Cyberphage Limited (”We”) are committed to protecting and respecting your privacy.
Your privacy is important to us. This privacy statement explains what Personal Data we collect from you, through our interactions with you and through our products, and how we use that data.
Our Group means our ultimate holding company CYBERPHAGE LIMITED.
This notice sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us.
We respect your privacy rights about your Personal Data and do so in accordance with the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) (“Ordinance”) and the new General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).
The GDPR is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018.
This statement applies to our interactions with you and any third-party software that we may use on your behalf as outlined below or agreed upon at time of contractual service agreement.
Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.
We are not required to appoint a Data Protection Officer. However, correspondence on any data protection matters should be made to firstname.lastname@example.org OwlGaze, 36/F, 41 Heung Yip Road, Wong Chuk Hang, Hong Kong.
We are a global management and digital consulting firm. We collect the personal data of the following types of data subjects to carry out our core business and to operate effectively and provide you the best experiences with our services:
You have choices about the data we collect. When you are asked to provide Personal Data, you may decline.
Information you provide us
This is information about you that you give us by filling in our forms or by corresponding with us by phone, email, Site live chat or otherwise. It includes information you provide when you register to use our Sites, subscribing to services, newsletters and alerts, register for or attend a conference or event, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, request a white paper or further information, and when you report a problem with our Site. Pages that collect this type of information may provide further information as to why your data is needed and how it will be used. It is completely up to you whether you want to provide it.
The information you give us, or we collect about you may include your name, address, private and corporate email address, phone number, and other similar contact data. We may collect links to your professional profiles available in the public domain (e.g. LinkedIn, Twitter, business Facebook or corporate website), gender, language preferences, and date of birth and other similar demographic data. For instance, by registering for OWLGAZE newsletters or alerts, you agree to receive the correspondence to which you have subscribed at the e-mail address that you provided at registration. Only OWLGAZE or its consultants will contact you using this e-mail address. We will send e-mails to this address related to your registration.
Information collected via website activity
We may also automatically collect device and usage data when you interact with our Sites. The information we automatically collect may include IP address, device identifier, operating system, web browser, regional and language settings, and browsing information collected through cookies, web beacons, pixels, clear gifs, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) on our Sites. We may also automatically collect information about how you use the Sites, such as your visit history, what you have searched for, viewed, and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data. Please see the Cookies section below for more information.
The information automatically collected will be associated with any Personal Data you have provided and be used for system administration, to filter traffic, to look up user domains and to report on statistics.
When this information relates to or identifies you, we will treat it as “Personal Data.”
Information collected via mobile devices
In connection with our mobile applications, we may use third-party service providers to analyse non-personally identifiable user activity to fix errors, monitor usage, and improve the performance of our mobile applications. For example, we receive reports on some of our mobile applications’ aggregate usage and browsing patterns, including information about the type of device used, pages and articles accessed, and other events occurring within our apps. We also receive reports on certain errors occurring within mobile applications. None of these third-party service providers gathers information in a manner intended to identify any particular user personally.
When this information relates to or identifies you, we will treat it as “Personal Data.”
We may obtain information about you from other third-party sources such as LinkedIn, corporate websites, your business card and personal recommendations.
We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time, but have included:
We review data protection policies and consent processes of our suppliers to ensure they are compliant with GDPR and the Hong Kong Personal Data (Privacy) Ordinance.
The core service we offer to our clients is the implementation of digital services, including digital transformation, advanced analytics, strategic planning, marketing, organisation and operations.
Our legal basis for the processing of Personal Data is our legitimate business interests, described in more detail below, and also the performance of a contract, legal obligations and consent for some specific uses of data.
We will rely on contract if we are negotiating or have entered into an agreement for consulting services with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to process information relating to you to fulfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data, and you will be asked for your express consent if legally required.
We use information held about you in the following ways:
To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to you or your organisation.
Providing and improving our services: We use data to provide and improve the services we offer and perform essential business operations. This includes providing service, maintaining and improving our services, conducting research, and providing customer support. Examples of such uses include the following:
In carrying out these purposes, we may combine data we collect to give you a more seamless, consistent and personalised experience. However, to enhance privacy, we have built in technological and procedural safeguards designed to prevent certain data combinations.
In the course of our Services, we will analyse your information to build individual profiles. These profiles will be used to predict future interests and display targeted (online) advertisement. The aim is to provide you with offers that are relevant and interesting for you. The profiling is based on your (surfing)behaviour on the internet. This includes the viewing of advertisements, any interaction with it and the overlap between desktop and mobile usage. As your name is not collected in the course of our Services, we expect that our Services will have no further impact, other than providing you with a more pleasant user experience when surfing the Internet.
We will obtain your prior consent before processing your information for its own purposes, unless we have a legitimate interest to process your information. If you have given your consent to the processing, you have the right to withdraw your consent at any time, by sending an email to that extent to: email@example.com. We will discontinue the processing of your information upon receipt of your withdrawal. However, any processing performed prior to your withdrawal remains a legitimate processing based on a valid consent at the time. We will not be under the obligation to reverse the processing.
“Legitimate Interests” means the interests of our company in conducting and managing our business, to enable us to give you the best service/products and the best and most secure experience.
For example, we have an interest in making sure our marketing is relevant to you, so we may process your information to send you marketing that is tailored to your interests.
It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our Site, and to ensure our Sites and systems are secure.
When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
The table below sets out further detail on the ways we process your data for our legitimate interests. If you have any concerns about the processing below, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section below.
|PROCESSING PURPOSE||LEGITIMATE INTEREST|
|INDIVIDUAL RIGHTS||We may need to retain and continue processing your Personal Data after you have exercised your right to erasure/to be forgotten, in order to keep basic data to identify you as an individual, and retain it solely for suppression purposes to prevent further unwanted processing.|
|SUPPRESSION||We may hold Personal Data about you on a suppression file to ensure there is a record of your objection to direct marketing. We will hold a minimised amount of Personal Data in order to uphold this request.|
|PERSONALISATION||We may analyse non-sensitive Personal Data to inform our marketing strategy and to enable it to enhance and personalise the “consumer experience” we offer you.|
|MONITORING||Our customer support team use software solutions that utilise big data to identify recurring problems and analyse the patterns of behaviour of our customers. These solutions include the capturing and processing of customer support interactions by way of, LiveChat, Web Forms, and FAQ webpage activity and are used to enable our customer support centre to ensure optimum staff performance and to serve our customers better.|
|ARTIFICIAL INTELLIGENCE||Our customer support team puts in place algorithms that help us manage customer service requests. The system uses artificial intelligence methods to route customer contacts to the most appropriate part of our organisation. For example, these routes link individuals to specific agents who can handle specific requests for optimised customer service.|
|WEB ANALYTICS||We use online social platforms that use diagnostic analytics to assess the number of visitors, posts, page views, reviews and followers in order to optimise future marketing campaigns.|
|AUTOMATED PROCESSING BASED ON CUSTOMER HISTORY||We may conduct automated processing based on your transactional history, to predict what other products and services you may be interested in.|
|INFORMATION, SYSTEM, NETWORK AND CYBER SECURITY||We may process your Personal Data from online interactions to monitor, detect and protect our organisation, our systems, networks, infrastructure, and other rights from unwanted intrusion, unauthorised access, and data and system breaches.|
|PRODUCT DEVELOPMENT AND ENHANCEMENT||We may process your Personal Data to deliver and improve our products or services.|
|COMMUNICATION, MARKETING AND INTELLIGENCE||We may process your Personal Data to gather market intelligence, promote products and services, communicate with and tailor offer our services.|
Should we want or need to rely on consent to lawfully process your Personal Data we will request your consent orally, by email, by signing a paper form or by an online process for the specific activity we require consent for and record your response in our systems. Where consent is the lawful basis for our processing, you have the right to withdraw your consent to this particular processing at any time.
We may share your personal information with:
We may disclose your personal information to third parties:
The lawful basis for the third-party processing will include:
The data that we collect from you will not be transferred to or stored at, a destination outside of our organisation in Hong Kong. It will not be processed by staff operating outside of our organisation. This includes staff engaged in, among other things, our consulting services and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We are committed to protecting the security of your Personal Data and adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention period of up to 6 years and run data routines to remove data that we no longer have a legitimate business interest in maintaining.
We do the following to try to ensure our data is accurate:
The criteria we use to determine whether we should retain your Personal Data includes:
We may archive part or all of your Personal Data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your Personal Data on to our database, unless requested to do so.
For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
When our offerings or services collect age, it will block users under 16 years. We will not knowingly ask children under 16 years to provide data.
You have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect express consent from you if legally required before using your Personal Data for marketing purposes.
You can exercise your right to accept or prevent such processing by either checking consent agreement boxes on the forms we use to collect your data or by managing your subscriptions with us with unsubscribe links in our communications. You can also exercise this right at any time by contacting us at firstname.lastname@example.org.
Our Site may, from time to time, contain links to and from the Sites of our partner networks, advertisers and affiliates. If you follow a link to any of these Sites, please note that these Sites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these Sites.
All requests to your rights above should be submitted to email@example.com, we will respond to your requests without undue delay, but within one month. If permitted under applicable legislation, we may extend the response period with two further months if such is necessary due to the complexity and number of requests. We will notify you of any extension and the reason thereof. If we deny your request, we shall inform you on the reasons for such a denial.
You may (in addition to the rights above) lodge a complaint regarding the processing of your information by us, or regarding the denial of a request as meant above, with the supervisory authority of the Member State where you reside, where you work, or where the infringement occurred.
If information about you is processed by us on behalf of one of our clients, we will forward your request to the relevant client. We will inform you that we have forwarded your request and provide you with the contact details of the relevant client.
The Hong Kong Personal Data (Privacy) Ordinance and the GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. Your right of access can be exercised in accordance with the Ordinance and the GDPR once it is in force.
All subject access request should be submitted to firstname.lastname@example.org.
Your communication preferences
You can choose whether you wish to receive promotional communications from us by email, SMS, and telephone. If you receive promotional email or SMS messages from us and would like to opt out, you can do so by following the directions in that message.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to email@example.com, or by completing our Web form. We will respond to question or concerns within 30 days.
Unless otherwise stated, Cyberphage Limited is a data processor and controller for personal data we collect through the services subject to this statement. Our address is Suites 2301-02, 23rd Floor South Island Place,8 Wong Chuk Hang Road, Wong Chuk Hang, Hong Kong. Telephone +852 3611 0130