(Last update date: 2023-10-26)
About this Policy
This Privacy Statement (the “Policy”) sets out how Buyandship Limited and its affiliated companies (together, “we”, “us”, “our”) collect, use, manage and protect the personal data or information (“Data”) that we may collect from or about you. It applies to all individuals whose Data may be handled by us, whether as a controller or processor.We are committed to processing your Data in accordance with the required standards. This includes protecting your privacy and ensuring the security of your Data in compliance with the requirements of all applicable laws, including (but not limited to) the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) (the “Ordinance”).Before using and providing your Data for the purposes as set out in the Policy, we may be required by law to obtain your written consent and in such cases, only after having obtained such written consent, may we use your Data in the manner as specified.This Policy is made in Chinese and English. If there is any inconsistency or ambiguity between the English version and the Chinese version, the English version shall prevail.We are committed to protecting your data and your right to privacy. If you have any questions or concerns about this Policy or our practices with regard to your Data, please contact us.When you visit our website (the “Website”) and/or use our mobile application (the “App”), as the case may be, and more generally, use any of our services (the “Services”, which shall include the Website and App), we appreciate that you are trusting us with your Data. We take your privacy very seriously. In this Policy, we seek to explain to you in the clearest way possible what Data we collect, how we use it and what rights you have in relation to it. We hope you can take some time to read through it carefully, as it is important.The collection, usage and disclosure of your Data are necessary for the proper use of our Website, App and Services. If there are any terms in this Policy that you do not agree with, please discontinue the use of our Website, App and Services immediately.This Policy applies to all Data collected through our Services, as well as any related services, sales, marketing or events.Please read this Policy carefully as it will help you understand what we do with the Data that we collect from you.Please be advised that certain parts of the Services are hosted outside Hong Kong. If you access any of our Services from any other region of the world with laws or other requirements governing personal data collection, use or disclosure that differ from applicable laws in Hong Kong, then through your continued use of the Services, you are transferring your data outside Hong Kong and you consent to have your data transferred to and processed in regions other than Hong Kong.
What Data do we collect?
- We collect Data that you voluntarily provide to us when you register for the Services, place an order, subscribe to our newsletter, respond to a survey or fill out a form, express an interest in obtaining information about us or our products and the Services, when you participate in activities on the Services or otherwise when you contact us.
The Data that we collect depends on the context of your interactions with us and the Services, the choices you make and the products and features you use. The Data we collect may include the following:
- Data provided by you. We collect names; phone numbers; email addresses; mailing addresses; gender; interests; birth date; government identification number; and other similar Data.
- Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a redacted credit card number), cardholder’s name and the expiry date associated with your payment instrument.
- Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, such as Facebook, Google or other social media account. If you choose to register in such way, we will collect the Data described in the section called “How do we handle your social logins” below.
- All Data that you provide to us must be true, complete and accurate and you must notify us of any changes to such Data.
- You may decline to share Data with us and/or withdraw any consents which you may have provided, in which case, we may not be able to provide you with the Services.
- We will not store the full details of your credit card used for payment of any of our Services. Such payments will be completed through third-party payment platforms. Your full banking details will not be shared with us.
Data automatically collected through our Services
- We automatically collect certain Data when you visit, use or navigate the Services. This Data does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services and other technical information. This Data is primarily needed to maintain the security and operation of our Services and for our internal analytics and reporting purposes.
- Like many businesses, we also collect Data through cookies and similar technologies.
The Data we collect includes:
- Log and Usage Data. Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access and/or use the Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”) and hardware settings).
- Device Data. We collect device data such as information about your computer, phone, tablet or other device you use to access and/or use the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information.
- Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use Global Positioning System and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can stop the collection either by refusing access to such information or by disabling your location setting on your device. Note however, if you choose to opt out, you may not be able to use certain aspects of the Services.
- We use Data collected via the Services for a variety of business purposes described below. We process your Data for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent and/or for compliance with our legal obligations. We hereby provide the specific grounds we rely on for each purpose listed below.
- We use the Data we collect or receive:
- To facilitate account creation and logon process. If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the Data you allow us to collect from those third parties to facilitate account creation and logon process for the performance of our Services. See the section below headed “How do we handle your social logins” for further information.
- To post testimonials. We post testimonials on our Services that may contain Data. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. If you wish to update or delete your testimonial, please contact us and include your name, the location of your testimonial and contact information.
- Request feedback. We may use your Data to request feedback and to contact you about your use of our Services.
- To enable user-to-user communications. We may use your Data to enable user-to-user communications with each user’s consent.
- To manage user accounts. We may use your Data for the purposes of managing our account and keeping it in working order.
- To send administrative information to you. We may use your Data to send you our products, Services, new feature information and/or information about changes to our terms, conditions and policies.
- To protect our Services. We may use your Data as part of our efforts to keep our Services safe and secure (for example, for fraud monitoring and prevention).
- To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contracts with third parties.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the Data we hold to determine how to respond.
- Fulfill and manage your orders. We may use your Data to fulfill, manage and/or facilitate your orders, payments, returns and exchanges made through the Services.
- Administer prize draws and competitions. We may use your Data to administer prize draws and competitions when you elect to participate in such activities.
- To deliver and facilitate the delivery of Services to the users. We may use your Data to provide you with the requested service.
- To respond to users’ enquiries and offer support to users. We may use your Data to respond to your enquiries and solve any potential issues you might have with the use of our Services.
- To send you marketing and promotional communications. We and/or our third-party marketing partners may use the Data you send to us such as your name, email address and phone number for our marketing purposes, if you have provided your express consent for us and/or our third-party marketing partners to use your Data for marketing and promotional communications. You may withdraw your consent for us to use your Data for sending you marketing and promotional communications at any time by following the procedure stated in Section 15(d) below.
- To deliver targeted advertisements to you. We may use your Data to develop and display personalized content and advertisements (and work with third parties who do so) tailored to your interests and/or location and to measure its effectiveness.
- For other business purposes. We may use your Data for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and evaluating and improving our Services, products, marketing and your experience. We may use and store Data in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information. We will not use identifiable personal information without your consent.
- We may use information that does not personally identify you for any purpose, except where we are required to do otherwise under applicable law.
- We have implemented appropriate and industry-accepted technical and organizational security measures designed to protect the security of any Data we process.
- However, despite our measures and efforts to secure your Data, no system is 100% secure. We cannot promise or guarantee that hackers, cybercriminals or other unauthorized third parties will not be able to defeat the security system of ours or our third-party service providers’ and improperly collect, access, steal or modify your Data. Although we will do our best to protect your Data, transmission of Data to and from our Services is at your own risk and we cannot be held liable for any loss you may suffer from any unauthorized access to or loss of your Data. You should only access and/or use our Services in a secure environment.
- Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your browser (if you allow) that enables the sites or service provider systems to recognize your browser and capture and remember certain Data.
- You may choose to accept or reject cookies. If you choose to remove or reject cookies, this could affect certain features or services of our Services.
- In short, if you choose to register or log in to the Services using a social media account, we may have access to certain Data about you through your social media account. We will treat Data collected through your social media account as having been provided by you.
- The Services offer you the ability to register and login using your third-party social media account details (such as your Facebook or Google account). Where you choose to do so, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, profile picture as well as other information you choose to make public on such social media platform.
- We will use the Data we receive only for the purposes that are described in this Policy or that are otherwise made clear to you on the relevant Services. Please note that we do not control and are not responsible for, other uses of your Data by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use and share your Data and how you can set your privacy preferences on their sites and apps.
- We do not sell, trade or otherwise transfer to outside parties your personally identifiable information. We may share your Data with third parties under circumstances stated in Section 9.
- We are not responsible for the safety of any Data that you share with third-party providers who advertise, but are not affiliated with, the Services.
- The Services may contain advertisements from third parties that are not affiliated with us and links to other websites, online services or mobile applications. We cannot guarantee the safety and privacy of the data you provide to any third parties. Any data collected by third parties is not covered by this Policy. We are not responsible for the content or privacy and security practices and policies of any third parties, including, without limitation, other websites, services or applications that may be linked to or from the Services. You should review the policies of such third parties and contact them directly for any questions regarding their policies.
- We only share Data with your consent, to comply with laws, to provide you with Services, to protect your rights or to fulfill business obligations.
We may process or share your Data that we hold on any of the following legal bases:
- Consent: We may process your Data if you have given us specific consent to use your Data for a specific purpose.
- Legitimate Business Interests: We may process your Data when it is reasonably necessary to achieve our legitimate business interests.
- Performance of a Contract: Where we have entered into a contract with you, we may process your Data to fulfill the terms of our contract.
- Legal Obligations: We may disclose your Data where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order or legal process, such as in response to a court order or a subpoena (including, without limitation, response to public authorities to meet national security or law enforcement requirements).
- Vital Interests: We may disclose your Data where we believe it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person, illegal activities or as evidence in proceedings in which we are involved.
More specifically, we may need to process or share your Data in any of the following situations:
- Business Transfers: We may share or transfer your Data in connection with, during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company.
- Vendors, Consultants and other Third-Party Service Providers. We may share your Data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such Data to perform their work. Examples include payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Services, which will enable them to collect data on our behalf about how you interact with our Services over time. Such Data may be used to, among other things, analyze and track data, determine the popularity of certain content, pages or features and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your personally identifiable information with third parties for their promotional purposes. We may disclose your Data to third parties who assist us in operating our website, conducting our business or servicing you and we will contractually require such third parties to use your Data only for those purposes, to keep your Data secure and confidential and to ensure that all processing is done in accordance with applicable law. However, anonymized or pseudonymized information may be provided to other parties for marketing, advertising or other uses.
- Third-Party Advertisers. We may allow third-party advertising companies to post advertisements when you visit or use the Services. These companies may use Data about your visits to our Website(s) and other websites that is contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you.
- Affiliates. We may share your Data with our affiliates, in which case we will require those affiliates to honor this Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
- Business Partners. We may share your Data with our business partners to offer you certain products, Services or promotions.
We will retain your Data in accordance with our internal procedures. Our procedures are in compliance with the Ordinance and other applicable laws and are governed by the following principles:
- Data will only be retained for as long as is necessary to fulfill the original or directly related purposes for which it was collected, unless a longer retention period is required or permitted by law (such as tax, accounting or any applicable legal, regulatory or contractual obligations); and
- Data are purged from our electronic, manual and other filing systems based on the above criteria and our internal procedures.
- No purpose in this Policy will require us to keep your Data for longer than the period of time for which you have an account with us, unless otherwise required by law.
- When we have no ongoing legitimate business need to process your Data, unless otherwise required by law, we will either delete or anonymize such Data or, if this is not possible (for example, because your Data has been stored in backup archives), then we will securely store your Data and isolate it from any further processing until deletion is possible.
We take all reasonable precautions to ensure that the Data we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of that Data depends to a large extent on the Data you provide. You have a right to request access to and correction of your Data. We recommend that you:
- let us know if there are any errors in your Data; and
- keep us up-to-date with changes to your Data.
- To access, amend or delete any of your Data we hold or to request that we delete any of your Data that is no longer necessary for the provision of our Services, you may contact us.
- We may apply an administrative charge for providing you with access to your Data in response to such request.
- You may decline to share Data with us and/or withdraw any consents which you may have provided, in which case, we may not be able to provide you with some of our Services.
- At any time, you may object to us holding or processing your Data, on legitimate grounds, save and except as otherwise permitted by the applicable law.
By using our Website, App or Services, you consent to this Policy.
Should there be any changes to this Policy, we will post those changes on this page.
We do not knowingly accept, request or solicit Data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If you become aware of any Data we may have collected from children under the age of 18, please contact us.
- If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account.
- Cookies and similar technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject cookies. If you choose to remove or reject cookies, this could affect certain features or services of our Services. To opt out of interest-based advertising by advertisers on our Services, please visit http://www.aboutads.info/choices/.
- Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by changing your consent in your account settings. You will then be removed from the marketing email list. However, we may still communicate with you, for example, to send you service-related emails that are necessary for the administration and use of your account, to respond to service requests or for other non-marketing purposes. To otherwise opt out, you may contact us.
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice through a revised version of this Policy.
For all issues and enquiries regarding our compliance with our obligations under the Ordinance, where applicable, and any request for access to, correction or deletion of your Data, please contact us in writing at:
Privacy Compliance Officer
16/F, 9 Wing Hong Street
Cheung Sha Wan, Kowloon, Hong Kong
or via email to: email@example.com
We will respond to your enquiry or request within 40 days.
Privacy Compliance Officer
16/F, 9 Wing Hong Street
Cheung Sha Wan, Kowloon, Hong Kong
or via email to: firstname.lastname@example.org
We will respond to your enquiry or request within 40 days.