資料隱私政策
www.krip-hk.com and its sub-domains (the “Websites”) are held and provided by KRIP Limited. In the Data Privacy Policy stated herein (“Data Privacy Policy”), whenever we use “krip” and “the Company”, it refers to KRIP Limited, and “user” and “users” refer to anyone who uses the Websites.
- Introduction
- krip respects the privacy of its users and the Data Privacy Policy explains how the Company protects any data relating directly or indirectly to a living individual which is capable of being used to identify that individual and any additional data that may be collected as listed under Clause 3.2 under Section 3 – Collection of Personal Data (“Personal Data”) of this Data Privacy Policy in compliance with the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong). This Data Privacy Policy explains why and the way the Company will collect, use and disclose users’ Personal Data and the measures being, and to be, taken to ensure that users’ data stays secure and confidential.
- In doing so, the Company will ensure compliance by its staff to the strictest standards of security and confidentiality in respect of Personal Data submitted by users via the Websites and the Company will not release such information to anyone without the prior consent of the relevant users of the Websites, whether registered or not, except to the authorized persons permissible by Section 4 – Disclosure or Transfer of Personal Data of this Data Privacy Policy.
- If users have questions or concerns regarding this Data Privacy Policy, they should contact the Company at support@krip-hk.com
- Purpose of Personal Data Collection
- In the course of using the Websites, users may disclose or be asked to provide Personal Data in order to have the benefit of and enjoy various services offered by the Websites, in particular all personal data required on the registration form is mandatory. Although users are not obliged to provide some Personal Data as requested on the Websites, the Company will not be able to render certain services on the Websites in the event that users fail to do so.
- The Company’s purposes for collection of information and data on the Websites include but are not limited to the followings:
- For the daily operation of the services provided to users on the Websites;
- To set up and administer a user’s account on the Websites;
- To provide users with the services of the Company;
- To verify the identity of users who have used services provided by the Websites;
- To handle and follow-up on enquiries, requests and complaints;
- To provide users with relevant marketing and promotional information and materials;
- To contact users regarding administrative notices and communications relevant to the users’ accounts maintained with the Company (if any), and/or regarding notifications and confirmations in connection to their uses of any of the services offered by the Company via the Websites;
- To design, develop and improve products and services provided to users;
- To compile and analyze statistics about users’ use of the Websites and service usage by the users for the Company’s internal use;
- To analyze customer behavior, market trends and client demographics so that the Company can improve its services and to enable the Company to provide a more personalized service and more relevant communications to users;
- To facilitate the Company to use the users’ Personal Data for purposes relating to the provision of services offered by the Company and marketing services and/or promotions of the Company;
- To enable the Company to store data and manage its business operations efficiently;
- To comply with the legal obligations and as otherwise agreed by users as required or permitted by applicable laws;
- For any other purposes relating to the purposes stated above.
- The Company will never knowingly collect Personal Data from individuals under the age of thirteen (“13”) without first obtaining verifiable parental consent. If the user is under the age of 13, he/she should not provide information to the Company. If the Company becomes aware that a person under 13 has provided personal information to the Company without verifiable parental consent, the Company will delete that information as quickly as possible. If any user believes that the Company may have any information from or about a child under 13, please contact the Company at support@krip-hk.com
- The Company strives to only collect Personal Data which is necessary and adequate but not excessive in relation to the purposes set out hereinabove.
- If the Company requires the use of users’ Personal Data for a purpose other than those set out hereinabove, the Company may request the users’ prescribed consent to the same. If user is a minor, the prescribed consent should be given by his/her parent or guardian.
- Collection of Personal Data
- The Company may collect personal information and/or data about a user upon account registration on the Websites, including but not limited to his/her name, email address, log-in password and names of credit cards owned by the user (e.g. HSBC Red Credit Card) but excluding any identifiable information specific to a unique credit card, including card number, cardholder’s full name, expiry date, card security code and credit limit. Occasionally, the Company may also collect additional personal information and/or data from a user in connection with surveys or special offers and promotions.
- In addition, when a user uses the Websites, the Company may automatically collect certain data which may, when combined with other information about the user, constitute Personal Data, including but not limited to:
- Attributes of the equipment or device the user is using, such as operating system, hardware version, device settings, software and device identifiers;
- Device locations, including specific geographic locations identified through GPS, Bluetooth or WiFi signals or other means;
- Connection information such as name of mobile operator, Internet service provider or other service providers, browser software type and Internet Protocol (“IP”) address;
- The website from which the user has reached the Websites;
- Pages viewed on the Websites;
- Details of the products and services user has browsed, clicked on and saved provided on the Websites;
- Links from the Websites user has clicked on;
- Any information and/or data related to any of the above.
- Only duly authorized staff of the Company will be permitted to access the users’ Personal Data, and the Company shall not release such Personal Data to any third-parties for other unrelated purposes without the users’ consent except for the circumstances listed in Section 4 – Disclosure or Transfer of Personal Data of this Data Privacy Policy.
- Disclosure or Transfer of Personal Data
- The Company agrees to take all practical steps to keep all Personal Data confidential and/or undisclosed, subject to the followings.
- In general, the Company will only disclose and/or transfer users’ Personal Data to the Company’s personnel and staff for the purposes set out in Section 2 – Purpose of Personal Data Collection of this Data Privacy Policy. However, the Company may disclose and/or transfer such information and/or data to third-parties under the following circumstances:
- Where the information and/or data is disclosed and/or transferred to any third-party suppliers or external service providers who have been engaged by and duly authorized by the Company to use such information and/or data and who will facilitate the services on the Websites, who are required to uphold the comparable standards of security and confidentiality as particularized in the terms of this Data Privacy Policy;
- Where the information and/or data is disclosed and/or transferred to any affiliates, agents, associates, business partners, merchants, authorized financial institutions and/or other third-parties (“Third-Parties”) engaged by and duly authorized by the Company to use such information and/or data, who are required to uphold the comparable standards of security and confidentiality as particularized in the terms of this Data Privacy Policy;
- The Company may also provide the user’s Personal Data, including the user’s name, email address, credit cards owned, browsing history and any other data obtained subject to the terms of this Data Privacy Policy to the Third-Parties so that they may contact the users with news, offers, events and promotional campaigns which are customized and relevant to each user. We may provide the users’ Personal Data to these third-parties for gain. For the avoidance of doubt, users agree, which includes an indication of no objection, that the Third-Parties, with the Company’s prior written consent, may use the users’ Personal Data for their own marketing and/or promotional efforts, and that the Third-Parties’ use of the users’ Personal Data shall, at all times, be compliant with the relevant and applicable local laws;
- Where permitted under the Terms & Conditions;
- Where the Company needs to protect and defend its right and property;
- Where the Company considers necessary to do so in order to comply with the applicable laws and regulations, including compliance with a judicial proceeding, court order or legal process served on the Company and/or the Websites;
- Where the Company deems necessary in order to deliver the services that the Company offers and to maintain and improve the services provided on the Websites;
- Where the Company may disclose and/or transfer all or a portion of its business or assets to a third-party if the Company sells, transfers, divests or discloses all or a portion of its business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding. Such third-party will have to comply with the appropriate confidentiality and security measures.
- Personal Data collected via the Websites may be transferred, stored and/or processed in any country by the Company and/or any third-party suppliers or external service providers who have been engaged by and duly authorized by the Company. By using the Websites, users are deemed to have agreed to, consented to and authorized the Company to disclose and/or transfer their Personal Data under the circumstances stated hereinabove, as well as to any transfer of information outside of the users’ countries.
- Accuracy of Personal Data
- By providing the Company with Personal Data, users warrant that information and/or data is true and accurate and undertake to notify the Company as soon as practicable of any changes or alterations to the same. Any loss or damage caused to the Company or to the Websites or to any third-parties through the provision of erroneous, inexact or incomplete information will be the user’s own exclusive and absolute responsibility.
- Subscription of Newsletters, Promotions and Marketing Materials
- The Company may from time to time send to users of the Websites, by way of emails, newsletters, promotions and marketing materials and information regarding the Company or its Third-Parties’ products and services based on users’ Personal Data. The Company may use users’ Personal Data in direct marketing and the Company requires the users’ consent, which includes an indication of no objection, for that purpose.
- In this connection, please note that personal information and/or data about a user such as his/her name, email address, and names of credit cards owned by the user (e.g. HSBC Red Credit Card) but excluding any information specific to a unique credit card, including card number, cardholder’s full name, expiry date, card security code and credit limit held by the Company may be used from time to time by the Company and/or its authorized personnel or staff in direct marketing.
- Suitable measures are implemented to make available such users the option to opt-out of receiving such materials. In this regard, users may choose to unsubscribe from such materials by notifying the Company via email at support@krip-hk.com
- Such opt-out aforementioned will not affect users’ ability to receive from the Company fundamental notifications and correspondence in relation to users’ use of the services provided by the Company via the Websites.
- Cookies
- The Company does not collect any personally identifiable information from any users whilst they visit and browse the Websites, except where such information of the users is expressly requested. When users access the Websites, the Company records their visits only and do not collect their personal information and/or data. The Websites’ server software will also record the domain name server address and track the pages users visit and store such information in cookies, and gather and store information like IP addresses, browser type, referring and exit pages, operating system, date and time stamps and clickstream data in log files. All these are done without the users being aware that they are occurring.
- Cookies enable the Company to provide users with a more personalized experience on the Websites and allows the Websites to remember users when they revisit the Websites. Cookies also allow the Company to study browsing habits to improve services provided by the Websites and to offer more customized solutions and targeted advertisements and other marketing materials.
- In most cases, cookies are deleted when users close their browsers; these are referred to as session cookies. However, persistent cookies stay on browsing devices either until such time users delete them or they expire. By using the Websites, users consent to the Company using such cookies. Such use of data does not disclose any Personal Data, and the Company will not collect, process or use any of the users’ Personal Data in this regard.
- Users can alter their computer browser settings to block or delete cookies. If users opt to block or delete cookies of the Websites, they may not be able to access certain products or services and this could have an effect on the performances of the Websites on the users’ systems.
- The Company, third-party vendors and service providers engaged by the Company use the Company’s cookies and third-party cookies together to inform, optimize and serve marketing materials based on the users’ past visits or uses of the Websites.
- The Company does not link the information and data automatically collected in the above manner to any personally identifiable information. The Company generally uses such automatically collected information and data to estimate the audience size of the Websites, gauge the popularity of various parts of the Websites, track users’ movements on the Websites, measure users’ traffic patterns and administer the Websites. Such automatically collected information and data will not be disclosed except in accordance with Section 4 – Disclosure or Transfer of Personal Data of this Data Privacy Policy.
- Links to Other Websites
- The Websites may provide links to other websites which are not owned or controlled by the Company. Personal Data from users may be collected on these other websites when users visit such websites and make use of the services provided therein. Where and when users decide to click on any advertisements or hyperlinks on the Websites which grants users access to another website, the protection of users’ Personal Data which are deemed to be private and confidential may be exposed in these other websites.
- This Data Privacy Policy is only applicable to the Websites. Users are reminded that this Data Privacy Policy grants no protection to users’ Personal Data that may be exposed on websites other than the Websites, and the Company is not responsible for the privacy practices of such other websites. Users are strongly recommended to refer to the data privacy policies of such other websites. For the avoidance of doubt, the Company assumes no responsibility or liability whatsoever for users’ use of such other websites.
- Security
- The security of users’ Personal Data is important to the Company. The Company will always strive to ensure that users’ Personal Data will be protected against unauthorized access. The Company has implemented appropriate electronic and managerial measures in order to safeguard, protect and secure users’ Personal Data subject to the terms of this Data Privacy Policy.
- All Personal Data provided by users are only accessible by the authorized personnel of the Company or its authorized third-parties, and such personnel shall be instructed to observe the terms of this Data Privacy Policy when accessing such personal information and data. Users may rest assured that their Personal Data will only be kept for as long as is necessary to fulfill the purpose for which it is collected, unless users request the Company to cease to hold the same. Such request may render the Company unable to further provide its services, information and/or promotional materials for users’ benefit in the future.
- Registered users should safeguard his/her log-in password by keeping it secret and confidential and never share these details with anyone.
- The Company follows generally accepted industry standards to protect the Personal Data submitted by users to the Websites, both during transmission and once the Company receives it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while the Company strives to protect users’ Personal Data against unauthorized access, the Company cannot guarantee its absolute security.
- Access to or Request for Data Correction
- The Company would like to help users keep his/her personal information accurate and up-to-date. To view or edit personal information that has been stored on the Websites, please visit “My Account” on the Websites.
- Any user may make a data access request or a data correction request at any time by contacting the Company through email at support@krip-hk.com
- In the event that a user wishes to access or amend his/her Personal Data, the Company may request him/her to provide personal details in order to verify and confirm his/her identity. If users do make a data access request and if the Company deems the same as appropriate, only a copy of his/her Personal Data would be provided.
- Retention of Personal Data
- Once the Company has obtained a user’s Personal Data, it will be maintained securely in the Company’s system. Subject to legal requirements, Personal Data will be retained by the Company until a user requests the Company in writing to erase his/her Personal Data and/or data from the Company’s database or to terminate his/her user account of the Websites.
- Rights Applicable to EU Users
- This Data Privacy Policy is intended to cover collection of information and/or data on the Websites from residents of the Hong Kong Special Administrative Region only.
- However, if a user is a visitor from the European Economic Area, his/her rights under the General Data Protection Regulation (“GDPR”) in relation to personal data are subject to the protections offered by EU law. To exercise any of the rights afforded under GDPR, please contact the Company through email at support@krip-hk.com. Please note that if a user is not subject to EU law, these rights do not apply.
- Changes to Data Privacy Policy
- The Company reserves the right to update, revise, modify or amend this Data Privacy Policy at any time as the Company deems necessary and users are strongly recommended to review this Data Privacy Policy frequently. If the Company decides to update, revise, modify or amend this Data Privacy Policy, the Company will post those changes to the Websites and/or other places the Company deems appropriate so that users would be aware of what information the Company collects, how the Company uses it and under what circumstances, if any, the Company discloses it.
- If the Company makes material changes to this Data Privacy Policy, the Company will notify users by email or by means of a notice on the homepage of the Websites.
- Inconsistency
- Should there be any inconsistency between the English version and any version in other languages, the English version shall always prevail.
- Enquiries
- For any enquiries, please email support@krip-hk.com