Privacy Policy

Last Updated: [03-07-2025]

1. Introduction

MyClubHK.com (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data in accordance with:

  • The General Data Protection Regulation (GDPR) (EU) 2016/679
  • Hong Kong Personal Data (Privacy) Ordinance (PDPO) (Cap. 486)
  • Other applicable data protection laws

This policy explains how we collect, use, disclose, and safeguard your information when you use our services (the “Services”).

2. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data (e.g., collection, storage, use).
Data Subject: The individual to whom the Personal Data relates.

3. Data Collection

We collect the following categories of data:

Data Type

Examples

Collection Method

Identification

Full name, NRIC/Passport number

Account registration

Contact

Email, phone number, address

Order processing

Financial

Credit card details, bank accounts

Payment gateways

Behavioral

Preferences, survey responses

User interactions

3.1 Data You Provide Directly3.2 Automatically Collected Data

  • Technical Data: IP address, device type, browser version
  • Usage Data: Pages visited, clickstream patterns
  • Location Data: Approximate location derived from IP

3.3 Data from Third Parties

We may receive data from:

  • Social media platforms (when you connect accounts)
  • Payment processors (transaction confirmations)
  • Marketing partners (campaign analytics)

4. Legal Bases for Processing (GDPR)

We process your data based on:

Legal Basis

Purpose Examples

Contractual necessity

Order fulfillment, account maintenance

Legitimate interests

Fraud prevention, service improvement

Legal obligation

Tax reporting, regulatory compliance

Consent

Marketing communications, cookies

5. Data Use Purposes

We use your data to:

  1. Provide and maintain Services
  2. Process transactions (including fraud screening)
  3. Personalize user experience
  4. Conduct analytics and market research
  5. Comply with legal obligations
  6. Send promotional communications (where permitted)

6. Data Sharing & Disclosures

6.1 Categories of Recipients

Recipient Type

Data Shared

Purpose

Payment processors

Card details, billing info

Transaction processing

Cloud service providers

All data categories

Secure storage & hosting

Marketing agencies

Contact details, behavior

Targeted advertising

Legal authorities

As required by law

Regulatory compliance

6.2 International Transfers

Data may be transferred to jurisdictions with differing data protection laws. We implement:

  • EU Standard Contractual Clauses
  • APEC Cross-Border Privacy Rules
  • Other approved transfer mechanisms

7. Data Subject Rights

You have the right to:

Right

Implementation Process

Access

Submit request via [webform link]

Rectification

Edit profile or contact DPO

Erasure

Submit deletion request (exceptions apply)

Restriction

Request limited processing

Data portability

Receive machine-readable copy

Object to processing

Opt-out mechanisms available

Withdraw consent

Via account settings or email

Response Time: We will respond within 30 calendar days (may extend for complex requests).

8. Data Security Measures

We implement:

  • Technical Measures:
    • AES-256 encryption for data at rest
    • TLS 1.3+ for data in transit
    • Regular penetration testing
  • Organizational Measures:
    • Role-based access controls
    • Mandatory staff training annually
    • Vendor security assessments

9. Data Retention

Data Category

Retention Period

Rationale

Account data

5 years post-account closure

Legal claims

Transaction records

7 years

Tax obligations

Marketing consents

2 years from last interaction

Consent validity

Cookies

13 months maximum

Industry standards

10. Cookies & Tracking Technologies

We use:

10.1 Essential Cookies

Cookie Name

Purpose

Expiry

session_id

Maintain login state

Session

csrf_token

Security protection

24 hours

10.2 Analytical Cookies

  • Google Analytics (with IP anonymization)
  • Hotjar (behavioral analytics)

Consent Management: Configure via [cookie preference center link]

11. Children’s Data

We do not knowingly collect data from children under 16 without parental consent. Parents may:

  • Review collected data
  • Request deletion
  • Revoke previously given consent

Contact: support@myclubhk.com

12. Automated Decision-Making

We may use algorithms for:

  • Fraud detection
  • Content personalization

You may request human intervention or contest decisions.

13. Breach Notification

In case of a data breach affecting your rights, we will:

  1. Notify the Privacy Commissioner (Hong Kong) within 72 hours
  2. Inform affected users without undue delay
  3. Provide remediation guidance

14. Policy Updates

We will:

  • Notify material changes via email 30 days in advance
  • Archive previous versions at [archive link]
  • Highlight modifications in update logs

15. Contact Information

Data Protection Officer
Email: dpo@myclubhk.com
Postal: [Registered Office Address]

EU Representative (where applicable):
[Name/Address of EU Rep]

16. Dispute Resolution

Any complaints may be lodged with:

  • Hong Kong Office of the Privacy Commissioner
  • Your local EU supervisory authority (for GDPR matters)

Acknowledgement
By using our Services, you confirm that:

  1. You have read and understood this policy
  2. You consent to the described data practices
  3. You are authorized to provide any third-party data submitted

This document supersedes all previous privacy policies.

[End of Policy]

ZH
EN ZH