Last Updated: 20th March 2023
Protecting our customers' privacy is a priority at M800 Limited ("M800"). We are committed to maintaining strong and compliant privacy protections in line with the provisions of the Personal Data (Privacy) Ordinance, Cap. 486 (“PDPO”) Personal Data (Privacy) (Amendment) Ordinance 2021, and any applicable subsidiary legislation, regulations, and guidelines as promulgated or offered by the Office of the Privacy Commissioner for Personal Data (“PCPD”). Ensuring the privacy of your personal data is an important responsibility and we thank you for the trust you place in us.
This Policy applies to those who visit our website (www.cinnox.com(“Website”), CINNOX app or online platform users, and to all our customers (collectively, the “Services”). Please take time to read this Policy to better understand what personal data we collect and the purposes for which such personal data may be used or disclosed.
Purpose of collecting personal data
Our primary purpose in collecting your personal data is to provide you with a safe, smooth, efficient, and customized experience.
We, or third party service providers acting on our behalf, collect and use your personal data to:
- Verify your identity;
- Provide you with the Services and information requested by you directly or indirectly (through our customer's portal in the case of CINNOX app or online platform);
- Change and/or customize our products or services’ features and functionality;
- Take, process, or deliver orders made via our Website, to invoice you or notify you of the status of your order;
- Display updates about your recent activity using the Services;
- Provide other products and/or services for you (as described when we collect the personal data);
- Provide you with customer support and manage potential incidents;
- Compare information for accuracy;
- Inform you about service updates and faults;
- Request feedback or participation in on-line surveys for the purposes of business improvement processes, or the improvement of the quality of the Services (including the Website);
- Resolve disputes or assist you in the prevention, detection, or investigation of fraud;
- Customize, measure, and improve our products, Services and Website;
- Improve our search and product functionality;
- Unless otherwise indicated by you, send commercial and marketing communication related to the Services;
- Manage job applications; and
- Protect our and your interests.
Types of Personal data collected and collection means
Personal data that M800 will collect from you includes:
- Identification data (e.g., phone number, username, email address, date of birth, where strictly necessary ID number or copy);
- Profile information (e.g., age, gender, location information, language preference, CV, and any information that you choose to disclose as part of your CINNOX account such as picture, video, status, phone contact list, Facebook contact list);
- Electronic identification data (e.g., IP addresses as detailed below);
- Payment details (e.g. credit card information);
- Traffic data;
- Device data (e.g., hardware data, OS data and the like);
- Service quality and survey results;
- Information about your usage of and interaction with M800 products, services, and CINNOX websites (including computer, platform, device and connection information, client performance information, error reports, device capability, bandwidth, statistics on page views, and traffic to and from our Websites, browser type and usage statistics);
- Products or Services ordered and delivered;
- CINNOX platform test calls made to and from you;
- Correspondence between M800 and you; and
- All data requested by relevant authorities, courts, law enforcement or regulatory bodies to enable M800 to comply with any applicable law, regulation, court order whether in Hong Kong or not.
We collect personal data from one or more of the following channels:
- Directly from you by phone, fax or e-mail, registration on internet and/or on mobile application or other applications, order form or contract;
- From our own records of your usage of the Services;
- From your enquiries;
- From applicants for employment;
- From your visits to our Website (our web server may collect information relating to your online session, the use of which is to provide aggregated, anonymous statistical information on the server's usage so that we may better meet our customers and visitors’ expectations. Our Website may also place cookies as defined below on your device to personalize the services we provide while you are surfing our Website and/or maintain your identity during your visits on our Website across one or more sessions. Such cookies may be disabled by you but doing so may make part of our Website’s features unavailable to you;
- From third parties such as financial information about customers to assess risks in granting credit terms; and
- About third parties (users, customers as defined in our terms and conditions of service) from you, in which case you will be requested to confirm you have complied with any applicable laws in providing us with such personal data.
We collect only the minimum information necessary for the above-mentioned purposes. You may at any time limit such collection as specified under the section titled "User Rights" below.
We reiterate that at no time will your personal data be used to send direct marketing messages unless we have first obtained your express consent to sending such direct marketing messages. Direct marketing messages include electronic messages that are sent to telephone numbers via voice call, SMS text, e-messaging services, or fax, the organisation.
Legal Basis for collecting, processing and Using Personal Data
M800 will only collect, process and using your personal data under any of the following reasonable justifications:
- Consent: we shall collect, process and using your personal data for the specified purpose and in such manner which you have consented;
- Performance of a Contract: we collect, process and use your personal data for the purpose of performing our obligations under a contract entered with you;
- Legitimate Interest: It is in our legitimate interest to collect, process and use your personal data and under no circumstance shall we override your interests; and
- Compliance with Legal Obligation: It is necessary for us to collect, process and use your personal data to fulfil all the applicable legal and regulatory obligations.
Personal data retention, access, and correction
Unless otherwise specified, M800 will retain only your personal data and for the duration that is necessary to achieve the purposes detailed above and to comply with the applicable laws and regulations. Your personal data will remain accessible to you at any time after you have provided it for the purposes set out herein.
You may at any time request to correct, update or delete your personal data by following an identity verification process for ensuring your personal data is afforded adequate protection. Where you have withdrawn your consent, deactivated or terminated your account, your personal data will be deleted or destroyed properly and securely within 30 days. You are advised to back-up and migrate your data within the said 30 days. We may also decide for statistical analysis reasons or for business improvement purposes to keep track of your activity data on an aggregated or anonymous basis.
In using our Website or our Services, you consent to the collection, use, disclosure, transfer, and storage of your personal data, or that of your end-users.
Notwithstanding your provision of any personal data, for the avoidance of doubt, please note that we do not access the content you or your end-users share privately while using the Services.
Cookies, Clear GIFs, and your Internet Protocol Address
We do not sell to nor share with third parties our customer and users’ data for direct marketing purposes. However, M800 may require third parties to perform the processing of personal data for the display of personalized advertising, to keep track of interactions with our portals and offer customized experiences through the following:
Cookies: These are pieces of information that a website transfers to an individual's hard drive. They enable your computer and browser to save information when you visit the Website (such as your User ID and password, for easy log in). Cookies also help to improve and enhance the user's experience, by, for example, tailoring the design and content of the Website. Your web browser should have an option to enable or disable cookies. If you choose to have cookies enabled, you may also choose to be informed and whether to accept when any website sends you a cookie. Similar options are available on and through Flash Player in relation to Flash cookies. However, if you decide not to accept cookies from the Website, this may totally or partially impair the functionality of the whole or parts of the Website.
The table below sets out the type of cookies we use.
|Type of Cookies||Purpose|
|Functional Cookies||Functional cookies enable CINNOX to provide enhanced functionality and customization, such as remembering your language choice and login details so that you will not be required to enter details every time you log in to CINNOX.|
|Analytics||These cookies collect information and performance data which help us to understand how our Website and CINNOX are being used, how effective our marketing campaigns are and help us to customize our Website and CINNOX to provide you with a better experience.|
|Advertising||These cookies collect information about your interaction, activity and visits to our Website and CINNOX, which enable us to select and deliver advertisements more relevant to you and your interest.|
|Social Media Cookies||By allowing these cookies, you can easily share our content with your friends and networks via a range of social media platforms. If you do not allow these cookies, you may not be able to use or see these sharing tools.|
Clear GIFs: The Website and any communications sent to you by M800 may also make use of clear GIFs (known also as "web beacons" and "tracking pixels") or technology of a similar nature. Clear GIFs are visible (but more commonly, invisible) images that are embedded in websites, emails and other messages and are used by us to keep a record of the number of visits to the Website and to let us know when you have received and opened an email from us. This helps us to assess the performance of our communications to you and consider how successful our marketing strategies are.
Your Internet Protocol Address or "IP address": This is the number that your Internet Service Provider allocates to you when you go online and/or surf the internet. Your IP address and domain name may be logged by our servers when you visit the Website, so that we are able to easily identify you. It also allows us to improve our management of the Services we provide to you and identify any problems with our system.
Regarding the operation of Cookies, GIFs, and your IP address, we may use our trusted third parties to carry out the operation of the above technologies on our behalf. For the avoidance of doubt, no information regarding your identity, whatsoever, shall be collected during such operation.
Disclosing your personal data
Except as provided in this section, M800 will not sell, rent, or trade any personal data to third parties within or outside Hong Kong without your explicit permission and only to the extent permissible under applicable laws and regulations.
There are however the following circumstances in which M800 will have to disclose your personal data:
i. M800 may share your personal data and traffic data with trusted service providers or other third parties under contract to provide you with optimal Services. M800 ensures that our trusted service providers and third parties take all necessary measures to protect your personal data and traffic data and comply with the appropriate laws and regulations;
iii. Where there is a legal requirement to do so, where a legal action is taken against us, or to governmental agencies or authorized parties in response to a verified query relating to investigations undertaken by the PCPD or any other prescribed enforcement agency, in respect of criminal investigations, or alleged illegal activity;
iv. For purposes of providing administrative, payment, finance (including credit worthiness determination), collection, business, employment, legal, evaluative and/or operational support for the Services or the Website;
v. Where the vital interests, such as personal safety of any person, or national interest is at risk; and
vi. Where a business asset transaction, such as a merger or acquisition, is planned. In such case, we would do our best endeavors to ensure your personal data protection does not vary.
M800 does not purposefully collect or maintain personal data from users who we know are under the age of 16. The Website, the Services and their content are not designed to target potential users who are under 16 years of age unless the legal guardian instructs so in writing. Such authorization may be provided to us at the contact information provided in this Policy.
Transfer of personal data
For the processing of your data and to provide you with a personalized experience worldwide, we will access, process and store your information and personal data on our servers/ data centers located in your home country (e.g. Hong Kong, Japan, Singapore and China) or in our service providers' data centers which is the closest to your home country, alternatively, in somewhere as requested by you. In all cases the processing by M800 and its service providers will be carried out in accordance with the provisions of the PDPO and the European Regulations (EU) 2016/679 ("GDPR"), in addition to any other local applicable law.
Further, and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. Accordingly, to ensure your information is adequately protected, we have put in place appropriate measures such as additional contractual obligations, processes, and policies.
Your personal data security
We care about the security of your personal data and we maintain reasonable technical, physical, and administrative security measures to avoid loss, misuse, unauthorized access, disclosure, or alteration of your personal data, and to ensure it is held and stored by us in a secure and safe place and accessed only by authorized persons. For instance, our servers (or those of trusted third parties) utilize data encryption technologies, firewalls, physical access controls to our data centers, and information access restriction measures. Further, our employees-administrators who have access to our servers, and/or where applicable, to your content, undergo training to ensure that they are cognizant of their obligations insofar as the securing of your personal data is concerned.
However, because no information provided over the Internet can be guaranteed as fully secured, we cannot guarantee that our system is impenetrable or that the security of the information you have either supplied to us or received from us over the internet has not been compromised. We do nevertheless have in place the above-mentioned physical and electronic security measures to protect your personal data from unauthorized or accidental access, processing, erasure, loss, or use.
You can view and edit your personal data at any time after registration on our Website or on any application. You have a right of access, update, rectification, erasure, restriction, objection and where applicable, data portability, by sending an email to [email protected] or a request at the address stated below. In either case, you are requested to provide a valid proof of identity. Please note, however, that withdrawing your consent or choosing to delete some types of personal data in our possession may prevent us from supplying part or all the Services to you as a customer, vendor, and partner, or from continuing to process internally your job application if you are a candidate. We encourage you to contact us to update or correct your personal data if it changes or if the personal data in our possession is inaccurate. If, however, you believe we have not been able to address your request or any concern, you have the right to make a complaint to the PCPD.
No liability for Third-Party
Our Website, applications, widget, portals, and platforms may contain links to other third-party websites (for contact sharing or making payments for instance). M800 takes no responsibility and accepts no liability for the content, functionality or security of any third-party websites and we remind you that you should be mindful when entering information, especially your personal data, on public networks or when using the Internet.
Mergers, Sales and Acquisitions
M800 or its affiliates may at any time decide to merge with, sell part or all our assets to or be acquired by another company. If any such transactions take place, your personal data may be handed over to the new entity. We shall ensure that after such transaction, the safety of your personal data will be ensured the same way as it is set out under the terms of this Policy. No such transactions shall take place if we are in any doubt as to the security of your personal data. Once such a transaction has been confirmed we shall alert you in respect of the same by posting a notice on the Website or any other means agreed between us.
M800 may from time-to-time update or change this Policy (with or without giving notice on our homepage or any other place we deem appropriate). Any updates to this Policy will be posted on our Website. It is your responsibility to check our Website for such updates. The effective date of the Policy is stated at the end of the Policy. You agree that even if you should choose not to check for any changes to this Policy, by continuing to use the Website and/or Services, you accept and agree to the changes and any updated Policy effective immediately upon the updated Policy being posted on our Website.
All queries regarding this Policy or your rights hereunder in respect of your personal data should be addressed to [email protected] or in writing to:
Data Protection Officer
21/F, Tower 1 Enterprise Square,
9 Sheung Yuet Road,
Kowloon Bay, Hong Kong
Should you decide that you want to permanently delete your account or withdraw your consent, you should contact us at [email protected] and submit your request. We will respond within 30 days of receiving your request.
Updated 3 months ago