Updated as of 24 May 2018.
1. Data Protection Legislation
We observe the Data Protection Principles of the Personal Data (Privacy) Ordinance of Hong Kong SAR (the "Hong Kong requirements"). In addition, we adhere to the European Data Protection Legislation as described below to the extent it applies to the Personal Data we process about you.
"Personal Data" is data relating to you from which you can be reasonably identified. Examples of Personal Data include your full name, postal address, email address and telephone number. Naxos recognises that your Personal Data is valuable and processes your information in accordance with the Hong Kong requirements and European Data Protection Legislation.
2. Data controller
Naxos is responsible as data controller for the processing of your Personal Data collected on the Naxos websites under the European Data Protection Legislation and the Hong Kong requirements as applicable.
INFORMATION WE COLLECT
We collect Personal Data to allow us to provide you with services and deliver information on the products and/or services offered by us. We make sure that the Personal Data we collect from you is necessary for and directly related to this purpose.
The Personal Data we collect from you includes your email and postal address, telephone and fax number. Credit card information we collect from you will go directly to our bank and no personnel of Naxos will have access to this data. If you choose to purchase a product from us, our third party payment processors will collect your payment information, and none of our personnel will have access to this data.
When you create an account to register for our services, we may collect Personal Data about you such as your full name, email address, username, password, postal address, contact number, country of residence, and other Personal Data such as your profession, birthday, company, etc.
We collect such Personal Data from you in a number of ways, including:
|(a)||directly from you, such as when you enter your personal details on our websites (for example during registration or application for products and services), when you provide information by phone or in documents such as an application form;|
|(b)||from our affiliated companies;|
|(c)||from your representatives;|
|(d)||from sources where you’ve made your information publicly available;|
|(e)||from credit-reporting and fraud-checking agencies and credit providers for credit related purposes such as credit worthiness, credit rating, credit provision and financing;|
|(f)||from our own records of your dealings with us; or|
|(g)||when legally required to do so.|
We make sure that the way we collect data from and about you is lawful and fair in your circumstances.
We take all practical steps to ensure that you are informed of what data you are obliged to provide us, what data you may voluntarily provide us and what we may do if you do not provide us with data which you are obliged to provide.
3. Information you give us
This is information you give us when you enter your personal details on the Naxos websites (for example during registration or application for products or services) or by contacting us via post, phone, e-mail or otherwise, in the context of your communication with Naxos. We will use your personal information to:
|•||provide services to you;|
|•||administer and manage those services;|
|•||provide you with information related to the services offered by us;|
|•||undertake risk assessment and management; [and]|
|•||gather data necessary for our organisation's functions including dealings with credit reporting agencies, financial institutions including our own bankers, service providers, our professional advisers and industry groups having a legitimate reason to receive such information;|
|•||respond to your enquiry or provide you with information that you request from us;|
|•||consider how your business could support or work with our business;|
|•||respond to any existing client, supplier or partner of ours in relation to a pre-exiting agreement or relationship;|
|•||carry out obligations arising from any contracts entered into between you and us; and|
|•||ensure that content from the Naxos websites is presented in to the most effective manner for you and your computer;|
We will, depending on the nature of your communication with Naxos with respect to your visit to the Naxos websites, use your Personal Data to:
If we do not know you or your role at your business: we may use your Personal Data to confirm your identity and/or the business that you work for and potentially your role at that business. We do this because it is in our legitimate interest to make sure that your enquiry is genuine and is not being made for fraudulent reasons or is spam. We may also do this because we may be subject to legal obligations which require us to confirm the details that you provide us with before entering into a relationship with you.
If you are making an enquiry about our services or requesting further information: we will respond to any enquiry you make and/or provide you with information that you request from us because it is in our legitimate interest to use your Personal Data to communicate with you, to respond to your request and to develop the relationship between us. If you submit Personal Data comprising an email address to Naxos, we may send you service related emails (e.g. transactional emails, service and policy updates) because it is in our legitimate interests to keep you informed of your account activities or service changes.
If you are a member of the public and you are making an enquiry about whether you could work for us: we will use your Personal Data to consider and decide how to respond to your enquiry because it is in our legitimate interests to use your Personal Data to consider whether we have any suitable job vacancies and to contact you about them. It may also be necessary for us to use your Personal Data to comply with a legal obligation relating to how we manage our business.
If you are an existing client, supplier or partner of ours and you are making an enquiry about your agreement or relationship with us: we will use your Personal Data to consider and respond to your enquiry in the context of your business with us because it is in our legitimate interests to use your Personal Data to manage your business' relationship with us. It may also be necessary for us to:
|i.||use your Personal Data to perform an agreement with your business, where we would be unable to provide those services to or receive them from your business without that information (for example, if a particular service or information is to be provided to you at your business, we would be unable to provide that service or information unless we were able to use your Personal Data for that reason);|
|ii.||use your Personal Data to comply with a legal obligation relating to how we manage our business relationship with you|
If you are making an enquiry about how your business could support or work with our business: we will use your Personal Data to consider and respond to your enquiry in the context of your business because it is in our legitimate interests to use your Personal Data to consider whether it would be beneficial to work with your business.
If you are making an enquiry about Personal Data we may have about you: we will use your Personal Data to check our files and to consider and decide how to respond to your enquiry because it is in our legitimate interests, and in the legitimate interests of our clients, to use your Personal Data to consider how we may have used your Personal Data on behalf of our clients in order to determine how to answer your query. It may also be necessary for us to use your Personal Data to comply with a legal obligation relating to how we manage our business or our relationship with your business.
If you opt-in to receive marketing communications, we will use your Personal Data to contact you to share information about the relevant products, services, news and events. When you enter your contact details for this reason and click "sign up", you will be consenting to us contacting you for these purposes. We will only be able to send you marketing communications if you have provided your consent.
You are entitled to withdraw your consent to us contacting you by emailing Customer.Service@Naxos.com with the subject heading "unsubscribe" for any of the above reasons at any time. Otherwise you may request for your account to be deleted or to cancel your subscription. You may also be asked to review or indicate your preference for receiving email newsletters, including promotional materials, and be reminded to keep your account updated in case any of the initial information you submitted later changes.
If you subsequently decide that you do not want to receive correspondence from us about the service we could provide your business, including communications regarding product information, press releases, newsletters, marketing or promotions, and/or other topics please click the "unsubscribe" link provided in that promotional email message. Withdrawing your consent will not affect our use of the Personal Data prior to your withdrawing that consent but it will mean that we will not be able to contact you about the services we may be able to offer you or your business. However, as long as you maintain an account with us, we may send you informational or service related emails because it is in our legitimate interests to keep you informed of your account activities or service changes.
We will let you know where you must provide us with Personal Data in order to perform an agreement with you or your business or to comply with a legal obligation. If you do not provide us with the Personal Data in these circumstances, we will be unable to respond to your enquiry and/or engage in further communications with you.
4. Information we automatically collect about you
When you visit the Naxos websites, we may automatically collect information such as your IP address and browser type using cookies , web beacons and log files. This automatic data is primarily used for delivering and optimising services offered by us, such as:
|(a)||authenticating your identity and confirming whether you are currently logged in;|
|(b)||providing you with relevant, personalised content in order to help us focus on what you are most interested in; and|
|(c)||improving our services., whereby we may occasionally display different versions of content to you and measure your usage of our web site pages.|
To the extent this information constitutes Personal Information, we use it to ensure that content from the Naxos websites is presented in the most effective manner for you and your device because it is in our legitimate interest to improve our customers' online experience in relation to the Naxos websites.
The following table sets out the types of cookies used on the Naxos websites and provides detail about what they are used for. When you use the Naxos websites for the first time, cookies which are essential to make the Naxos websites operate (see those identified as "essential cookies" below) will have been set but other cookies will not have been set unless you agreed to those cookies being set at that time. If you have agreed to accept cookies then the Naxos websites will remember this and continue to set cookies each time you visit. If you do not want cookies to be stored, then you may turn off certain cookies listed below individually or you can select the appropriate options on your web browser to delete some or all cookies. Please note, however, that if you block some or all cookies (including essential cookies) you may not be able to use or access all or parts of the Naxos websites, such as being able to log on to member specific areas.
|Cookie type||Cookie name||Purpose||Further information|
|Essential cookie||accepted_policy, PolicyAccepted||Determines consent of the user.||Expires one year from date of creation|
|Essential cookie||aspxauth, auth||Encrypts the session information and determines user’s permission to browse (licensed) content.||Expires when browsing session ends.|
|Session cookie||session_id||Created to determine successful login of the user.||Expires on hour after creation.|
|Tracking cookie||_ga, _gid, _utm, _gtag,||Provides information on how visitors are using the website (e.g. page visited, avg. time on page).||This is blocked when cookie consent is not accepted.|
|Tracking cookie||logout||Determines when a user has logged out from the application.|
If you would like to disable cookies, you can set your web browser to reject cookies. However, if you disable the cookie function, you may not be able to access or receive all the information contained on the Naxos websites. How to alter your cookie setting will depend on the type of browser you use. To learn how to disable cookies, we have provided you quick links on the most popular browsers below:
|•||Opera 6.0 and further|
|•||Microsoft Internet Explorer|
5. Disclosure of your Personal Data
We may make certain disclosures in answering your query or providing you with services and by visiting the Naxos website, you agree disclosures to the following third parties:
|•||advertisers, which may collect aggregated statistics from the Naxos websites;|
|•||payment processors who will collect your payment information if you choose to purchase a product from us;|
|•||other companies and individuals which we employ to provide certain services such as email marketing services (e.g. analysing customer lists, deliverability statistics, opens and clicks), marketing assistance or consulting services. These third parties may have access to information needed to perform their function but can not use that information for any other purpose;|
|•||credit reporting agencies and other financial institutions including our own bankers, service providers; our professional advisers, such as our accountants, auditors and lawyers, insurers and industry groups having a legitimate reason to receive such information.|
6. Records of your Personal Data
We will keep a record of the Personal Data that we receive from you in order to answer your query, respond to a request for more information about the services, or in response to an enquiry from one of our existing suppliers. We will only retain the Personal Data collected from a user for as long as the user’s account is active or has otherwise not been cancelled and the user has not requested that their Personal Data be deleted. We will retain Personal Data to fulfil the purposes for which we have initially collected it, unless otherwise required by law. All Personal Data will be retained only as necessary to comply with our legal obligations.
We will delete our copy of your Personal Data upon request from the end of our contact with you for a minimum of 18 months, although we may retain a record of the existence of the relationship, to the extent and for so long as we are required to do so by law. For example, if you have contacted us to ask us for the processing of your Personal Data to be erased, we will retain a record of your request in order to ensure we comply with your wishes.
7. Storage and transfer of your Personal Data to Other Countries
If you provide Personal Data to Naxos, it may be transferred to, processed in, stored at or accessible from a destination outside the European Economic Area ("EEA"), in which Naxos or its service providers maintain facilities. All practical steps are taken to ensure that all data is treated confidentially, kept secure and protected against unauthorised or accidental access, processing, erasure or other use and is maintained and kept no longer that is necessary for the purpose for which it is intended.
Naxos is located in Hong Kong. By providing your Personal Data to us in circumstances where our processing of it is subject to European Data Protection Legislation, please note that you are doing so on the basis that you explicitly consent to the transfer of your data outside the EEA. The potential consequence of you explicitly consenting to this are that there is a risk that your Personal Data will not be protected in a manner that complies with European Data Protection Legislation. You can withdraw your consent for any reason at any time by emailing us at firstname.lastname@example.org. Withdrawing your consent will not affect our use of the Personal Data prior to your withdrawing that consent but it will mean that we will not be able to contact you about the services we may be able to offer you in the future.
Where we pass your Personal Data that is subject to European Data Protection Legislation from a location inside the EEA to parties located outside the EEA that do not offer adequate protection as determined by the European Commission, and if they are not subscribed to an approved data protection framework, such as the EU-US Privacy Shield that permits us to transfer the Personal Data to them from the EEA, we will enter into agreements which enable us to transfer Personal Data to them and that enable you to exercise your rights in accordance with the European Data Protection Legislation. A copy of these terms can be obtained by emailing us at email@example.com.
8. Your Rights
With respect to the Personal Data that Naxos collects about you from the Naxos websites, to the extent that you are located in the EEA, under the European Data Protection Legislation you have the right to:
|a)||request access to that Personal Information;|
|b)||receive a copy of the Personal Data that you have provided to Naxos in a structured, commonly used and machine readable format so that you can share it with others;|
|c)||request the transfer of your Personal Data to another party;|
|d)||ask that Personal Data be erased;|
|e)||object to us possessing your Personal Data by asking for the processing of that Personal Data to be restricted or stopped. For example, if Naxos uses Personal Data for marketing purposes; and|
|f)||make a complaint to a European data protection authority about the manner in which Naxos processes your Personal Information.|
Please contact Naxos Customer Service to exercise these rights or for additional information at firstname.lastname@example.org.
In addition to the above, you have the right to review, update, and correct your account information and preferences at any time by managing your account’s Profile page. If there is any information that you are not able to edit or delete, contact our Customer Service to help you make the amendments.
You have the right to request for your account to be terminated and your information to be deleted when there is no longer a legitimate or legal reason for us to keep you Personal Information.
On the other hand, if you wish to change or use other services affiliated to us, you may request for your data to be transferred or transmitted.
9. Account Inactivity
Naxos Digital Services Ltd. May terminate your account and delete all your information if your account remains inactive for over 12 months. However, we will make every effort to warn and notify you by email before terminating your account to give you the opportunity to log in and update your account, so that it remains active.
Request for access to data or correction of data or for information regarding policies and practices and kinds of Personal Data held by us should be addressed to:
Naxos Digital Services Limited
Level 11, Cyberport 1,
100 Cyberport Road
Telephone: (852) 2760-7818 (non toll-free)
Fax: (852) 2760-1962 (non toll-free)