1. Our Commitment to Privacy
We are committed to protecting the privacy, confidentiality and security of the personal information we hold by complying with the requirements of the PDPO with respect to the management of personal information. We are equally committed to ensuring that all our employees and agents uphold these obligations. Should we ask you to provide certain information by which you can be identified when using our services, you can be assured that it will only be used in accordance with this PPS.
Our commitment to complying with the PDPO is premised on the following principles:
- We only collect personal data that we believe to be relevant and required for the provision of our services and products.
- Personal data will only be used for the purposes specified and not for other purposes except with your consent.
- We will not disclose personal data to any third party unless we (i) have your consent or (ii) are required by law, but we will only do so under proper authority.
- All practicable steps will be taken to ensure your personal data are kept secure, confidential and accurate. Such data will not be retained longer than it is necessary.
- Only authorised personnel can access or process your personal data.
- You have the right to access or correct your personal data.
2. Collection of Personal Data
We will collect personal information from you in a variety of ways, including, but not limited to, when you use our website (“Site”), contact us and apply for our services. You may be asked for, as appropriate, your name, year and month of birth, address, telephone number and email address. The provision of your personal information to us is optional, but without it we may be unable to process your request or provide the services requested by you.
Some information may be automatically collected when you visit the Site. For example, it is standard for your web browser to automatically send information to every website you visit including ours. That information includes your Internet Protocol (IP) addresses, domain names, the types and configurations of browsers, language settings, geo-locations, operating systems, time/durations and previous sites visited (visitor data). We may also collect information about your usage and activity on the Site. We use this information, which does not identify individual users, to analyse trends, administer the Site, track users’ movements around the Site and gather demographic information about our user-base as a whole.
All personal data you provide to us are secured, and access to such data is restricted to authorised personnel only. We will only disclose your personal data to third parties in accordance with this PPS.
3. Use of Personal Data
We use your personal information to provide you with our services, operate and improve the Site, send you messages and for other purposes described in this PPS or disclosed to you on the Site or in connection with our services.
You agree and understand that any and all information supplied to and collected by us may be used for the following purposes:
- To provide you with and improve our services;
- To personalise and improve your experience on the Site;
- To process applications or requests made by you;
- To register for an account with us to build an application;
- To apply to become a partner;
- To respond to and follow up on your enquiries and provide customer service;
- To deliver service messages and other services and content you request and to send information related to accounts and services, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages;
- To conduct statistical analysis, research, surveys, quality assurance and review;
- To notify you of changes to our services that may affect you;
- To send you information about new promotions, products and services offered by OKiBOOK and our selected partners;
- To conduct an aggregated analysis of the performance of promotions;
- For internal record keeping;
- To meet regulatory and/or compliance obligations; and
- For other purposes directly relating to any of the above.
4. Transfer of Personal Data
When you sign up for our services, we may share the personal information you provide with the following third parties only as necessary for the third party to provide that service:
- Credit card processing companies and payment providers to bill you for services;
- Email service providers to send out emails on our behalf;
- Business partners, joint venture partners, service providers, vendors, agents, consultants and independent contractors who provide administrative or other services to us as required in the normal course and scope of our business:
- to comply with any applicable law, statute, governmental order or court order or respond to any lawful request and legal process;
- in the good faith belief that disclosure is needed to respond to an emergency or protect the personal safety of any person; and
- in connection with any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company.
5. Direct Marketing
We may use data from time to time collected or kept by us, including your name, address, telephone number and email address, for direct marketing purposes. We will not transmit or disclose your personal data to any third party for direct marketing purposes unless we have your consent or indication of no objection. In order to conduct the above direct marketing, we may engage third party data processors or service providers to complete the tasks.
When you give your consent or indication of no objection in relation to the above use to us, you represent that you have consented to our use of your personal data for the above purposes. You have the right to opt-out from such use. You may also change your preference with regard to use of your information in direct marketing at any time by contacting us at firstname.lastname@example.org.
The security of your personal information is important to us. We take reasonable security measures to protect your personal information to prevent loss, misuse, unauthorised access, disclosure, alteration, and destruction. When you enter sensitive information (such as credit card number) on our registration or order forms online, we encrypt that information using secure socket layer (SSL) technology. Payments are processed by Shopify Payments, which encrypts purchase transaction data through the Payment Card Industry Data Security Standard (PCI-DSS).
If you use a password on our Site, you are responsible for keeping it confidential and should not share it with any other person. If you believe your password has been misused, please advise us immediately.
We have also put in place suitable procedures to safeguard and secure the information we collect offline.
Please be aware, however, that despite our efforts, no security measures are impenetrable.
9. Retention of Personal Data
We will keep all personal data according to the guidance set by the PDPO. We will only retain and use your personal data for as long as your account is active or as needed to provide you services and for the period of time which is necessary to fulfil the purpose of use of such data (including any purpose directly related), comply with our legal obligations, resolve disputes, and enforce our agreements.
10. Controlling Your Personal Data
You have the following rights with respect to your personal data:
- To be informed about and access the personal data we hold;
- To supplement or have your personal data rectified or deleted;
- To restrict or object to the processing of personal data;
- To data portability, i.e., to receive your personal data in a structural, commonly used and machine-readable format, and to have that personal data transmitted directly to another data user; and
- To lodge a complaint to the relevant data protection authority.
You may choose to restrict the collection or use of your personal information in the following ways:
- Whenever you are asked to fill in a form on the Site, look for the box that you can click to indicate that you do not want the information to be used for direct marketing purposes.
- If you have previously agreed to our using your personal information for direct marketing purposes, you may change your mind at any time by emailing us at email@example.com.
If you would like to exercise any of your rights above, please contact our data protection officer at firstname.lastname@example.org. To protect your privacy and identity, we will take reasonable steps to verify your identity before granting access or making corrections to your personal data. Please note that we have the right to charge a reasonable fee for the processing of any data access request in accordance with the PDPO.
11. Revision of PPS
We may revise the terms of this PPS from time to time. We encourage you to check this PPS from time to time to ensure that you are aware of the most recent version.
12. English Version Prevails
If there is any inconsistency or ambiguity between the English and Chinese versions of this PPS, the English version shall prevail.
If you have any questions about this PPS, please contact us at email@example.com.
This version was last updated in January 2021.