Skip links
SCAP Firm is not a broker, does not provide investment advice, and does not accept public funds. We only offer evaluation programs in simulated environments for educational purposes. No real Execution or financial services are provided, For more information, please feel free to visit our FAQ section.
SCAP Firm is not a broker, does not provide investment advice, and does not accept public funds. We only offer evaluation programs in simulated environments for educational purposes. No real Execution or financial services are provided, For more information, please feel free to visit our FAQ section.
Sign in
Login
Version 1.0 – July 2025

Privacy and data protection policy

Scap Firm Limited, Hong Kong

Privacy and Data Protection

Scap Firm Limited – Hong Kong
Version 1.0 – July 2025

1. Introduction

Scap Firm Limited (hereinafter, “Scap Firm” or “the Company”), a company incorporated and domiciled in Hong Kong, specialized in evaluating users through simulated market environments, guarantees the responsible, secure, and lawful processing of its users’ personal data. This commitment is based on compliance with the European Union’s General Data Protection Regulation (GDPR), the Hong Kong Personal Data (Privacy) Ordinance (PDPO), as well as any other applicable national or international legislation in the jurisdictions from which we operate or where our users are domiciled.

2. Personal Data We Collect

During the registration process, identity validation, and use of our services, Scap Firm may collect and process the following categories of personal data:

  • Identification data: Full name, identification number or passport, date of birth, and nationality.
  • Contact data: Email address, phone number, and country of residence.
  • Professional and financial data: Risk profile, previous Execution experience, historical performance in demo or simulated accounts.
  • Technical and navigation data: IP address, approximate location, device type, operating system, browser type and version, access logs, activity times, session duration, and interactions within the CRM.
  • Operational and behavioral data: Information related to operations executed within evaluation programs, operational behavior, Execution patterns, and records associated with internal metrics.
  • Support and communication records: Video or audio call recordings, support ticket history, emails sent through our official channels, and internal chats, when applicable.

In all cases, data will be collected for legitimate, proportional purposes and in accordance with the principles of transparency, minimization, and security.

3. Purpose of Processing

The personal data collected by Scap Firm will be processed lawfully, fairly, and transparently, exclusively for the following purposes:

  • Identity verification and regulatory compliance validation (KYC): To ensure users meet registration requirements and prevent fraudulent use of the platform.
  • Fraud prevention and detection of suspicious operations: Through analysis of behavior patterns, unusual activity, and risk signals.
  • Compliance with legal obligations regarding anti-money laundering and counter-terrorism financing (AML/CFT): According to applicable international regulations.
  • Statistical and operational analysis of user behavior: To evaluate performance within simulation programs, detect prohibited practices, and maintain the integrity of the evaluation environment.
  • Administrative and contractual management of the user account: Including registration processes, access, profile configuration, participation in challenges, milestone validation, and certificate issuance.
  • Processing payments, withdrawals, and participation in promotions or benefits offered by the Company.
  • Sending notifications and communications of contractual, operational, informative, or commercial nature, when authorized by the user.
  • Continuous improvement of the services provided, user experience, and platform security.

4. Legal Basis for Data Processing

The processing of personal data by Scap Firm is based on one or more of the following legal grounds, as provided by the GDPR, Hong Kong’s PDPO, and other applicable international regulations:

  • Explicit consent of the data subject: Freely given, specific, informed, and unambiguous by the user upon registration and acceptance of this Privacy Policy.
  • Performance of a contractual relationship: Processing is necessary to fulfill the rights and obligations arising from the Terms and Conditions accepted by the user.
  • Compliance with legal obligations: Especially those related to anti-money laundering (AML), counter-terrorism financing (CFT), record retention, and cooperation with regulatory authorities.
  • Legitimate interest of the Company: Such as protection against misuse of the platform, service quality evaluation, fraud and abuse prevention, and continuous improvement of operations, always ensuring a proper balance with the fundamental rights and freedoms of the data subject.

5. Data Storage and Security

Scap Firm stores personal data on secure and encrypted servers located in data centers that comply with international security and information protection standards.

Appropriate technical and organizational measures have been implemented to protect data against unauthorized access, loss, alteration, destruction, or improper disclosure. These measures include, among others:

  • Encryption in transit and at rest using high-security protocols.
  • Access control with multi-factor authentication (MFA) for users and authorized personnel.
  • Continuous monitoring, firewalls, intrusion detection systems (IDS), and periodic data backups.
  • Regular vulnerability assessments and application of security patches.
  • Incident response protocols and disaster recovery plans.

Scap Firm guarantees the confidentiality, integrity, and availability of personal data in accordance with the principles established in applicable legislation.

6. Data Access and Transfer to Third Parties

Scap Firm does not commercialize, sell, rent, or transfer personal data to unauthorized third parties. However, data may be shared with third parties under strict conditions and only in the following cases:

  • Technology and operational providers acting as data processors, when their involvement is strictly necessary for the provision of contracted services. This includes, among others: CRM platforms, payment gateways, identity validation tools (KYC), cloud storage services, and anti-fraud verification systems.
  • National or foreign administrative, regulatory, or judicial authorities, when the request is made within the legal framework and Scap Firm is legally obliged to cooperate.
  • Affiliated companies, subsidiaries, or entities linked to the Scap corporate group, provided there is a contract ensuring data protection levels equivalent to those established in this policy and applicable regulations.

In all cases, Scap Firm will ensure that third parties comply with the principles of legality, proportionality, confidentiality, and security in the processing of transferred personal data.

7. User Rights

Scap Firm recognizes and guarantees all its users the full exercise of the rights granted by applicable personal data protection laws. In particular, the data subject may exercise the following rights:

  • Right of access: To request information about the personal data Scap Firm holds and how it is being processed.
  • Right of rectification: To request correction or updating of personal data when inaccurate, incomplete, or outdated.
  • Right to erasure (“right to be forgotten”): To request deletion of data when no longer necessary for the purposes collected or when consent has been withdrawn.
  • Right to restriction of processing: To request temporary suspension of data use in certain cases provided by law.
  • Right to object: To object to data processing for legitimate reasons related to their particular situation or to its use for marketing purposes.
  • Right to withdraw consent: At any time, without retroactive effect on processing already carried out based on such consent.
  • Right to lodge a complaint: With the competent supervisory authority if they consider their rights have been violated or processing does not comply with current regulations.

To exercise any of these rights, the user must send a written request to the email:
[email protected]
Subject: “Data Protection – Request”

Scap Firm will respond within the deadlines established by applicable regulations and may require additional information to verify the identity of the requester.

8. Data Retention Periods

Personal data will be retained by Scap Firm only for the time strictly necessary to fulfill the purposes for which they were collected or while the user maintains an active account on the platform.

Once the contractual relationship ends, and unless there is a legal or regulatory obligation requiring additional retention, data will be:

  • Securely deleted, or
  • Irreversibly anonymized so that it cannot be associated with an identified or identifiable individual.

Scap Firm will apply internal data retention policies according to the periods established by current regulations on e-commerce, anti-money laundering, consumer protection, and tax compliance, as applicable in each jurisdiction.

9. Cookies and Tracking Technologies

Scap Firm uses cookies and similar tracking technologies to optimize platform functionality, improve user experience, and obtain technical metrics to analyze site performance.

Specifically, the following types of cookies are used:

  • Strictly necessary cookies: Essential for the technical operation of the website and CRM (e.g., session management, authentication, and language settings).
  • Analytical cookies: Allow collection of statistical information about platform usage, pages visited, browsing time, traffic source, among others.
  • Behavioral and personalization cookies: Help tailor the user experience based on previous interactions, preferences, and browsing patterns.

By accessing our digital platform, the user gives informed consent for the use of cookies, according to the terms established in our Cookies Policy, available at:
www.scapfirm.com/cookies

The user may manage or revoke consent at any time through browser settings or the cookie preference panel available on the site.

10. Changes to This Policy

Scap Firm reserves the right to modify, update, or supplement this Privacy Policy at any time due to regulatory changes, decisions by competent authorities, improvements in internal processes, or incorporation of new technological features on the platform.

Any substantial changes will be timely notified to users through:

  • The email registered in their account, and
  • Visible notices within the website or CRM.

Changes will take effect upon publication unless a different date is expressly indicated. Continued use of the services by the user after notification of changes will be understood as acceptance of the new version of the policy.

It is recommended to review this section periodically to stay informed about how we protect your personal data.

How Should It Be Presented in the CRM?

  1. Mandatory checkbox at user registration:
    Suggested text:
    “I declare that I have read and accepted Scap Firm’s Privacy and Data Protection Policy.”
  2. CRM footer:
    Direct link to the policy with a legend such as:
    “Scap Firm guarantees the protection of your data in accordance with current regulations. Learn about our Privacy Policy.”
  3. Modal window accessible from the user profile:
    A button can be added saying “My Privacy Rights” that shows the policy in a pop-up window or redirects to the PDF.
  4. Enhanced protection if using tracking features (logs, IP, behavior):
    In this case, a small message like:
    “This platform records user activity for security and experience improvement purposes. By continuing, you accept this condition.”
All accounts provided to our users operate in a simulated environment and use virtual capital. No transactions are made with real money or in real markets. In addition, we use essential cookies to ensure the proper functioning of the website. For more details, please refer to our help center.