澔亞國際有限公司KOA International Limited(「本公司」)
關於《個人資料(私隱)條例》(「條例」)的私隱政策聲明以及收集個人資料聲明
致客戶及其他個別人士的通知


1. 本公司承諾在遵守《個人資料(私隱)條例》的規定,會完全符合並且在可能的情況下遵守國際認可的個人資料保障水平。 為履行此承諾,我們會確保屬下職員依從保安及保密方面的嚴格規定。

2. 此政策內「個人資料」一詞含有條例所解釋的意義。

本公司的政策

3. 本公司會確保所收集及/或儲存及/或傳送及/或使用的所有個人資料,必遵照條例規定的責任及要求處理。 倘若個人以合法方式要求取得及/或修正本公司所持有關於其本人的個人資料,本公司可根據條例規定的時限及方式提供及/或修正上述資料。

個人資料的收集

4. 本公司會要求客戶提供下列的個人資料(以及不時更新的個人資料),以便就其提供的產品及服務進行推銷、提供、登記及管理。 倘若沒有此等資料,便有機會不能滿足客户的服務要求。

5. 如果客戶不是本公司的YM註冊會員,可以用一般訪客身份瀏覽本公司的網站,但客戶有機會未能使用本公司提供給註冊會員的所有服務和功能,包括於網上訂購。 客戶成為本公司YM註冊會員時需要提供個人資料,以獲得本公司提供註冊會員之服務,例如通過電子郵件收到的最新消息、回應客戶的查詢、及參與本公司的活動等。

6. 非YM註冊會員的客戶可以於本公司的網站購買各款產品,本公司只會收集相關的個人資料以履行訂單(如客戶的姓名、聯繫方式和支付/信用卡信息),但並不能享用有關折扣/服務/優惠。

7. 本文所有對「個人資料」的提述包括(但不限於):
(a) 姓名、出生月份和日期、性別;
(b) 地址、通訊地址、電話號碼、傳真號碼、電郵地址、通訊及社交應用程式或軟件的識別名稱;
(c) 地理位置、網站瀏覽量和購買行為;
(d) 付款詳情,包括附有咭主姓名之信用卡及銀行資料;
(e) 用以核對身份的資料,包括身份證明文件類別及號碼及有相片及姓名之證明文件;
(f) 健康狀况、疾病紀錄。

8. 在某些情況下,客户或需按要求提供若干資料,以便我們改善產品和服務,及/或提供切合客户需要的資訊。 客户可選擇不提供此類資料,然而,若有關的產品和服務是按客户所需而設,或產品和服務的供應是需要客户提供一切所需資料,不提供此等資料會令本公司不能提供有關服務。 此類個人資料可包括(但不限於):
(a) 婚姻狀况;
(b) 薪金水平及僱員資料;
(c) 教育程度及職業;
(d) 其他有關並已使用的產品及服務;
(e) 家庭資料。

9. 客戶致電及接聽本公司的訂購及/或服務熱線及/或查詢電話時可能會被錄音,錄音的目的包括訂單紀錄、品質管理、以及員工的工作表現評估、管理和發展等。 除非在致電時有所聲明,否則該段錄音並不屬於致電者的個人資料,故並不受制於條例中的規定,致電者就該資料並無任何法定、合約或民事侵權等權利及/或不得提出索償。 本公司會時常確保該錄音不會在無意中或在未經授權的情況下被人取用。

個人資料的使用

10. 客戶之個人資料可能會被使用於:
- 核實客戶身份;
- 向客戶提供產品和服務(包括送貨服務及預約本公司的服務);
- 處理網站的購物車;
- 跟進各種服務的申請、參加各類活動、和履行任何訂單(包括會員身份之驗證及安全檢查);
- 推廣和宣傳(包括本公司、聯營公司及合作伙伴的推廣和宣傳工作);
- 改善向客戶提供產品和服務;
- 回應客户的查詢;
- 核實、執行及處理客戶的付款;
- 處理賬戶之日常運作及/或收取客戶賬戶未付的款項,包括聘用追收公司;
- 維持、管理、改良會員制度,包括將客戶的個人資料儲存及處理;
- 分析及核對客户資料;
- 分析跟本公司有關的各種趨勢、用量和購買行為(包括以個人或集合資料作為基礎),以協助於本公司更妥善地了解客戶和本公司的客戶群如何使用本公司的網站和服務,並改善本公司的服務以便有效地回應客戶的願望和喜好;
- 法例要求或准許披露的事項;及
- 客戶與本公司之間不時共同同意的其他用途,包括本公司的會員申請書、產品訂購表或預約服務申請等文件所列明的用途。

11. 本公司會將個人資料保存至達到原來目的、或直接有關之目的為止(除非上述個人資料可根據任何適用法例規定須繼續保存)。 在特定的儲存期限後,個人資料將從本公司的儲存系統中被清洗。 如與法律抵觸,或者法律另有規定,或在法律允許的前提下,本公司將只保留必要的客戶個人資料以履行目的,本公司亦會於客戶決定刪除其會員帳戶後在合理而可行的時間內盡快處理,並確保由第三方持有的客戶個人資料亦得以盡快刪除。

12. 本公司會對其持有的個人資料予以保密,但本公司可能會把該等資料提供及披露給下述各方作上述用途:
(a) 任何代理人、承包人、或向本公司提供行政、電訊、電腦、付款、收費結算、代寄郵件、送貨或其他與本公司業務運作有關的服務的第三方服務供應商,不論其所在地;
(b) 任何對本公司有保密責任的人士,包括本公司集團內已承諾保持該資料保密的公司;
(c) 本公司或其任何分店在根據對其本身或其任何分店具約束力或適用的法例規定下之責任或其他原因而必須向該人作出披露,或按照及為實施由任何法定、監管、政府、稅務、執法或其他機構或服務提供者之自律監管或行業團體或組織所提供或發出的指引或指導需預期向該人作出披露,或根據與本地或海外之法定、監管、政府、稅務、執法或其他機構或服務提供者之自律監管或行業團體或組織之間的任何合約承諾或其他承諾而向該人作出任何披露之任何人士,而該等人士可能處於香港特別行政區境內或境外;
(d) 本公司的任何實在或建議承讓人或就本公司對客户的權利的參與人或附屬參與人或受讓人;
(e) 本公司之任何集團成員;
(f) 第三方服務機構、承保人、信用卡公司、商品及服務供應商;
(g) 第三方獎賞、年資獎勵、聯名合作及優惠計劃供應商;
(h) 本公司之聯名合作夥伴【有關服務和產品的申請表上會提供聯名合作夥伴的名稱(視屬何情況而定)】;
(i) 慈善或非牟利組織;及
(j) 獲本公司聘用之第三方服務供應商(包括但不限於代寄郵件公司、送貨公司、電訊公司、電話促銷及直銷代理人、電話服務中心、數據處理公司及資訊科技公司),不論其所在地。
本公司可能為上文所列之目的不時將客户的資料轉移往香港特別行政區境外的地區。

13. 本公司可能不時地將匿名和集合資料向第三方轉移,其中可能包括以匿名形式存在的客戶個人資料,而這些資料不會(也不能)以任何方式對客戶進行識別。
14. 如果客戶未能提供個人資料及信息予本公司,本公司將可能無法提供所有服務。

15. 客戶可以隨時向本公司提供各種第三方的個人資料(例如收件人資料)。 客戶同意客戶已經獲得相關第三方同意並向本公司提供其個人資料(按照本文收集、使用和存放)。

有關使用網站收集個人資料的條款

16. 本公司會自動收集有關客戶瀏覽本公司網站及使用網站服務時的資料,以收集本公司伺服器使用情況的統計數據,並幫助本公司更有效地滿足客戶的需求和期望,這可能包括但不限於客戶的瀏覽器類型和版本、操作系統及IP地址和/或域名。 如果客戶未滿18歲,通過訪問本公司的網站時,客戶將被假設經已將本文通知了客戶的父母和監護人,而且他們已經同意客戶受本文的各項條款約束。

17. 本公司會使用相關功能以設置獨特的識別碼來確定客戶於跨設備上使用本公司網站的情況,本公司的系統會將此類情況定義為一個單一用戶,而非多個用戶。

18. 當客戶正在瀏覽本公司網站時(無論是作為一般訪客身份或註冊會員),均可能在客戶的電腦上安裝cookies以作識別,並使本公司能夠提供更具個性化的購物體驗,以及各種服務(如妥善處理網站購物車的內容)。 Cookies是存儲在硬盤上的小型信息文件,並獲大多數瀏覽器自動接受。 它並不會允許本公司讀取到客戶電腦的其餘部分或客戶的個人資料。 如果客戶不希望接受cookies,請更改瀏覽器的設定。 請注意,如果客戶的瀏覽器不接受cookies,可能會導致客戶未能使用本公司網站提供的所有功能和服務。

19. 本公司通過合理的實踐措施、電子措施和管理措施保護客戶提供給本公司的個人資料。 請注意,儘管本公司會努力監督上述情況,沒有任何安全性措施可以在任何時候都保證任何數據絕對安全。 為了保護客戶的個人資料,於瀏覽及使用本公司網站的同時,本公司會以Secure Socket Layer (SSL)-互聯網加密的行業標準,將任何客戶傳送給本公司網站的個人資料及信息進行加密。
20. 本文適用於本公司和本公司的網站,但不適用於任何其他第三方(包括由第三方保有的任何網站)。 在客戶向該等第三方(無論是否通過本公司的網站)提交客戶的任何個人資料之前,請查看並閱讀該等第三方的私隱政策。 本公司不對該等第三方的任何使用和侵犯客戶的個人資料的行為承擔任何責任或義務。

使用資料作直接促銷

21. 本公司擬使用客户的資料作直接促銷,本公司須為此目的取得客户的同意(包括客户不反對之表示)。 因此,請注意:
(a) 本公司持有客户的姓名、聯絡詳情、產品及服務組合信息、交易模式及行徑、財務背景及統計資料可不時被本公司用於直接促銷;
(b) 以下服務類別可作推廣:
(i) 健康、營養、保健、美容、護膚等方面的食品、產品和服務;
(ii) 獎賞、年資獎勵或優惠計劃及相關服務和產品;
(iii) 本公司的聯名合作夥伴提供之服務和產品【有關服務和產品的申請表上會提供聯名合作夥伴的名稱(視屬何情況而定)】;及
(iv) 為慈善及或非牟利的目的之捐款及資助;
(c) 上述服務及產品可由本公司及/或下述人士提供或(如涉及捐款及資助)募捐:
(i) 本公司之任何集團成員;
(ii) 第三方服務機構、承保人、信用卡公司、商品及服務供應商;
(iii) 第三方獎賞、年資獎勵、聯名合作及優惠計劃供應商;
(iv) 本公司之聯名合作夥伴【有關服務和產品的申請表上會提供聯名合作夥伴的名稱(視屬何情況而定)】;
(v) 慈善或非牟利組織;
(d) 除本公司推廣上述服務及產品外,本公司同時擬提供列明於上述(a)段之資料至上述第(c)段的所有或其中任何人士,讓該等人士藉以用於推廣上述服務及產品,而本公司須為此目的取得客户同意(其中包括客户不反對之表示);
(e) 直接促銷的途徑包括(但不限於):
(i) 電話; (ii) 短訊(在本文各條包括以Whatsapp或類似的應用程式或通訊及社交軟件發送的各類訊息); (iii) 郵寄; (iv) 電郵。
(f) 如本公司不會因為提供資料予其他人士而獲得任何金錢或其他回報。

22. 倘若客戶希望停止或(若客戶已取消接收)重新接收本公司的資訊,客戶可隨時連同已登記的姓名及會員號碼,電郵至privacy@koa.com.hk通知私隱條例事務主任。

查閱及改正個人資料


23. 根據條例中的條款,任何客戶有權:
(a) 查核本公司是否持有他的資料及查閱該等資料,並取得該等資料的副本;
(b) 要求本公司改正任何有關他的不準確的個人資料以達致使用該資料之目的;
(c) 查明本公司對於資料的政策及慣例和獲告知本公司持有的個人資料種類。

24. 根據條例的條款,本公司有權就處理任何查閱資料的要求收取合理費用。

25. 本公司於接納有關取用要求的真確性及有效性後,會盡力依從該要求,並在條例規定的期限內予以回覆。

關於本公司個人資料(私隱)條例的聯絡詳情

26. 任何關於查閱或改正資料,或索取關於資料政策及慣例或所持有的資料種類的要求,應向下列人士提出:

privacy@koa.com.hk

私隱條例事務主任
澔亞國際有限公司
地址:觀塘觀塘道418號創紀之城5期1606-07室

電話: (852) 3122 3122
傳真:(852) 3122-3311

27. 本文之中文本謹作參考之用,如與英文原文有任何差異之處,一概以英文原文為準。


KOA International Limited (the "Company")
Notice to Our Customers and Other Individuals
Regarding Our Privacy Policy Statement and Statement on Collection of Personal Data Formulated Pursuant to the Personal Data (Privacy) Ordinance (the "Ordinance")



1. The Company undertakes to fully observe and satisfy the requirements of the Personal Data (Privacy) Ordinance and also comply with the internationally recognized standard of protection for personal data to the largest possible extent. To perform this undertaking, we will ensure that our employees observe rigorous security and confidentiality requirements in this aspect.

2. The term "personal data" as used in this Policy Statement has the meanings of this term as defined in the Ordinance.


Our Policy

3. The Company will ensure that all personal data collected, stored, transmitted and/or used by us will be handled as required by the Ordinance. If any individual legally asks for obtaining and/or correcting his own personal data held by the Company, the Company may provide and/or correct the data in the timeframe and manner required by the Ordinance.

Collection of Personal Data

4. The Company may ask clients for their personal data as described below (as well as any updates of such personal data) in order that the Company can promote, provide, register and manage the products and services provided by us. Lack of such personal data may render it impossible to satisfy the needs of the clients for the relevant services.

5. For a client who is not a registered YM member of the Company, he can visit the website of the Company as a general visitor but he may not be able to use all of the services and functions available to registered YM members, including the online ordering function. A client has to provide his personal data when registering to become a YM member of the Company in order that services for registered members, such as emails on our updates, feedbacks to enquiries and comments and enrolments for the Company’s activities can be made available to him.

6. Customers who are not our registered YM members may order our products at our outlets. In that case, the Company will only collect the relevant personal data (such as the name, contact details and payment/credit card information) from the customers for performing orders but discounts/services/special offers will not be made available to the customers.

7. All references to the term "personal data" in this document include (without limitation):
(a) name, day and month of birth, and gender;
(b) address, correspondence address, telephone number, facsimile number, email address, and identity on social media applications or software;
(c) geographical location, frequency of website visits and purchasing behaviours;
(d) payment details, including credit card and bank information having the cardholder’s name;
(e) information used for verifying identity, including the type of identity document held and its number, as well as identity document bearing the person's photograph and name; and
(f) records on health condition and sickness.

8. In certain situations, a customer may be asked to provide certain kinds of information for us to improve our products and services and/or to allow us to make tailored information available to the customer. The customer may choose not to provide us with the requested information. However, where the product or service is tailored to the customer's needs or the supply of the product or service is conditional upon receipt of relevant necessary information from the customer, non-availability of the information to the Company may render us unable to provide the service to the customer. Such personal data may include (without limitation):
(a) marital status;
(b) salary level and employment information;
(c) education level and occupation;
(d) other relevant products and services used previously; and
(e) family details.

9. Calls to or from the Company's order/service/enquiry hotlines may be recorded. The purposes of such recording include order recording, quality management, as well as assessment, management and development of our employees’ performance. Unless otherwise stated at the time of making the call, the recording does not fall within the personal data of the caller and therefore is not subject to the Ordinance. The caller has no rights and/or should not make any claims whatsoever in respect of the information given whether under law, contract or tort. The Company always makes sure that such recordings will not be accessed and/or used by unauthorized persons whether unintentionally or not.

Use of Personal Data

10. The personal data of a customer may be used for the following purposes:
- to verify the identity of the customer;
- to enable the provision of relevant products or services (including their delivery and reservation) to the customer;
- to handle the shopping cart made available on our website;
- to follow up applications for our services, attendance at our activities and performance of orders placed (including verification of member’s identity and conduct of security checks);
- to conduct promotional and advertising efforts (including those conducted by the Company, our affiliated companies and our business partners);
- to improve the provision of products and services to the customer;
- to respond to the customer's enquiries;
- to verify, effectuate and handle payments from the customer;
- to conduct the daily operations of the customer’s account and/or to collect receivables from the customer, including doing so through a collection agency engaged;
- to maintain, administer and improve the membership system of the Company, including the storage and handle of the customer's personal data;
- to analyse and verify information about the customer;
- to analyse trends, consumption volume and purchase behaviours relevant to the Company (whether doing so on basis of an individual’s or collective personal data) to facilitate our better understanding of the behaviour of individual customers and customer groups in using our website or services and to facilitate improvement of our services for more effective response to customers' desires and preferences;
- to respond to disclosure requests required or permitted by law; and
- to achieve other purposes as may be agreed by the customer and the Company from time to time, including purposes set forth on membership applications, product orders or service booking forms.

11. The Company will only keep the personal data until the time when the intended or directly relevant purpose of use has been achieved, unless when continued retention of the personal data is required under applicable ordinances. After expiration of the specific retention period, the personal data shall be deleted from the Company's data storage system. Where retention of personal data contradicts the law or the law provides otherwise, the Company will only retain personal data necessary for achieving the purposes of use to the extent permitted by law. In case a customer requests to terminate his membership, the Company will process the request as soon as reasonably practicable and will also procure prompt deletion of any personal data of the customer held by a third party.

12. The Company will keep personal data held by it confidential and may only provide and disclose such personal data to the following parties for the above purposes:
(a) any agents, contractors or third party service providers who provide the Company with administration, telecommunication, computer, payment, fee settlement, mail forwarding (including messaging) or goods delivery services or other services relevant to the operations of the Company, wherever located;
(b) any persons who owe confidentiality obligations to the Company, including companies in the Company’s group which have undertaken to keep the personal data confidential;
(c) any persons to whom disclosure of the personal data by the Company or any of its branches is required by relevant binding or applicable laws and regulations or otherwise; any persons to whom disclosure of the personal data is expected according to or in order to implement the guidelines or directions provided or issued by any legal, regulatory, government, taxation, law enforcement or other authorities, or self-regulating or industrial bodies of service providers; any persons to whom disclosure of the personal data is required under undertakings, contractual or otherwise, made with any local or overseas legal, regulatory, government, taxation, law enforcement or other authorities, or self-regulating or industrial bodies of service providers, whether the above persons are situated in or outside the Hong Kong SAR;
(d) any actual or proposed assignee of interests in the Company, or any participant, sub-participant or assignee of the Company’s right against the customer;
(e) any members of the Company’s group;
(f) third party service providers, insurers, credit card companies, and goods or service providers;
(g) third party reward, loyalty, co-branding and privileges program providers;
(h) co-branding partners of the Company (whose names can be found on the application form(s) for the relevant services or products, as the case may be);
(i) charitable or non-profitmaking organizations; and
(j) third party service providers engaged by the Company (including but not limited to mail forwarding companies, goods delivery companies, telecommunication companies, telemarketing and direct sale agents, call centres, data processing companies and IT companies), wherever located.

13. The Company may transfer anonymous and aggregated data to third parties from time to time, which may include personal data of customers in an anonymous format and which does not (and is not able to) identify customers in any way.

14. If a customer fails to provide his personal data and information to the Company, we may not be able to make all of our services available to him.

15. A customer may provide personal data of a third party (such as the details of an addressee) to the Company from time to time; and in that event, the customer agrees that it has obtained the consent of that third party to the provision of the personal data to the Company (as well as the collection, use and storage of the personal data in accordance with these provisions).

Collection of Personal Data through Our Website

16. The Company will automatically collect information about customers' visits to of our website and their use of services available on our website in order to compile statistics on use of the Company’s server and help us more effectively satisfy our customers' demands and expectations. The information to be collected may include (without limitation) a customer's browser model and version, operating system, IP address and/or domain name. For a customer under 18 years old, when he visits our website, the Company will assume that he has informed his parents or guardian of this Policy and that his parents or guardian has given consent to the binding effect of this Policy on the customer.
17. The Company will set a unique identification code to monitor use of the Company’s website on multiple devices by a customer by using relevant functions. The Company’s system will define such use as use by a single user instead of by multiple users.
18. When a customer visits the Company’s website (regardless whether as a general visitor or as a registered member), cookies may be installed on the customer’s computer to enable identification of the customer and to make it possible for the Company to provide more personalized shopping experience and other functions (such as proper handling of the shopping cart contents). Cookies are small text files which are stored on the hardware of a computer and are automatically accepted by most browsers. Cookies will not allow the Company to access the other parts of the customer’s computer or the personal data of the customer. If the customer does not wish to accept cookies, he should change the settings of the browser. Please note that if the browser on the customer’s computer does not allow the installation of cookies, the customer may not be able to use all of the functions and services available on the Company’s website.
19. The Company is committed to protecting the personal data provided by customers by taking reasonable practical, electronic and administrative measures. Please note that notwithstanding our monitoring efforts, no safety measures will guarantee absolute safety of any data at all times. In order to protect the personal data of customers, when customers visit and use our website, the Company will carry out encryption of personal data and information transmitted by customers to the Company’s website by using Secure Socket Layer (SSL), a cryptographic protocol which provides security over internet communications.
20. This Policy is applicable to the Company and the Company’s website but not to any third parties (including any websites maintained by third parties). It is advisable that before submitting any personal data to a third party (whether through the Company’s website or otherwise), customers should read and understand the privacy policy of the third party. The Company should not be held liable for any use or infringement of personal data of customers by third parties.

Use of Data for Direct Marketing

21. The Company intends to use data regarding customers in direct marketing. For this purpose, the Company has to obtain the consent of the customers (including their indication of no objection). Therefore, please note that:
(a) The names, contact details, product and service portfolio information, transaction patterns and behaviours, financial backgrounds and demographic data of customers held by the Company may from time to time be used by the Company in direct marketing;
(b) The following classes of services may be marketed:
(i) health, nutritional, healthcare, cosmetic and skincare food, products and services;
(ii) reward, loyalty or privileges programs as well as related services and products;
(iii) services and products offered by the Company's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
(iv) donations and contributions for charitable and/or non-profitmaking purposes;
(c) The above services and products may be provided or (in the case of donations and contributions) solicited by the Company and/or the following persons:
(i) any member of the group companies of the Company;
(ii) third party service institutions, insurers, credit card companies, and product/service providers;
(iii) third party reward, loyalty, co-branding or privileges program providers;
(iv) co-branding partners of the Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
(v) charitable or non-profitmaking organizations;
(d) In addition to marketing the above services and products, the Company also intends to provide the data described in paragraphs (a) above to all or any of the persons described in paragraph (c) above for use by them in marketing those services and products, and the Company requires the customer’s consent (which includes an indication of no objection) for that purpose;
(e) Direct marketing may be conducted through channels including but not limited to:
(i) telephone calls;
(ii) sms messages (which term when used in this Policy Statement should include messages sent by the use of WhatsApp or similar applications, or other communication and social media software);
(iii) mails; and
(iv) e-mails;
(f) The Company will not receive monetary or other remuneration in return for providing the data to other persons.

22. Customers can at any time send a request to our PDPO Officer together with registered name and membership number to stop receiving updates or to start receiving them (if they have unsubscribed from receiving such updates before) via email at privacy@koa.com.hk.

Data Access and Correction

23. According to the Ordinance, any customer should have the right:
(a) to check whether the Company holds data about him, to have access to such data and to obtain a copy of it;
(b) to require the Company to correct any personal data relating to him which is inaccurate, so that the intended purpose of using such data can be achieved; and
(c) to ascertain the Company's policies and practices in relation to data and to be informed of the kind of personal data held by the Company.

24. According to the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.

25. The Company will, upon satisfying ourselves of the authenticity and validity of a correction request, make every endeavour to comply with and respond to the request within the period required by the Ordinance.

Our Personal Data (Privacy) Ordinance Contact Details

26. The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:

privacy@koa.com.hk

PDPO Officer
KOA International Limited
Rooms 1606-07, Millennium City 5
418 Kwun Tong Road
Kowloon

Telephone: (852) 3122-3122
Facsimile: (852) 3122-3311

27. The Chinese and Japanese versions of this Policy Statement are solely for reference. In case of discrepancies between the English and Chinese/Japanese versions, the English version shall prevail.
(May 2017 version)