Privacy Policy 


Last updated: 16 October 2015


This privacy policy (the Privacy Policy) was last updated on the date stipulated above and shall be updated from time to time. Any changes to this Privacy Policy will become effective upon posting of the revised policy hereunder. This Privacy Policy is intended to inform all Members about how the Data Controller (as defined below) treats Personal Information (as defined below) and Non-personal Information (as defined below). If any Member does not agree to any part of this Privacy Policy, then the Data Controller cannot provide the Application and/or the Services to such Member, and such Member should stop accessing the Application and/or the Services.


1. DEFINITIONS


Capitalised terms shall be as defined in the terms and conditions http://www.bytheway.com.hk/tos/ unless otherwise herein defined. 

 

"Data Controller" means WonMa Technology Limited (including its subsidiaries, affiliates and associated companies), the company responsible for the collection, holding, processing or use of Personal Information.


"Personal Information" means information collect by the Data Controller from its Members relating to any personal information that can be used to identify such Member as an individual, including among others, name, contact number, address, age, gender, passport or other identification document details.


Non-personal Information” means any such Personal Information which the Data Controller take and make it non-personally identifiable, either by combining it with information about other individuals (aggregating one Member’s information with another Member’s information), or by removing characteristics (such as Member’s name) that make the information personally identifiable to such Member (hence de-personalizing the information).


2. COLLECTION OF PERSONAL INFORMATION BY THE DATA CONTROLLER 


2.1 The Data Controller will request all Members to voluntarily provide it with Personal Information for purposes set out in Clause 4.2 of this Privacy Policy. 


2.2 In addition, when a Member uses certain features of the Application and/or the Services, the Data Controller may receive, store and process different types of information about such Member’s location, including specific information (e.g. GPS-based functionality on mobile devices used to access the Application and/or the Services). If a Member does not want his/her device to provide the Data Controller with location-tracking information, he/she can disable the GPS or other location-tracking functions on his/her device (as applicable).


3. ACCURACY AND RENTENTION OF PERSONAL INFORMATION BY THE DATA CONTROLLER


3.1      The Data Controller will receive, store and process Personal Information its Members make available when assessing or using the Application and/or the Services. It will take appropriate steps to protect Personal Information collected against unauthorised access, use or disclosure. 


3.2 In order to protect the Personal Information, the Data Controller will require all Members to prove his/her identity in relation to his/her request to access and/or correct his/her Personal Information. Requests for access and correction of Personal Information should be addressed in writing and sent by email to info@bytheway.com.hk. A reasonable fee may be charged to offset the Data Controller’s administrative and actual costs incurred in complying with the Member’s data access requests.


3.3 Should any Member’s account be cancelled or terminated at any time, the Data Controller shall cease processing his/her Personal Information as soon as reasonably practicable following such cancellation or termination, provided that the Data Controller may keep copies of such Member’s Personal Information as is reasonably required (i) for archival purposes; (ii) for use in relation to any actual or potential dispute; (iii) for the purpose of compliance with applicable laws and regulations; (iv) for the purpose of enforcing any agreement the Data Controller have with such Member; and (v) for protecting the Data Controller’s rights, property or safety, or the rights, property or safety of its employees. The Data Controller will take practicable steps to ensure Personal Information will not be kept longer than is necessary for the fulfillment of the above mentioned purposes (including direct or indirect purposes). 


3.4 For the avoidance of doubt, the Data Controller is entitled to retain, process and use, for indefinite term, any Non-personal Information.


4. USE OF PERSONAL INFORMATION BY THE DATA CONTROLLER 


4.1 The Data Controller will seek its Members’ express consents to any changes to how it uses or discloses its Members’ Personal Information if requested by law but otherwise use of the Application and/or the Services following such changes constitutes the Members’ acceptances of the revised statement then in effect.


4.2 The Data Controller limits the use and retention of the Personal Information to the following specific purposes directly only: 

(i) to enable its Members to access and use the Application and/or the Services; 

(ii) to operate, protect, improve and optimize the Application and/or the Services and to improve and customize its Members’ experiences when using the Application and/or the Services;

(iii) to help create and maintain a trusted and safer environment for its Members to use the Application and/or the Services;

(iv) to send its Members service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by its Members;

(v) to administer the business of the Data Controller and conduct research and development for new products and/or services; 

(vi) where its Members have provided consents, to send such Members marketing and promotional messages and other information that may be of interest to such Members (either alone or in conjunction with products/services offered by the Data Controller’s affiliates or business partners); 

(vii) to comply with the Data Controller’s legal obligations, resolve any disputes that the Data Controller may have with any of its Members, and enforce its agreements with third parties;

(viii) to derive, create or otherwise transfer the same into Non-personal Information for purpose of creating general data statistics;

(ix) for the Data Controller’s internal business and administrative purposes; and 

(x) other purposes directly relating to any of the above.


4.3 For the avoidance of doubt, the Data Controller is entitled to retain, process and use the Non-personal Information for any purpose including but not limited to research and analysis to improve the Data Controller’s services and businesses. 


5. DISCLOSURE AND TRANSFERRAL OF PERSONAL INFORMATION


5.1 The Data Controller may make certain Personal Information available to (i) data storage service providers, who may be situated within or outside Hong Kong, for the sole purpose of storing data which the Data Controller collected from time to time; and (ii) strategic business partners such as mail houses and e-mail service providers for the sole purpose of mailing and dissemination of its promotional materials only, both of whom are contractually prohibited from using the Personal Information for any purpose other than for the purpose specified in their respective contracts. Personal Information will not be shared with third parties for their own marketing purposes. By accepting this Privacy Policy, each Member acknowledges, understands and agrees that his or her Personal Information may be disclosed or transferred to any such third party.

 

5.2 In the circumstances where the Data Controller reorganises its group structure or undergoes a change of control or business combination, each Member’s Personal Information may, at Data Controller’s sole discretion, be transferred to a third party who will continue to operate the Data Controller or a similar service under either this Privacy Policy or a different privacy policy statement which will be notified to each Member. Such a third party may be located, and use of Members’ Personal Information may be made, outside of Hong Kong in connection with such acquisition or reorganisation.


6. E-MAILS AND PROMOTIONS AND OPTING OUT


6.1 When a Member indicates that he/she would like to receive promotional materials from the Data Controller and provide his/her e-mail address to the Data Controller specifically and expressly in order to receive marketing communications, the Data Controller may periodically contact such Member via e-mail and provide information about special offers and promotions that may be of interest to such Member. These communications will relate to offers relating to the Data Controller’s services. 


6.2 The Data Controller provides its Members with the ability to unsubscribe from all marketing communications. Every time a Member receives an e-mail, he/she will be provided with the choice to opt-out of future e-mails. Members may also opt-out of receiving promotional materials by sending an email to webmaster@bytheway.com.hk at any time.

 

6.3 The Data Controller provides its Members with the ability to request a removal of their Personal Information from its storage. Members may lodge such request in writing by sending an email to webmaster@bytheway.com.hk at any time. For the avoidance of doubt, the Data Controller is entitled to retain, process and use, for indefinite term and any purpose, any Non-personal Information.


7. APPLE MAPS’ AND GOOGLE MAPS’ PRIVACY POLICY


7.1 Since the Application/ Services utilizes the Apple Maps Service and Google Maps Application Program Interface (API): (i) Apple’s privacy policy, as may be amended by Apple Inc. from time to time, is incorporated by reference: http://www.apple.com/legal/privacy/en-ww/; and (ii) Google’s privacy policy, as may be amended by Google Inc. from time to time, is incorporated by reference: http://www.google.com/privacy.html.


8. LEGAL DISCLAIMER


8.1 This Privacy Policy complies with the Personal Data (Privacy) Ordinance, Chapter 486 of the Laws of the Hong Kong Special Administrative Region as well as applicable local laws. The Data Controller may need to disclose Personal Information when required by relevant law or court order, or as requested by other government or law enforcement authorities. This also applies when it has reasons to believe that disclosing the Personal Information is necessary to identify, investigate, protect, contact or bring legal action against someone who may be causing interference with its Members, or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.


8.2 The Data Controller continuously implement and update its administrative, technical and physical measures to help protect its Members’ Personal Information against unathorised access, use, processing, erasure, destruction, alternation or disclosure. However, the Data Controller cannot guarantee the absolute security of Members’ transmissions to the Data Controller and the storage of Personal Information.