regardless of where you visit it from, or use our product AutoBizight (referred to as “Product(s) or Service(s)”) and tell you about your privacy rights and how the law protects you under the jurisdiction of Hong Kong SAR.
1.2 Data Controller
Rainbow Tech is a “data controller” of your personal data.
In simple terms, this means that we (i) “control” your personal data rendered, including making sure that it is kept secure; and (ii) make certain decisions on how to use and protect your personal data rendered, but only to the extent that we have informed you about the use or as otherwise permitted by the Basic Law of Hong Kong SAR.
1.3 Contact Information and Complaints
Our full contact details are:
Unit A, 10/F, TAL Building, 49 Austin Road, Tsim Sha Tsui, Kowloon, Hong Kong
Attn: Data Privacy Manager, Rainbow Tech Information (H.K.) Limited
If you are currently staying within the European Economic Area, you have the right to make a complaint at any time to your country’s supervisory authority for data protection issues.
• For a current list of European data protection authorities, please visit the European Data Protection Board’s website at https://edpb.europa.eu/about-edpb/board/members_en
• For more information on the relevance of EU GDPR (The General Data Protection Regulation) to Hong Kong based organizations and business, please refer to
We would, however, appreciate the chance to deal with your concerns before you approach your country’s supervisory authority, so please contact us in the first instance.
Please note that personal data that has been rendered anonymously in such a way that the individual is not or no longer identifiable is no longer considered personal data under the scope of the GDPR. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
1.5 Third-Party Links
2. THE DATA WE COLLECT ABOUT YOU
2.1 The types of personal data we collect, use and store about you will depend on the service(s) you have requested from us and/or the nature of your interaction(s) with us. The personal data we store is adequate, relevant and limited to what is necessary for the purpose of processing with the utmost lawfulness, fairness and transparency. With the platform(s) we employ, we store the provided raw data and might enrich it with machine learning engines to provide additional information and insight. When you are using our Product(s) and/or Webpage(s), we might collect and process the following types of your personal data (where appropriate, in part or entirety):-
- your first name, last name, username or similar identifier (“Identity Data”);
- your billing address, corporate email address and corporate telephone numbers (“Contact Data”);
- your corporate bank account and payment card details (“Financial Data”);
- details about payments to and from you and other details in regards of the Product(s) and Service(s) you have purchased from us (“Transaction Data”);
- your IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Product(s) and/or Webpage(s) (“Technical Data”);
- your interests, preferences, feedback and survey responses (“Profile Data”);
2.2 We further collect information about how you use our Product(s) and/or Webpage(s) (“Usage Data”), which is listed below:-
- Device and usage data: Data about your device and the product and features you use, including information about your hardware and software, how our Product(s) perform, as well as your settings.
- Payment and account history: Data about your payment and activities associated with your account.
- Browse history: Data about the webpages you visit on our Website(s).
- Device, connectivity, and configuration data: Data about your device, your device configuration, and nearby networks. For example, data about the operating systems and other software installed on your device, including product keys. In addition, IP address, device identifiers (such as the IMEI number for phones), regional and language settings, and information about WLAN access points near your device.
- Error reports and performance data: Data about the performance of the Product(s) and any problems you experience, including error reports. Error reports (sometimes called “crash dumps”) can include details of the software or hardware related to an error, contents of files opened when an error occurred, and data about other software on your device.
- Troubleshooting and help data: Data you provide when you contact Rainbow Tech for help, such as the use of our Product(s) and/or Webpage(s), and other details that help us provide support. For example, contact or authentication data, the content of your communications with Rainbow Tech, data about the condition of your device, and the use of our Product(s) and/or Webpage(s) related to your help inquiry. When you contact us, such as for customer support, phone conversations or chat sessions of any nature with our representatives may be monitored and recorded.
- Searches and commands: Search queries and commands when you use our Product(s) and/or Webpage(s) with search or related productivity functionality.
- Voice data: Your voice data, such as the search queries or commands you speak.
- Text, inking, and typing data: Text, inking, and typing data and related information. For example, when we collect inking data, we collect information about the placement of your inking instrument on your device.
- Images and related information, such as picture metadata: we collect metadata from our client’s interaction with the Product(s) only for platform improvement and troubleshooting. For example, we collect the image you provide when you use a Bing image-enabled service.
- Contacts and relationship: Data about your contacts and relationships if you use a product to share information with others, manage contacts, communicate with others, or improve your productivity.
- Dummy data: we generate such data for testing.
- Location data: Data about your device’s location, which can be either precise or imprecise. For example, we collect location data using Global Navigation Satellite System (GNSS) (e.g.GPS) and data about nearby cell towers and Wi-Fi hotspots. Location can also be inferred from a device’s IP address or data in your account profile that indicates where it is located with less precision, such as at a city or postal code level.
- Marketing and Communications Data: Your preferences in receiving marketing materials from us and our third parties and your communication preferences
- Sales and business data: Your sales and operation data, which might include human resources data in the event where employee performance related analysis is to be undertaken.
2.3 We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data), nor do we collect any information about criminal convictions and offences. Furthermore, we do not modify your private data, use it for our internal purpose without disclosing it to you in advance, and we will never sell your meta data, any insight from your analysis or meta data collected from your interaction with the Product(s) without anonymizing it.
3. HOW WE COLLECT YOUR DATA
We collect Identity Data, Contact Data and Financial Data about you that you provide to us by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:-
3.1 Direct Interactions
- apply for our Product(s) or Service(s);
- register on our Product(s) and/or Webpage(s);
- request other marketing materials to be sent to you;
- look for relevant supporting services from us;
- give us feedback or contact us in any way or form.
3.2 Automated Technologies and Interactions
As you interact with our Product(s) or Webpage(s), we will automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
A cookie cannot give us access to your computer or to information beyond what you provide us and we don’t store personally identifiable information such as your name or address in the cookies we create, but we may use encrypted information gathered from them to help improve your experience on our Webpage(s). If you do not wish to enable cookies, you’ll still be able to browse our Webpage(s) and use them for research purposes.
Our Product(s) or Webpage(s) may use additional identifiers, such as the advertising ID in Windows, for similar purposes, and may also contain web beacons or other similar technologies, as described below.
• Storing your preferences and settings
• Sign-in and authentication
• Storing information you provide to us
3.2.1 How to Customize Cookies
Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. On Rainbow Tech’s Analytics Product Website, you can block or delete cookies by adjusting your browser settings.
Open Chrome > [Settings] > [Privacy and security] > [Cookies and other site data] > Customize settings
Please refer to your browser’s privacy or help documentation to find instructions for blocking or deleting cookies in other browsers.
Certain features of our Product(s) and/or Webpage(s) depend on cookies. If you choose to block cookies, you might not be able to sign in or use some of those features, and preferences that are dependent on cookies will be lost. If you choose to delete cookies, any settings and preferences controlled by those cookies, including advertising preferences, are deleted and will need to be recreated.
Additional privacy controls that can impact cookies, including the Tracking Protection feature of Rainbow Tech browsers, are described in Clause 9: “How to access and customize your personal data settings” section of this privacy statement.
3.2.2 Our Use of Web Beacons and Analytics Services
Some of our Webpages may contain electronic tags known as web beacons to help deliver cookies on our Webpage(s), count users who have visited our Webpage(s), and deliver co-branded products. We may also include web beacons or similar technologies in our electronic communications to determine whether you open and act on them.
In addition to the possibility of placing web beacons on our Website(s), we may sometimes work with other companies to place our web beacons on their websites or in their advertisements, to help develop statistics on how often clicking on a Rainbow Tech advertisement results in a purchase or other action(s) towards our Product(s) or Service(s).
3.3 Third Parties
We may also work closely with third parties (including, for example, analytics providers and other third party providers of relevant services).
We may receive personal data about you from such third parties as set out below:-
- Contact Data, Financial Data and Transaction Data from providers of payment services;
- Contact Data from mailing list providers
4. HOW WE USE YOUR PERSONAL DATA
4.1 Data Usage
We are committed to only use your personal data when the Basic Law of the Hong Kong SAR allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the duties of the contract we are about to enter into or have entered into with you (“Performance of Contract”).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (“Legitimate Interests”).
- Where we need to comply with a legal obligation (“Legal Obligations”).
We plan to use your personal data for the following purposes, and pursuant to the corresponding legal bases:
|Purpose||Type of Data||Lawful Basis and Basis of Legitimate Interest|
|Registration as a new customer||Identity Data; Contact Data;||Performance of Contract|
|Signing in to our Product(s) and/or Webpage(s)||Identity Data; Contact Data; Profile Data; Financial Data; Transaction Data.||Performance of Contract|
|Processing and delivery of your order||Identity Data; Contact Data; Financial Data; Transaction Data; Marketing and Communication Data.||Performance of Contract; Legitimate Interest (to recover debts due to us arising from your subscription to our Product(s) and/or Service(s))|
|Enabling you to partake in a prize draw, competition or complete a survey||Identity Data; Contact Data; Profile Data; Usage Data; Marketing and Communication Data.||Performance of Contract; Legitimate Interest (to study how you as our customer use our Product(s) and/or Service(s) and grow our business)|
|Administration and Protection of our Product(s) and/or Webpage(s) (including troubleshooting, data analysis, testing, system maintenance, support reporting and hosting of data)||Identity Data; Contact Data; Technical Data.||Legitimate Interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise); Legal Obligations|
|Delivery of relevant website content and advertisements to you and understanding the effectiveness of the advertising we address to you||Identity Data; Contact Data; Profile Data; Usage Data; Marketing and Communication Data; Technical Data.||Legitimate Interest (to study how you as our customer use our Product(s) and/or Service(s), to develop them, to grow our business and to inform about our marketing strategy)|
|Using data analytics to improve our Webpage(s), our Product(s) and Service(s), marketing approach, customer relationship and user experience||Usage Data; Technical Data||Legitimate Interest (to define customer type you fall into by using our Product(s) and/or Service(s), to keep our Webpage(s) and Product(s) updated and relevant, to develop our business and to inform about our marketing strategy)|
|Suggestions and recommendations about goods or services that may be of interest to you||Identity Data; Contact Data; Profile Data; Usage Data; Marketing and Communication Data||Legitimate Interest (to develop our Product(s) and/or Service(s), and grow our business)|
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please feel free to contact us any time.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by the Basic Law of the Hong Kong SAR.
4.2 Data Usage associated with AutoBizight or any Rainbow Tech Analytics Account
Personal data associated with your Account includes credentials, name and contact data, payment data, device and usage data, your contacts, information about your activities， and your interests and favourites. Signing into your Account enables personalization, consistent experiences across Products and devices, allows you to make payments using payment instruments stored in your Account, and enables other relevant features.
The data associated with your Account, and how that data is used, depends on how you use your Account. Please refer to the above table under Clause 4.1 for further details on the lawful basis and basis of legitimate interest on how we use your data.
4.2.1 Creating your AutoBizight or Rainbow Tech Analytics Account
When you create an Account with us, you will be asked to provide certain personal data and we will assign a unique ID number to identify your Account and associated information. While our Product(s) or Service(s) involves payment, it requires an authentic name of yours that you can sign in as.
4.2.2 Signing in to AutoBizight or Rainbow Tech Analytics Account
When you sign in to your Account, we create a record of your sign-in, which includes the date and time, information about the Product you signed in to, your sign-in name, the unique number assigned to your Account, a unique identifier assigned to your device, your IP address, and your operating system and browser version.
Signing in to your Account enables improved personalization, provides seamless and consistent experiences across devices, permits you to access and use cloud data storage, allows you to make payments using payment instruments stored in your Account, and enables other enhanced features and settings. When you sign in to your Account, you will stay signed in until you sign out.
4.2.3 Signing in to Third-party Products or Websites
4.3 More on the Purposes of Data Processing
4.3.1 Provide our Product
We use data to operate our Product(s) and Website and provide you with rich, interactive experiences. We may contact you by phone or email or other means to inform you when a subscription is ending or discuss your licensing account. We also communicate with you to secure our Product(s) and/or Service(s), for example by letting you know when product updates are available.
4.3.2 Product Improvement
We use data to continually improve our Product(s) and Service(s), including adding new features or capabilities. For example, we use error reports to improve security features and usage data to determine what new features to prioritize.
Our Product(s) and Webpage(s) include personalized features, such as recommendations that enhance your productivity and enjoyment of using our Product(s) and/or Service(s). These features use automated processes to tailor your product experiences based on the data we have about you, such as inferences we make about you and your use of our Product(s) and/or Service(s), activities, interests, and location. We also provide controls to disable such personalized features.
4.3.4 Product Activation
We use data, such as subscription identifiers, to activate Products that require activation.
4.3.5 Product Development
We use data to develop new products. For example, we use data, often de-identified, to better understand our customers’ computing and productivity needs which can shape the development of new products.
4.3.6 Customer Support
We use data to troubleshoot and diagnose problems, provide other customer care and support services.
4.3.7 Help Secure and Troubleshoot
We use data to help secure and troubleshoot our Product(s) and Webpage(s). This includes using data to protect the security and safety of our Product(s) and Webpage(s), detecting malware and malicious activities, troubleshooting performance and compatibility issues to help customers get the most out of their experiences, and notifying customers of updates associated with our Product(s) and Webpage(s). This may include using automated systems to detect security and safety issues.
We use data to protect the safety of our Product(s), Webpage(s) and our customers. Our security features and Products can disrupt the operation of malicious software and notify users if malicious software is found on their devices. For example, some of our Products systematically scan content in an automated manner to identify suspected spams, viruses, abusive actions, or URLs that have been flagged as fraud, phishing, or malware links; and we reserve the right to block delivery of a communication or remove content if it violates our terms.
We use data we collect to develop product updates and security patches. Updates and patches are intended to optimize your experience of using our Product(s)/Service(s), help you protect the privacy and security of your data, provide new features, and ensure your device is ready to process such updates.
4.3.10 Promotional Communications
We use data we collect to deliver promotional communications. You can sign up for email subscriptions and choose whether you wish to receive promotional communications from Rainbow Tech by email, SMS, physical mail, or telephone. For information about managing your contact data, email subscriptions, and promotional communications, see the Section 9: HOW TO ACCESS AND CUSTOMIZE YOUR PERSONAL DATA SETTINGS of this privacy statement.
4.3.11 Relevant Offers
Rainbow Tech uses data to provide you with relevant and valuable information regarding our Product(s)/Service(s) rendered. We analyze data from a variety of sources to predict the information that will be most relevant to you and deliver such information to you in a variety of ways.
We use data we collect through our interactions with you, through providing Product(s)/Service(s), and on third-party web properties providing advertising content of for our Product(s)/Service(s). We may use automated processes to help make advertising more relevant to you. For more information about how your data is used for advertising, please refer to Section 6: ADVERTISING of this privacy statement.
4.3.13 Transacting Commerce
We use data to carry out your transactions with us. For example, we process payment information to provide customers with the Product(s) and/or Service(s) they subscribed or purchased on any of our Webpages.
4.3.14 Reporting and Business Operations
We use data to analyze our operations and perform business intelligence. This enables us to make informed decisions and report on the performance of our business.
4.3.15 Protecting Rights and Property
We use data to detect and prevent fraud, resolve disputes, enforce agreements, and protect our property. For example, we use data to confirm the validity of software licenses to reduce piracy. We may use automated processes to detect and prevent activities that violate our rights and the rights of others, such as fraud.
4.3.16 Legal Compliance
We process data to comply with the Basic Law of the Hong Kong SAR. For example, we process contact information and credentials to help customers exercise their data protection rights.
With appropriate technical and organizational measures to safeguard individuals’ rights and freedoms, we use data to conduct research, including for public interest and scientific purposes.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the following parties for the purposes set out in the table under Clause 4.1:-
- External Third Parties as set out in the Section 11: DEFINITIONS below; and
We require all third parties to respect the security of your personal data and to treat it in accordance with the Basic Law of the Hong Kong SAR. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
5.1 International Transfers
We will share your personal data within our company in Hong Kong SAR, but we may also transfer your data to other geographic jurisdictions for regulatory reasons.
Please understand that we will generally ensure a similar degree of protection to your personal data as it is afforded in The European Economic Area (EEA) by ensuring at least one of the following safeguards is implemented:
- We will if and only if necessary, transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: ADEQUACY DECISIONS on How The Eu Determines If A Non-Eu Country Has An Adequate Level Of Data Protection.
- We may use specific contracts or contract clauses approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: STANDARD CONTRACTUAL CLAUSES (SCC) For Data Transfers Between EU And Non-EU Countries.
Please do not hesitate to contact us anytime if you want further information on the specific mechanism used by us when transferring your personal data.
5.2 Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties with a valid necessity of such access. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally bound to do so.
5.3 Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or when we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of your personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Other criteria we use to determine retention period may include:
· Whether users anticipate that such data is to be retained until they submit their affirmative request for removal
In such cases, we would aim to maintain the data until you actively delete it. Note that other reasons why the data has to be deleted sooner may exist, for example if user exceed limit on how much data can be stored in the Account.
· If an automated control exists，which determines user access and whether deletion of the user’s personal data is justified
When such control is absent, a shortened data retention period will generally be adopted.
If so, a shortened retention period would generally be adopted.
· Is the personal data of a sensitive type
· Has the user provided consent for a longer retention period
If so, we will retain data in accordance with user’s consent.
· Is our Product subject to a legal, contractual, or similar obligation to retain or delete the data
Examples may include mandatory data retention laws under jurisdiction of the Hong Kong SAR, including but not limited to government orders to preserve data relevant to an investigation, or to retain data retained for the purposes of litigation purposes. On the contrary, we will remove any content deemed unlawful pursuant to such orders.
Under certain circumstances, you can ask us to delete your data: see “Your Legal Rights within the EEA” or “Your Legal Rights within the Hong Kong SAR” below for further information.
Under certain circumstances, we will anonymize your personal data (so as to clear any possible connection associated with your identity) for research or statistical purposes, in which case we may use this information without restriction, and without your further acknowledgement.
6.1 We strive to provide you with choices regarding certain personal data uses, particularly in areas of marketing and advertising. We may use your Identity Data, Contact Data, Technical Data, Usage Data and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which Product(s), Service(s) and offers may be relevant for you.
You may receive marketing emails and newsletters from us if you have ever requested information from us or purchased Product(s) or Service(s) from us, or if you have provided us with your details in our event(s) or registered for a promotion and, in each case, you have expressly consented to receiving such marketing materials in any form or fashion.
We will get your express opt-in consent before we share your personal data with any designated third party for marketing purposes.
6.2 Opting Out
You can ask us or our designated third parties to stop sending you marketing messages at any time:-
- by contacting us anytime at email@example.com with respect to our Product(s)/Service(s); or
- by managing your preferences or unsubscribe in your Account Settings.
Where you opt-out of receiving these materials, this will not apply to personal data provided to us as a result of a Product or Service subscription, Product or Service experience or other transactions (for which we shall perform our contractual duties, regulatory or legal obligations).
6.3 Your Communication Preferences
In addition to the above, you may state your preference on whether you agree to share your contact information with Rainbow Tech’s partners/vendors, by following these steps here:-
- Log in to your “Account Settings”;
- Go to “Notifications”;
- Uncheck the switch for “Receive Emails/Alerts”.
Please note that this option does not apply to mandatory service communications being part of the Product(s), programs, activities, surveys or other informational communications coming with their own method to unsubscribe.
6.4 Browser-based Controls
When you use a browser, you may customize disclosure or sharing of your personal data when using certain features.
6.4.1 Cookie Controls
You can customize which data to be stored by cookies and withdraw consent to cookies by using the browser-based cookie controls described in the COOKIES section of this privacy statement.
6.4.2 Tracking protection
You can determine which personal data can be collected by third-party sites using tracking protection for certain browsers. This feature will block third-party content, including cookies, from any site that is listed in a tracking protection list you define.
7. YOUR LEGAL RIGHTS WITHIN THE EEA
7.1 Your Rights if domiciled in the EEA
If you are currently domiciled in the EEA, processing of your personal data is subject to your rights under the GDPR, which include:-
- Right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us, as any personal data must remain accurate, stay up-to-date, and be corrected or deleted when found incomplete or inaccurate. Accuracy also depends on the data provided by you as the client: Rainbow Tech will not tamper or delete your data as provided.
- Right to request erasure of your personal data. This enables you to ask us to delete or remove your personal data if it’s no longer necessary for the purpose it was collected, or there is no compelling reason for our continued processing. You also have the right to ask us to delete or remove your personal data upon successful exercising of your “right to object to processing” (see below), in the case where we may have processed your information unlawfully， or where we are required to erase your personal data to comply with the Basic Law of the Hong Kong SAR. Note, however, that we may not always be able to accommodate your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to request the transfer of your personal data to you or to a third party. We will provide to you, or your designated third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw consent at any time where we are relying on that consent to process your personal data. However, this will not affect the lawfulness of any processing carried out as long as your consent remains valid. Upon consent withdrawal, we may not be able to provide certain Product(s) and/or Service(s) to you, in which case you will be notified in advance, and withdraw consent at your discretion.
- Platform Users cannot tamper or remove any data uploaded to our platform: you may access your data uploaded to our platform, either through your own IT department or Rainbow Tech, given that you are the authorized subscriber of the respective Product(s)/Service(s).
8. YOUR LEGAL RIGHTS IN HONG KONG
If your business is currently based in the Hong Kong SAR, you are entitled, in accordance with the Personal Data (Privacy) Ordinance (Cap. 486, the laws of Hong Kong) (the “Ordinance”), to check whether we are holding data about you and to request access to those data. If any of these data are found incorrect or inaccurate, you have the right to correct or update them. Requests for access to or to correct personal data should be addressed to our Data Privacy Manager at firstname.lastname@example.org with respect to the Product(s). In accordance with the Ordinance, we are entitled to charge a reasonable administration fee for processing the requests in question.
9. HOW TO ACCESS AND CUSTOMIZE YOUR PERSONAL DATA SETTINGS
9.1 You can access and customize the settings of your personal data that Rainbow Tech has obtained from our provision of Product(s)/Service(s) or collected from our Webpage(s). In some cases, your ability to access or customize your personal data settings will be limited, as required or permitted by applicable laws and regulations.
9.2 If you are being authorized to access or use our Product(s), Service(s) and/or Webpage(s), please contact your delegated administrator to learn more about how to access and customize your personal data settings of the Subscriber Account.
9.3 You can access and customize the settings of your personal data that Rainbow Tech has obtained, and exercise your data protection rights, using various tools we provide on our Product(s) and/or Webpage(s), for instance, you may access or edit your Account profile or change your password by visiting the respective page on our Website.
9.4 Not all personal data processed by Rainbow Tech can be accessed or customized via the tools above. If you want to access or customize the settings of personal data processed by Rainbow Tech that is not available via the tools above, you can always contact us at email@example.com. We aim to respond to all legitimate requests made by you within one calendar month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will keep you abreast of our progress.
9.6 We may request specific information from you to help us confirm your identity and verify your right to access your personal data (or to exercise any of your lawful rights in this regard). This is a security measure to protect your personal data against any unauthorized access in our custody and control. We may also contact you for further information to facilitate and accelerate processing of your request.
10. OTHER IMPORTANT PRIVACY INFORMATION
10.1 Security of Personal Data
Rainbow Tech is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. For example, we store your personal data rendered on computer systems in controlled facilities, with restricted access to authorized personnel. When handling sensitive and confidential data like passwords and payment card information over the internet, data during transmission is adequately secured through encryption. Rainbow Tech complies with applicable data protection laws, including applicable data security breach notification laws.
10.2 Where we store and process personal data
Your personal data collected by Rainbow Tech may be stored and processed in your region and in any other country where Rainbow Tech or its affiliates, subsidiaries, or service providers operate. The storage location(s) are selected for their capacity to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problems. We take steps to ensure that the data we collect under this privacy statement is processed pursuant to the provisions of this statement and the requirements of applicable law wherever the data is originated from.
“External Third Parties” shall mean (a) service providers who provide IT and system administration services; (b) professional advisors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services; and (c) any regulators and authorities who require reporting of processing activities.
“Legitimate Interests” shall mean the interests of our business in conducting and managing our business to enable us to give you our best possible Product(s)/Service(s) with and the most secure experience we can possibly provide. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by applicable laws or regulations). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at firstname.lastname@example.org.
“Legal Obligations” shall mean processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
“Performance of Contract” shall mean processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.