Privacy Policy
Last updated: 13 July 2026
This Privacy Policy explains how Nano Advanced Services Limited, a company incorporated in Hong Kong (“Dream”, “we”, “us” or “our”), collects, uses, shares and protects your personal data when you register your interest through this website, apply for and hold a Dream card, and use the services connected to it. For the personal data described here, we act as the data controller.
Please read this policy carefully. By registering your interest or applying for a Dream card, you acknowledge that your personal data will be handled as described below. If you do not agree with this policy, please do not submit your information to us.
1. How we protect your personal information
We are committed to keeping your personal data secure. We maintain administrative, technical and physical safeguards designed to protect it against unauthorised access, disclosure, alteration and destruction. These include encryption of data in transit and at rest, strict access controls on a need-to-know basis, network and application security controls, and continuous monitoring. Where we engage partners to process personal data on our behalf, we require them to apply protections consistent with this policy and with applicable law.
No method of transmission or storage is completely secure. While we work hard to protect your information, we cannot guarantee its absolute security, and any transmission is at your own risk. If you believe your interaction with us is no longer secure, please contact us immediately at Privacy@thedream.cards.
2. Information we may collect from you
2.1 Information you provide to us
Depending on how you interact with us, this may include:
- Registration and enquiry data — your full name, email address and phone number, the card tier you are interested in, any introducing host or member you name, and, for the Boundless flow, the invitation code you enter;
- Identity and verification data— where you apply for a card, information and documents needed to verify your identity and meet our legal obligations, such as government-issued identification, date of birth, nationality, residential address, and a photograph or short video used to confirm that you are the person presenting the identification (a “liveness” check);
- Account and profile data — the credentials and preferences associated with your account, and records of your communications with us and our concierge team;
- Financial and funding data — information needed to fund and operate your card, such as the amounts and sources you use to load it.
2.2 Information we collect automatically
- Transaction data — details of the card transactions and account activity you carry out, including amounts, dates, merchant categories and locations;
- Technical and device data — your IP address, device and browser type, operating system, and similar identifiers, used to operate and secure our services (including rate-limiting and fraud prevention);
- Usage data — information about how you use this website and our services, such as the pages you view and the actions you take.
2.3 Information from third parties
To verify your identity, assess eligibility and comply with our legal obligations, we may receive information about you from regulated identity-verification providers, card-issuing and payment partners, sanctions and politically-exposed-person screening services, and fraud- prevention sources. We describe these partners by the function they perform rather than by name.
3. Cookies
This website uses cookies and similar technologies to operate reliably, keep it secure, remember your language preference, and understand how it is used so we can improve it. These include strictly necessary cookies (required for the site to function) and analytics/ performance cookies. You can control cookies through your browser settings; disabling some cookies may affect how the site works.
4. Uses made of the information
We use your personal data to:
- respond to your enquiry and assess your eligibility for a Dream card;
- verify your identity and carry out anti-money-laundering (AML) and other checks required by law;
- set up, administer and service your card and account, including funding and transactions;
- provide member support and concierge services and communicate with you about your account;
- detect, investigate and prevent fraud, abuse and other prohibited activity, and keep our services secure;
- comply with applicable legal, regulatory and reporting obligations; and
- improve our website, products and services.
Lawful bases. Where data protection law (including the EU/UK GDPR) applies, we rely on the following bases: performance of a contract with you, or taking steps at your request before entering one; compliance with our legal obligations (for example AML and KYC requirements); our legitimate interests in operating, securing and improving our services and preventing fraud; and your consent, which you may withdraw at any time (for example for optional marketing communications).
5. Disclosure of your information
5.1 Partners and service providers
We share personal data only as needed to operate our services, with partners acting for us or with us under appropriate obligations of confidentiality and security. These include our regulated card-issuing and payment partners, identity-verification and screening providers, communications and hosting providers, and professional advisers. We do not sell your personal data.
5.2 Other circumstances
We may also disclose personal data:
- where required by law, regulation, court order or a competent authority;
- to establish, exercise or defend legal claims, or to enforce our terms;
- to detect, prevent or address fraud, security or technical issues;
- to protect the rights, property or safety of Dream, our members or others; and
- in connection with a corporate transaction such as a merger, financing or sale of assets, subject to appropriate confidentiality.
6. Where we store your personal data
Your personal data is stored on secure infrastructure operated by us and our processors. Access is restricted to authorised personnel and partners who need it to perform the purposes described in this policy, and is subject to the safeguards set out in Section 1.
7. International transfers
We are based in Hong Kong and may process and store personal data in Hong Kong and in other countries where we or our partners operate. Where we transfer personal data across borders, we take steps to ensure it continues to be protected, including by using recognised transfer mechanisms such as standard contractual clauses and by requiring recipients to apply appropriate safeguards consistent with this policy and applicable law.
8. Profiling and automated decision-making
We use automated tools to help verify identity, assess eligibility and detect fraud and risk. These may involve automated processing of your personal data. Where a decision that produces legal or similarly significant effects for you is based solely on automated processing, you have the right to request human review, to express your point of view and to contest the decision, as described in Section 10.
9. Data retention
We keep your personal data only for as long as necessary for the purposes set out in this policy. Enquiry data is kept while we respond to you and, where relevant, progress an application. Where you become a member, we retain identity, account and transaction records for the period required by applicable anti-money-laundering and financial-services law (which typically requires retention for a number of years after the relationship ends), and otherwise for as long as needed to meet our legal, regulatory and legitimate business needs. When data is no longer required, we securely delete or anonymise it.
10. Your rights
Subject to applicable law (including the Hong Kong Personal Data (Privacy) Ordinance and, where it applies, the EU/UK GDPR), you may have the right to:
- access the personal data we hold about you and request a copy;
- have inaccurate or incomplete data corrected;
- request deletion of your data in certain circumstances;
- object to or restrict certain processing, and to receive your data in a portable format;
- withdraw consent where we rely on it; and
- request human review of a decision based solely on automated processing.
Exercising these rights will not affect the lawfulness of processing carried out before your request. You also have the right to lodge a complaint with your local data protection authority.
11. Access to information and how to make a request
To exercise any of the rights above, or for any question about how we handle your personal data, contact us at Privacy@thedream.cards. We may need to verify your identity before acting on a request, and we will respond within the period required by applicable law.
12. Changes to this policy
We may update this policy from time to time to reflect changes in our services or legal requirements. When we do, we will revise the “Last updated” date above and, where the changes are significant, take reasonable steps to notify you. Your continued use of our website and services after an update means you accept the revised policy.
Contact
Nano Advanced Services Limited (Hong Kong). Data-protection enquiries: Privacy@thedream.cards. See also our Legal & Terms.