EC HEALTHCARE PRIVACY POLICY

EC Healthcare refers to EC Healthcare and its brands, subsidiaries, and affiliated entities (hereinafter collectively referred to as “we”, “us”, “our”, “Group” or “EC Healthcare”). A list of the brands, subsidiaries, and affiliated entities can be found on our website: https://www.echealthcare.com/our-brands/. This Privacy Policy applies to all personal data that we may obtain from the following parties: (i) current customers; (ii) potential customers who provide personal data to us while indicating their interest in our services and products (hereinafter collectively referred to as “Services and Products”, and individually as “Services” and “Products”); and (iii) third parties who provide us with such Services and Products. This Privacy Policy does not apply to any personal data that is obtained by us for recruitment or employment purposes.

Please read this Privacy Policy carefully to understand the policy and practices of our Group regarding how we are committed to safeguarding your privacy and ensuring that your Personal Data is protected. You must check the boxes provided when we are collecting your Personal Data to indicate your consent to and knowledge of this Privacy Policy.

This Privacy Policy may from time to time be revised, or otherwise changed as the Group deems necessary but the Group will endeavour to give you the advance notice of any such revision or change where practicable.

1. Your Privacy

We respect the personal data privacy of all individuals and pledge to be in compliance with the requirements of the Personal Data (Privacy) Ordinance of Hong Kong ("PDPO") so that the privacy of your personal data is protected in accordance with the standard required by law. In doing so, we require all our staff to comply with the PDPO in the same manner as the PDPO applies to us as a whole and adhere to the strictest standards of security and confidentiality.

"Personal Data" is information that relates to an identified or identifiable individual. We may collect your information in the following categories:

  1. Information about you:
    • your name, gender, age, date of birth, HKID card/identification document number, phone number, fax number, residential address, corresponding address, email address, signature, biometrics data, and biomedical specimens;
  2. Information to process your order or use of our Services and/or Products:
    • credit card information, bio-medical data, medical records, medical reports, medical images, and medical photos;
  3. Information relating to your associated organisation, friend(s), or family member(s):
    • the name of the organisation, title in the organisation, your staff/membership number of such organisation, the name of your friend(s) or family member(s), your relationship with the friend(s) or family member(s), their HKID card/identification document number(s), and their signature;
  4. Information collected when visiting our online platforms including websites, mobile applications, social media platforms and/or any online communication between you and us (see section 6. Use of Cookies below)
    • IP address, browser settings, browsing records, and/or other Internet log information;
  5. Additional information you may wish to provide us with:
    • your occupation, education level, hobbies, favourite activities, social media contacts, and any other information you may disclose at any time.

Please be assured that we may not collect every single Personal Data or information mentioned hereinabove but all Personal Data or information we obtained shall be subject to this Privacy Policy.

2. How do we collect and store your Personal Data

EC Healthcare may collect your Personal Data via the following methods:

  1. directly from you when you submit our membership registration/application;
  2. directly from you when you submit Personal Data to indicate your interest in or when purchasing our Services and Products via our websites, mobile applications, social media platforms, and any online or face-to-face communication between you and us;
  3. directly from third parties (e.g. acquired businesses, authorised licensors, strategic business partners, landlords, and franchisers); and
  4. other sources (e.g. public databases, marketing partners, and relevant third parties).

You will also be required to supply EC Healthcare with Personal Data from time to time throughout your use of Services and Products provided by us. All Personal Data collected will be stored within the EC Healthcare personal data system.

3. Purposes for which your Personal Data will be used

The purposes for which your Personal Data may be used are as follows:

  1. to determine and verify your eligibility for registering for our membership and using our Services and Products;
  2. to enable us to store your Personal Data and identify possible multiple applications and obtain records of your use of our Services and Products across the Group from time to time;
  3. to identify you and any accounts you hold with us on behalf of your family members and/or friends;
  4. to enable the provision of our Services and Products to you, including customer services such as handling complaints and account inquiries, order processing, appointment arrangement, processing of insurance claims, and processing of payment instructions or collection of amounts outstanding from you in relation to the provision of our Services and Products, medical testing and diagnosis, laboratory services including testing services etc.;
  5. to create customised communications according to your interests and preferences so as to give you the best client experience while using our Services and Products. We may also make use of data analytics tools to determine the effectiveness of our offers, advertisements and promotions and your interest in new products or services so as to customise the products or services to be presented to you;
  6. to optimise our Services and Products, websites, mobile applications and other online platforms through various means including but not limited to the use of data analytics tools, research, surveys and feedback forms so that we may review and improve our business, marketing and strategic operations and plans;
  7. to determine and verify your eligibility for discounts and promotions on our Services and Products;
  8. processing applications or renewal applications for Services and Products provided by our business partners on your behalf;
  9. processing any insurance claims for our business partners’ Services and Products on your behalf;
  10. as direct marketing of our Services and Products or services and products of our business partners subject to the section headed “5. Direct Marketing” below;
  11. to enable you to participate in the interactive features of our Services, including identifying your friends or individuals, and sharing or communicating with them your shopping experience at your own will;
  12. as fraud prevention and detection;
  13. for auditing purposes;
  14. to make such disclosures as required by applicable laws, rules, and regulations; and
  15. for all other purposes ancillary to the above purposes.

Any questions, comments, suggestions, or information other than your Personal Data that is sent or posted to any part of our Platforms by you will be considered as voluntarily provided to our Group on a non-confidential and non-proprietary basis. We reserve the right to use, reproduce, disclose, transmit, publish and/or post elsewhere such information freely, including passing it to any associated company for example, in connection with the development and marketing of services and to meet user needs.

We may also take your Personal Data and make it unidentifiable, either by combining it with information of other individuals or by removing any identifiable information from your Personal Data (such as your name) for, among other purposes, research and analysis to improve our provision of Services and Products.

Unless otherwise indicated, it is obligatory to supply the requested Personal Data. Failure to provide the requested Personal Data may result in us not being able to process your application or provide you with the necessary support during your use of our Services and Products.

If necessary, we may transfer your Personal Data to places outside of Hong Kong for carrying out the purposes, or for the directly related purposes, for which the Personal Data is to be collected. All such transfers will be carried out in compliance with the requirements of the Ordinance.

Furthermore, subject to relevant laws, rules and regulations, we may from time to time use your Personal Data collected through the Group’s various systems/platforms and other interactions with you in direct marketing (see section 5. Direct Marketing below).

4. Disclosure

All Personal Data will be kept confidential but we may disclose such information to third parties where such disclosure is necessary to fulfill one or more of the purposes as described in section 3 hereinabove. A list of classes of persons (who may be located within or outside of Hong Kong) to whom your Personal Data may be transferred can be found in the List of Potential Transferees of Personal Data as stated below.

  1. Third Party Service Providers, including agents and contractors;
  2. EC Healthcare and any of its brands, subsidiaries and affiliates; (a list of the brands, subsidiaries, and affiliated entities can be found on our website: https://www.echealthcare.com/our-brands/)
  3. EC Healthcare’s Business Partners;
  4. Purchaser of a whole or any part of our businesses;
  5. Professional Advisors and Assignees;
  6. Governments, law enforcement authorities, courts, and tribunals;
  7. Legal and other professional advisors, insurers, loss adjustors, and rehabilitation service providers;
  8. Any third party whom you have authorised to obtain your Personal Data from the Group.

Furthermore, we may, from time to time, purchase or sell one or more of our businesses (or portion thereof) and your Personal Data may be transferred as part of the purchase or sale. In the event that we have completed the process of purchasing of a business unit, we shall communicate with you through the communication channels you provided to us, and any Personal Data we obtained following your consent shall be treated in accordance with this Privacy Policy if it is practicable and permissible to do so.

5. Direct Marketing

From time to time, the Group may use your Personal Data to send you news, offers, promotions, and joint marketing offers and the Group must obtain your consent for the purposes mentioned hereinabove.

The types of direct marketing activities EC Healthcare and its affiliated companies may conduct using your Personal Data include providing you with information and details in connection with the latest news, events, updates, contests, discounts, promotions, offers; products, services and rewards offered by our Group and our business partners, which relate to beauty, healthcare and wellness, personal care, pet care, baby care, maternity care, lifestyle, travel, technology, lucky draws and contests, media, e-commerce services and reward programmes.

EC Healthcare and its affiliated companies will do this through various communication channels such as direct mail, email, telephone, SMS, mobile applications notifications, social media, and text/ picture/ video messages by using your Personal Data held by the Group. We will not use your Personal Data in direct marketing without your consent.

EC Healthcare and its affiliated companies will analyse your preferences, online behaviour and transactional history in order to gain insights, so that we can customise the content and types of news, events, updates, contests, promotions, offers, products, services and rewards that we present to you via our communications, online platforms, social media and other communication means.

If you do not wish EC Healthcare and its affiliated companies to use your Personal Data in direct marketing, you may indicate your objection by not checking the box when providing your Personal Data.

If you wish to opt-out of direct marketing from EC Healthcare and its affiliated companies anytime in the future, please send your English full name and membership number to personaldata@echealthcare.com indicating that you wish to opt-out from EC Healthcare using your Personal Data in direct marketing. Upon receipt of the request, we shall cease to use your Personal Data for the purpose of direct marketing as soon as practicable without extra charges.

6. Use of Cookies

Cookies are small text files that are stored on your browser or device by websites, applications, online media and advertisements when you visit or access our Websites and/or applications. We use cookies on such Platforms to:

  • recognise you whenever you visit our Websites and/or mobile applications;
  • obtain information about your preferences, viewing and browsing behaviour, online movements, and use of the Internet;
  • keep track of the items stored in your account and take you through the checkout process;
  • carry out research and statistical analysis to help improve our Services and Products and to help us better understand our visitor and customer requirements and interests;
  • target our marketing and advertising campaigns and those of our business partners and advertisers more effectively by providing interest-based advertisements that are personalised to your interests;
  • make your online experience more efficient and enjoyable; and
  • enable tighter security.

The information we obtain from our use of cookies may not contain your Personal Data. Although we may obtain information about your computer or other electronic devices such as IP address, browser settings, browsing records, and/or other Internet log information, this may not be able to identify you personally. To the extent that such non-identifiable data is combined with your Personal Data, we treat the combined information as Personal Data for the purposes of this Privacy Policy.

If you want to disallow the use of cookies, you can do so on your own web browser or electronic devices. If you disable cookies, you acknowledge that you may not be able to use some of the functionality of our Websites and/or Applications.

7. Security

The security and confidentially of your Personal Data are extremely important to us. EC Healthcare will take all appropriate steps to protect your Personal Data. We have implemented technical, physical, administrative, and all reasonable and practicable measures to protect your Personal Data from any unauthorised access, disclosure, use and modification. These measures include:

  1. Education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
  2. Administrative and technical controls to restrict access to personal data on a “need-to-know” basis;
  3. Technological security measures, including fire walls, encryption and anti-virus software; and
  4. Physical security measures, such as staff security passes to access our premises.

From time to time, we review our security procedures in order to consider appropriate new technology and methods. Although we use appropriate security measures once we have received your personal information, the transmission of data over the internet (including by e-mail) is never completely secured. We endeavour to protect personal information, but we cannot guarantee the security of data transmitted to us or by us.

8. Retention of Personal Data

EC Healthcare will keep your Personal Data for as long as necessary to fulfill the purposes for which the personal data was collected or for a directly related purpose. This means that, for example, Personal Data collected to fulfill your request for Services and Products will be erased, deleted, destroyed or anonymised after their delivery by using technical or other means to render such information unidentifiable or unusable, unless it is necessary to keep such information for other purposes and we have informed you of such other purposes at the time of collection of the Personal Data or obtained your consent.

9. Amendment(s) to this Privacy Policy

We may from time to time amend this Privacy Policy to reflect new technologies, regulatory requirements, or any changes that may be necessary. We will notify you of any updates in accordance with your preference settings and, where required by law, obtain your consent. We may notify you of such changes by sending you an email at the latest email address that you provided to us, and/or by prominently posting notice of such changes on our Website at https://www.echealthcare.com/ .

10. Your Right to Access and Correction

You may, at any time, request access to and correction of your Personal Data in the records of EC Healthcare’s personal data system, and a fee may be required by us for processing your request.

To exercise any of your rights please write to us at 20/F, Devon House, Taikoo Place, 979 King's Road, Quarry Bay, Hong Kong or send us an email at personaldata@echealthcare.com. We shall respond to your request within 40 days.

11. Minors

You may be invited to provide to EC Healthcare your personal data through face-to-face communication, our website(s) or other media on a voluntary basis for the purposes stated hereinabove at different times. If you are under the age of 18, you should obtain consent from your parent or guardian before you provide EC Healthcare with your personal data..

12. Enquiries

If you have any questions or wish to send us any comments about this Privacy Policy, do not prefer to receive any administrative notices and communications, such as changes with respect to this Privacy Policy, wish to complain to us, or cease our use of your Personal Data, please write to us at 20/F, Devon House, Taikoo Place, 979 King's Road, Quarry Bay, Hong Kong or send us an email at personaldata@echealthcare.com. In the event that any of your questions, comments, complaints, and/or demands relate to and/or involve such illegal or inaccurate information, please understand that we may not be able to process such requests. Nonetheless, we shall follow up within a reasonable time upon receipt of your questions, comments, complaints, and/or demands.

The terms of this Privacy Policy are governed by and interpreted in accordance with the Laws of Hong Kong.

In the event of any discrepancy or inconsistency between the English and Chinese versions of this Privacy Policy, the English version shall prevail.

Date of Last Revision: 7 October 2022