other than those mentioned in this Policy. You can manage or delete cookies based on your own preferences. For additional information, you may visit AboutCookies.org. You can clear all the cookies stored on your computer, and most web browsers provide the option of blocking cookies. However, by doing so, you have to change the user settings every time you visit our website.

B. Web Beacons and Pixel Tags 

In addition to cookies, we may also use other similar technologies, such as web beacons and pixel tags, on our websites and applications. For example, we may send you an email that contains a click-through URL linking to our webpage. If you click the link, we will track your visit to help us learn about your preferences for products and services and to improve our customer service. A web beacon is a transparent image embedded in a web page or email. We use pixel tags in emails to find out whether an email has been opened. If you do not want to be tracked in this manner, you can click the unsubscribe link in the email. By using our websites and applications, you consent to the use of cookies, web beacons, and pixel tags as described above.

(3) How We Disclose Personal Data

Generally, we disclose your personal data only in the following scenarios:

(i) We disclose the information you have authorized to your specified third party.

(ii) As a global company, we may share personal data with our affiliates. We do so only for specific, clear, and legitimate purposes, and share only the information necessary to provide services.

(iii) We may share your personal data with our partners, in accordance with this Policy, if we have authorized them to offer certain services.

(iv) Where the disclosure is necessary for the operation of our websites or applications or where the disclosure is necessary to protect the interests of our websites or applications and/or other users.

(v) To comply with applicable laws or to respond to valid legal procedures, we may disclose your personal data to law enforcement agencies. If we are involved in a restructuring, merger & acquisition, separation, bankruptcy, or liquidation lawsuit in a given jurisdiction, your personal data may be disclosed in connection with the transaction.

(4) How to Access & Control Your Personal Data

We strive to maintain accurate, complete, and up-to-date personal data. Please ensure that all personal data you submit to us is correct.

To the extent required by applicable law, you may

(i) have the right to access certain personal data we maintain about you,

(ii) request that we update or correct inaccuracies in that data,

(iii) object or restrict to our use of your personal data, and

(iv) ask us to delete your personal data from our database.

To exercise these rights, we require you to provide your request in writing for security purposes. Note that we may decline your request if we reasonably believe that the request is fraudulent, unfeasible, or may jeopardize the privacy of others.

If allowed by applicable laws, you have the right to withdraw your consent at any time when we process your personal data based on your consent. However, withdrawal does not affect the legitimacy or effectiveness of how we process your personal data based on your consent before the withdrawal is made; nor does it affect any data processing based on another legal basis other than your consent.

(5) How We Protect & Retain Your Personal Data

The security of your personal data is important to us. We use appropriate physical, management, and technical measures to protect your personal data from unauthorized access, disclosure, use, modification, damage, or loss.

We adopt various measures to protect the confidential information (“Protective Measures”), for example, we use cryptographic technologies for data confidentiality, protection mechanisms to prevent attacks, and access control mechanisms to permit only authorized access to your personal data. Such Protective Measures include:

(i) physical measures, such as ensuring the Identification Information is stored in a secure facility;

(ii) electronic measures, such as implementing strict access requirements for access to the Identification Information;

(iii) management measures, such as setting up an internal department for the protection of the system of Identification Information, implementing internal controls to ensure only the relevant employees are permitted to access the Identification Information and training to ensure the relevant employees know how to deal with the Identification Information;

(iv) security measures, such as using security technology and management systems to minimise the risk that the Identification Information would be disclosed, damaged, misused and/or accessed without proper authorisation. When storing and transmitting the Identification Information, we shall adopt measures such as encryption to protect the Identification Information; and

(v) other measures, such as a periodic review of the procedures and technology used to protect the Identification Information.

Should you become aware of any potential security vulnerability, please contact us so that we can take the appropriate measures as soon as possible. Despite the Protective Measures, we cannot guarantee the absolute safety of the Identification Information. When registering for our services, choose a complex password and turn on advance security features, such as two-factor authentication. Never share your account credentials with third-parties. Where necessary, we shall anonymise and remove the identifiers from the Identification Information.

Subject to any applicable laws, rules and regulations, we store the Identification Information for as long as it is reasonably necessary for the purposes as described in this Policy, and may be retained until the time limit for any legal challenges has expired or in order for us to comply with the regulatory requirements regarding the retention of such Identification Information. Although no security measure can ever guarantee complete security, we strive our best to protecting your Identification Information.

We will retain your Identification Information for no longer than is necessary for the purposes stated in this Policy, unless otherwise extending the retention period is required or permitted by law. The data retention period may vary depending on the scenario, product, and service. The standards we use to determine the retention period include: the time required to retain personal data to fulfil business purposes (including providing products and services; maintaining the corresponding transaction and business records; controlling and improving the performance and quality of products and services; ensuring the security of systems, products, and services; handling possible user queries or complaints; and locating problems), whether you agree to a longer retention period, and whether the laws, contracts, and other equivalences have special requirements for data retention.

We will maintain your registration information as long as your account is necessary for us to provide you with your desired products and services. You can choose to deregister your account, at which point, we will stop providing you with products and services through your account and delete or anonymize your relevant personal data within a necessary period of time, provided that deletion is not otherwise stipulated by special legal requirements.

(6) How We Process Children's Personal Data

Our websites, applications, products, and services are not intended for children.

Children, as defined by local applicable laws, are not allowed to register with us or use our websites, applications, products, or services without the consent of a parent or guardian.

If you are the parent or guardian of a child and believe that we may have collected personal data concerning your child, please contact us according to the details stated in Section 11 “How to Contact Us” of this Policy. We will attempt to delete the data as soon as possible.

(7) Third-Party Providers and Their Services

In the use or experience process, you may receive content or web links from third parties other than us. We do not have control over the content or websites after redirection, but you can choose whether to use the links, view the content, or access the products or services provided by third parties.

The personal data you provide on a third-party website is collected and processed solely by the third party, independently from our processing activities. Such third parties are not subject to this Policy. Before submitting personal data to them, please read and understand their privacy policy/notice/statement.

(8) International Transfers of Your Personal Data

We are a multinational company. As such, the personal data we collect may be processed or accessed in countries or regions where you use our products or services, or other countries or regions where we or our affiliates, service providers, or business partners are located.

Different jurisdictions may have different data protection laws. In such circumstances, we take appropriate measures to ensure that data is processed as required by this Policy and applicable laws. This includes when transferring a data subject's personal data from the EU to a country or region that the European Commission deems as not ensuring an adequate level of data protection. In such cases, we may use various legal mechanisms, such as signing standard contractual clauses approved by the European Commission, obtaining the data subject's consent to the cross-border data transfer, or implementing security measures such as anonymizing personal data before cross-border data transfer.

Whenever we transfer personal information beyond the country of origin, we will do so in accordance with applicable laws. For personal information originating in the European Economic Area (EEA) that is transferred to our legal entity outside the EEA that does not have an “adequate level of protection” as determined by the European Commission, it does so on the basis of our EEA Binding Corporate Rules ("EEA BCRs"). Our EEA BCRs establish adequate protection of personal information and are legally binding on our subsidiaries and affiliates. Where our EEA BCRs do not apply, we rely on other lawful measures, such as contracts that include the EU standard contractual clauses.

Likewise, for personal information originating in the United Kingdom (UK) that is transferred to our legal entity outside of the UK that does not have an “adequate level of protection” as determined by the competent UK authorities, it does so on the basis of our UK binding corporate rules known as UK Binding Corporate Rules ("UK BCRs"). Our UK BCRs establish adequate protection of personal information and are legally binding on our subsidiaries and affiliates. Where our UK BCRs do not apply, we rely on other lawful measures, such as standard contractual clauses, to provide appropriate safeguards for the personal information we transfer.

(9) Advertisement and Personal Information

In order for us to provide you with the best user experience, we may share your personal information with our marketing partners for the purposes of targeting, modelling, and/or analytics as well as marketing and advertising. You have a right to object at any time to processing of your personal information for direct marketing purposes.

(10) Updates to This Policy

This Policy is reviewed periodically to ensure that any new obligations or changes to the regulatory landscape are taken into consideration. We reserve the right to update or modify this Policy at any time. Where there are any changes to this Policy, we shall release an updated Policy on our websites or applications with the Last Updated date. By continuing to use our products or services after the Policy has been updated, it shall be deemed that you agree to the updated Policy. Should you not agree any of the terms in the updated Policy, you should cease to access and/or use our products or services immediately.

(11) How to Contact Us

If you have a complaint or issue relating to privacy concerning your Identification Information, you can contact us via our online contact form.

When your personal data is processed by us in accordance with this Policy, any legal entity that provides you with products or services, or that has signed or is about to sign a contract with you, is the controller of the related personal data.

Note: Due to differences in local laws and languages, local versions of this Policy may be different from this version. In the case of any conflicts, the local versions shall prevail.

This website is managed by Blackletter Advisory.