Last updated: 16 October 2015
Capitalised terms shall be as defined in the terms and conditions http://www.bytheway.com.hk/tos/ unless otherwise herein defined.
"Data Controller" means WonMa Technology Limited (including its subsidiaries, affiliates and associated companies), the company responsible for the collection, holding, processing or use of Personal Information.
"Personal Information" means information collect by the Data Controller from its Members relating to any personal information that can be used to identify such Member as an individual, including among others, name, contact number, address, age, gender, passport or other identification document details.
“Non-personal Information” means any such Personal Information which the Data Controller take and make it non-personally identifiable, either by combining it with information about other individuals (aggregating one Member’s information with another Member’s information), or by removing characteristics (such as Member’s name) that make the information personally identifiable to such Member (hence de-personalizing the information).
2. COLLECTION OF PERSONAL INFORMATION BY THE DATA CONTROLLER
2.2 In addition, when a Member uses certain features of the Application and/or the Services, the Data Controller may receive, store and process different types of information about such Member’s location, including specific information (e.g. GPS-based functionality on mobile devices used to access the Application and/or the Services). If a Member does not want his/her device to provide the Data Controller with location-tracking information, he/she can disable the GPS or other location-tracking functions on his/her device (as applicable).
3. ACCURACY AND RENTENTION OF PERSONAL INFORMATION BY THE DATA CONTROLLER
3.1 The Data Controller will receive, store and process Personal Information its Members make available when assessing or using the Application and/or the Services. It will take appropriate steps to protect Personal Information collected against unauthorised access, use or disclosure.
3.2 In order to protect the Personal Information, the Data Controller will require all Members to prove his/her identity in relation to his/her request to access and/or correct his/her Personal Information. Requests for access and correction of Personal Information should be addressed in writing and sent by email to firstname.lastname@example.org. A reasonable fee may be charged to offset the Data Controller’s administrative and actual costs incurred in complying with the Member’s data access requests.
3.3 Should any Member’s account be cancelled or terminated at any time, the Data Controller shall cease processing his/her Personal Information as soon as reasonably practicable following such cancellation or termination, provided that the Data Controller may keep copies of such Member’s Personal Information as is reasonably required (i) for archival purposes; (ii) for use in relation to any actual or potential dispute; (iii) for the purpose of compliance with applicable laws and regulations; (iv) for the purpose of enforcing any agreement the Data Controller have with such Member; and (v) for protecting the Data Controller’s rights, property or safety, or the rights, property or safety of its employees. The Data Controller will take practicable steps to ensure Personal Information will not be kept longer than is necessary for the fulfillment of the above mentioned purposes (including direct or indirect purposes).
3.4 For the avoidance of doubt, the Data Controller is entitled to retain, process and use, for indefinite term, any Non-personal Information.
4. USE OF PERSONAL INFORMATION BY THE DATA CONTROLLER
4.1 The Data Controller will seek its Members’ express consents to any changes to how it uses or discloses its Members’ Personal Information if requested by law but otherwise use of the Application and/or the Services following such changes constitutes the Members’ acceptances of the revised statement then in effect.
4.2 The Data Controller limits the use and retention of the Personal Information to the following specific purposes directly only:
(i) to enable its Members to access and use the Application and/or the Services;
(ii) to operate, protect, improve and optimize the Application and/or the Services and to improve and customize its Members’ experiences when using the Application and/or the Services;
(iii) to help create and maintain a trusted and safer environment for its Members to use the Application and/or the Services;
(iv) to send its Members service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by its Members;
(v) to administer the business of the Data Controller and conduct research and development for new products and/or services;
(vi) where its Members have provided consents, to send such Members marketing and promotional messages and other information that may be of interest to such Members (either alone or in conjunction with products/services offered by the Data Controller’s affiliates or business partners);
(vii) to comply with the Data Controller’s legal obligations, resolve any disputes that the Data Controller may have with any of its Members, and enforce its agreements with third parties;
(viii) to derive, create or otherwise transfer the same into Non-personal Information for purpose of creating general data statistics;
(ix) for the Data Controller’s internal business and administrative purposes; and
(x) other purposes directly relating to any of the above.
4.3 For the avoidance of doubt, the Data Controller is entitled to retain, process and use the Non-personal Information for any purpose including but not limited to research and analysis to improve the Data Controller’s services and businesses.
5. DISCLOSURE AND TRANSFERRAL OF PERSONAL INFORMATION
6. E-MAILS AND PROMOTIONS AND OPTING OUT
6.1 When a Member indicates that he/she would like to receive promotional materials from the Data Controller and provide his/her e-mail address to the Data Controller specifically and expressly in order to receive marketing communications, the Data Controller may periodically contact such Member via e-mail and provide information about special offers and promotions that may be of interest to such Member. These communications will relate to offers relating to the Data Controller’s services.
6.2 The Data Controller provides its Members with the ability to unsubscribe from all marketing communications. Every time a Member receives an e-mail, he/she will be provided with the choice to opt-out of future e-mails. Members may also opt-out of receiving promotional materials by sending an email to email@example.com at any time.
6.3 The Data Controller provides its Members with the ability to request a removal of their Personal Information from its storage. Members may lodge such request in writing by sending an email to firstname.lastname@example.org at any time. For the avoidance of doubt, the Data Controller is entitled to retain, process and use, for indefinite term and any purpose, any Non-personal Information.
8. LEGAL DISCLAIMER
8.2 The Data Controller continuously implement and update its administrative, technical and physical measures to help protect its Members’ Personal Information against unathorised access, use, processing, erasure, destruction, alternation or disclosure. However, the Data Controller cannot guarantee the absolute security of Members’ transmissions to the Data Controller and the storage of Personal Information.