This Privacy Statement sets out how we collect, use, manage and protect the personal data or information (“Data”) that we may collect from or about you. It applies to all individuals whose Data may be handled, whether as controller or processor, by the QBS System Limited (“QBS”, “we”, “us” or “our”, being QBS System Limited, its subsidiaries, affiliates and associated companies.
Protecting your privacy
We are committed to processing your Data in accordance with the required standards. This includes protecting your privacy and ensuring the security of your Data in compliance with, in particular and where applicable, the requirements of the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) (the “Ordinance”), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) where applicable.
Before using and providing your Data for the purposes as set out in this Privacy Statement, we may be required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use your Data in the manner as specified.
Your Data
We may collect, use and hold a range of different Data about you. For the purposes of carrying on our business (including the verification of your identity to detect, prevent and address fraud, security or technical issues, the registration, activation and management of your account with us, and the billing and charging of our products and services (collectively, “Service(s)”)) and complying with laws, rules, guidelines, regulations and/or requests issued by applicable government authorities, courts, law enforcement or other authorities or regulatory bodies, you may be requested to provide Data such as, but not limited to:
contact details including name, address, phone number, mobile telephone number and/or email address;
Data that you have shared with third party social media platform operators (e.g. account login name, profile picture, contact details);
account details or Data relating to Services registered with us including the relevant PIN, username or password, account numbers and/or service numbers;
- device specific information such as hardware model, operating system, version, unique device identifier, serial numbers, setting configurations and software and mobile network configuration;
- information about how you use our Services such as your network usage, how you use our network, and your location when you are using our Services;
- information that allows us to identify you for verification purpose including biometric information like your fingerprints and voice pattern;
- your credit and service history to enable us to assess your eligibility to our offers of Services or to accommodate your request for transfer of Services or your account with us;
- all Data requested by applicable government authorities, courts, law enforcement or other authorities or regulatory bodies to enable us to comply with or in connection with any law, rule, regulation, judgment or court order (whether within or outside of Hong Kong); and
- any other Data as may be required by any members of QBS and/or their respective contractors, sub-contractors, intermediaries, agents, business partners or representatives, brokers, underwriters from time to time and which is necessary for the provision of the Services.
Occasionally, you may need to provide Data about other individuals to us. If so, we may require you to confirm your compliance with Part VIA of the Ordinance including confirming that you have informed those individuals of the use, disclosure and transfer of Data from you to us and from us to third parties and possible disclosure of the individual’s details (including their usage of our Services and loyalty programs) by us to you; and that you have obtained those individuals’ authorisation and/or consent to such use, disclosure and transfer (or the extent to which such authorisation and/or consent was obtained). You should also advise them that we can be contacted for further information at the details stated under the “How to contact us” section below.
Data supplied by you will be held by one or more members of QBS, and will be accessible by employees of such member(s) and authorised third parties (consistent with the situations or for the purposes set out in this Privacy Statement) or as otherwise indicated by prior notice to you or, where required, by obtaining your consent.
How we collect Data
We collect Data in a number of ways, including from:
- you directly, for example, when you provide Data by phone or via email, attend our functions, complete an application form or agreement for one of our Services, or when you submit your Data through our websites, or over any service hotlines or online messaging sessions; or when you contact us with a query or request; or during the ordinary course of the continuation of our business relationship with you; or when we are legally required to do so;
- third parties such as related entities, business partners, or other customers, or your representatives with appropriate consent from you;
- publicly available sources;
- our own records of how you use our Services;
- your visits on our websites (see “Privacy Data” section below); and/or
- your participation in surveys or marketing promotions organised by us or on our behalf.
Privacy Data
To better serve your needs and preferences, our web servers may collect Data relating to your website, device or app activity. We may also collect aggregated, anonymous, statistical data on the server’s usage so that we may better cater to the behaviour of users of our websites. This type of Data may include, but is not limited to:
- browser type, version and user agent;
- operating system;
- IP (Internet Protocol) address and/or domain name;
- connection data, statistics on page views and/or referral URLs; (e) device ID, location and phone contacts;
- links or images clicked on;
- cookies and/or browser, app or web server log data; and
- device and software characteristics and/or configuration.
Some of our websites use cookies or similar tracking tools on your machine or device in order for us to, for example, personalise your user experience and/or maintain your identity across multiple webpages and/or Internet sessions. This Data may include, but is not limited to, relevant login and authentication details as well as Data relating to your activities and the preference configurations on your device and across our websites and mobile and TV apps. Our websites are initially set up to accept cookies. You can opt-out of or delete historical cookies by changing the settings on your web browsers; however, if you do so, you may find that certain features on our website and/or our app do not work properly.
How we use your Data
We may collect, retain and use your Data for the following purposes:
- to verify your identity;
- to process your application to subscribe to our Services and loyalty programs operated by us and/or any members of QBS;
- to carry out matching procedures, as defined under the Ordinance;
- to verify your eligibility to our offers of Services, games and/or promotions or other events;
- to provide, activate and/or renew Services, loyalty programs operated by us and/or any members of QBS that you may have subscribed for;
- to provide you with rewards, promotional benefits, updates, offers and invitation to events;
- to promote and market our Services to you;
- to conduct credit checks and detect fraudulent activities in compliance with the Anti- Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (Cap. 615) and in relation to other compliance purposes;
- to perform research or analyses so that we may improve and optimise the Services and/or loyalty programs that can be made available to you;
- to conduct surveys and marketing, promotional, behavioural scoring for business operations and/or planning purposes;
- to carry out market and product analyses in order to generate statistical or actuarial reports (containing aggregated data that does not relate to any identified or identifiable individual);
- to enforce our contractual rights;
- to process any payment instructions, direct debit facilities and/or credit facilities in relation to our supply of Services to you;
- to maintain and develop our business systems and infrastructure, including testing and upgrading of these systems;
- to maintain, enhance and develop our products and service offerings;
- to develop financial services and products;
- to evaluate your financial needs and insurance claims made by or against you, and to process claims involving you (including but not limited to making, defending, analysing, investigating, processing, assessing, determining, responding to, resolving or settling such claims);
- to comply with applicable laws in or outside Hong Kong as may be required by applicable government authorities, courts, law enforcement, or regulatory or investigation bodies, in relation to the supply of Services and/or loyalty programs to you, including to assist in the prevention, detection of crime or possible criminal activities; and
- to distribute our publications and research materials as well as those of our business partners and counterparties.
Our legal basis for using your Data including how we disclose your Data
We have a legitimate interest in properly administering the Services. In addition, our use of your personal data may be necessary for the performance of the Services that you have requested. In order to provide the Services that you have requested, we may, to the extent permissible under applicable laws and regulations, disclose your Data to organisations or parties outside of QBS (which may be within or outside of Hong Kong) (collectively, “Organisations”). Your Data is disclosed to these Organisations for the strict purpose of enabling us to supply our Services to you.
These Organisations provide support services to our businesses and operations including without limitation:
- customer enquiries;
- courier, delivery, logistic and warehouse services; (c) mailing operations;
- billing and debt-recovery functions;
- information technology services;
- installation, maintenance and repair services;
- marketing, advertising and telemarketing services; (h) market research;
- customer usage and behavioural analysis; (j) process management;
- after sale services;
- surveys;
- website usage analysis; and
- cloud storage services.
We take the required steps to ensure that these Organisations are bound by appropriate confidentiality and privacy obligations in relation to the protection of your Data and that they use your Data for the sole purpose of carrying out the services for which they have been engaged, and not for their own or other purposes (including direct marketing).
In addition, we may disclose your Data:
- to your authorised representatives and/or your legal advisers when requested by you to do so;
- for the purposes of providing administrative, payment, collection, business, legal and/or operational support, to the following parties:
- credit-reporting and fraud-checking agencies;
- to financial institutions, charge or credit card issuing companies, credit providers, credit bureau, collection agencies or security agencies;
- our affiliates, overseas offices, assignees, transferees and representatives;
- our professional advisers, including our accountants, auditors, lawyers and insurers;
- agents and various business partners for reward redemption purposes and benefits applicable to members of the loyalty programs operated by us and/or any members of QBS, including without limitation for the purpose of registering members for loyalty program related events;
- to government and regulatory authorities and other organisations, as required or authorised by law;
- to organisations who manage our business and corporate strategies, including those involved in a transfer or sale of all or part of our assets or business (including accounts to banks, hotels, insurance companies, insurance brokers, underwriters, billing and trade receivables) and those involved in managing our corporate risk and funding functions (e.g. securitisation);
- to any proposed or actual participant, assignee or transferee of all or any part of the relevant member of our operations or business; and/or
- to charities or non-profit organisations.
Before using and providing your Data for the purposes as set out in this Privacy Statement, where we are required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use and provide your Data for any promotional or marketing purpose.
We will honour each individual’s request to not use his/her Data for the purposes of direct marketing. You may opt-out from receiving direct marketing material and/or communications from the relevant Service and/or loyalty program. At the same time, you may resume receiving the same (if you have previously opted-out of receiving such material and/or communications from the relevant Service and/or loyalty program) by making a written request to our Privacy Compliance Officer together with your registered name and service account number, registered telephone number or login name (as applicable).
Transfer of Data outside Hong Kong or the country in which you receive our Service(s)
At times it may be necessary and/or prudent for us to transfer your Data to places outside of Hong Kong or the country in which you receive our Service(s) (“your Country”), for instance, for the prevention, detection or investigation of crime or for storage, processing and other purposes for which the Data were collected. In the event that we do transfer your Data outside of Hong Kong or your Country, we will do so in compliance with the prevailing requirements of the Ordinance, the GDPR where applicable and all other applicable privacy and data protection laws and regulations of your Country.
The safety of your Data is important to us
All required efforts are made to ensure that any Data held by us is stored in a secure and safe place and is accessible only by our authorised employees or other Organisations referred to in this Privacy Statement.
When we pass your Data to third party Organisations for them to process, we seek to ensure that they have appropriate security measures in place to keep your Data safe and to comply with applicable principles in relation to data protection. Some of the people we share your Data with may process it overseas. You can contact us for more information about the safeguards we use to ensure that your Data is adequately protected in these circumstances.
Retention of your Data
We will retain your Data in accordance with our internal policies. Our policies are in compliance with the Ordinance and the GDPR where applicable, and cover the following principles:
- Data will only be retained for as long as is necessary to fulfil the original or directly related purposes for which it was collected, unless the Data is also retained to satisfy any applicable legal, regulatory or contractual obligations; and
- Data are purged from our electronic, manual and other filing systems based on the above criteria and our internal procedures.
Our website (www.qbssystem.com) and mobile and web applications (if any) may contain links to other websites, webpages and mobile and web applications operated by third parties. We have no control over the content of the linked websites, webpages and mobile and Web applications or the way in which the operators of those websites, webpages and mobile and Web applications deal with your Data, and are not responsible for the content of such third party websites, webpages or mobile and Web applications. You should review the privacy policy of such third party websites, webpages and mobile and Web applications to understand the ways in which your Data may be used by those third parties.
Your right to access, correct and delete Data
We take all reasonable precautions to ensure that the Data we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of that Data depends to a large extent on the Data you provide. You have a right to request access to, and correction of, your Data and we recommend that you:
- let us know if there are any errors in your Data; and
- keep us up-to-date with changes to your Data.
If you wish to access or amend any of your Data we hold, or request that we delete any of your information that is no longer necessary for the provision of our Services, you may contact us in the manner as set forth under the “How to Contact Us” section.
We may apply an administrative charge for providing you with access to your Data in response to such a request.
You may decline to share Data with us and/or withdraw any consents which you may have provided, in which case, we may not be able to provide you with some of our Services.
At any time, you may object to us holding or processing your Data, on legitimate grounds, save and except as otherwise permitted by the applicable law.
How to contact us
For all issues and enquiries regarding our compliance with our obligations under the Ordinance and the GDPR where applicable, and any request for access to, correction or deletion of your Data, please contact us in writing at:
Privacy Compliance Officer
QBS System Limited
via email to: privacy@qbssystem.com
To raise an issue regarding our handling of your Data, please contact us in order that we can attempt to resolve your issue.