We, CITIZEN Watches (H.K.) Ltd. (hereinafter referred as “Company”), part of the Citizen Group, pledges to meet fully with the requirements of the Personal Data (Privacy) Ordinance, Chapter 486 of the Laws of Hong Kong (the “Ordinance”). In doing so, the Company will ensure compliance by its staff to the strictest standards of security and confidentiality in respect of all personal information and data submitted by you to the Company and the Company will not release such information to anyone without your prior consent except to the authorized persons listed under the section entitled “Disclosure or Transfer of Data”.
I. Collection of Personal Data
The Company does not actively collect personal data of minors under the age of 16. If you are under 16, you should obtain consent from your parents or guardians before providing the Company with your personal data. If the Company finds out it has unintentionally collected personal data from a minor and consent from the minor’s parents or guardians has not been obtained, we will take steps to delete such personal data collected
II. Purpose of Collection of Personal Data
In the course of using our services, you may disclose or be asked to provide personal data. In order to have the benefit of and enjoy various services offered by the Company and/or its affiliates, it may be necessary for you to provide the Company with your personal data. Although you are not obliged to provide the personal data as requested, the Company may not be able to render certain services to you in the event that you fail to do so.
The Company’s purposes for collection of personal data include but not limited to the following:
(a) for the daily operation of services provided to customers, offline or online;
(b) providing customers with after-sale services (such as for warranty and related services);
(c) identifying customers who have enjoyed and used our services ;
(d) providing customers with marketing and promotional materials for their enjoyment of benefits provided by the Company identifying customers who have enjoyed their benefits as customers by receiving and using marketing and promotional materials;
(e) allowing customers to enjoy their benefits by enrolling for promotional events hosted by the Company and/or its affiliates;
(f) conducting satisfaction surveys with customers and market analysis;
(g) addressing requests or enquiries made by customers;
(h) designing and providing products and services to customers in relation to the above purposes;
(i) facilitating the Company and/ or its affiliates to investigate any disputes (or any potential disputes or claims) arising out of or associated with a required or recommended service provided (or to be provided) by the Company;
(j) enabling the Company to monitor the quality of services provided by its staff and carry out corresponding internal training and/ or disciplinary action where appropriate;
(k) notifying you of any changes to the Websites or to our services that may affect you;
(l) complying with the applicable laws of any jurisdiction; and
(m) any other purposes incidental and directly related to any of the above.
III. Direct Marketing
Where you have given consent and have not subsequently opted out, or where permitted under the Ordinance, the Company may use your personal data for direct marketing carried out by the Company and/or its affiliates via newsletters and various promotional and marketing materials. For such purpose, your personal data may be provided to any of the Company’s affiliates, including its regional offices.
The purposes, uses and treatment of personal data collected for direct marketing purposes will be stated in the relevant Personal Information Collection Statement (“PICS”) provided at the time of collection of such personal data. Suitable measures will be implemented to make available to you the options to “opt out” of receiving any direct marketing materials from the Company.
IV. Use of Websites
1. Cookies and Log Files
(a) recognize you whenever you visit the Websites;
(b) obtain information about your preferences, viewing and browsing behavior, online movements and use of the Internet;
(c) carry out research and statistical analysis to help improve the Company’s services and to better understand users of the Company’s services;
(d) enhance your online experience; and
(e) enable tighter security.
2. Links to Other Sites
The Websites may provide links to other websites which are not owned, operated or controlled by the Company. Personal data from you using the Websites may be collected on these other websites when you visit such websites and make use of the services provided therein. Where and when you decide to click on any hyperlink on the Websites which grants you access to another website, the protection of your personal data which are deemed to be private and confidential may be exposed in these other websites.
V. Disclosure or Transfer of Data
The Company agrees to take all practicable steps to keep your personal data collected confidential and/or undisclosed, subject to the following.
Generally speaking, the Company will only disclose and/or transfer your personal data to the Company’s staff for the purpose of providing services to you. However, the Company may disclose and/or transfer such personal data to third parties under the following circumstances:
(a) where the personal data is disclosed and/or transferred to the Company, any third-party suppliers or external service providers who have been duly authorized by the Company to use such personal data and who will facilitate the services, such as warranty and after-sale services provided by the Company and/or its affiliates, under a duty of confidentiality;
(b) where the personal data is disclosed and/or transferred to any agents or affiliates of the Company including its regional offices who have been duly authorized by the Company to use such personal data;
(c) where the Company needs to protect and defend its rights and property;
(d) where the Company considers necessary to do so in order to comply with the applicable laws and regulations, including without limitation compliance with a judicial proceeding, court order, or legal process served on the Company and/or its affiliates; and
(e) where the Company deems necessary in order to maintain and improve the services provided by the Company.
Personal data collected by the Company may be transferred, stored and processed in any country/region in which the Company and/or its affiliates operate. By using the Services, you are deemed to have agreed to, consented to and authorized the Company to disclose and/or transfer your personal data under the circumstances stated above, as well as to any transfer, disclosure and use of personal data outside of your country/region.
VI. Management of Personal Data and Security Measures
The Company follows generally accepted industry standards to protect the personal data submitted by you, both during transmission and once the Company receives it.
If the Company has to transfer any acquired personal data to a third country/jurisdiction, we shall take appropriate protection measures necessary for international data transfer.
However, no method of transmission or storage of data is 100% secure, regardless the data is provided in person, via phone or internet. In addition, the Company’s technical system could not guarantee online security and may not be capable of resisting “tampering” or “computer hacker” invasion. In this connection, Company’s efforts have been made to prevent and minimize unauthorized third-party access and improper use of your personal data.
VII. Rights of Access to Personal Data
We respect your rights to your personal data, and you are entitled to request access to, and/or request us to disclose, correct, discontinue to use, or delete any of your personal data in our possession in accordance with the provisions of the Ordinance.
Please note that all such data access requests should be made using the form specified by the Privacy Commissioner for Personal Data which is accessible from the following link (https://www.pcpd.org.hk/english/publications/files/Dforme.pdf), and are addressed to the Customer Service Department of the Company through one of the communication channels set out in the “Contact Us” section below.
In the event that you wish to access or amend your personal data, the Company may request you to provide personal details in order to verify and confirm your identity. The HKID card number or passport number or business registration certificate number records kept with the Company cannot be amended unless such data is proved to be inaccurate. The Company is required to respond to your requests within 40 days of the request and will endeavour to do so wherever possible.
VIII. Retention of Personal Data
In the event any law enforcement agency or regulatory body requests that any personal data collected by the Company be preserved for the purpose of an active investigation of a crime, the relevant personal data may be retained until such time when it is collected by the relevant law enforcement agency or regulatory body.
X. Contact Us
Customer Service Department
2/F, 64 Hung To Road, Kwun Tong, Kowloon
Citizen Group EU Personal Data Protection Policy
Unless otherwise provided for herein, the terms as used herein shall have the meanings assigned to them in the GDPR and other laws and regulations on protection and handling of personal information in EU.
1. Acquisition of Personal Data
In acquiring any personal data, we shall use a proper and fair means and, except the case where any exceptional handling is permitted by laws and regulations, ask a person identified by the relevant personal data as their owner (hereinafter referred to as “Principal”) to voluntarily provide us with said personal data.
We shall, in receiving any personal data from a Principal, expressly notify him/her of the purpose of use in advance and obtain his/her consent to said purpose of use after explaining that he/she can withdraw said consent at any time, and we shall use said personal data within the scope of the purpose of use he/she has agreed to.
Except the case where we obtain a prior consent of a Principal or where it is permitted by laws and regulations, we shall not acquire any “special categories of personal data.”
2. Purpose of Use of Personal Data
We shall use personal data for the purpose of use of personal data determined by a company which has received said personal data (hereinafter referred to as “Company”).
3. Management of Personal Data
We shall appoint a manager at every section which handles personal data for protection of, manage appropriately and carefully, take necessary and appropriate measures to prevent unauthorized access to, and loss, destruction, falsification and leakage of, and thereby protect, any personal data under our possession.
If we recognize an infringement of any personal data, we shall promptly take necessary measures and properly address it. Additionally, when a Principal having provided any personal data is expected to suffer any damage, we shall notify him/her of necessary information as needed.
4. No Disclosure to a Third Party of Personal Data
Except the case where any exceptional handling is permitted by laws and regulations or by provisions of the relevant Company, we shall not disclose or provide to a third party any personal data we have acquired from a Principal, without his/her consent.
5. Disclosure, Correction, Deletion, etc. of Personal Data under Possession
(1) When a Principal having provided any personal data desires any of the following treatments, please contact a personal information inquiry counter of the relevant Company. According to your rights prescribed in laws and regulations on protection of personal information in EU, we shall appropriately respond to it.
(i) When the Principal desires to gain access to any personal data.
(ii) When the Principal desires to correct any personal data.
(iii) When the Principal desires to delete any personal data.
(iv) When the Principal desires to impose restrictions on handling of any personal data.
(v) When the Principal desires data portability.
(vi) When the Principal desires to raise an objection.
(vii) When the Principal desires not to be covered by the automatic decision-making.
In taking the steps, please submit the following documents by mail or by email.
- An application form for request for disclosure of personal data, etc. as prescribed by the relevant Company
- A document verifying the identity of the Principal as prescribed by the relevant Company
- A document verifying the identity of the proxy as prescribed by the relevant Company
(2) To prevent Principal’s any personal data from being falsified or leaked, etc. by a third party, we shall respond to you by mail or by email only when the Principal’s identification has been confirmed through submitted documents.
While we make efforts to provide prompt response to meet your request, please note that it may take time as we work on confirmation of the registered personal data and on ensuring accuracy of response.
(3) We do not return any request form or verification documents received from a Principal or his/her proxy. Please note that the request form shall be maintained in a proper manner by each Company and the verification documents shall be disposed of by each Company by appropriate means when the purpose of use is completed.
6. Handling of Personal Data of a Person Under 16 Years Old
We protect and treat personal data of a person under 16 years old in equal measures as we protect major individuals' personal data. We shall obtain parental guardian's consent as needed when we receive any personal data from a person under 16 years old.
7. Management of Website
(1) In operating our website, we are taking appropriate systemic and operational security measures, including, but not limited to, the establishment of the server management system and the access restriction, in order to securely manage any personal data.
(2) When individuals contact us via our website, all the data are encrypted and protected by transmission using SSL (Secure Sockets Layer) protocol for safety purpose.
8. International Transfer of EU Personal Data to Outside EU
If we have to internationally transfer any acquired personal data to a third country outside EU, we shall take appropriate protection measures necessary for international data transfer.
9. Change in EU Personal Data Protection Policy
Please note that contents of this EU Personal Data Protection Policy may be changed as necessary, for the purpose of the protection of personal data or of the response to change in laws and regulations, etc.
With respect to inquiries concerning your personal data, please contact a personal information inquiry counter of the relevant Company.
Should there be any discrepancy between the English and Chinese versions, the English version shall prevail.