BULY HK LIMITED
We, BULY HK LIMITED, would like to explain what personal data we collect from you, how we collect and what we do with your personal data in the following lines.
You will also find here information regarding how you can access and correct your personal data and change your choices about how they are used, like your rights to oppose some of the uses we make of them or, when we ask for your consent, your right to withdraw them.
You will find in the following paragraphs all the information concerning your rights and preferences.
This Policy was prepared and updated in order to comply with the Personal Data (Privacy) Ordinance (Cap.486).
All of our personal data processing activities are covered by this Policy, including personal data collected through all means, online (e.g. our website, mobile apps linked to our Company as well as our social networks) and offline (e.g. our stores, our customer service and during events).
Depending on the way you interact and communicate with us, some of the Sections in this Policy may not be applicable to you.
You will find below further information about our personal data processing activities.
This Policy will be updated with every change we make in the way we collect and process your personal data.
In the event of a change that would affect significantly our privacy practices, we may notify you through other means (e.g. via email).
You are invited to check our platforms regularly to take note of our updates or modifications of this Policy before you make any further access to our websites or services or place any new orders with us. In this regard, we reserve the right to amend our practices and this Policy at any time.
We may give you additional information when we collect your personal data and whenever we think it is necessary.
1. PERSONAL DATA WE COLLECT
1.1 When will we collect your personal data
We may collect personal data from you or about you via several different sources, online and offline, particularly when you: (I) interact with our website or our mobile website/applications (together, “our Platforms”); (II) interact with us on our pages on social media, our direct message services, blogs or forums; (III) visit one of our stores, boutiques or corners; (IV) participate in our events and demos, loyalty programs or other customer programs, contests, special offers or surveys; (V) participate in beauty consultations or interact with our beauty counsellors and our customer service; or (VI) in any other reasonable manner or circumstances with your consent.
Our products and services are sold by several approved retailers. Unless stated otherwise when you provide your personal data, personal data our partner distributors collect won’t be provided to us and the present Policy does not apply to the aforementioned personal data.
1.2 Types of personal data we collect
The following information we receive from you (e.g., by creating an account on our website, by placing any orders for products or services with us, by subscribing to our loyalty programs or other customer programs, or by providing information about you in one of our stores, boutiques or corners or otherwise) are necessary for us to create accounts for you, process your orders, provide services to you or the purposes specified in Section 2 below:
• Your contact details (such as your name, phone number (land line or mobile), postal and email addresses)
• Invoicing information (including delivery address and payment details). We reserve the right to ask for justification or additional proof of validity for the invoicing information whenever we deem it reasonably necessary. Please note that we do not save your credit card details (unless necessary for refund purposes).
• Login details on the website (including username and password). When you create your account, you can securely save your credit card details (kept by our third-party service provider) in order to facilitate and accelerate payment process, save or change your delivery address or invoicing information, and consult your purchase and orders history.
• Personal preferences (such as preferred contact mode and language settings)
• Your interactions with us (such as your orders history or information about your physical characteristics or questions about skin care collected through a beauty consultation, a survey or when you visit our pages on social media, our blogs or forums, or when you interact with our customer service or our messaging service); and/or
• Correspondence and communication with you
If you would like to create an account, make any order with us or use our services, you are obliged to provide us with the personal data specified above; otherwise, we may not be able to handle your orders or provide any services to you.
In order to provide better services to meet your specific needs, we would also like to, from time to time, collect other personal data, including but not limited to the following data, from you. However, provision of those personal data are completely voluntary:
• Your age, date of birth, gender, nationality, areas of interest and lifestyle
We also organize special offers or events during which you can recommend us someone you know who could be interested in our products and services. If this person gives you his/her consent to give us his/her contact details, we will only use this information to this end and will not send this person any other offer unrelated to it. We may mention you were the sponsor in the message we send him or her.
We do not intentionally collect information about underage people.
1.3 Information collected automatically from your use of our Platforms, our pages on social media or your interactions with our online ads.
• We automatically collect the following information: technical data, such as your IP address, browser type and version, time zone, browser plug-in types and versions, operating system, device identifier and ad ID; and
• Information about your visit on our website, such as your browsing history to and from our Platforms (including date and time), products you viewed or searched, content (and ads) you watch and interact with, page response times, download errors, length of the visit on certain pages, interactions with the page (scrolling, clicks and mouseovers), and methods used to leave the page.
Some of this information is collected using cookies and associated technologies.
1.4 Information collected through third parties
We may sometimes (when the governing law allows it) collect through trusted third parties information such as your preferences, areas of interest and other demographic data, available either publicly or commercially (e.g. through business partners or sellers, payment or delivery services, social media, advertising networks, statistics providers, information search services providers). This information will be used for the purposes stated in Section 2 of this Policy.
Whenever you made any payment to us, for our products, services (either in physical stores or online) or otherwise, we collect information from our payment processing service provider (Stripe and PayPal), who will verify your solvency and the absence of fraud, as well as the payment method you chose, in order to confirm your identity, validate your credit or debit card, obtain an initial credit or debit approval on your card and/or authorize the purchase.
While we would like to, from time to time, send marketing contents to you, we will not do so without your consent. You can choose whether to receive or not marketing content from us, and if applicable, the type of marketing contents and/or the means or channels through which you would like to receive such marketing information from us, when you provide your personal information to us or from time to time change your such preference through our Platforms.
1.5 Information collected by the our group members
For the purposes of offering you special privileges or otherwise, other members of the “BULY1803” group (each a “Buly Group Member”) may from time to time attempt to collect personal data from you through our Platforms. The identity of the Buly Group Member, the personal data to be collected and the purposes for which they are collected will be specified on our Platforms before such personal data are collected from you. In any event, provision of such personal data to Our Group Members are completely voluntary, and use and handling of all personal data you provided to any of them will be subject to their respective Privacy Policies and the laws of the jurisdictions in which they are situated.
2. WHY DO WE NEED YOUR PERSONAL DATA?
2.1 The purposes for collecting your Personal Data
We need to process and will use your personal data for the following purposes:
• In order to process or confirm an order, execute a contract or take measures linked to a contract. It concerns you when you make a purchase with us. It includes:
* setting up and managing your online account on our Platform
* fulfilling orders and processing your transactions (including payment details processing, credit card verification, and fraud prevention activities); these controls can be required, among other reasons, to verify your identity, validate our credit or debit card, obtain an initial credit or debit authorisation on your card and/or authorize purchases
* sending information related to the service and answer your requests
• Whenever necessary in order to pursue our legitimate interests or those of third parties. These interests are:
* allow you to engage with the interactive functions of the website
* monitor your account in order to avoid, investigate on and/or report any fraud, act of terrorism, false statement, security incident or crime, in compliance with the governing law
* investigate all claims we receive from you or from other parties regarding our Platforms or our products and services
* use personal data related to complaints, our conformity policy, for regulation or investigation purposes whenever it is necessary (including personal data disclosure related to a legal procedure or a dispute), or to enforce our conditions of use or any other agreement; or to protect our rights, property or security, of our customers, or of other parties;
* for internal company reporting purpose
• In order to comply with a legal obligation:
* in compliance with a request from the government or judicial authorities in the course of an investigation
• In case if we have your consent to send marketing contents to you or otherwise have your express consent (which does not apply to any information we collected from you from which you cannot practicably be identified), we may use your relevant personal data for the following purposes:
* ask you for your opinion or ask you to participate in market research
* monitor the use of our Platforms and use your information to help us monitor, improve and protect our products, content, services and Platforms, online and offline, as well as your experience with us, including via demographic surveys and research; analyse and cleanse data; and assess the performance of our advertising campaigns
* When you give your consent: whenever you ask for more information about our products, services, special offers and events by phone, mail, text, email or online, or via our apps, or to send you samples, gifts or rewards in conformity with your contact preferences and in the limits of the governing law. It includes, among other things, being contacted by one of our group’s entities for these purposes.
* other purposes specified to you when we collect your consent
2.2 Disclosure of your personal data
We may share your personal data (when governing laws related to data protection allow it and in compliance with these laws) with:-
• approved retailers’ banks and our payment services provider (Stripe and PayPal) for transaction processing purposes
• third parties, when we have your consent to do so (e.g. social media, concierge service or our partner retailers.) Your personal data, once shared, will be subject to these third parties’ privacy policies
• any law enforcement agency, court, regulating or governmental authority or other third party whenever we deem it reasonably necessary, in order to comply with legal or regulatory obligations or to apply or enforce our Terms and Conditions or any other agreement; or to protect our rights, property or security, our customers, or another party. It includes information exchange with other companies or organisations for fraud prevention or credit risk reduction purposes; or
• With our third-party service providers (as well as the group’s entities) who perform services on our behalf following our instructions. We do not allow these parties to use the information or disclose it except to the extent necessary to the performance of the services they provide on our behalf, or in order to comply with legal obligations. These parties include, among others, companies who fulfil orders and deal with refunds, provide data hosting and maintenance services, provide personalized content, ad and marketing services (including digital and personalized ads), and data cleansing, processing, segmentation and analysis.
We may also share information with third parties, including social media and search engines:
We aggregate your data or information (in such abstracts or forms that it will not be practicable to identify you from such data or information) with other customers’ data or information, thus creating a data sets about the use of our Platforms, the purchase of our products, and other general information about our customer base. Although this set is assembled and anonymized, which means it doesn’t allow to identify you directly as an individual, it does provide a precious overview of the uses of our Platforms and we share it with third parties selected by us. These third parties include among other companies from our group.
We also transfer information about you to advertising sales departments and to social media and search engines (including Facebook, Google and Twitter), so that they can identify your devices and provide content and ads based on your areas of interest. This information may include your device ID, or other encrypted login details (in such abstracts or forms that it will not be practicable to identify you from such data). Providers often process data in segmented or anonymized form. These providers may collect other information from you, such as your IP address, and information about your browser or operating system; combine your information with the ones from other companies in data sharing cooperatives we are part of; and can place and read their own single cookie on your browser. Third parties who create cookies have their own privacy policies and we can’t access nor read those cookies.
2.3 Data transfer
If you are located in the other parts of People’s Republic of China (including Macau), in addition to Hong Kong, your personal data may also be stored in our servers situated in any other parts of People’s Republic of China (including Macau and Taiwan).
We also transfer personal data related to you (whether collected online or offline) to other Buly Group Members and other service providers who perform functions on our behalf and are located all around the world.
This information may be stored and processed in their jurisdictions, which can have differing laws regarding data protection from those applicable in Hong Kong. You may obtain a list of the countries where we have businesses on our group’s website www.buly1803.com. We will either (I) ensure the laws of such jurisdictions will be substantially similar to, or serves the same purposes as, the Personal Data (Privacy) Ordinance (Cap.486); or (II) take all reasonable precautions and exercised all due diligence to ensure that your personal data will not, in such jurisdictions, be collected, held, processed or used in any manner which, if that jurisdictions were Hong Kong, would be a contravention of a requirement under the Personal Data (Privacy) Ordinance (Cap.486).
2.4 Data Retention
Your personal data will be kept for a definite period of time based on the following criteria: (I) as long as necessary for the purposes defined in this Policy; (II) to comply with the applicable law and regulations; (III) as long as it is necessary to answer any deleting request on your part whenever it applies. Personal data used to offer you personalised information and services will be kept to the maximum extent permitted by applicable law. For more information, please contact us through the contacts specified in Section 6 below.
3. COOKIES AND ASSOCIATED TECHNOLOGIES
3.1 What are cookies?
Cookies are small text files that websites send to your computer, mobile phone or any other piece of equipment connected to the Internet in order to identify your browser’s signature or to store information or settings in your browser.
3.2 Our cookies and their functions
The types of cookies we use:
(a) Strictly necessary cookies
(b) Performance/Analytical Cookies
• These cookies gather information about the way you use the website and services, in order to improve the way they work and to develop them according to our customers’ and visitors habits and preferences. For example, cookies (including pixels and other similar devices) can be used for:
* test different designs and ensure we keep a coherent visual and experience on all our websites;
* follow and provide trend analysis about the way you interact with our websites and communications;
* detect errors and measure our ad campaigns’ performance.
The data so gathered are not practicably able to reveal your identity and is generally grouped to provide trends and user models for commercial analysis, improvement and performance assessment of the website/Platform. Our cookies and the resulting analysis of them may also be shared with our business partners. The type of information we collect include number of visitors on our websites, number of customers who log in, the time and duration of their visit and the parts of our websites and services visited, but they are generally not used to identify you personally. We may also receive similar information about visitors on our partner websites. To this end, we use Googles Analytics, performed by Google Inc. If you refuse to be followed by Google Analytics, you can choose to opt out at the following address: https://tools.google.com/dlpage/gaoptout.
(c) Functionality Cookies
These cookies allow the website to remember you in order to provide personalized and advanced functionalities (like language settings.) These cookies can also be used to remember changes you made to font size, type and other parts of the website’s pages you can personalise. The information these cookies collect may be anonymized and they can’t follow your activity on other websites.
(d) Social Media Cookies
(e) Advertising and Targeting Cookies
These cookies are used to deliver ads tailored to your tastes on our websites, the websites of our group’s companies, and those of our partners. We undertake targeted advertising activities towards our existing customer base, and target other people we think might be interested in our products and services. They are also used to limit the number of times you see an ad and to help us assess the performance of our ad campaigns. They allow us to better understand and evaluate left clicks on our ads in order to improve the service you get. They are usually placed by advertising networks with your permission. They remember when you have visited a website and this information is shared with other organisations like advertisers. Advertisers and other third parties (including advertising networks, ad broadcasting companies and the service providers they may use) may assume that users who interact with or click on a personalized ad or content are part of the demographic group this ad or content is intended for.
We use these third-parties advertising cookies on our Platforms:
* Google: The GA Audience cookie allows us to send you ads related to your areas of interest on the web and on your apps. This cookie’s maximum lifespan is 13 months.
* Facebook: The Facebook cookie allows us to send you ads related to your areas of interest on this social media. This cookie’s maximum lifespan cycle is 13 months.
3.3 Web Servers Logs and Pixels
Considering pixels are identical to any other content request included in a Web page’s recipe, you cannot refuse them. Nevertheless, you may be able to disable pixels in electronic messages if you don’t download the images included in messages you receive (this function varies depending on the email software used on your personal computer). Doing so will not always disable a pixel or other similar devices within the electronic message because of the specific capacities of the email software. For further information, please read the information provided by your email software or service provider. Pixels may also be disabled under certain circumstances by refusing cookies or by changing the cookie settings on your browser.
4. PERSONAL DATA HOSTING
We are committed to protecting the personal data we collect. It is of the utmost importance to us to ensure the security of your personal data. We take all measures to guarantee that your personal data is protected from any unauthorised or illegal processing, any loss, damage or accidental destruction and we limit access to your personal data to the people who reasonably need them in order to provide products or services.
Any data transmitted from your browser to our Platforms through online forms, our store localiser or your cart is secured with SSL technology (Secure Socket Layer). SSL is a cryptographic protocol that ensures data confidentiality and integrity when they are communicated between two authenticated parties.
If you create an account with us, you will be asked to provide a username and a password for it, as a part of our security measures. You must treat this data as confidential information and must not disclose it to third parties.
5. YOUR RIGHTS
We do everything possible to give you a choice regarding the personal data you provide to us. The following mechanisms give you control over your personal data:
If you wish to receive information about our products and services, events, loyalty programs or other customer programs, and other promotional activities, you can let us know your contact preferences by ticking the corresponding box or boxes on our Platforms or in our stores, or by answering the question or questions asked by our beauty counsellors or our salespeople in stores. Some of our activities and communications can be tailored to your specific areas of interest and your preferences (which will be done with your permission, if the law requires it).
If you don’t wish to receive our marketing communications anymore (and/or don’t wish to receive personalized marketing communications), simply let us know at any time by following the Unsubscribe instructions in said communication or on our Platforms. Please note that you will not stop receiving service messages from us (i.e. non-marketing communications, such as email updates to follow your order or notifications about your account’s activities).
Cookies/Similar devices and Advertisement based on your areas of interest: you can set parameters on your browser to refuse all or some cookies or to be warned when cookies are used, or to use the unsubscribing tools provided. You also have a choice regarding ads based on your areas of interest.
6. YOUR PREFERENCES
Pursuant to the Personal Data (Privacy) Ordinance (Cap.486), you have the right to made data access requests and data correction requests in respect of your personal data, including asking us for a copy of your personal data, in order to correct them, delete them or to limit their processing, or to ask us to transfer some of this data to other organisations. You also have the right to oppose part of the processing and, when we asked for your consent to process your personal data, to withdraw it. When we process your personal data pursuing a legitimate interest (as explained above), you also have the right to oppose it. These rights may be limited under certain circumstances – for example, when we can prove that we have a legal or contractual obligation to process your personal data. In some limited circumstances, it may mean that we can keep your personal data pursaunt to applicable laws even when you withdrew your consent. We will then take all appropriate measures and precautions to protect your personal data.
Please contact us as follows if you wish to make any data access or correction requests or exercise any of these rights.
Contact: Privacy Compliance Officer
Address: BulyHK, 20 Wyndham Street, Central, Hong Kong
Email: [email protected]
In order to comply with your wishes and prevent unauthorized disclosure or processing of your personal data, we can demand proof of your identity to our reasonable satisfaction.