1. Your Privacy
We respect the personal data privacy of all individuals and pledge to be in compliance with the requirements of the Personal Data (Privacy) Ordinance of Hong Kong ("PDPO") so that the privacy of your personal data is protected in accordance with the standard required by law. In doing so, we require all our staff to comply with the PDPO in the same manner as the PDPO applies to us as a whole and adhere to the strictest standards of security and confidentiality.
"Personal Data" is information that relates to an identified or identifiable individual. We may collect your information in the following categories:
Information about you:
- your name, gender, age, date of birth, HKID card/identification document number, phone number, fax number, residential address, corresponding address, email address, signature, biometrics data, and biomedical specimens;
Information to process your order or use of our Services and/or Products:
- credit card information, bio-medical data, medical records, medical reports, medical images, and medical photos;
Information relating to your associated organisation, friend(s), or family member(s):
- the name of the organisation, title in the organisation, your staff/membership number of such organisation, the name of your friend(s) or family member(s), your relationship with the friend(s) or family member(s), their HKID card/identification document number(s), and their signature;
- IP address, browser settings, browsing records, and/or other Internet log information;
Additional information you may wish to provide us with:
- your occupation, education level, hobbies, favourite activities, social media contacts, and any other information you may disclose at any time.
2. How do we collect and store your Personal Data
EC Healthcare may collect your Personal Data via the following methods:
- directly from you when you submit our membership registration/application;
- directly from you when you submit Personal Data to indicate your interest in or when purchasing our Services and Products via our websites, mobile applications, social media platforms, and any online or face-to-face communication between you and us;
- directly from third parties (e.g. acquired businesses, authorised licensors, strategic business partners, landlords, and franchisers); and
- other sources (e.g. public databases, marketing partners, and relevant third parties).
You will also be required to supply EC Healthcare with Personal Data from time to time throughout your use of Services and Products provided by us. All Personal Data collected will be stored within the EC Healthcare personal data system.
3. Purposes for which your Personal Data will be used
The purposes for which your Personal Data may be used are as follows:
- to determine and verify your eligibility for registering for our membership and using our Services and Products;
- to enable us to store your Personal Data and identify possible multiple applications and obtain records of your use of our Services and Products across the Group from time to time;
- to identify you and any accounts you hold with us on behalf of your family members and/or friends;
- to enable the provision of our Services and Products to you, including customer services such as handling complaints and account inquiries, order processing, appointment arrangement, processing of insurance claims, and processing of payment instructions or collection of amounts outstanding from you in relation to the provision of our Services and Products, medical testing and diagnosis, laboratory services including testing services etc.;
- to create customised communications according to your interests and preferences so as to give you the best client experience while using our Services and Products. We may also make use of data analytics tools to determine the effectiveness of our offers, advertisements and promotions and your interest in new products or services so as to customise the products or services to be presented to you;
- to optimise our Services and Products, websites, mobile applications and other online platforms through various means including but not limited to the use of data analytics tools, research, surveys and feedback forms so that we may review and improve our business, marketing and strategic operations and plans;
- to determine and verify your eligibility for discounts and promotions on our Services and Products;
- processing applications or renewal applications for Services and Products provided by our business partners on your behalf;
- processing any insurance claims for our business partners’ Services and Products on your behalf;
- as direct marketing of our Services and Products or services and products of our business partners subject to the section headed “5. Direct Marketing” below;
- to enable you to participate in the interactive features of our Services, including identifying your friends or individuals, and sharing or communicating with them your shopping experience at your own will;
- as fraud prevention and detection;
- for auditing purposes;
- to make such disclosures as required by applicable laws, rules, and regulations; and
- for all other purposes ancillary to the above purposes.
Any questions, comments, suggestions, or information other than your Personal Data that is sent or posted to any part of our Platforms by you will be considered as voluntarily provided to our Group on a non-confidential and non-proprietary basis. We reserve the right to use, reproduce, disclose, transmit, publish and/or post elsewhere such information freely, including passing it to any associated company for example, in connection with the development and marketing of services and to meet user needs.
We may also take your Personal Data and make it unidentifiable, either by combining it with information of other individuals or by removing any identifiable information from your Personal Data (such as your name) for, among other purposes, research and analysis to improve our provision of Services and Products.
Unless otherwise indicated, it is obligatory to supply the requested Personal Data. Failure to provide the requested Personal Data may result in us not being able to process your application or provide you with the necessary support during your use of our Services and Products.
If necessary, we may transfer your Personal Data to places outside of Hong Kong for carrying out the purposes, or for the directly related purposes, for which the Personal Data is to be collected. All such transfers will be carried out in compliance with the requirements of the Ordinance.
Furthermore, subject to relevant laws, rules and regulations, we may from time to time use your Personal Data collected through the Group’s various systems/platforms and other interactions with you in direct marketing (see section 5. Direct Marketing below).
All Personal Data will be kept confidential but we may disclose such information to third parties where such disclosure is necessary to fulfill one or more of the purposes as described in section 3 hereinabove. A list of classes of persons (who may be located within or outside of Hong Kong) to whom your Personal Data may be transferred can be found in the List of Potential Transferees of Personal Data as stated below.
- Third Party Service Providers, including agents and contractors;
- EC Healthcare and any of its brands, subsidiaries and affiliates; (a list of the brands, subsidiaries, and affiliated entities can be found on our website: https://www.echealthcare.com/our-brands/)
- EC Healthcare’s Business Partners;
- Purchaser of a whole or any part of our businesses;
- Professional Advisors and Assignees;
- Governments, law enforcement authorities, courts, and tribunals;
- Legal and other professional advisors, insurers, loss adjustors, and rehabilitation service providers;
- Any third party whom you have authorised to obtain your Personal Data from the Group.
5. Direct Marketing
From time to time, the Group may use your Personal Data to send you news, offers, promotions, and joint marketing offers and the Group must obtain your consent for the purposes mentioned hereinabove.
The types of direct marketing activities EC Healthcare and its affiliated companies may conduct using your Personal Data include providing you with information and details in connection with the latest news, events, updates, contests, discounts, promotions, offers; products, services and rewards offered by our Group and our business partners, which relate to beauty, healthcare and wellness, personal care, pet care, baby care, maternity care, lifestyle, travel, technology, lucky draws and contests, media, e-commerce services and reward programmes.
EC Healthcare and its affiliated companies will do this through various communication channels such as direct mail, email, telephone, SMS, mobile applications notifications, social media, and text/ picture/ video messages by using your Personal Data held by the Group. We will not use your Personal Data in direct marketing without your consent.
EC Healthcare and its affiliated companies will analyse your preferences, online behaviour and transactional history in order to gain insights, so that we can customise the content and types of news, events, updates, contests, promotions, offers, products, services and rewards that we present to you via our communications, online platforms, social media and other communication means.
If you do not wish EC Healthcare and its affiliated companies to use your Personal Data in direct marketing, you may indicate your objection by checking the box when providing your Personal Data.
If you wish to opt-out of direct marketing from EC Healthcare and its affiliated companies anytime in the future, please send your English full name and membership number to firstname.lastname@example.org indicating that you wish to opt-out from EC Healthcare using your Personal Data in direct marketing. Upon receipt of the request, we shall cease to use your Personal Data for the purpose of direct marketing as soon as practicable without extra charges.
- recognise you whenever you visit our Websites and/or mobile applications;
- obtain information about your preferences, viewing and browsing behaviour, online movements, and use of the Internet;
- keep track of the items stored in your account and take you through the checkout process;
- carry out research and statistical analysis to help improve our Services and Products and to help us better understand our visitor and customer requirements and interests;
- target our marketing and advertising campaigns and those of our business partners and advertisers more effectively by providing interest-based advertisements that are personalised to your interests;
- make your online experience more efficient and enjoyable; and
- enable tighter security.
The security and confidentially of your Personal Data are extremely important to us. EC Healthcare will take all appropriate steps to protect your Personal Data. We have implemented technical, physical, administrative, and all reasonable and practicable measures to protect your Personal Data from any unauthorised access, disclosure, use and modification. These measures include:
- Education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
- Administrative and technical controls to restrict access to personal data on a “need-to-know” basis;
- Technological security measures, including fire walls, encryption and anti-virus software; and
- Physical security measures, such as staff security passes to access our premises.
From time to time, we review our security procedures in order to consider appropriate new technology and methods. Although we use appropriate security measures once we have received your personal information, the transmission of data over the internet (including by e-mail) is never completely secured. We endeavour to protect personal information, but we cannot guarantee the security of data transmitted to us or by us.
8. Retention of Personal Data
EC Healthcare will keep your Personal Data for as long as necessary to fulfill the purposes for which the personal data was collected or for a directly related purpose. This means that, for example, Personal Data collected to fulfill your request for Services and Products will be erased, deleted, destroyed or anonymised after their delivery by using technical or other means to render such information unidentifiable or unusable, unless it is necessary to keep such information for other purposes and we have informed you of such other purposes at the time of collection of the Personal Data or obtained your consent.
10. Your Right to Access and Correction
You may, at any time, request access to and correction of your Personal Data in the records of EC Healthcare’s personal data system, and a fee may be required by us for processing your request.
To exercise any of your rights please write to us at Room 2107-08, 21/F., Office Tower, Langham Place, Mong Kok, Kowloon or send us an email at email@example.com. We shall respond to your request within 40 days.
You may be invited to provide to EC Healthcare your personal data through face-to-face communication, our website(s) or other media on a voluntary basis for the purposes stated hereinabove at different times. If you are under the age of 18, you should obtain consent from your parent or guardian before you provide EC Healthcare with your personal data..
Date of Last Revision: 7 October 2022