Important Notice
By accessing this website and any of its pages the users are agreeing to the terms set out below and by continuing to use this website following the posting of any changes to these terms will signify the users’ consent to the changes made. The Company may change this Privacy Policy from time to time. The Company will not reduce the users’ rights under this Privacy Policy without the users’ explicit consent. If changes are significant, the Company will provide a more prominent notice (including, for certain services and products, email notification of Privacy Policy changes).
The Chinese translation of this Privacy Policy is for reference only. In case of any discrepancy between the English version and the Chinese version, the English version shall prevail.
Internet Privacy Policy Statement
In addition to the Company’s duty of confidentiality to customers, the Company shall at all times observe the Personal Data (Privacy) Ordinance (“the Ordinance”) of the Hong Kong SAR and other applicable data protection law in collecting, maintaining and using the personal data of customers.
If the users do not wish the Company to use or provide to other persons their personal data for use in direct marketing, they may exercise their opt-out right by notifying the Company.
The Company will not collect any personal data that identifies a user to this website unless specified otherwise herein. Only the pages of this website visited will be recorded. Such information will be used to prepare aggregate information about the number of visitors to the website and general statistics on usage patterns of the website. Some of this information will be gathered through the use of “cookies”. For details of cookies, please refer to the Cookies Policy.
In order to provide the services and products, the Company may process certain personal data about the users. Any information relating to an identified or identifiable natural person will be regarded as “personal data”, information which cannot be used to identify a natural person is “anonymous data” which is not the subject herein. The type of personal data that the Company collects depends on how the users use such services and products.
Personal data and content may be collected. The Company collects the users email address, telephone number and other information the users provide when they use the services and products, including without limitation:
Once the users follow the Company’s official account(s) in third parties’ application, such as Wechat or Facebook, the Company may access the information on the users’ open ID, profile photo, nickname, gender, country/region/city, the starting time of following the Company’s official account(s) and status of the users’ relevant account(s) from these third parties’ application platform automatically for the purposes of pushing notification messages and performing statistical analysis.
Personal data about transactions made on the services and products. If the users use their accounts for purchasing certain services and products, the Company collects information about the purchase or transaction. This includes payment information, such as the users’ credit or debit card number and other card information, other account and authentication information, and billing, shipping and contact details.
Intended use of the personal data. The Company uses the personal data (subject to choices the users make) for the following purposes:
The Company will only use the personal data to send the marketing materials if the Company have the users’ consent.
Users who do not allow the Company to use their information in their accounts collected through third parties’ application in the above manner may at any time unfollow the Company’s official account(s). In such event, users may not be able to use the services and products provided in such official account(s).
Share personal data. Subject to the applicable data protection laws, the Company may provide personal data to vendors and service providers who support the Company’s business, such as by providing technical infrastructure services, providing customer service, facilitating payments or conducting surveys. The Company will use its best endeavor to ensure each of these vendors and service providers not to disclose or use the personal data for any other purposes.
The Company may share the users’ personal data in response to a legal request (e.g. a search warrant, court order or subpoena) or if the Company has a good-faith belief that the law requires the Company to do so. This may include responding to legal requests from jurisdictions outside of Hong Kong when the Company has a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognized standards.
Personal data the Company collected is a business asset. If the Company is acquired by a third party as a result of a transaction such as a merger, acquisition, or asset sale or if the Company’s assets are acquired by a third party in the event the Company go out of business or enter bankruptcy, some or all of the assets, including the personal data, will be disclosed or transferred to a third party acquirer in connection with the transaction.
Transfer of personal data. Depends on the nature of the services and products, the users’ personal data will likely be transferred and stored in a country outside of their home country, whose data protection laws may not be the same as in the users’ home country. Such transfer is necessary for the performance of the services and products the users choose. Purchasing certain services and products will signify the users’ explicitly consented to the proposed transfer.
Duration of the storages of personal data. The Company stores personal data until it is no longer necessary to provide the services and products or upon request of the users. This is a case-by-case determination that depends on things such as the nature of data, the purpose of the collection and processing and relevant legal or operational retention needs.
For services and products involving electronic communications or transactions submitted to the Company’s systems for processing or transmission which may contain personal data, the Company will only process such personal data for the purpose of effectively providing the relevant services and product. Content of the electronic communications or transactions may be stored on the Company’s live systems or in the Company data archives for operational purposes such as reporting and trouble shooting. The Company will delete message content completely from the systems and data archives when it is no longer required for operational purposes.
Personal data can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation or investigations of possible violations of the Company’s terms or policies, or otherwise to prevent any harm. The Company also retains information from accounts disabled for at least a year to prevent repeat abuse, other terms violations, breach or potential breach of applicable laws.
Sensitive information: Sensitive information includes information relating to (i) race or ethnic origin; (ii) political opinions; religious or other similar beliefs; (iii) trade union membership; and (iv) physical or mental health; sexual life or criminal records. The Company will not request the users to provide sensitive information of this nature. If the users provide sensitive information voluntarily for any reason, the users explicitly consent to the Company’s use of the sensitive information in the ways described in this Privacy Policy or as described at the point where they choose to disclose this information.
Users’ Rights and Choices: If the users are based in European Economic Area or in any country/area that mandates similar rights, the users can:
The law provides exceptions to these rights in certain circumstances. The Company will provide reason to the users if they have any concern.Consent: The Company only collects or process personal data if it is specifically and voluntarily provided by the users. If the users provide the Company with personal data about another person, they shall warrant that they have that person’s consent to do so and that person has given explicit consent for the Company to collect or process their personal data for the purpose for which such users submitted it to the Company. To the fullest extent allowed by applicable laws, the users shall fully indemnify, defend and hold harmless, the Company, the Group Members, their respective officers, employees, agents, representatives, consultants, and contractors from and against any and all loss, costs, penalties, fines, damages, claims, expenses (including attorney’s fees) or liabilities arising out of, resulting from, or in connection with the breach of this clause.
Contact the Company
Request for access to personal data or correction of personal data or for information regarding policies and practices on personal data and kinds of personal data held should be sent to pr@citictel.com.