top of page

UNITED SUPPLIERS GROUP LIMITED
Privacy Policy

Last Updated: May 26, 2025​​
​ ​

Introduction

Your privacy is important to United Suppliers Group Limited (“USG”, “we”, “us” or “our”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website or use our services.

 

USG is an international consulting company based in Hong Kong, serving clients worldwide. In handling personal data, we comply with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the Hong Kong Personal Data (Privacy) Ordinance, and the California Consumer Privacy Act (CCPA) for US residents. We strive to process your data lawfully, fairly, and transparently and to uphold the principles of data minimization, purpose limitation, and accountability.

 

By using our website or services, you consent to the practices described in this Policy. If you do not agree with this Policy, please do not use our services. We may update this Policy periodically (see “Changes to this Policy” below).

1. Information We Collect

 

Personal Data

 

USG may collect the following categories of personal information from clients, website visitors, or business partners:

  • Contact Information: Name, email address, telephone number, physical address, company name, and job title.

  • Identification Data: For compliance (KYC) purposes, we may collect date of birth, nationality, passport or ID numbers, and copies of identification documents (passport, ID card, driver’s license).

  • Business Information: Details about your business or company (registration number, corporate documents, ownership structure) if you engage us for company setup or consulting services. This may include personal data of directors, shareholders, or ultimate beneficial owners (UBOs).

  • Financial Information: We typically do not collect payment card details directly (we use third-party payment processors), but we may retain records of invoices, transaction amounts, and payment references related to our services. For certain due diligence, we might collect proof of funds or bank letters (with your consent and as necessary for compliance).

  • Website Usage Data: When you visit our site, we automatically collect information via cookies and similar technologies. This includes IP address, browser type, device identifiers, pages viewed, and referral source. (See Cookies & Tracking below for details.)

  • Communication Data: If you contact us (via email, contact form, or phone), we will collect and retain that correspondence, including the contact details and content of the message. This also covers any feedback or survey responses you provide.
     

We collect personal data either directly from you (for example, when you fill out forms on our site or provide documents during onboarding) or from third-party sources where lawful (for instance, we may use compliance databases or public corporate registries to obtain or verify information about you or your company).

​

Sensitive Personal Data: USG does not actively seek to collect sensitive data (such as race, religion, health, biometric identifiers) and our services are not intended to process such data. We ask that you do not provide us sensitive personal information unless necessary for a specific purpose and you consent (e.g., background checks may reveal criminal records if you volunteer them for due diligence, which we handle with extra care).

​

2. Use of Personal Information

 

USG uses personal data only for specified and legitimate purposes. The purposes for which we process your data include:

  • Service Delivery: To provide our consulting and related services to you. This includes using personal data to advise on or execute company formation, supplier introductions, event organization, or digital payment solutions per your engagement with us. For example, we may use your provided information to prepare incorporation documents or coordinate with service providers (banks, payment processors) on your behalf.

  • Customer Identification and Compliance: To fulfill legal obligations related to know-your-customer (KYC), anti-money laundering, and counter-terrorist financing. We use the data collected in our KYC forms to verify identities, screen against sanctions lists, and assess client risk. This is necessary to comply with laws (GDPR Art. 6(1)(c): legal obligation) and our legitimate interest in preventing fraud and illicit activity.

  • Communication: To communicate with you regarding our services. This includes responding to inquiries, sending administrative emails (about account setup, policy updates, etc.), and providing customer support. We may also send you information about new services, blog articles or events if you have opted-in to marketing communications (you can unsubscribe any time).

  • Improvement of Services: To analyze and improve our website and services. Website usage data helps us understand user interactions and preferences, so we can enhance user experience and content. We may use aggregated, non-identifiable data to analyze trends or maintain our website (GDPR Art. 6(1)(f): legitimate interests).

  • Security and Fraud Prevention: To protect our business, clients, and website from security threats, fraud, or other malicious activity. For example, we may log and analyze IP addresses to detect multiple failed login attempts or to ensure network security.

  • Legal and Regulatory: To establish, exercise, or defend legal claims and to comply with regulatory requests. We may need to use or preserve certain data if dealing with a dispute, audit, or inspection by authorities. If we receive a lawful subpoena or request from law enforcement, we will process personal data to the extent required by law.

  • Other Purposes: If we intend to use your data for a purpose not listed here, we will notify you and obtain consent if required by law.

 

We ensure that data is not used in a manner incompatible with the original purposes without additional consent. We do not sell your personal information to third parties for profit, and we do not use it for automated decision-making or profiling that has legal effects on you without consent.
 

3. Legal Bases for Processing (GDPR-specific)

 

Under the GDPR, we rely on the following legal grounds to process personal data of individuals in the European Economic Area (EEA) or UK:

  • Contractual Necessity: Much of our data processing is to fulfill our contract with you (GDPR Art. 6(1)(b)). For example, if you hire us for consulting, we must process your data to deliver that service (including set-up of a company or coordinating payments).

  • Legal Obligation: We process certain data to comply with laws (GDPR Art. 6(1)(c)). KYC/AML checks are done under legal obligation (e.g., AML laws in Hong Kong/Singapore). Similarly, record-keeping of transactions for 5 years is to meet regulatory requirements.

  • Legitimate Interests: We process data for our legitimate business interests (GDPR Art. 6(1)(f)), provided these are not overridden by your data protection rights. This includes improving our services, ensuring IT security, preventing fraud, and sending relevant communications to existing customers about our services. When relying on this basis, we consider and mitigate the privacy impact on you.

  • Consent: In certain cases, we ask for your consent (GDPR Art. 6(1)(a)). For example, we will obtain consent to send you marketing emails if you are not an existing corporate client. Also, if we ever need to collect sensitive data (GDPR Art. 9(2)(a)), we would only do so with explicit consent. You have the right to withdraw consent at any time, which will not affect the lawfulness of processing before withdrawal.
     

4. Disclosure of Personal Information

​

USG respects the confidentiality of personal data. We do not disclose your information to third parties except as described below and always in line with applicable law:

  • Affiliates and Personnel: Our employees and contractors who “need to know” the information to perform their duties will have access. All such personnel are bound by confidentiality and this Privacy Policy.

  • Service Providers: We use third-party service providers to support our operations. This may include:

  1. Professional advisers (e.g., law firms, accounting firms) assisting with aspects of your engagement.

  2. Company formation agents or local partners in jurisdictions (for instance, a filing agent in Singapore for ACRA submissions, or a registered agent in Hong Kong/China if required). We share only the necessary data for the service (e.g., name, address for company documents).

  3. Payment processors for handling transfers or fee payments. If you pay us via such platforms, the payment details you provide are processed by them under their privacy terms, though we may receive confirmation details.

  4. IT and cloud service providers (for web hosting, data storage, email, project management) – these providers may process data on our behalf for infrastructure purposes. We ensure they have appropriate security and, where required, data processing agreements (GDPR Art. 28).

  • Compliance Screening Providers: We might use third-party compliance tools or databases for sanctions/PEP screening or ID verification. These tools will receive personal data (like name, date of birth) to check against their data sources. They are typically regulated or reputable firms with their own privacy commitments.

  • Business Transfers: If USG undergoes a reorganization, merger, acquisition, or sale of assets, personal data may be transferred to the new entity or third parties as part of due diligence, under confidentiality. We will ensure that the new owners continue to honor the privacy rights described here.

  • Legal and Regulatory Disclosure: We may disclose personal data to government authorities, regulators, or law enforcement if required by law or pursuant to a lawful request (e.g., a court order, law enforcement demand, or regulatory audit). For example, if Hong Kong’s JFIU or an overseas FIU requests information as part of a money laundering investigation, we are obligated to provide relevant data. We also may report information to comply with sanctions laws (e.g., informing OFAC if we have a blocked person’s data) or to fulfill tax reporting obligations. In all cases, we will limit the disclosure to what is legally necessary and will seek to inform you unless legally restricted from doing so.

  • With Your Consent: If you instruct us or explicitly consent to share your information with a third party, we will do so accordingly. For instance, if you want an introduction to a bank or supplier, we can share your contact details with them at your request.

 

Importantly, we do not sell or rent personal information to data brokers or marketers. We do not share data with third parties for their own direct marketing purposes unless you have given permission.
 

5. International Data Transfers

​

USG is headquartered in Hong Kong and operates globally. This means your personal data may be transferred to or accessed from countries outside of your home jurisdiction. For example:

  • Data collected in the EEA may be transferred to Hong Kong for processing (as we have central compliance and data storage in HK). Hong Kong is not currently recognized by the EU as having an adequate data protection law equivalent to GDPR, so we rely on appropriate safeguards for such transfers.

  • We also sometimes need to share data with our partners in China or Singapore as part of delivering services, or use cloud servers that may reside in the US or other locations.

 

When we transfer personal data internationally, we ensure protection by:

  • EU Standard Contractual Clauses (SCCs): For EEA or UK personal data, we use the European Commission’s approved SCCs with recipients in non-adequate countries, obligating them to protect the data to GDPR standards.

  • Data Processing Agreements: Our contracts with service providers include confidentiality and data security commitments.

  • Additional Safeguards: We employ encryption for data in transit, access controls, and where feasible, store EU personal data on servers in jurisdictions with strong privacy laws. We also assess on a case-by-case basis whether any transfer might require supplementary measures (in light of Schrems II decision for EU-US transfers).

  • Exceptions: In some cases, transfers may be justified under GDPR Article 49 (e.g., if it’s necessary for the performance of a contract with you, or with your explicit consent after being informed of risks).

 

You can contact us at compliance@usg.world for more information on international transfer mechanisms or to request a copy of relevant contractual protections.

​​

6. Data Retention

​

We retain personal data only as long as necessary to fulfill the purposes it was collected for, or to meet legal or business requirements. For instance:

  • KYC records and transaction records are kept for 5 years after the end of the business relationship or transaction in compliance with AML laws. In practice, if you cease to be a client, we will archive your due diligence file and keep it for five years, then delete or anonymize it unless a longer period is required (e.g., if an investigation is ongoing).

  • General business correspondence may be kept for up to 7 years under Hong Kong business record requirements.

  • If you subscribed to marketing communications, we retain your contact until you unsubscribe or it’s no longer active.

  • Web logs and analytics data are typically retained for a shorter period (e.g., 1-2 years) unless needed for security analysis.

 

Once the retention period expires, we will securely erase or anonymize personal data. For example, physical documents are shredded, and digital files are deleted or scrubbed from our databases. Where data is stored in backups, we employ processes to eventually remove or overwrite outdated personal data from those backups as well.

​​

7. Data Security

​

We take information security seriously. We implement technical and organizational measures to protect personal data from unauthorized access, loss, or misuse. Our security measures include:

  • Encryption: Sensitive personal data and communications are encrypted in transit (SSL/TLS on our website and emails) and at rest where applicable. For instance, our client database is encrypted and password-protected.

  • Access Control: Personal data is accessible only to staff who need it. We use role-based access control, strong authentication, and regular permission reviews. Administrative access to systems requires multi-factor authentication.

  • Secure Infrastructure: We host data with reputable cloud providers known for robust security. Servers are kept updated with security patches. We utilize firewalls, intrusion detection systems, and anti-malware tools to guard against external threats.

  • Training and Policies: Our employees are trained on data protection and must follow internal IT security policies (such as using strong passwords, secure remote access protocols, and reporting any potential incidents immediately).

  • Vendor Due Diligence: When we engage any third-party processor, we evaluate their security posture and certifications (like ISO 27001 or SOC 2, if applicable). They are contractually obliged to protect data and notify us of breaches.

  • Incident Response: We have an incident response plan. In the unlikely event of a data breach that affects personal data, we will contain the issue, notify affected individuals and authorities as required (GDPR has a 72-hour breach notification rule for serious breaches), and take steps to prevent recurrence.

 

No system is 100% secure, but we continuously assess and improve our security practices. We also encourage you to use caution when sending personal data over the internet (e.g., use our secure upload portals or encrypted email options when provided).
 

8. Your Rights

​

Depending on your jurisdiction, you have a number of rights regarding your personal data. We are committed to honoring these rights. Specifically:


Under GDPR (for EU/EEA/UK individuals):

  • Right to Access: You can request confirmation if we process your personal data and obtain a copy of the data we hold about you, along with supplementary information about how it’s used.

  • Right to Rectification: If any personal data we have is inaccurate or incomplete, you have the right to have it corrected or completed.

  • Right to Erasure: You may ask us to delete your personal data in certain circumstances, for example if it’s no longer necessary for the purpose collected, or if you withdraw consent and no other legal basis exists. We will review and comply unless an exemption applies (e.g., we may retain some data if required for legal obligations such as AML record-keeping).

  • Right to Restrict Processing: You can request that we limit processing of your data (e.g., while a dispute is resolved or if you contest the accuracy of the data).

  • Right to Data Portability: Where processing is based on your consent or contract and carried out by automated means, you can request a copy of your data in a commonly used machine-readable format, or ask us to transfer it to another provider where technically feasible.

  • Right to Object: You can object to our processing of your data when we rely on legitimate interests, including any profiling. If you object, we will stop processing unless we have compelling legitimate grounds or need to continue for legal reasons. You also have an absolute right to object to direct marketing – if you opt-out or unsubscribe, we will stop sending marketing communications.

  • Right not to be subject to Automated Decision-Making: USG does not use automated decision-making without human involvement that produces legal or similarly significant effects. If we ever do, you have the right to request human review of any such decision.

  • Right to Withdraw Consent: If we process data based on your consent, you can withdraw consent at any time, and we will stop that processing.

 

To exercise any of these rights, please contact us at compliance@usg.world. We may need to verify your identity before fulfilling requests. We will respond within one month or as required by law. If we cannot fulfill your request fully (due to legal reasons), we will explain the reason.


Under CCPA (for California residents):

  • Right to Know: You may request that we disclose the categories of personal information we have collected about you, the categories of sources, our purpose for collecting it, and the categories of third parties with whom we share it. You can also request the specific pieces of personal info we have about you (akin to an access request).

  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (if the info is required to provide services, for security, legal compliance, etc., we may deny the deletion to that extent).

  • Right to Opt-Out of Sale: CCPA gives you the right to opt-out of the sale of your personal information. Note that USG does not sell personal information in the traditional sense (monetary exchange for data). We also do not share personal info for cross-context behavioral advertising. Thus, this right may not be applicable as we do not engage in those practices.

  • Right to Non-Discrimination: We will not deny services, charge different prices, or provide a different quality of services if you exercise any CCPA rights.

 

To make a CCPA request, you (or an authorized agent) can contact us at compliance@usg.world. We will verify your identity (for example, by confirming information we have on file like your email or phone) and respond within 45 days as required by CCPA.
If you are a California resident under age 18 and have posted content on our website, you can request removal of that content under California’s “Online Eraser” law.


Other Jurisdictions

If you are located elsewhere (e.g., Hong Kong or Singapore), you may have similar rights under local laws (such as PDPO in HK gives rights to access and correct data). You can still contact us to inquire or exercise any data rights, and we will accommodate to the extent required by applicable law.
 

9. Cookies & Tracking Technologies

​

Our website uses cookies and similar tracking technologies to provide and improve our online services. Cookies are small text files placed on your device to store preferences and info. We use:

  • Essential Cookies: Necessary for the website’s core functionality (e.g., session cookies for logins or remembering your preferences). These do not require consent as they are needed for service.

  • Analytics Cookies: We use Google Analytics (or similar tools) to collect information about how visitors use our site (pages visited, time spent, etc.). This helps us optimize content and user experience. These cookies collect aggregate data and do not directly identify individuals.

  • Functionality Cookies: To remember choices you make on our site (like language selection) and provide enhanced features.

  • No Advertising Cookies: We currently do not use third-party advertising or targeting cookies on our site.

 

When you first visit, you will see a cookie banner (if required by law in your region) allowing you to accept or manage non-essential cookies. You can change your cookie settings at any time via our website footer link or through your browser settings (each browser’s help section will explain how to disable cookies). Note that disabling cookies might affect site functionality.

 

We also respect “Do Not Track” signals; if your browser is set to DNT, our site will try to disable analytics for your visit.
 

10. Third-Party Links

​​

Our website may contain links to third-party websites or services (for example, blog articles might link to external resources, or we might provide a link to our profile on a social media platform). This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit. USG is not responsible for the content or privacy practices of external sites.

​

11. Children’s Privacy

​​

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected information from a child without appropriate consent, we will delete it. If you are a parent or guardian and believe we have information about a minor, please contact us at compliance@usg.world to request deletion.

​

12. Changes to this Privacy Policy

​

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we update the policy, we will revise the “Last Updated” date at the top. If changes are significant, we may provide a more prominent notice (such as an email notification or a banner on our website). We encourage you to review this Policy periodically to stay informed about how we are protecting your information.


Your continued use of our services after any changes to the Privacy Policy constitutes acceptance of those changes, to the extent permitted by law.

​​

13. Contact Us

​

If you have any questions, concerns, or requests regarding this Privacy Policy or our personal data practices, please contact us:

 

United Suppliers Group Limited | Compliance & Data Protection Officer
Email: compliance@usg.world

Postal Address: RM 511, 5/F, MING SANG IND BLDG, 19-21 HING YIP STREET, KWUN TONG, HONG KONG | 999077


We will address your inquiry as promptly as possible. If you feel we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority (for EU residents, this would be your country’s supervisory authority; for HK, the Privacy Commissioner’s Office; for Singapore, the PDPC; for California, the CPPA). We would, however, appreciate the chance to deal with your concerns directly first.​

bottom of page