Personal information. Purposes of processing.
“Personal information” means any information relating to users and that identifies them personally, either alone or in combination with other information.
Personal information is collected automatically by the Site or received via multiple sources: forms, chat, e-mail, apps, devices, social media and other means.
The Site processes personal information in various shapes for the following purposes:
- Browsing data: The Site collects non-sensitive browsing data by automatic means in order to enable and improve user navigation (e.g., IP address, date/time of the visit and its length, any referring URL, the pages visited on the Site, the device used and other information). The processing of such information allows users to access the Site and fully enjoy its features and services. Furthermore, browsing data may be used to verify that the Site is functioning properly. From time to time, browsing data are processed anonymously for statistical purposes. Browsing data are unlikely to allow identification of the relevant data subject. However, by their very nature, browsing data may allow identification of the users if associated with other information. The browsing data described above are stored only temporarily in compliance with the applicable law.
- Orders: At checkout, the Site asks users to provide personal information for the essential purpose of fulfilling their purchase orders and comply with contractual obligations (e.g., name and surname, e-mail address, delivery address, etc.). Such personal information is also essential for the Customer Service to assist customers on enquiries and for any related necessity, before or after the sale (for instance, with respect to the order delivery status or on product returns). Personal information related to orders will be stored as long as required to comply with contractual obligations and with the applicable tax and financial reporting obligations. The Site may also verify the payment instruments used by customers to purchase on the Site (e.g. credit or debit card, etc.) for the main purpose of preventing fraudulent activities or pursuant to the applicable anti-money-laundering laws. As full reliance for payment verification is given to third party payment processors, the Controllers do not process or store any financial information belonging to customers. Failure to provide the personal information required at checkout will prevent users from completing an order on the Site. Based on its legitimate interest to improve its relationship with customers, the Site will send to the latter email communications with product suggestions, discounts, feedback requests or other updates. Customers are always free to unsubscribe from such email communications (for instance, by clicking on the “unsubscribe link” at the bottom of each email).
- Site registration: When users opt to register a personal Site account, they are asked to submit personal information (e.g., date of birth, gender, etc.). The Site clearly indicates which personal information is mandatory (or not) to set up a Site account. Users must submit personal information that is true and accurate at the moment of registration and are invited to maintain their personal information up-to-date (if any modification occurs) by logging into the personal account to make all relevant changes. Users who choose to enable or log in to their Site account via a social media, should be aware that when they connect their Site account to a social media account, the Site collects certain personal information the User has already provided to that social media (for example, the email address and public profile on Facebook). The Controllers do not oversee or control such social media services or the user’s profiles on these services, and do not establish privacy settings or rules for how personal information on those services will be used. Users are highly encouraged to read all policies and information regarding the applicable social media services to learn more about how they process personal information.
Newsletter and marketing communications: On the Site, users can opt to receive newsletters and commercial communications. The Site always collects the explicit, free and unambiguous consent of users prior to submitting newsletters and marketing communications to these users or, more in general, before undertaking electronic marketing initiatives dedicated to them.
Users can always easily withdraw their consent from receiving newsletters and commercial communications in the following ways:
- Through their account settings;
- By clicking on the ‘unsubscribe’ link in any of such email;
- By contacting our Customer service (email@example.com)
- Profiling: Under the explicit user’s consent, newsletter and marketing communications may be tailored to the user “profile”, based on the personal information the Site collects or receives about the concerned user. With respect to the customers of the Site, it is in the Site’s legitimate interest to process personal information to offer more interesting products, to improve the Site and to personalize the products offered on the Site. The main purpose of profiling is to propose products, services and initiatives more responsive to the tastes, shopping habits and interests of users and customers. Personal information may be also used for remarketing, retargeting or profiling purposes, including via third parties (e.g., social networks, etc.). Neither the Site nor the Controllers will ever carry out any profiling activities relating to children.
Sharing and transfer of personal information
The Controllers may transfer personal information of customers to primary third-party suppliers, acting as “data processors” (the “Processors”), for the purpose of performing business operations in order to fulfil their contractual obligations.
The Controllers will make their best effort to ensure that all Processors will apply their industry best practice to protect personal information and that they will not use personal information for any other purposes than those agreed with the Controllers. For instance, the Controllers may share personal information with the following categories of Processors:
- Couriers and postal operators;
- Fulfilment centers and warehouses;
- Advertising, digital, marketing and social media agencies, platforms and providers;
- IT service providers;
- Customer care service providers;
In such cases, sharing personal information with the Processors is necessary for the Controllers to fulfil their contractual obligations and, also, to improve the Site’s products and services. Users can request an updated list of the Processors involved in the processing of personal information relevant to the Site’s activities by writing an email to: firstname.lastname@example.org
The Controllers must always reserve the right to disclose personal information about users as required by law (for instance, in response to law enforcement requests), and where needed to protect the rights of the Controllers or their affiliates or third parties. Moreover, personal information may be disclosed to other companies within the same corporate group of each of the Controllers, or to third parties in the event of a corporate restructuring process, in full compliance with the applicable law. In any other cases, the sharing of personal information will be conditional upon the preliminary and explicit consent of the user, unless processing is allowed under an alternative legal basis.
Under the GDPR, the controller is the subject that, alone or jointly with others, determines the purposes and means of the processing of personal information. The joint controllers for the data processing related to the activities of the Site are:
- Kora Limited; contact: email@example.com
There is a designated Data Protection Officer to ensure that the Site processes personal information in compliance with the GDPR. The DPO can be contacted for any enquiries at the following email address: firstname.lastname@example.org
Retention of personal information
The Controllers will store personal information for as long as it is needed to provide users and customers with the required services or to meet legal or tax obligations or for the minimum period prescribed by the law. In order to determine the appropriate retention period for personal information stored by the Site under user consent, the Controllers will take into account multiple factors to ensure that personal information is not stored for longer than the necessary or appropriate period. Such criteria will also include:
- The purpose for which the Site holds personal information;
- Legal, tax and regulatory obligations in relation to that personal information;
- The type of ongoing relationship with the concerned user or customer (how often the user logs into their Site account, whether users continue to receive marketing communications, how regularly they browse or buy on the Site, etc.);
- Any specific user request in relation to the deletion of personal information;
- Legitimate business interests;
The Site will promptly delete or anonymize personal information that is no longer needed or retained according to the law.
The rights of users
Users are entitled to receive confirmation as to whether the Controllers hold any personal information about them. If this is the case, under the GDPR, users also hold the rights to:
- Be informed about the collection and use of their personal information; Access their personal information at no cost;
- Have inaccurate personal information rectified, or completed (when it is incomplete);
- Have personal information erased (“the right to be forgotten”);
- Under specific conditions, obtain the restriction or suppression of their personal information;
- Obtain and reuse their personal information for their own purpose across different services when processing is based on a contract or on consent, and the processing is carried out by automatic means (“the right to data portability”);
- Under specific conditions, to object to the processing of their personal information;
- Object at any time to the use of personal information for “profiling” or “automated decision-making” purposes.
- The right to submit complaints related to the collection and processing of personal information to the competent supervisory authority;
- The right to withdraw consent to the processing of personal information at any time.
Users can contact the Site for any enquiry and to exercise their privacy rights at the following email address: email@example.com
1. This website ('Site') is owned and operated by KORA Limited, a Hong Kong registered company (company number 1769848) with its registered office at 31/F Tower Two, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong (the terms 'us', 'our' and 'we' being construed accordingly).
5. We respect the privacy of our Site users and any account holders.
Use of Your Personal data
8. We may receive personal data about you either from you directly or through you posting personal data on this Site.
10. You should post any information about you and in particular other people on the Site with caution and, specifically, you must not post any data or information which is confidential or where its disclosure is likely to cause damage, offence or distress to others.
11. IF YOU PROVIDE OR MAKE PERSONAL DATA AVAILABLE TO US, THIS WILL PRIMARILY BE PROCESSED ON COMPUTER SERVERS LOCATED IN THE UNITED KINGDOM. HOWEVER, IN SOME CASES (WHERE NECESSARY) SUCH INFORMATION MAY BE TRANSMITTED OR MADE AVAILABLE TO (I) OUR EMPLOYEES OR SERVANTS OR THIRD-PARTIES PROVIDING SERVICES TO US OR ON OUR BEHALF; OR (II) PRODUCT MANUFACTURERS, LICENSORS AND/OR SUPPLIERS, LOCATED IN THE UNITED STATES OR ANOTHER TERRITORY OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA). YOU SHOULD NOTE THAT AT PRESENT, THE UNITED STATES AND SOME COUNTRIES OUTSIDE THE EEA ARE NOT VIEWED AS HAVING DATA PROTECTION LAWS MEETING LEGAL STANDARDS REQUIRED UNDER EUROPEAN DATA PROTECTION LAW. PLEASE NOTE THAT BY SUBMITTING YOUR PERSONAL DATA TO US, WE ASSUME THAT YOU ARE CONSENTING TO THIS TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE EEA.
12. The personal data you submit may be used for the following purposes:
12.1 to allow you to access the Site and its contents;
12.2 to enable you to set up an account in connection with your purchase of any products and services available on the Site from time to time, subject also to our Terms and Conditions of Purchase;
12.3 to process any payments that you make in relation to the above (including your billing information and credit card details) and where necessary, we may provide this data to external parties for fraud or credit checking purposes;
12.4 to facilitate the renewal of any subscriptions for any parts of the Site (if applicable);
12.5 for the running of any promotions (subject to other terms and conditions applicable to such promotions);
12.6 to provide you with effective customer service and/or technical support;
12.7 to monitor Site use or purchasing patterns on an aggregated and anonymous basis;
12.8 to provide you with marketing communications, product announcements and special offers;
12.9 to allow us and our carefully selected partners to send you promotional emails;
12.10 to permit you to participate in online surveys, assuming you agree to provide such information in connection with these surveys;
12.11 to improve our Site and any related products or services; and
12.12 for other purposes as may be notified to you from time to time (subject to applicable legal requirements).
In doing the above, we will take reasonable steps to ensure any person or entity receiving personal data for the purposes described above, is also obliged to protect and secure your personal data in accordance with applicable law.
13. Where you participate in the members’ area or access this Site through your mobile phone or another mobile device, in addition to the above information we may also collect information relating to your device, phone network or location.
Management of Personal data
14. We endeavour to keep all personal data that we hold accurate and up-to-date. If you find that your personal data is not accurate, please let us know in writing. Without prejudice to your rights of access and other rights in relation to your personal data under applicable law, we will investigate your concerns after we receive your inquiry and if necessary make the required corrections, additions and/or deletions.
15. We may use ‘cookies’ and other tracking technologies in connection with our Site. A ‘cookie’ is a small text file that may be transferred to your computer or mobile device when you use this Site. Cookies are used to enable a web site to be customised to meet user preferences or improve a user’s viewing experience, for example, by remembering log-in details. Subject to your agreement, a cookie may be sent to your computer or mobile device and will then remember this computer or device next time you visit the Site.
16. A cookie in no way gives us access to any confidential information about you and you can usually choose to accept or decline cookies through the settings on your web-browser (e.g. Internet Explorer).
17. If you refuse to accept cookies, this may prevent you from taking full advantage of all the features on this Site.
18. BY CONSENTING TO THIS PRIVACY NOTICE AND USING THIS SITE YOU EXPLICITLY CONSENT TO OUR USE OF THESE COOKIES. IF YOU DO NOT WANT TO RECEIVE COOKIES, THEN PLEASE DO NOT USE OUR SITE.
Collecting and Sharing Your Personal data
19. We may collect personal data either from you directly or through any account data or other personal information that you post on our Site.
20. We may also employ other companies to provide services to us in connection with processing of transactions or after sales services if you purchase our products or services. We may use third party providers to transport and deliver products, process credit card payments, carry out fraud prevention or credit checks, provide IT or website support, manage our electronic messaging or email system, analyse data, provide marketing assistance or customer support services, and otherwise provide services to allow us to serve you. Please note that these organisations may need access to your personal data to enable them to fulfil these obligations. We will not however sell or rent your personal data to any third parties unless we have your consent.
21. We may be required to respond to court orders or be asked to respond to other requests for your personal data from the police, law enforcement agencies or government authorities. We may not be able to provide you with notice of such requests. We will release personal data to third parties when we believe it is appropriate for us to do so in order to comply with the law or for fraud checking purposes. We may also release information if necessary to protect the personal safety of our employees, agents, other Site users or the public in general. We also reserve the right (without notifying you) to report any user activities that we believe may be illegal or criminal to our legal advisers, the police, law enforcement agencies or government authorities.
22. In the event that we merge our business with another or sell all or part of our business or assets to another entity, or are acquired or enter into a business combination with another entity, then in doing so, we may disclose some or all of your personal data to that entity in order that the new or continuing business can continue to serve you.
Third Party Sites
23. Our Site may contain links to third party websites (‘Third Party Sites’). We do not have any control over such Third Party Sites to which we link and we cannot be held responsible for the privacy of any personal information which you provide after you have used any link on our Site to visit these Third Party Sites. You should exercise caution and look for any applicable privacy statement or notices appearing on such Third Party Site.
24. In order to prevent unauthorised access or disclosure of your personal data, we will put in place and maintain appropriate physical and technical procedures to protect the personal data that we collect and store against unauthorised or unlawful processing, or loss, destruction or damage.
25. We endeavour to take all reasonable steps to protect your personal data from external threats, however, please be aware that there are inherent security risks of sending information by public networks or on public computers and we cannot therefore 100% guarantee the security of any data disclosed or transmitted over the internet.
26. Where you open an account you may be provided with log-in information and a password to access a personal account page. Where we do so, it is on the condition that you will be responsible for ensuring that such log-in information and any passwords are kept secure and confidential at all times. You will not share any log-in information or passwords, without our express authorisation. We cannot be responsible for any loss or damage caused by your negligence, misuse of log-in details or your decision to share account access with others.
Your Legal Rights
28. Please inform us if you do not want your personal data to be used for direct marketing purposes. Also, if you previously agreed to us using your personal data for direct marketing, you are free to change your mind at any time by writing to us at the address below.
29. If you believe that any personal data that we are holding about you is incorrect or incomplete, you can also notify us at any time. You have the right to request information regarding the personal data which we hold about you in accordance with the Data Protection Act 1998. Please note that in relation to such a request, a small administration fee may be payable and we may ask for further information to clarify your request or verify your identity before releasing any information.
30. If you would like to a request in relation to any of the above please send a written notice to the following address: (a) By post: 31/F, Tower Two, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong, or (b) By email: firstname.lastname@example.org