── Compliance · WE PLAN INTERNATIONAL TRADE (HK) LIMITED

Privacy Policy

Last updated: 12 June 2026 · Compliant with PDPO Cap. 486 (Hong Kong) & GDPR (EU 2016/679)

1 — Purpose

What this policy covers

This Privacy Policy explains how WE PLAN INTERNATIONAL TRADE (HK) LIMITED ("the Company") collects, uses, stores and protects personal data in connection with its trading, structuring and advisory activities, in compliance with the Personal Data (Privacy) Ordinance, Cap. 486 (PDPO) of Hong Kong and, where applicable, the EU General Data Protection Regulation (GDPR — EU 2016/679).

2 — Data Collected

What we collect

  • Identity data: name, passport, corporate registration documents, UBO declarations;
  • Contact data: email address, telephone, business address;
  • Financial data: banking coordinates, account references, payment instrument details;
  • Transactional data: SPA, invoices, shipping documents, inspection reports;
  • KYC/AML data: source of funds, sanctions screening results, due diligence records.

No sensitive personal data (health, political opinions, biometric data) is collected unless strictly required by law.

3 — Purposes & Legal Basis

Why we process data

  • Contract execution — processing necessary to perform the SPA and related agreements;
  • Legal obligations — AML/CFT compliance, sanctions screening, regulatory reporting;
  • Legitimate interests — fraud prevention, risk management, business development;
  • Consent — where required for marketing communications.

4 — Data Retention

How long we keep data

  • KYC and transaction data: 7 years from the end of the business relationship (AML/CFT obligation);
  • Contractual data: 7 years from contract execution;
  • Accounting and financial data: 7 years (Hong Kong Companies Ordinance Cap. 622);
  • Marketing data: until withdrawal of consent.

5 — Data Transfers

Cross-border transfers

Given the nature of our operations, data may be transferred to counterparties, banks and logistics partners located in Asia, Africa and Europe. For transfers to jurisdictions outside Hong Kong, the Company ensures appropriate safeguards are in place, including contractual protections aligned with PDPO and, where relevant, Standard Contractual Clauses (SCCs) under Article 46 GDPR.

6 — Your Rights

Rights of data subjects

Under PDPO and/or GDPR, you have the right to: access your personal data, request correction of inaccurate data, object to processing, request erasure (subject to legal retention obligations), restrict processing, and request data portability.

Requests should be addressed in writing to contact@weplanltd.com. We respond within 40 days (PDPO) or 30 days (GDPR).

7 — Contact

Privacy enquiries

For all privacy-related matters: contact@weplanltd.com · Room A1, 11/F, Winner Building, 36 Man Yue Street, Hung Hom, Hong Kong.

For EU-based data subjects, complaints may be lodged with the relevant national supervisory authority (e.g. CNIL in France).

WE PLAN INTERNATIONAL TRADE (HK) LIMITED · Privacy Policy · 12 June 2026

Terms & Conditions · AML & KYC · Legal Notice