Privacy Policy

Last updated date: 21 June 2023

This privacy policy (the Privacy Policy) was last updated on the date above and shall be updated from time to time. Any changes to this Privacy Policy will become effective upon posting of the revised policy hereunder. The Data User recommends that the Users  review this Privacy Policy regularly to ascertain the Data User’s latest policies and practices in relation to the Personal Data

This Privacy Policy is intended to inform all Users about the Data User’s policies and practices in treating Personal Data and Non-personal Information. Users understand and acknowledge to be bound by this Privacy Policy by using the Platform and the Services or by otherwise giving the Data User any of his/her Personal Data. If any User does not agree with any part of this Privacy Policy, then the Data User cannot provide the Platform and the Services to such Member and User, and such Member and User should stop accessing the same.

 

1. DEFINITIONS

Capitalised terms shall be as defined in the Terms and Conditions unless otherwise herein defined:

Affiliates means, in relation to the Data User, any of its subsidiary, subsidiary undertaking,  holding company, parent undertaking and group undertaking;

Data User means Negawatt Utility Limited, the company responsible for the collection, holding, processing and/or use of Personal Data (and also the owner of the Platform and the mark “Zero2”);

PDPO means the Personal Data (Privacy) Ordinance, Chapter 486 of the laws of the Hong Kong, as amended from time to time;

Personal Data means personal data collected from the Users by the Data User or otherwise held, processed and used by the Data User which (i) relates directly or indirectly to the Users, (ii) can be used to ascertain the identity of such Users as individuals and (iii) is in a form which access to and/or processing of such data is practicable, including but not limited to, names, nicknames, contact number and details, email addresses, age, gender, identification document details, credit card, other registration, account or profile information, any other such personal description provided during registration of the Account, device information and identifier, location information as set out in clause 2.2 of this Privacy Policy, information collected by cookies as set out in clause 9 of this Privacy Policy and any information provided by or in relation to such Users pursuant to this Privacy Policy;

Non-personal Information means any such Personal Data which the Data User makes the identity of the individual not directly or indirectly ascertainable, either by combining it with information about other individuals (aggregating one User’s information with another User’s information), or by removing characteristics (such as Member’s or User’s name) that make the information personally identifiable to such Member or User (hence de-personalizing the information);

Terms and Conditions refers to the terms and conditions of the Platform.

 

2. COLLECTION, HOLDING, PROCESSING AND/OR USE OF THE PERSONAL DATA BY THE DATA USER

2.1 The Data User will request all its Users to voluntarily provide it with Personal Data for purposes set out in clause 3.2 of this Privacy Policy.

2.2 In addition, when Users use certain features of the Platform and the Services, the Data User may collect, hold, process and/or use different types of information about such Users’ location, including specific information (e.g. GPS-based functionality on mobile devices used to access the Application and the Services). If Users do not want their devices to provide the Data User with location-tracking information, they can disable the GPS or other location-tracking functions on their devices.

 

3. PURPOSE OF COLLECTION, HOLDING, PROCESSING AND/OR USING THE PERSONAL DATA BY THE DATA USER

3.1 The Data User will seek its Users’ (or their respective relevant persons as defined under the PDPO) express consents to changes in how it uses and/or discloses their Personal Data if requested by law, but otherwise use of the Platform or the Services following such changes constitutes their acceptances of the revised statement then in effect.

3.2 The Data User limits the collection (which shall be adequate and not excessive), holding, processing and use of the Personal Data to the following specific and lawful purposes only:
(i) to enable and provide its Users with access and use of the Platform and/or the Services;
(ii) to communicate with its Users, including but not limited to, for provision of technical, administrative, operational and account information regarding the Platform and/or the Services, and handling of their requests and complaints;
(iii) to contact its Users to conduct surveys and customer reviews about their experiences with the Platform and/or the Services;
(iv) to operate, protect, improve and optimize the Platform and/or the Services and to improve and customize its Users’ experiences when using the same, including but not limited to the collection of Personal Data by cookies as set out in clause 9 of this Privacy Policy;
(v) to offer tailored content to its Users in accordance with their interests or other indications;
(vi) to administer the business of the Data User and conduct research and development for new products, features, services and applications in relation to the Services;
(vii) where applicable and subject to compliance of the PDPO, to provide its Users with marketing and promotional materials for their enjoyment of benefits of the Services;
(viii) only when its Users have provided the consents required under the PDPO, to send such Users personal newsletters, marketing and promotional messages and other information (either alone or in conjunction with products, features, services and/or applications offered by the Data User’s Affiliates or business partners) that may be of interest to such Users in accordance with clause 7;
(ix) The transfer of health data to third parties is only permitted for the purpose of providing or enhancing the application’s use case or features. Under no circumstances should the data be utilized for any other purposes, including being transferred to advertising platforms, data brokers, or information resellers.
(x) to enforce the Data User’s legal and/or contractual obligations and rights, and to resolve disputes between the Data User and its Users and third parties;
(xi) to derive, create or otherwise transfer the same into Non-personal Information for the purpose of creating general data statistics;
(xii) for the Data User’s internal business and administrative purposes;
(xiii) for the Data User’s compliance of relevant laws and regulations; and
(xiv) other purposes directly relating to any of the above.

3.3 For the avoidance of doubt, the Data User is entitled to collect, hold, process and use the Non-personal Information for any lawful purpose which shall be relating to the function and activity of the Data User, including but not limited to researching and analyzing to improve the Data User’s services and businesses.

 

4. DATA ACCESS AND CORRECTION REQUEST

4.1 In accordance with the terms of the PDPO, the Users (or their respective relevant persons (as defined under the PDPO) on behalf of them) have the right to:
(i) request access to the Personal Data, including being informed by the Data User whether it holds their Personal Data and, if the Data User holds their Personal Data, receiving copies of such Persona Data; and
(ii) request the Data User to correct their Personal Data which is inaccurate.

4.2 In order to protect the Personal Data, the Data User will require all Users (or their respective relevant persons (as defined under the PDPO) on behalf of them) to prove their identities in relation to their requests to access and/or correct their Personal Data. Requests for access and/or correction of Personal Data are to be addressed in writing and sent to cs.zero2@negawatt.co or by post to Suite 1101, 11/F, AXA Tower, Landmark East, No. 100 How Ming Street, Kwun Tong, Hong Kong. A reasonable fee shall be charged to offset the Data User’s administrative and actual costs incurred in complying with the relevant data access requests. Where there are reasonable grounds for believing that any Personal Data is inaccurate having regard to the purpose(s) for which the Personal Data is or is to be used, the Data User shall (i) ensure that such Personal Data shall not be used for such purpose(s) unless and until those grounds cease to be applicable to such Personal Data or the Personal Data shall be erased; and (ii) inform any third party to whom such Personal Data was disclosed that such Personal Data is inaccurate and shall provide to them such particulars as will enable such third parties to correct the Personal Data having regard to such purpose.

 

5. RETENTION OF PERSONAL DATA BY THE DATA USER

5.1 Where any Personal Data held by the Data User is no longer required for the purposes as stated under clause 3.2 of this Privacy Policy, the Data User shall take practicable steps to cease processing and holding such Personal Data as soon as reasonably practicable, provided that the Data User may keep copies of such Personal Data as is reasonably required and permitted under the PDPO (i) for archival purposes; (ii) for use in relation to any actual or potential dispute; (iii) for compliance with applicable laws and regulations; (iv) for enforcing any agreement the Data User has with such Member and User; and (v) for protecting the Data User’s and its employees’ rights, property or safety.

5.2 The Data User provides its Users with the ability to request removal of their Personal Data from its storage. Users may lodge such request in writing by sending an email to cs.zero2@negawatt.co or by post to Suite 1101, 11/F, AXA Tower, Landmark East, No. 100 How Ming Street, Kwun Tong, Hong Kong. For the avoidance of doubt, the Data User is entitled to retain, process and use, for indefinite term and any purpose, any Non-personal Information.

 

6. DISCLOSURE AND TRANSFERRAL OF PERSONAL DATA

6.1 The Data User may make certain Personal Data available to its Affiliates for the purposes as stated in clause 3.2 of this Privacy Policy, who may be situated within or outside Hong Kong and all of whom are bound by this Privacy Policy.

6.2 The Data User may make certain Personal Data available to the third parties as stated below, who may be situated within or outside Hong Kong: (i) data storage service providers, for the sole purpose of storing data which the Data User collected from time to time; (ii) strategic business partners, including but not limited to (a) mail houses and email service providers, for the sole purpose of mailing and dissemination of its promotional materials; (b) hosting and database management service providers, including but not limited to IPFS; (c) payment gateway services in relation to Purchases or otherwise transactions via the Platform ; (iii) suppliers of the Services and other third parties appointed by the Data User to perform the Services; (iv) the Platform Merchants; and (v) contracting third parties who engaged the Data User to perform the Services for and on their behalf of their target group of Users, all of whom are contractually (x) prohibited from using the Personal Data for any purpose other than those purposes specified in their respective contracts and keeping Personal Data longer than is necessary for the fulfillment of such purpose(s) specified in their respective contracts; and (y) required to prevent unauthorized or accidental access, processing, erasure, loss, use or disclosure of the Personal Data.

6.3 In the circumstances where the Data User reorganizes its group structure or undergoes a change of control or business combination, each User’s Personal Data may, at the Data User’s sole discretion, be transferred to a third party who will continue to operate the Data User or a similar service under either this Privacy Policy or a different privacy policy statement which will be notified to each Member and User. Such a third party may be located, and use of Users’ Personal Data may be made, outside of Hong Kong in connection with such acquisition or reorganization.

6.4 By accepting this Privacy Policy, each User understands and acknowledges that his or her Personal Data may be disclosed or transferred to Affiliates and/or any such third party (and their respective employees and representatives) under clause 6 of this Privacy Policy.

 

7. DIRECT MARKETING AND OPTING OUT

7.1 The Data User intends to use the Personal Data of the Users for direct marketing. Only when Users have provided the consents required under the PDPO, may the Data User use the Personal Data of such Users to contact such Users and provide information about ESG initiatives and regenerative economy (either alone or in conjunction with products, features, services and/or applications offered by the Data User’s Affiliates or business partners) that may be of interest to such Users.

7.2 Personal Data will not be shared with third parties for their own marketing purposes.

7.3 The Data User provides its Users with the ability to unsubscribe from all direct marketing communications from the Data User. Every time a User receives a direct marketing email, he/she will be provided with the choice to opt-out of future direct marketing emails. Users may also opt-out of receiving personal promotional materials by sending an email to cs.zero2@negawatt.co or by post to Suite 1101, 11/F, AXA Tower, Landmark East, No. 100 How Ming Street, Kwun Tong, Hong Kong at any time, without charge by the Data User.

 

8. SECURITY

8.1 Except for the data disclosure and transfer scenarios under Section 3, your Personal Data will be accessed only by our authorised personnel and/or authorized contractors. Where Personal Data are stored electronically, they will be kept on a secured server and will be password-protected (or under some equivalent protection) and accessible only by those authorised personnel. Network transmission of Personal Data will be secured. Authorized personnel designated to process and handle Personal Data will be instructed to do so only in accordance with this PICS.

 

9. RETENTION OF DATA

9.1 We will keep your Personal Data for as long as necessary to fulfil the aforesaid purposes. Personal Data which is no longer required will be destroyed or anonymised as soon as practicable, unless their retention is required to satisfy any applicable legal, regulatory or accounting requirements or to protect Negawatt’s interests.

 

10. THIRD-PARTY SOCIAL MEDIA SITES’ PRIVACY POLICIES

Since the Platform and the Services may collect information of Users from third-party social media sites, and support products and features offered by such third-party social media sites, the privacy policies and practices and cookies policies (as applicable), as may be amended from time to time, of such third-party social media sites are incorporated to this Privacy Policy by reference (as applicable).

 

11. COOKIES

11.1 Users understand and acknowledge that when they visit the Platform and use the Services, the Data User may use cookie files to collect information about such Users. When Users use the Services, they understand and acknowledge that any information collected by means of cookies when using the Services about them would be Personal Data. The Data User may use such information for compiling aggregate statistics on how Users use the Services. Such statistics are collected for managing, enhancing and improving the Users’ experiences when using the Services. The strategic business partners of the Data User may also use such information for compiling information in order to analyze the interests and searches of such Users to provide advertisements tailored to their interests and searches when accessing the Platform and the Services.

11.2 Most web browsers are initially set up to “accept” cookies. Users may choose to “not accept” cookies by changing the settings of their web browsers. By choosing to “not accept” cookies in the Services may not be accessible and available to such Users, and some of their preferences, including but not limited to their preferred currency, languages, and searches, may not be remembered by the Platform.

 

12. STATEMENTS OF POLICIES IN RELATION TO PROTECTION OF PRIVACY INTEREST OF USERS

12.1 The Data User will collect, hold, process and use Personal Data that its Users make available when assessing or using the Platform and the Services. It will take appropriate steps to protect Personal Data collected and/or held by it against unauthorized or accidental access, processing, erasure, loss, use or disclosure.

12.2 The Data User is committed to protecting the privacy, confidentiality and security of the Personal Data it holds by complying with the requirements of the PDPO with respect to the management of Personal Data. The Data User is equally committed to ensuring that all its employees and agents uphold these obligations and it will ensure compliance by its staff with the strictest standards of security and confidentiality.

 

13. LEGAL DISCLAIMER

13.1 The Data User may need to disclose Personal Data when required by the relevant law or court order, or as requested by other government or law enforcement authorities. This also applies when it has reasons to believe that disclosing the Personal Data is necessary to identify, investigate, protect, contact or bring legal action against someone who may be causing interference with its Users or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.

13.2 The Users understand and acknowledge that this Privacy Policy does not apply to any unsolicited information they provide to the Data User through the Services or through any other means. All unsolicited information shall be deemed to be non-confidential and the Data User shall be free to reproduce, use, disclose, and distribute such unsolicited information to others without limitation or attribution.

13.3 The Users understand and acknowledge that their User Contents are transmitted to others at their own risk. Although the Data User limits access to certain pages, Users acknowledge that no security measures are perfect or impenetrable. The Users understand and acknowledge that they should take care when using social networking features of the Services since the information such Users choose to make available can be seen by other users of the third-party social media sites. Additionally, the Users understand and acknowledge that the Data User cannot control the actions of other Users with whom the Users may choose to share their information (which may include their Personal Data). Therefore, the Users understand and acknowledge that the Data User cannot and do not guarantee that their User Contents will not be reviewed by unauthorized persons.

13.4 The Platform and the Services of the Data User and the Services may contain links to other websites or applications. The Users understand and acknowledge that the fact that the website of the Data User and the Services link to a website, application or advertisement does not mean that the Data User endorses or authorizes the collection of personal data from the Users by such third parties, nor does it constitute a representation of any affiliation between the Data User and such third parties. The Users understand and acknowledge that, once the Users click on a link to third-party websites, applications or advertisements, they will access third-party websites, applications and advertisements which may collect information from such Users. The Users understand and acknowledge that such third-party websites, applications and advertisements follow different rules regarding the collection, use, processing or disclosure of the personal data such Users submit to them. Hence, the Users understand and acknowledge that the Data User shall not be responsible for the content and activities of these linked websites, applications and advertisements (including any collection, use, holding, processing or disclosure of personal data of Users by such third parties).