For the purposes of this policy: • “we”, “us”, “our” or “Statrys” means Statrys Limited, “you”, “your” or “yours” means the persons to whom this policy applies; • “Statrys Group” means Statrys Limited amd its affiliates companies; • “you”, “your” or “yours” means the persons to whom this policy applies; • “applicable regulations” means the Hong Kong Personal Data (Privacy) Ordinance, the European Union General Data Protection Regulation (GDPR), as any and all regulations applying to us. The security of your personal data is important to us. We comply with applicable regulations and have safeguards in place to protect the personal data stored with us. This policy sets out the basis on which we may collect, use, disclose, process and manage your personal data. Please read this policy carefully to understand our practices regarding personal data. By visiting www.statrys.com you are accepting and consenting to the practices described in this policy.
WE MAY COLLECT AND PROCESS THE FOLLOWING DATA ABOUT YOU:
Information you give us.
You may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our website, subscribe to our services, place an order or transact on our website or report a problem with our website. The information you give us may include your: a) personal particulars (such as name, contact details, residential address, date of birth, passport/identity card) information; b) financial details (such as income, expenses); c) images and voice recordings of our communications with you; d) employment details (such as occupation, directorships and other positions held, employment history, salary, and/or benefits); e) personal opinions disclosed to us (such as feedback on our products and website); f) information obtained from a mobile device with your consent; g) your specimen signatures(s); h) beneficiaries, shareholders, ultimate beneficial owners, trustees, directors; and/or i) commercial and/or identification information allowing us to comply with our obligations in terms of anti-money laundering and anti-terrorist financing.
Information we collect about you.
With each visit to our website we may automatically collect the following information: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call Our customer service number.
Information we receive from other sources.
We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. Where this is the case, we will ensure this will be in full compliance with applicable regulations.
HOW WE USE YOUR INFORMATION
Information you give to us and information we collect about you.
We will notably use this information: a) developing and providing our facilities, products or services (whether made available by us or through us), including but not limited to: executing commercial or other transactions and clearing or reporting on these transactions; carrying out research; planning and statistical analysis; analytics for the purposes of developing or improving our products, services, security, service quality, and advertising strategies. b) assessing and processing applications, instructions or requests; c) communicating with you, including providing you with updates on changes to products, services and facilities (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such products, services and facilities and their terms and conditions; d) managing our infrastructure and business operations and complying with internal policies and procedures; e) to carry out our obligations arising from any contracts entered into between you and us and/or to provide you with the information, products and services that you request from us; f) to provide you with information about other products and services we offer; g) to notify you about changes to our service; h) to respond to any enquiry you have made through our website, or via phone, e-mail or otherwise; i) to comply with legal obligations we are subject to as a data controller and regulated business; j) where required to protect your vital interests or that of another natural person; k) to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; l) to improve our website to ensure that content is presented in the most effective manner for you and for your computer; m) to allow you to participate in interactive features of our services, when you choose to do so; n) as part of our efforts to keep our website safe and secure; o) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; p) to respond to queries or feedback; q) addressing or investigating any complaints, claims or disputes; r) verifying your identity for the purposes of providing facilities, products or services; s) conducting screenings or due diligence checks as may be required under applicable law, regulation or directive; t) complying with all applicable laws, regulations, rules, directives, orders, instructions and requests from any local or foreign authorities, including regulatory, governmental, tax and law enforcement authorities or other authorities; u) financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes; v) enforcing obligations owed to us; and/or w) seeking professional advice, including legal advice.
Information we receive from other sources.
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Information we disclose about you.
We may from time to time share your personal information with any member of Statrys Group or to selected third parties, whether located in Hong Kong or elsewhere. Any such sharing will be made in full compliance with applicable regulations. The following are the types of third parties we may share some of your personal data with: a) Business partners – suppliers and sub-contractors for the performance of any services that we provide to you or any agreement we enter with them b) Analytics – search engine and analytics providers that assist Us in the improvement and optimisation of our website c) Compliance – companies which services we use for the purposes of meeting our obligations in terms of anti-money laundering and anti-terrorist financing d) Data storage – providers who supply physical or cloud-based storage services. e) Banking and payments network – providers who support our payments network including banks, PSPs and liquidity providers. These providers will also have their own legal obligations when processing your data. We facilitate payments to numerous jurisdictions where we may not have a direct relationship with the businesses in these jurisdictions – for example the beneficiary bank. If you are making a payment to a beneficiary in a certain jurisdiction, your data will by default be processed by this entity. f) Communications – providers who supply communications solutions both internally and externally. g) Prospective Buyers/Sellers – we may transfer, store, process and/or deal with your personal data outside Hong Kong. In doing so, we will strictly comply with applicable regulations. We will never sell your personal data without your consent. Notwithstanding the foregoing, if we sell any business or assets, we may then disclose your personal data to the prospective buyer of such business or assets. If we sell our company or substantially all of our assets to a third party, your personal data may then be one of the transferred assets.
Use of personal data for marketing purposes
We may use your personal data to offer you products or services, including special offers, promotions or entitlements that may be of interest to you or for which you may be eligible. Such marketing messages may be sent to you in various modes including but not limited to electronic mail, direct mailers, short message service, telephone calls, and other mobile messaging services. In doing so, we will comply with applicable regulations. In respect of sending telemarketing messages to your Hong Kong telephone number via short message service, telephone calls, facsimile and other mobile messaging services, please be assured that we shall only do so if we have your clear and unambiguous consent in writing or other recorded form to do so or if you have not otherwise made the appropriate registration of that number with the Do-not-call Registers. If we have an ongoing relationship with you and you have not indicated to us that you do not wish to receive telemarketing messages sent to your Hong Kong telephone number, we may send you telemarketing messages to that number related to the subject of our ongoing relationship via short message service, facsimile and other mobile messaging services (other than a voice or video call). You may at any time request that we stop contacting you for marketing purposes via selected or all modes. To find out more on how you can change the way we use your personal data for marketing purposes, please contact us (please see the “Contact us” section below). Nothing in this section shall vary or supersede the terms and conditions that govern our relationship with you.
WHERE WE STORE YOUR PERSONAL INFORMATION
The data that we collect from you may be transferred to, and stored at, a destination outside Hong Kong. It may also be processed by staff operating outside Hong Kong who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
ACCESS AND CORRECTION
You may contact Our Data Protection Officer, firstname.lastname@example.org, to exercise your rights. You may check whether we hold your personal data and request access to such personal data, or make corrections to personal data held by us. Subject to applicable regulations, we may charge a fee for processing your request for access. Such a fee depends on the nature and complexity of your access request. Information on any processing fees will be made available to you. GDPR also provides relevant individuals with additional rights including the right to obtain information on how Statrys processes your personal data, receive certain information provided in an electronic format and/or request that these be transmitted to a third party, request for your information to be erased, object or restrict the use or processing of your information in some circumstances. These will be subject to ongoing obligations imposed on us pursuant to any applicable law or regulation, and/or our legitimate reason or entitlement to continue processing your information, and/or to refuse that request. Please contact us (please see the “Contact us” section below) for details on how you may request access or correction to, or exercise your rights with respect to the processing of your personal data.
The period for which we will retain your data is dependent upon any statutory retention periods we are required to adhere to as a regulated organisation under applicable laws. After the expiration of that period, personal data shall be securely deleted, as long as it is no longer required for the fulfilment of any contract, initiation of a contract or in relation to other legal proceedings.
Our website may contain links to other websites which are not maintained by us. This policy only applies to our website. When visiting these third party websites, you should read their privacy policies which will apply to your use of the websites.
To contact us on any aspect of this policy or your personal data or to provide any feedback that you may have, please get in touch with us through our email at email@example.com or you may contact Our Data Protection Officer: Data Protection Officer Statrys Limited 26/F, Sino Plaza, 255-257 Gloucester Road, Causeway Bay, Hong Kong Email: firstname.lastname@example.org