In line with relevant data protection laws, including but not limited to the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"), the European General Data Protection Regulation ("GDPR"), and other applicable national data protection laws (collectively known as "Applicable Laws"), we collect, use, process, store, and transfer the Personal Data of our Clients.
Personal Data means any information that relates to an identified or identifiable living individual. Different pieces of information, which collectively identify a particular person also constitute personal data.
You will be asked to consent to the terms of this Policy when making an enquiry, registering for events or interacting with us via Products and Services. To the extent permitted by Applicable Law, your continued use of our Products and Services constitutes your consent to the Policy.
If you do not agree to this Policy, please do not provide any Personal Data when requested and should refrain from using our Products and Services.
We process Personal Data if one of the following legal basis applies:
Depending on the type of Products and Services that are used, we may collect the following types of information through Products and Services:
We also collect other Personal Data provided to us as part of the Products and Services or for specific purposes made known to you at the time of collection.
Data may also be provided to us by third parties who we assume have obtained your consent or otherwise are permitted by Applicable Laws to share such data with us.
It is worth noting that some of the above information and data we collect are for processing for and on behalf of the Client for their purposes.
Depending on the type of Products and Services that are used, we may collect, use and process Personal Data for the following purposes:
In addition, with the Client’s express consent, we will also use Personal Data collected by us for direct marketing and promotional purposes. Please see our Section E on Direct Marketing.
We use analytic technologies, such as cookies, or other automated tracking and technologies provided by third parties to collect information through automated means in order to understand the usage of the Products and Services.
Cookies, or similar technologies (such cookies or other similar technologies, “Cookies”), are small computer files stored on your devices used to access our Products and Services.
You can choose to allow the installation of these Cookies or choose to disable them later. You can consent or reject, or request to be alerted when cookies are stored by adjusting your web browser settings (for websites) or device settings (for software applications), or through third-party cookie providers. However, should you refuse the installation of Cookies, the Products and Services, along with some features, might not function as expected.
Only with the explicit consent of our Clients, shall we use a Client’s name, email address and mobile phone number to send direct marketing materials including news, offers, promotions, and joint marketing offers that we consider may be of interest to you. If any Client prefers not to receive any direct marketing communications, they may withdraw any consent given without charge at any time by contacting us.
Even if you opt out of direct marketing, we may still send you other non-marketing communications as necessary for us to provide our Products and Services to you.
We keep Personal Data for a period not exceeding what is required for the purposes for which the Personal Data is collected and in accordance with the Applicable Laws (“Retention Period”).
Without affecting the general rule above, we will retain and store Personal Data:
When the Retention Period ends or at the request of the Client, we will delete the Personal Data or otherwise anonymise the Personal Data to a point where it is impossible to reidentify an individual. The Retention Period may be changed upon the cancellation of or re-enrollment in the Products and Services, or in accordance with Applicable Laws.
We share information collected as outlined below and where Clients have asked us to do so or otherwise consented, on a need-to-know basis:
Service providers: We will share Personal Data collected with third-party service providers or sub-processors who process such data for us for purposes set out in Section C or for purposes of our Clients. This includes:
When we transfer the Personal Data, we will protect the Personal Data as described in this Policy and comply with applicable legal requirements for providing adequate protection for the transfer of Personal Data.
We have a data processing addendum with our trusted partners that are incorporated in our service agreements with our data processing and storage partners. Our support, developers and other team members are located in different parts of the world, and they may have access to Personal Data from outside of where the Client lives in order to provide timely support to constantly maintain our Products and Services.
By using the Products and Services, you agree that Personal Data may be processed by such subcontractors in countries that may not offer the same degree of data protection as the country where the Client lives. We will, however, only transfer the Personal Data in compliance with Applicable Laws.
We have taken reasonable contractual measures to ensure that our subcontractors would process Personal Data in accordance with our directions and for our purposes as set forth in this Policy. Our subcontractors are prohibited from using Personal Data for any other purposes without the Data Subject’s consent.
We take different measures to secure Personal Data. We use appropriate organizational and technical means to protect Personal Data against any loss, destruction, alteration, or unauthorized, unlawful or abusive use of Personal Data. We placed the same obligations on our subcontractors who process Personal Data for our purposes and on our instructions.
Personal Data is encrypted in the database while at rest and in transit. We strictly restrict the scope of personnel who can access Personal Data and information, and require them to comply with their contractual confidentiality obligations. In the event of a data breach or other security incident of Personal Data, we will activate an emergency response plan to prevent the expansion of such security incidents and notify you in the form of push notifications, public announcements, etc.
To the extent permitted by Applicable Laws, we shall not be held liable for any direct or indirect loss, damages, or costs sustained or incurred by the Data Subject in the event of a data breach, or if the Personal Data is subject to unauthorized use, access, deletion, or alteration.
The Client enjoys the following rights under the Policy:
This Policy outlined the types of information we collect, the purposes of processing Personal Data and the legal basis for doing so as well as the transfer, storage and handling by us of your Personal Data.
Clients are entitled to access Personal Data that is in our possession or under our control. The right of access includes the right to know how we use Personal Data in practice and with whom we share such information.
Clients may contact us to correct any of the Personal Data that is in our possession or under our control.
Clients may ask us to remove or delete Personal Data or to restrict the processing of Personal Data where there are no valid reasons for any continued processing. However, the right to erasure is subject to our lawful rights under Applicable Laws to retain Personal Data for our legitimate purposes, such as the enforcement of our legal rights.
If a Client requires us to restrict the processing of Personal Data other than for storage purposes, we may use such Personal Data again if there are valid reasons under Applicable Laws for us to do so.
The Client has the right to receive a copy of the Personal Data we process. The Client may request us to transfer it to another party, except under certain circumstances.
The Client has the right to object to our processing or use of Personal Data at any time. In particular, Data Subjects can object to our use of Personal Data for direct marketing purposes.
We shall notify the Client and any applicable regulators in writing in the event of a suspected or actual breach of the Personal Data.
Our Products and Services are not directed at people under the age of 18 (“Children”). We do not knowingly collect, solicit, market or process Personal Data belonging to Children.
You acknowledge and understand that some of our Clients will regularly disclose to us Personal Data collected by such Clients in the course of accessing and using our Products and Services. Where applicable, the Clients agree to grant us a non-exclusive right to process such Personal Data as a data processor solely to provide our Products and Services.
In the scenarios where we are processing Personal Data as a data processor for our Client’s purposes, we shall:
Our Products and Services may include links to third-party websites which are not governed by this Policy. We do not collect or access data that may have been collected by these third parties at their discretion.
The inclusion of third-party links does not mean that we approve, authorize or otherwise are affiliated with the websites to which the links connect. Clients are advised to remove the privacy notice of such third-party websites before providing any Personal Data to such websites or using the services of such websites.
We are not responsible for the use of Personal Data by such third parties and we cannot guarantee that they have the same level of data protection policy as us.
We reserve the right to change the Policy at any time. If we change the Policy, we will communicate the changes to you through notifications or alerts provided to you under the Products and Services, or any other appropriate means, for example, by email, so that the Client will be fully informed of such changes. Any changes to the Policy will take effect thirty (30) days after such changes have been communicated to you. Your continued use of our Products and Services will be deemed as an acceptance of the changes to the Policy.
If any part or provision of this Policy is prohibited or deemed to be void or unenforceable, that part or provision shall be ineffective to the extent of such prohibition or unenforceability without invalidating the remaining provisions hereof.
This Policy shall be governed by, and construed in accordance with, the laws of the Hong Kong Special Administrative Region (“Hong Kong”). Any dispute, controversy, difference or claim arising out of or relating to this Policy, including the existence, validity, interpretation, performance, breach or termination thereof or any dispute regarding non-contractual obligations arising out of or relating to it shall be referred to and finally resolved by arbitration administered by the Hong Kong International Arbitration Centre (“HKIAC”) under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted. The seat of arbitration shall be Hong Kong. This arbitration clause shall be governed by Hong Kong law. The number of arbitrations shall be one. The arbitration proceedings shall be conducted in English.
If you have any questions or concerns regarding this Policy or to exercise your rights under this Policy, please contact our Data Protection Officer:
Name: Pak Hui
Address: Unit 704, 7/F, The Whitney, 183 Wai Yip Street, Kwun Tong
Email Address: firstname.lastname@example.org
Telephone Number: +852 28899282