2. Information We Collect
There are two broad categories of information that we collect from you – (A) personal data and online identifiers and (B) non-personal data.
A. Personal Data and Online Identifiers
1. "Personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly.
2. We collect certain types of personal data, including your name, gender, date of birth, identification numbers, company (if applicable), contact information (e.g. address, phone number, email address), payment information (e.g. credit or debit card information), photographs and video footages taken at events organized by us and/or our business partners and any other information which you may provide in any forms submitted to us or via other forms of interaction with us.
3. Personal data is collected by us in various circumstances, including the following:
- When you register for or use any of our services on our websites (e.g. subscription to our magazine(s) or e-newsletter);
- When you register as a member of our websites or use services on our websites;
- When you take part in any contest, survey or promotion conducted by us and/or our business partners;
- When you participate in events, exhibitions or roadshows organized by us and/or our business partners;
- When we receive references from business partners and third parties, for example, where you have been referred by them;
- When you submit your personal data to us for any other reason.
4. It is voluntary for you to supply your personal data to us, although you may not be able to use our services or acquire our goods if you do not supply your personal data. We may not process your order for goods and/or services, and no contract for provision of such goods and/or services will be formed, if you do not supply the personal data required on our relevant order/subscription forms.
5. We may also obtain personal data about you from other sources and combine it with information you provide to us. If you provide us with any personal data relating to a third party (e.g. information of spouse, children, parents, employees and/or authorized representatives), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with their personal data for the respective purposes.
6. When you visit and use our websites, we may also collect information about you using online identifiers such as cookies and web beacons:
(i) Cookies are small data files sent to your browser or device to store information about you when you visit our websites. Cookies will do a lot of different jobs, such as letting you navigate between pages efficiently, identify your behavior, remembering your preferences and generally improving your user experience. They can also help to ensure that the advertisements you see online are more relevant to you and your interests.
(ii) Most browsers automatically accept cookies. You can, however, modify your browser settings to disable cookies. If you choose to do so, some of the functionality of our websites may be impaired.
(iv) Some cookies will not collect information that personally identifies you. They will collect more general information such as how users arrive at and use our websites, or a user’s general location. However, some other cookies can identify you and may contain or collect personal data. The type of information Tatler collects as a result of a cookie is specific to your computer and may include, without limitation, the Internet Protocol (IP) address and the date and time you accessed our websites. The data stored on a "cookie" can be retrieved by Tatler when you visit our websites.
(b) Web beacons
(i) In addition to cookies, we may also use web beacons and other similar technologies to deliver or communicate with cookies, in order to better understand how you interact with the content on our websites.
(ii) We also may include web beacons in e-mail messages to determine whether messages have been opened and acted upon, and how.
(iii) The information we obtain in this manner enables us to customize the services we offer, as well as measure the overall effectiveness of our online content, advertising campaigns, and the products and services we offer through our websites.
(iv) Our advertising partners may also place web beacons and other similar ad tracking technologies such as Doubleclick and Eyeblaster on our websites to collect information.
(v) You can refuse web beacons by refusing to accept cookies.
B. Non-Personal Data
We also collect certain non-personal data when you visit and use our websites. Such data is entirely anonymous and is aggregated for statistical analysis ("Aggregate Information").
Like many website operators, we may use an independent company (the " Third Party Market Research Company") to measure and analyze usage across our websites. We use the Third Party Market Research Company’s services to collect Aggregate Information on the usage of our websites, including the following:
- The number of page views (or page impressions) that occur on our websites;
- The number of visitors to our websites;
- How long these visitors (on average) spend on our websites when they do visit; and
- Common entry and exit points into our websites.
This Aggregate Information is collated by the Third Party Market Research Company and provided to us to assist in analyzing the usage of our websites. This is so that we can improve the content and navigability of our websites as well as our services and facilities.
3. Purposes and legal bases for collection, use, disclosure and processing of Personal Data Depending on your relationship with us, your personal data may be collected, used, disclosed and/or processed for one or more of the following purposes and, where you are a data subject in the European Economic Area (“EEA”), on the following legal bases recognized under the GDPR:
Purposes of processing
Legal bases for processing
For editorial purposes
- legitimate interests (to allow us to prepare and enhance our goods and services)
To provide goods and services to you ordered or requested (e.g. mailing of magazines) and to manage your subscriptions to our magazines, newsletters and publications
- contract performance
- legitimate interests (to allow us to provide our good and services)
To send you promotions as well as marketing and advertising materials
To conduct market research, profiling and statistical analysis and other development activities
- legitimate interests (to allow us to provide an improve our services)
To verify your payments
- contract performance
- legitimate interests (to ensure payments have been properly made)
To send you information about any administrative changes, updates and/or amendments to our policies, terms and conditions
- contract performance
- legitimate interests (to keep you informed about changes that may affect you)
To respond to or follow up on your queries, requests and/or complaints
- legitimate interests (to allow us to respond to you)
To protect and enforce our contractual and legal rights and obligations
- legal claims
To comply with any applicable laws and regulations or to assist in law enforcement and/or investigations by any governmental authority, public agency, statutory board or similar authority
- legal obligation
- legal claims
- legitimate interests (to prevent unlawful activities)
4. Legal bases
Where you are a data subject in the EEA, the legal bases for our processing and use of your personal data are set out in paragraph 3 above and further elaborated as follows:
(a) Consent: where you have consented to our use of your personal data. You may withdraw your consent to the use of your personal data by contacting us.
(b) Contract performance: where processing of your personal data is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract with us;
(c) Legal obligation: where we need to use your personal data to comply with our legal obligations;
(d) Legitimate interests: where our use of your personal data is necessary for our legitimate interests. We will only rely on this basis if we consider that such legitimate interests are not overridden by any interests or fundamental rights and freedoms that you may have, or any prejudice that you may suffer, from the relevant use of your personal data; and
(e) Legal claims: where your personal data is necessary for us to establish, exercise or defend any legal claims.
5. Sharing of Personal Data
A. In order to facilitate our business operations and provision of goods and services, your personal data may be disclosed, for one or more of the purposes listed in paragraph 3 above, to the following third parties (whether located in Hong Kong or abroad):
1. Agents, contractors or third party service providers (“ Service Providers”) who provide operational services to us, such as information technology, training, market research, administration of our websites, distribution of magazines or other communications to you about our products, services or events, as well as storage and archival services;
2. our subsidiaries and holding companies, and the subsidiaries of our holding companies (collectively, our “Associated Companies ”);
3. The credit bureau, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
4. Anyone to whom we transfer or may transfer our rights and duties;
5. Banks, credit card companies and their respective service providers;
6. Our professional advisors such as our auditors and lawyers;
7. Relevant government regulators or authority or law enforcement agency to comply with any laws or rules and regulations imposed by any governmental authority; and
8. Any other party to whom you authorize us to disclose your personal data
B. In situations in which the above third parties receive your personal data from us, we will require the third parties to exercise reasonable care in protecting your personal data so that it is in compliance with the PDPO and (where applicable) the GDPR.
6. Direct marketing
We intend to use your personal data for direct marketing purpose. We may not use your personal data for such purpose unless we have received your consent to such intended use. Our direct marketing may be conducted via various communication channels such as your email address, correspondence address, phone number and SMS. In this connection, please note that:
(a) Your name, email address, correspondence address, home phone number, mobile phone number, fax, gender, date of birth, and age may be used by us in direct marketing.
(b) The following classes of goods and services may be marketed by us using your personal data: airlines, art, automobiles, beauty products, charity, digital and print media, education, electronics, entertainment, events, fashion and accessories, financial services, food and beverage, home appliances, hotels, household goods, jets, jewellery, kitchen, luxury and lifestyle products, property and real estate, public transport, shopping malls, spa, sports, travel, watches, weddings, wine and alcohol, and yachts.
We also intend to provide your personal data to our Associated Companies for their use in direct marketing. We may not do so unless we have received your written consent to such intended provision. In this connection, please note that:
(c) All kinds of personal data described in paragraph 6(a) above may be provided by us to our Associated Companies for their use in direct marketing.
(d) Our Associated Companies may use your personal data to market the goods and services as described in paragraph 6(b) above.
We will use and provide your personal data for direct marketing purpose only in accordance with the PDPO.
You may indicate your consent to the intended use and provision of your personal data for direct marketing purposes above by ticking the box(es) indicating your consent when providing us with your personal data through our websites or through order forms or subscription forms.
Please refer to paragraph 10 below on how to opt out of our direct marketing communications.
7. Your rights
You may request to access or correct your information in accordance with the PDPO. We may charge a reasonable fee for the processing of such data access request(s).
In addition, where you are a data subject in the EEA, in certain circumstances you have the right under the GDPR to:
(a) access and rectify your personal data;
(b) request us to erase your personal data without undue delay;
(c) restrict how we process your personal data;
(d) where our processing of your personal data is based on consent, withdraw your consent at any time;
(e) object to our processing of your personal data on the basis of legitimate interests, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims;
(f) object to direct marketing (including any profiling for such purposes) at any time;
(g) receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such data to another data controller without hindrance from us; and
(h) lodge a complaint with a supervisory authority.
Where you are a data subject in the EEA, we will not charge a fee when we deal with your requests to exercise the rights (a) to (g) above.
8. Retention of Personal Data
A. We will retain your personal data collected for as long as it is necessary to fulfill the purpose for which it is collected, the legal and/or business purposes of Tatler, and/or as may be required by applicable law.
B. When destroying personal data, we will take commercially reasonable and technically feasible measures to make the data irrecoverable or irreproducible, as may be required by applicable law.
A. We take the security and protection of your personal data very seriously. As such, we store your personal data on secure servers and have put in place appropriate security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal of your personal data.
B. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
A. If you do not wish to receive any further information from us regarding our magazines, offers, promotions or events via email, you may unsubscribe by clicking the unsubscribe link included in our email correspondence.
D. Please note that if you withdraw your consent for a limited purpose, we may still contact you or use your information for other purposes for which you have not withdrawn your consent and such personal data may still be shared, as permitted under the PDPO, (where applicable) GDPR and other applicable law.
11. Automated decision making and profiling
In connection with our business, we will use your personal data to make various decisions about you and your eligibility to access our services, to prevent abusive use of our services, to determine what marketing offers are most likely to be of interest, to ensure security of our systems, to detect fraud or to profile you or assign you to a particular segment. Some of these decisions may be taken on an automated basis including by matching your personal data against other information in our possession or against data models created for us. If you are assigned to a segment, we may use the segment information to tailor our marketing communications (if permitted under applicable laws) to include offers and content that are more relevant to you. You will not be subject to automated decisions that produce legal effects concerning you or similarly significantly affect you, unless we have a lawful basis for doing so.
12. Cross border data transfer
The personal data that we collect or obtain from you may be transferred to jurisdictions that offer lesser protection of personal data than that provided in your jurisdiction. In particular, we may transfer your personal data to Service Provider(s) in jurisdictions outside the EEA and Hong Kong. Such transfer, if subject to the GDPR, would be made with appropriate or suitable safeguards (the details of which can be obtained from our Data Protection Officer) or with your explicit consent. Such transfer may present possible risks for you due to the lack of an adequacy decision or appropriate safeguards.
13. Third Party Sites
Our websites may contain links to other websites operated by third parties such as our business partners. We are not responsible for the privacy practices of websites operated by third parties that are linked to our websites. You are encouraged to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our websites, you should check the applicable terms, conditions and policies of the third party website to determine how they will handle any information they collect from you.
14. Children’s Data
We permit a child under the age of 16 to use our websites and to provide his/her personal data to us provided that the child has obtained his/her parent’s or legal guardian’s consent. If you are a child under the age of 16, you warrant and represent that your parent/legal guardian has consented to your use of our websites and your provision of personal data.
15. Contact Details
A. If you, at any time, wish to:
1. enquire about this policy or about how we may manage, protect and/or process your personal data;
2. complain about the way we manage, protect and/or process your personal data;
3. access or correct your personal data in our control or possession;
4. exercise any other rights you have under the PDPO and (where applicable) the GDPR; or
5. withdraw your consent for us to collect, use, disclose and/or process your personal data;
please do not hesitate to contact our Data Protection Officer by email at firstname.lastname@example.org or by post at 15/F, Global Trade Square, 21 Wong Chuk Hang Road, Hong Kong.
B. Such enquiry / complaint / request / withdrawal shall be deemed to have been made when received by Tatler.
C. Please indicate in the subject header the nature of your correspondence. We will certainly strive to revert to you speedily.
16. Changes to Policy
A. As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
C. You are encouraged to visit the websites from time to time to ensure that you are well informed of our latest policy in relation to personal data protection.
Last updated on November 2019.