top of page

Privacy Policy and Personal Data Processing

Last Updated: September 5, 2025

 

International Services Agent Limited (registration Nos. 1968729, 3333860; address: Flat A, 8/F, Kingswell Commercial Tower, 171 Lockhart Road, Wan Chai, Hong Kong), hereinafter referred to as the "Company", acting as a personal data operator, collects and processes Users’ personal data in accordance with the laws of the Honk Kong. 

 

1. List of Collected Personal Data

When using the Company’s digital goods and services, the following User personal data is collected:

 

  • Identification data: User’s surname, first name, patronymic (if applicable).

  • Contact details: information allowing communication with the User (e.g., phone number, email address).

  • Telegram account data: identifiers or information about the User’s Telegram account (e.g., unique ID or username) necessary for providing purchased digital goods in the account.

  • Payment data: details of payment instruments (e.g., part of a bank card number, payment account, or other payment identifiers) used by the User to pay for orders.

  • Order and service activity data: information about digital goods and services ordered and purchased by the User, facts and details of their provision, as well as User activity in the Telegram service related to the use of purchased digital goods (e.g., subscription activation, use of “Stars”, etc.).

 

Absence of special categories of data: The Company does not request or process special categories of personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, sex life, criminal record, as well as biometric data. Users should refrain from providing such information to the Company. If such data is inadvertently received by the Company, it will not be used and will be deleted.

 

2. Purposes of Processing Personal Data

 

Users’ personal data is processed solely to achieve specific, pre-defined lawful purposes. In particular, the Company collects and uses personal data for the following purposes:

  • Performance of the user agreement: entering into and performing a contract with the User for the provision of digital goods and services (end user license agreement). This includes the provision of purchased digital goods and proper fulfillment of all obligations of the Company to the User.

  • Payments and processing: conducting settlements with the User, processing payments for digital goods and services, confirming payment, issuing refunds if necessary, and carrying out other financial operations related to contract performance.

  • Notifications and communication with the User: sending notifications to the User related to the provision of digital goods and services, including order confirmations, status updates, technical and other notifications directly arising from contract performance. The Company does not send advertising or marketing messages without separate consent from the User.

  • Compliance with legal requirements: fulfilling obligations of the Company established by the laws of Hong Kong . In particular, personal data may be processed for accounting, tax reporting, providing information upon lawful requests from state authorities, and fulfilling other requirements of applicable regulations.

Personal data is not processed for purposes incompatible with the above. Processing for new purposes not provided for in this Policy is allowed only with the User’s prior consent or another lawful basis provided by law.

 

3. Legal Basis for Processing

 

Users’ personal data is processed on the following legal bases provided by Hong Kong:

  • Contract with the User: personal data is processed in connection with the conclusion and performance of a contract (user agreement) between the User and the Company. 

  • User’s consent: in cases where specific operations with personal data require consent, it is provided by the User freely, voluntarily, and in their own interest. Consent to processing is given by a direct action – clicking the relevant button (checkbox) in the order interface, confirming acceptance of this Policy and authorizing the processing of their personal data. Checking the box (clicking) means the Company has received the User’s informed consent for data processing for the stated purposes.

The Company does not process personal data for product or service promotion (marketing) without obtaining the subject’s separate prior consent. All actions with data are carried out lawfully and strictly in accordance with the stated purposes of processing.

 

4. Transfer of Personal Data to Third Parties

 

The Company may engage third parties (partners) to process Users’ personal data to the extent necessary to provide services, subject to such parties complying with personal data protection laws. Data transfers to third parties occur in the following cases:

  • Payment providers: to process payments and settlements, the Company engages specialized payment service providers. Personal data (e.g., name, payment amount, part of payment details) is transferred to such providers to the minimum extent necessary to complete the payment and issue refunds (if needed). These providers act under contracts with the Company and undertake to ensure confidentiality and security of personal data as required by law.

  • Telegram Service: the provision of digital goods and services is integrated with the Telegram platform. To activate purchased products (for example, premium subscriptions) in the User’s account, the Company may transfer certain data to the Telegram service, such as the user identifier and information about the purchased digital product. The data is transmitted through the official interaction tools of the platform (Telegram API) and only to the extent necessary for the provision of the service. Telegram acts as an independent data controller with respect to the information it collects about the User and processes such data on the basis of its own privacy policy. The Company does not transfer to Telegram any information other than what is required for the activation and functioning of digital goods.

  • Other parties on legal grounds: personal data may be provided to third parties in cases directly required by law (e.g., upon court order, law enforcement request, or regulator authority action) or to protect the Company’s rights and lawful interests, provided legal requirements are met. In such cases, transfer is strictly in accordance with the procedures established by law.

All third parties receiving personal data undertake confidentiality and data protection obligations. The Company enters into necessary agreements with such parties (confidentiality agreements, processing contracts, etc.) or otherwise ensures appropriate measures are in place to protect received personal data.

 

Cross-border data transfer: The User expressly agrees that when using the services, personal data may be transferred over the Internet to foreign countries, including those ensuring adequate protection of personal data rights, as well as those not ensuring such protection (e.g., Hong Kong) – provided appropriate protective measures are taken. In particular, data transfers to Hong Kong (where the Company is registered) and other jurisdictions without equivalent protection are carried out only with val...

 

5. Rights of Data Subjects

Each User whose personal data is processed by the Company is guaranteed the protection of their rights The User has the right to:

  • Obtaining Information about Processing: To request from the Company information concerning the processing of his/her personal data. Upon the User's request, the Company shall provide information about the data processed concerning him/her, including the composition of the personal data, the purposes and sources of their acquisition, the processing periods, the legal grounds, the name and address of the Company (operator), as well as information about carried out or envisaged cross-border transfers and about persons who have access to the data. 

  • Rectification or deletion: request the Company to update or correct their personal data in case of changes or inaccuracies. If the User discovers their personal data is incomplete, outdated, inaccurate, obtained unlawfully, or unnecessary for processing purposes, they may request blocking or deletion. The Company undertakes to review such requests and, if justified, amend, anonymize, or delete the relevant data within the timeframe prescribed by law.

  • Withdrawal of consent: withdraw previously given consent to personal data processing at any time (see section 7). Withdrawal does not affect processing carried out lawfully before the withdrawal. After receiving a withdrawal, and if there are no other lawful grounds, the Company stops processing the relevant data and deletes it within the legally established timeframe.

  • Objection to marketing: request the Company to stop using their personal data for product/service promotion. If the Company intends to use the User’s data for marketing (e.g., advertising mailings), the User may require separate consent or opt out. Currently, the Company does not conduct direct marketing mailings, but this right remains secured for the User.

  • Protect rights and appeal: file complaints with the authorized supervisory authority (Roskomnadzor) or the courts against unlawful actions or inaction by the Company. If the User believes their rights have been violated, they may request clarification from the Company or seek protection under the law. The User may also claim damages or compensation for moral harm in court if violations are confirmed.

 

6. Retention Period of Personal Data

 

Users’ personal data is stored no longer than required for the purposes specified in this Policy or the periods established by law. Retention periods depend on data category and processing purpose:

 

  • Account and identification data (e.g., full name, contact details, Telegram ID) is stored for the duration of the user agreement between the User and the Company. After contract termination, core identification data may be stored for a period needed to finalize termination, resolve disputes, or settle claims.

  • Order and payment data is stored as required for the Company’s obligations and settlements, and for subsequent legal requirements in accounting and taxation. For instance, financial transaction data may be retained by law for at least 5 years for tax control. In any case, such data is retained only as long as necessary for the stated legal purposes.

  • Technical and auxiliary data (e.g., logs, correspondence with support) is stored as long as needed for service functioning, handling inquiries, and protecting rights of the Company and Users. Retention periods are set by internal regulations in compliance with law.

 

After retention periods expire or purposes are achieved, personal data must be deleted or anonymized, unless the Company is legally obliged to continue retention (e.g., ongoing legal proceedings or regulator requirements).

 

7. Withdrawal of Consent

 

A User who previously gave consent to personal data processing may withdraw it at any time by sending the Company a notice. Withdrawal may be made via a written statement to the Company’s postal address or electronically through a feedback form or email (if available on the Company’s website).

 

Upon withdrawal: the Company ceases further processing of personal data previously based solely on consent and, if no other legal grounds exist, deletes it within 30 days (or another statutory period considering data type and technical capability). If other grounds exist (e.g., contract performance, legal duties), the Company continues processing in the necessary scope, notifying the User.

 

Withdrawal does not affect the lawfulness of processing before withdrawal. However, it may render certain services impossible. If withdrawal relates to critical contract data (e.g., name, contact details), the Company may have to terminate contract obligations, notifying the User separately.

 

If the User believes the Company unlawfully continues processing after withdrawal, they may seek protection via Roskomnadzor or courts (see section 5).

 

8. Amendments and Updates to the Policy

 

The Company reserves the right to amend this Privacy Policy unilaterally, particularly in case of legislative changes, introduction of new services, changes in processing methods, or organizational changes in the Company.

 

When amendments are made, the updated Policy is published on the Company’s official website. The date of the last update is indicated at the beginning of the document or otherwise clearly shown. Amendments take effect from publication unless a later date is specified.

 

The Company recommends Users regularly review the Policy. Continued use of the Company’s services after an update signifies agreement with the new Policy. If the User disagrees, they must cease using the services and may exercise their rights under section 5, including the right to request data deletion.

 

This Privacy Policy is drafted, governed by and construed in accordance with the laws of Hong Kong. The document is publicly available on the Company’s website https://www.isasoft.digital/  for Users’ review. Questions regarding the Policy or data processing should be directed to the Company. 

bottom of page