At Hawk Internet Co., Limited (“we”, “us”, “our”), we regularly collect and use information that could identify an individual (“personal data”), in particular about your purchase or use of our products, services, mobile and software applications and websites (“you”, “your”). The protection of your personal data is very important to us, and we understand our responsibilities to handle your personal data with care, to keep it secure and to comply with legal requirements.
Please read this Policy carefully. This Policy is not intended to override the terms of any contract that you have with you or any rights you might have available under applicable data protection laws.
We may make changes to this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We encourage you to regularly check and review this policy so that you will always know what information we collect, how we use it, and who we share it with.
- 1. WHO is responsible for looking after your personal data?
- 2. WHAT personal data do we collect?
- 3. WHEN do we collect your personal data?
- 4. What PURPOSES do we USE your personal data for?
- 5. Who do we SHARE your personal data with?
- 6. Direct marketing
- 7. International transfers
- 8. Profiling
- 9. How long do we keep your personal data?
- 10. What are your rights?
- 11. How we PROTECT your personal data?
- 12. Contact and complaints
1. WHO is responsible for looking after your personal data?
Hawk Internet Co., Limited (“Hawk”) is a China-based telecommunication company focusing on internet application services. As Hawk is the company which was originally responsible for collecting information about you, it will be the data controller. You should be aware that although Hawk may be principally responsible for looking after your personal data, information may be held in databases which can be accessed by other Hawk group our affiliate companies.
2. WHAT personal data do we collect?
2.1 Personal data or information we get from your use of our product and service
We collect information about the product and services that you use and how you use them in order to properly provide the core or important features of our product and service, or to improve our product and service, or to provide additional features to our product (such as socializing functions or value-added services and promotions, etc.). Some of the typical reasons that we collect personal data include (in case of any contents herein which provide otherwise, such as Section 3 or 4, please refer to the relevant details accordingly):
- Provide our product and services, including our app and related website (if any), and improve them over time;
- Allow you to download and purchase products and services;
- Personalize and manage our relationship with you, including introducing you to products or services that may be of interest to you or to provide customer support;
- Investigate, respond to, and manage inquiries or events;
- Work with and respond to law enforcement and regulators; and
- Research matters relating to our prod and business, such as security threats and vulnerabilities, or conducting internal audit, data analysis, and research.
(1) Device information
We collect your UUID to allow us perform troubleshoot and analytics on our services in order to improve our product.
(2) Internet Protocol address
Device event information such as crashes, system activity, hardware settings, browser type, the date and time of your request and referral URL.
(3) Location information
When you use VPN, we may collect and process information about your actual location. We use various technologies to determine location, including IP addresses, GPS, and other sensors that may. The collection and use of location information is for enabling us to provide you better service (i.e. connect your device to the most suitable VPN server based on your location, so that you’ll have better and faster connection) and if you refuse to or stop providing it, we may not be able to provide you the best server allocation and connection. When we collect your IP address, we use it to determine user’s location for the same purpose. (We do not store or share your true IP address or use the IP address for other purposes such as associating the IP address with your browsing information or online activities when using our service.) For more details on location information, you can also find out in the following section of “Permissions on your device”.
2.2 Cookies and tracking technologies
2.3 Your information which we obtain or receive from third parties
We may obtain or receive from third parties your account information (including not be limited to account avatar, nickname etc.) which you’ve allowed them to share, and thereby binding your account at the third parties with your personal account in our product and service, and allowing you to directly log into (or by hyperlink) our account via the third party account to use our product and service. We may also, where it is allowed by applicable law or according to your agreement with third parties, obtain other types of your information from third parties.
3. WHEN do we collect your personal data?
3.1 We will collect information from you directly when you use our products and services, or where you contact us with questions, complaints or suggestions or provide us with any feedback.
3.2 We may collect information about you indirectly from other sources and combine that with information we collect through our services where this is necessary to help manage our relationship with you. These other sources may include third party software applications and social media platforms such as Facebook, Google + and Twitter.
3.3 We will not knowingly collect any personal data about persons who are legally recognized as children without making it clear that such information should only be provided with parental consent, if this is required by applicable laws. For the purpose of this Policy, “children” refer to persons under the age of 16 (in the laws of some countries, this age limit maybe higher, in such case such age limit will apply to those subject to such laws).
We’ll comply with local laws regarding children’s right protection applicable to our product and service. Hawk will only use the personal data of children as far as is permitted by law where the required parental or guardian consent has been obtained. If you believe we have collected information from any child in error or have questions or concerns about our any other practices relating to children, please notify us and we will take proper actions to investigate and promptly solve relevant issues In case we find out that we’ve collected children’s information without prior consents from their lawful guardians, we’ll make efforts to quickly delete relevant data.
4. What PURPOSES do we USE your personal data for?
We will use your personal data:
- To keep you posted on software updates, technical updates, security alerts and support and administrative messages;
- To allow you to download and purchase our products and services such as our apps and related websites;
- To help us create, provide, develop, operate, deliver, maintain and improve our products, services, content, advertising and continually improve your user experience;
- To assess customer satisfaction and link or combine with information we get from others to help understand your needs and provide you with better user experience;
- To process transactions and send you related information, including confirmations and invoices;
- To respond to your comments, inquiries, questions, provide customer service and support and fulfill your requests;
- To verify identity, assist with identification of users, and to determine appropriate services;
- To communicate with you and send you important notices or personalized messages, such as communications about purchases and changes to our terms, conditions, and policies;
- To monitor, evaluate and analyze trends, data, transactions, usage and activities in connection with our products and services;
- To facilitate internal purposes such as auditing, data analysis, and research to improve our products, services, and customer communications;
- To detect, investigate and prevent fraudulent transactions and other illegal activities and protect our rights and property;
- To use your personal data for purposes associated with our legal and regulatory obligations.
We have to establish a legal ground to use your personal data, so we will make sure that we only use your personal data for the purposes set out in this Section 4 where we are satisfied that:
- our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to fulfill obligations under the contract signed between you and us), or
- our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we are subject to, or
- our use of your personal data is necessary to support ‘legitimate interests’ that we have as a business (for example, to improve our products, or to carry out analytics across our datasets), provided it is always carried out in a way that is proportionate, and that respects your privacy rights.
In order for us to provide you with our services when you use certain applications, we may collect special categories of data from you. For our collection or use of your special categories of data, we will establish an additional lawful ground to those set out above which will allow us to use that information. This additional exemption will typically be:
your explicit consent;
the establishment, exercise or defense by us or third parties of legal claims; or
a specific exemption provided under local laws of EU Member States and other countries implementing the GDPR, or other laws of jurisdictions which are applicable to our handling of your personal data.
PLEASE NOTE: If you provide your explicit consent to allow us to process your special categories of data, you may withdraw your consent to such processing at any time. However, you should be aware that if you choose to do so we may be unable to continue to provide certain services to you. If you choose to withdraw your consent we will tell you more about the possible consequences.
PLEASE NOTE: We will not need to, or will be effectively unable to, get your prior consent on collecting and / or using your personal data in the following circumstances, so far as these exemptions are allowed under applicable laws and so far as the collection and usage is necessary for such purposes:
- when the collection and usage is related to national secure or national defense, public safety, public health or significant public interests;
- when the collection and usage is related to investigation, prosecution, trial or judgment enforcement of criminal acts;
- for the sake of life, property or other major legitimate interests of you or others, while in such incidents we have difficulty to reach you to confirm your consent;
- when the information we collect has been voluntarily disclosed by yourself;
- when we collect your information from sources that have made legitimate and public relevant disclosures of such information, such as legitimate news reports, or governmental information disclosure;
- when relevant collection or usage is necessary for ensuring the safe, stable and legitimate operations of our product and service, such as when we need to diagnose or deal with failure or defects in our product and service;
- when the collection or usage is required for legitimate news reports;
- when the collection or usage is necessary for academic or research institutes to make statistical or academy research for public interests, and when such results of research are being disclosed, the personal data contained has been made to be “de-identified”;
- when the collection or usage of your information is permitted by applicable laws and regulations for other reasons.
5. Who do we SHARE your personal data with?
We may share your data with other Hawk’s affiliate companies in or outside Europe. We may also share your data with third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data. These third parties may include:
- Our regulators, including regulators and law enforcement or investigation agencies in the E.U., U.S., China, and around the world;
- Other third parties, for the purposes of detecting, preventing or otherwise addressing fraud, security or technical issues (such as cyber-attack, or other illegal or immoral acts), targeting at or related to protecting against harm to the rights, property or safety of our users or us, our affiliates, employees or the public;
- Solicitors and other professional services firms (including our auditors).
Also, if we were to sell part of our businesses or assets, as required by applicable laws or agreed with relevant parties, we would need to transfer your personal data to the purchaser in case of carrying out relevant deals such as merger, acquisition or asset transfers.
6. Direct marketing
We may use your personal data to send you direct marketing communications about our own or third party products and services or our related services including our latest product announcements and upcoming events. This may be in the form of email, post, SMS, telephone or targeted online advertisements. We limit direct marketing to a reasonable and proportionate level, and to send you communications which we think will be interesting and relevant to you, based on the information we have about you.
For the purposes of GDPR our processing of your personal data for direct marketing purposes is based on our legitimate interests (as further detailed in applicable Appendix), but where opt-in consent is required by the relevant laws such as the Privacy and Electronic Communications Regulations of Europe, we may ask you for your consent. You have a right to stop receiving direct marketing at any time. You can do this by following the opt-out or unsubscribe links in electronic communications (such as emails), or by contacting us using the details in Section 12 if you find problems in making such settings by yourself. Please also note that, when necessary (e.g., certain service is suspended due to system maintenance), we may send to you relevant announcements. You may not be able to cancel the announcements related to the services that are not promotional in nature.
We also use your personal data for customizing or personalizing ads, offers and content made available to you based on your usage of our mobile applications, websites, platforms or services, and analyzing the performance of those ads, offers and content, as well as your interaction with them. We may also recommend content to you based on information we have collected about you and your viewing habits. This constitutes “profiling” in respect of which more information is provided at Section 8 of this Policy.
7. International transfers
We may transfer your personal data to Hawk’s affiliate companies or service providers that are located inside or outside of Europe. We may also share your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:
- we will only transfer your personal data to countries which are recognized as providing an adequate level of legal protection; and
- transfers to Hawk’s affiliate companies, service providers and other third parties will always be protected by contractual commitments for additional security. For example, the EU–US Privacy Shield for the protection of personal data transferred to the US.
You have the right – as allowed under applicable law – to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as set out in Section 12 if you would like further information (which may be redacted to ensure confidentiality).
“Automated decision making” refers to a decision which is taken though the automated processing of your personal data alone. This means processing using, for example, software code or an algorithm, which does not involve any human intervention. As profiling uses automated processing, it is sometimes connected with automated decision making. Not all profiling results in automated decision making, but it can do.
If you are a consumer that has signed up to receive marketing updates, we may use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in. This does not have any significant effect, or a legal effect on you. In certain circumstances it may be possible to infer certain information about you from the result of profiling, which may include special categories of data. We will not however conduct profiling based on your special categories of data unless we have obtained your explicit consent to do so.
PLEASE NOTE: You have certain rights in respect of automated decision making, including profiling where that decision has significant effects on you, including where it produces a legal effect on you. See Section 10.
9. How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 4 and relevant Appendixes of this Policy. In some circumstances we may retain your personal data for longer periods of time, for example where we are required to do so to meet legal, regulatory, tax or accounting requirements.
In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
10. What are your rights?
You have a number of rights in relation to your personal data. In summary, you may request access to your data, rectification of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability and various information in relation to any automated decision making and profiling or the basis for international transfers. You also have the right to complain to your supervisory authority (further details of which are set out in Section 12 below).
Those underlined are defined in more detail as follows:
You can ask us to:
- confirm whether we are processing your personal data;
- give you a copy of that data;
- provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out automated decision making or profiling, to the extent that information has not already been provided to you in this Policy.
You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.
You can ask us to erase your personal data, but only where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see “objection” below); or
- it has been processed unlawfully; or
- to comply with a legal obligation which Hawk is subject to.
We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances where we would deny that request.
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
- its accuracy is contested (see “rectification” below), to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it “ported” directly to another data controller, but in each case only where: the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.
You can object to any processing of your personal data which has our legitimate interests as its legal basis (see Section 4 or contact us for further details), if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights.
Automated Decision Making
You can ask not to be subject to a decision which is based solely on automated processing (see Section 8), but only where that decision:
- produces legal effects concerning you (such as the rejection of a claim); or
- otherwise significantly affects you.
In such situations, you can obtain human intervention in the decision making, and we will ensure measures are in place to allow you to express your point of view, and / or contest the automated decision. Your right to obtain human intervention or to contest a decision does not apply where the decision which is made following automated decision making:
- is necessary for entering into or performing a contract with you;
- is authorized by law and there are suitable safeguards for your rights and freedoms; or
- is based on your explicit consent.
To exercise your rights you may contact us as set out in Section 12. Please note the following if you do wish to exercise these rights:
Identity. We take the confidentiality of all records containing personal data seriously, and reserve the right to ask you for proof of your identity if you make a request.
Fees. We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
Timescales. We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
Exemptions. Local laws may provide additional exemptions, e.g. in the UK, where it is subject to legal privilege, the right of access to personal data can be withheld from you in certain circumstances.
Third Party Rights. We do not have to comply with a request where it would adversely affect the rights and freedoms of other Data Subjects.
11. How we PROTECT your personal data?
We endeavor to protect us and you from unauthorized access to or unauthorized alteration, disclosure or destruction of personal data that we hold.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems;
- We use encryption where appropriate;
- We use password protection where appropriate; and
- We restrict access to personal data to our employees, contractors and agents who need access to the relevant personal data in order to for them to process it for us and who are subject to strict contractual confidentiality obligations.
You are responsible for the personal data that you choose to share, disclose or submit voluntarily while using our website or devices and which can be viewed by members of third party applications or sites such as chat applications or messengers.
When you utilize third-party social media services, email, text messages etc. which you accessed via using our product, and to interact with other users or service providers and exchange personal contact, geographic location or track of traveling etc., please note that we cannot verify if such third-party services have made such information transmission to be fully encrypted. Please take care to protect the security of your personal data, and especially avoid sharing sensitive personal data when you’re uncertain about the security of data transfer.
Please understand that due to the rapid development of computer and internet technologies, various measures of attack may exist or be created, whether vicious or not, which renders no applications or internet transmission to be 100% secure. While we continuously take reasonable technical, administrative, and physical measures to protect the information you provided, we still may not be able to guarantee absolute security of your information at all times. Where the relevant information and data collected is stored on your device, security is also dependent on your device’s own secure storage functionality. You should also take care to protect the secrecy of your account user name and password and to protect the information stored on your device.
12. Contact and complaints
If you have any issue arising from this Policy, including requests to exercise data subject rights, you can contact us as described below:
Email address: email@example.com
Address: 8/F, Building 22E, 22 Science Park East Avenue, Hong Kong Science Park, Shatin, New Territories, Hong Kong 999077
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
We (Hawk) or our third party partners may collect and use your information via tracking technology such as Cookies, which information may be stored as log information.
We use such technologies to provide more tailored services and user experiences, and for purposes such as remembering your account identity or analyzing your account’s security; analyzing your usage of our product and service; advertisement optimization (helping us to provide you with more targeted advertisements instead of general advertisements based on your information). We may also process and summarize the non-personal data collected via tracking technology and provide the same to advertisers or other partners to be used to analyze how users use our services and for advertisement purpose.
You may use browser and personal device settings to refuse or manage tracking technology. However, for technical reasons beyond our control, this cannot be guaranteed. For example, if you reset your browser, delete your cookies or access to our website or applications from another browser or device, your cookie settings may be lost.
You shall be aware that when ceasing to use Cookie or other tracking technology, you may not be able to enjoy the best service experiences, or parts of our product or service may no longer function correctly (please contact us in case of any such problems). Furthermore, you mays still receive the same amount of commercial information such as advertisements which will have lower relevancy to you.