PRIVACY POLICY OF BNET-TECH COMPANY LIMITED
Effective Date: [•] 2020
Version: 2
BNET-TECH COMPANY LIMITED (“BNET”, “our”, “we” or “us”) (CR No. 2355254) is committed to protecting your privacy and ensuring that all personal data provided to us is handled in accordance with the relevant provisions of the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”), the Data Protection Principles and this privacy policy (“Policy”).
***Please read this Policy carefully before furnishing us any information about you or any other person***
This Policy describes the personal data which will be collected or processed when you use our mobile applications, including STICKu App, [Name of Partner App] and HealthTact (collectively referred to as the “Apps”). It explains how your personal data is used, shared and protected, what choices you have relating to your personal data, and how you can reach us.
The Apps may include links to third-party websites, plug-ins, services, social networks or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. We do not control these third-party websites, and we encourage you to read the privacy notice of every website you visit.
In this Policy:
“personal data” means any information relating to you directly or indirectly, from which it is practicable for your identity to be directly or indirectly ascertained;
process” or “processing” means any operation performed on personal data, whether by automated means or not, including without limitation collecting, recording, structuring, amending, augmenting, deleting, rearranging, retrieving, using, disclosing or disseminating such personal data;
“services” means the functions provided in the Apps, including without limitation the “emergency alert”, “fall down alert” and “anti-loss alert” features in the STICKu App, the [“find missing elderly” feature] in [Name of Partner App], and the “contact tracing” feature in HealthTact; and
“STICKu” means the multi-functional walking stick developed by BNET.
Navigating this Policy
You can click on the links below to jump to the relevant section:
- WHO is responsible for processing your personal data ?
- WHY and HOW do we use your personal data?
- WHAT personal data do we collect and WHEN?
- TOOLS to manage what personal data we collect
- SHARING your personal data
- PROTECTION and MANAGEMENT of your personal data
- DIRECT MARKETING
- CHANGES to our Policy
- QUESTIONS, complaints and feedback
WHO is responsible for processing your personal data?
BNET is responsible for processing your personal data.
WHY and HOW do we use your personal data?
We use your personal data in the following ways:
Tocreate your user account
We require your personal data, such as your identity and contact information, to admit you as a new registered user of the Apps or to otherwise facilitate our provision of the services and functionalities of the Apps to you. You will only be able to enjoy the services after we receive the necessary information and, if relevant, all verification processes are successfully completed. If you are a STICKu user and are unable or unwilling to provide such information to us, you may still be able to use the STICKu (subject to the Terms of Use) but you may not be able to receive all or part of the services which can only be rendered with the use of the STICKu App.
Toprovide the features of the Apps
When you use the Apps, we will use your personal data for rendering the services. For example, if your STICKu drops and is not picked up over a certain period of time, the STICKu App will automatically give a “fall down alert” to your nominated caretakers.
Some features and functionality in the Apps also record your location and movement. We will collect such data and store it so that you can review it in the Apps. If you have location services turned on, we may collect and use your mobile location for the purposes of certain services, features and functionalities in the Apps. For instance, if emergency situation arises, the STICKu App will send notifications to your nominated emergency contacts containing your name and location.
If you have persistent background location services turned on for our Apps (which you can do by going into your operating device settings and toggling on background sharing), we will obtain your device’s location in the following circumstances, even if you are not actively using the Apps:
- The HealthTact app will detect nearby devices which have also installed the same app, and information about your mobile location will be collected if it is near such nearby devices for contact-tracing purposes; and
- When we receive a missing elderly report from any verified emergency contact of a STICKu user, information about your mobile location will be collected through the [Name of Partner App] if you are near to that missing STICKu user.
We use various technologies to determine your mobile location, including but not limited to Bluetooth scanning. If you are sharing your background location with us (by turning on persistent background location services for our Apps), you may opt-out at any time by going into your operating device settings and toggling off background sharing.
In some cases, to use certain features in the Apps, you may need to provide us with additional data or additional consent. For example, to activate the “emergency alert” and “fall down alert” features on the STICKu App, you will need to provide us the contact details of your caretakers and emergency contacts respectively.
We may also use data about you to help you resolve a problem or question.
To communicate information about us and our services
We plan to enhance our services from time to time by adding innovative features and strengthening existing functions. We will share with you any updates through the Apps.
To operate, improve and maintain our services
We process the personal data you provide to us to improve our services, enhance the functionality of STICKu (if applicable) and our Apps, and perform various internal functions. For example, we may publish in our marketing materials the number of users of the Apps and their demographics in an anonymised or aggregated way. We may also furnish to sponsors or funders your personal data as a condition to receive their sponsorship or funding.
We may collect and use information about how you use our services to enhance the user experience of the Apps, help us diagnose technical and service problems and administer the Apps.
To protect our or others’ rights, property or safety
We may also collect and use information about how you use the Apps to prevent, detect, or investigate fraud, abuse, illegal use, violations of our Terms of Use, and to comply with court orders, governmental requests or applicable laws, regulations and guidelines.
For general research and analysis purposes
As a social enterprise with the social objectives such as enhancing the safety and mobility of the elderly, we may use your personal data to understand the elderly population in Hong Kong, including without limitation their activities, habits, preferences and behaviours, so that we can conduct further research, publish reports, innovate new products and services and work with other stakeholders (e.g. government, non-governmental organisations, charitable organisations, hospitals, clinics and elderly homes) to better the lives of elderly people.
WHAT personal data do we collect and WHEN?
The personal data we may collect includes without limitation:
- your contact details including name, email, telephone number and address;
- sensor data;
- location data;
- login and account information, including screen name, password and unique user ID;
- personal details including gender and date of birth;
- fitness activity data provided by you or generated through the STICKu App, if applicable (e.g. time, duration, distance, location, walking steps);
- contacts and calendar information;
- movement data from your device’s accelerometer; and
- personal preferences.
We collect additional personal data from you to enable particular features within the Apps. For example, if you are using STICKu app, we may access your mobile’s location data to keep track of your whereabouts and we may access your nominated contacts to enable your mobile device to automatically send notifications when there is an emergency situation; if you are using [Name of Partner App], we may access to your mobile’s location data and use that information to help locate missing elderly.
When interacting with the Apps, certain data is automatically collected from your device. Such data includes without limitation:
- device IDs, network access, storage information and battery information; and
- cookies and IP addresses.
TOOLS to manage what personal data we collect
When using the Apps, we may provide notice or obtain consent for certain scenarios. For example, we may send push notifications. Such consent may be obtained through the Apps or using the standard permissions available on your device.
In many cases, your mobile device platform will provide additional tools to allow you to control when your device collects or shares particular categories of personal data. For example, your mobile device may offer tools to allow you to manage location sharing. We encourage you to familiarise yourself with and use the tools available on your devices.
PROTECTION and MANAGEMENT of your personal data
Retention of your personal data
Your personal data will only be kept as long as required for the purposes for which such personal data is collected, used and/or disclosed, or for any legal or business purposes. For the avoidance of doubt, we will retain your personal data during the period you use our services and for a reasonable period thereafter.
Storage and security of your personal data
The personal data that we collect will generally be held on our behalf by third party data storage provider(s). Sometimes we also keep hard copy records of personal data in physical storage facilities. We use a range of physical and technical processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time to address new and emerging security threats of which we become aware.
For users of HealthTact App, the encrypted location data recorded will be primarily stored on your device for 21 days and will only be uploaded to our system and made available to us for processing at the time when you notify us that you are infected [or suspected to be infected] with COVID-19. Such location data will be automatically deleted from your device within 21 days on a rolling basis. Such location data will also be deleted from your device if you remove HealthTact from your device.
If another HealthTact App user notifies us that they are infected [or suspects to be infected], you will receive a notification if you have been within the vicinity of that user in the last 21 days (the Health Tact App would run a comparison between your encrypted location data stored on your device and the encrypted location data of the infected [or suspected to be infected] user downloaded from our server).
Access, correction and deletion personal data
You provide your personal data to us on a voluntary basis, except where we specify that it is mandatory to access or activate certain of the services. In accordance with the PDPO, you may request access to your personal data held by us. A reasonable charge may be imposed to cover the administrative cost of preparing an electronic copy of your personal data. You are also entitled to correct some aspects of your personal data held by us, and request us to cease to use your personal data at any time without charge.
There may be instances where we are unable to provide the information you request, for example, where it would otherwise infringe any laws, interfere with the privacy of others, or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your requests.
Uninstalling the Apps will not automatically delete any information already uploaded to our central storage. If you wish any of your personal data uploaded to our central storage to be deleted, you can expressly ask us to delete your information using the feedback form on our website.
DIRECT MARKETING
We may from time to time use your personal data in order to send you marketing materials about, without limitation, our events, programmes, research, volunteer opportunities, news update, and impact reports. We may not use your personal data unless we have received your consent.
You may opt out of receiving marketing communications at any time by submitting the feedback form on our website with your full name and contact details. We will then stop any further marketing related emails from ourselves. Please note that you may continue to receive communications for a short period after changing your preferences while we are updating our systems.
If we use your personal data in any direct marketing communications, you have the right to request that we provide you with the source of that personal data. There is no fee for requesting this information. We will provide you with the source of personal data unless it is impracticable or unreasonable to do so.
CHANGES to our Policy
We reserve the right to update, revise, modify or amend this Policy from time to time as we deem necessary. We therefore ask you to review this Policy frequently. Changes and clarifications will take effect immediately upon their posting on the Apps. If we make material changes to this Policy, we will notify you in the App(s) that it has been updated.
QUESTIONS, complaints and feedback
We aim to implement high standards in order to protect your privacy. However, if you are concerned about the way in which we are processing your personal data or think we may have violated any applicable privacy laws, or any other relevant obligation, please contact us using the feedback form on our website. We will make a record of your complaint and conduct further investigation if necessary. We will handle your complaints as soon as we can and keep you informed of the progress of our investigation.
Should you have any enquiries or feedback about this Policy, feel free contact us using the feedback form on our website.
***