1. Collection principles
In order to protect the privacy of your personal data, we ensure that the policies and practices regarding the collection, use, retention, transfer and access to personal data comply with the provisions of the Personal Data (Privacy) Ordinance Chapter 486 (the “Ordinance”) of the laws of Hong Kong.
2. Data We Collect
3. Data You Provide
You may choose to provide personal data to us in a number of ways, such as when you participate in an offer or promotion, or when you make a purchase at any of our counters in department stores, our stores or on our site, via our social media/ social networking pages (or their relevant platforms or corresponding mobile applications) or through one of our mobile applications. The types of personal data you may provide to us include:
• Contact information (such as name, postal address, email address, mobile phone or other phone numbers);
• Age and date of birth;
• Username and password of your online account at our site;
• Payment information (such as your payment card number, expiry date, delivery address, and billing address);
• Purchase history;
• Product preferences;
• Your physical characteristics and skincare concerns;
• Contact information of friend(s) or other people you would like us to contact (under the circumstance that you have obtained the required consent of such individuals for such use by us);
• Content you provide (such as photographs, videos, reviews, articles, survey responses and comments);
• Information provided to us through social media networks or one of our mobile applications when you visit our social media pages, register for our site or loyalty program using a social media account or use one of our mobile applications (such as your name, profile picture, likes, location, friend list and other information described on the social media network, or your geo-location details when using one of our mobile applications)
It is voluntary for you to provide your personal data to us. Certain services and promotions may not be available to you if you do not provide us with your personal data.
4. How We Use The Data
We may use the data you provide for the below purposes and any directly related purposes:
• Send you promotional materials or other communications;
• Provide requested information and services to you;
• Contact you to follow up or confirm your orders, appointments, returns, or refunds and to send you other non-marketing communications related to products and services we provide to you;
• Process your payment and/or gift card transactions;
• Create and manage your online account；
• Provide access to your purchase history;
• Assist with product selection and replenishment;
• Respond to your inquiries;
• Tailor ads on our website and elsewhere to your interests and history with us;
• Communicate with you about, and administer your participation in, special events, contests, sweepstakes, programs, surveys and other offers;
• Operate and communicate with you about our social networking;
• Operate, evaluate and improve our business (including developing new products and services; enhance and improve our products and services; managing our communications; analyzing our products; performing data analytics; and performing accounting, auditing and other internal functions);
• Comply with applicable legal requirements, relevant industry standards and our policies．
We also may use the data in other ways for which we will provide specific notice at the time of collection.
5. Direct Marketing
We may use the personal data provided by you for the purpose of direct marketing in accordance with the Ordinance and only when we have your express consent to do so. We may market the following classes of goods and services directly to you using your personal data:
• Beauty and skincare products;
• Beauty treatments or services;
•Health food/dietary supplements, etc.;
• Special events, contests, sweepstakes, programs and surveys; and
• Any other products or services offered by us.
Our direct marketing materials may come in several forms, including but not limited to marketing mails, emails and text messages, the details of which are set out in the following sub-sections.
If you do not wish us to use your personal data in direct marketing, you may opt out of our direct marketing at any time by following the procedures set out in the section "Your Rights and Choices" below. We must cease to use your personal data in direct marketing, free of charge, if you so require.
6. Data We Collect by Automated Means
When you visit this site or click on our online advertisements (including our advertisements on third party websites), visit our social media/ social networking pages (or their relevant platforms or corresponding mobile applications), or download and/ or use one of our mobile applications, we also collect certain data about your usage or device by automated means or by using technologies such as cookies, web server logs and web beacons. For example, if you use one of our mobile applications, we may collect your IP address, your unique device identifier (or other device identifier) and/or geo-location data in order to offer you certain features or functionalities within that mobile application. As set forth in more detail below, we may also collect data about your usage and browsing habits using various web-based technologies.
7. Technologies We Use
• Cookies: "Cookies" are small bits of information or small text files that websites send to your browser which may then be stored on the hard drive of your computer as a tag that identifies your computer. Cookies remember information about your activities on the site to make your visits to our website more enjoyable and valuable to you by providing a customized experience and recognizing your preferences when you visit our website. Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict or disable certain cookies. If you have chosen to disable cookies on your browser, some of the functionality of our website may be lost.
• Flash cookies: "Flash cookies" (also called Local Shared Objects or "LSOs") are data files similar to cookies, except that they can store more complex data. Flash cookies are used to remember settings, preferences, and usage, particularly for video, interactive gaming, and other similar services.
• Web server logs: Web server logs are records of activity created by the computer that delivers the webpages you request to your browser. For example, a web server log may record the search term you entered or the link you clicked to bring you the webpage. The web server log may also record information about your browser, such as your IP address of the device you use to connect to the Internet, operating system type, browser type, domain, the cookies set on your browser by the server, the language your system uses and country and time zone in which your device is located.
• Web beacons, clear pixels, or pixel tags: To control which web servers can collect information, we may place tags on our web pages called "web beacons". "Web beacons" are computer instructions that link web pages to particular web servers and their cookies. They are small graphic images on a Web page or in an e-mail that can be used for such things as recording the pages and advertisements clicked on by users, or tracking the performance of e-mail marketing campaigns.
• Geo-location technologies: Geo-location technology refers to technologies that permit us to determine your location. We may ask you to manually provide location information on our website, or to enable your mobile device to send us precise location information. We may also automatically collect general location information from your web browser.
8. Third Party Web Analytics Services
We may use third party web analytics services on this site, our social media/ social networking pages (or their relevant platforms or corresponding mobile applications), or our mobile applications, such as those of Adobe Site Catalyst and/or Google Analytics. The service providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyze how visitors use the site. The data collected through these means (including IP address) is disclosed to these service providers, who use the data to evaluate use of the website. You may deactivate the ability of these analytics services to analyze your browsing activities on this site. To learn more about web analytics services, and exercise your choice with respect to their collection of data on this site:
For Adobe Site Catalyst, please click here: http://www.adobe.com/privacy/opt-out.html
To disable Google Analytics, please download the browser add-on for the deactivation of Google Analytics provided by Google at http://tools.google.com/dlpage/gaoptout?hl=en. To learn more about privacy and Google Analytics please consult the Google Analytics overview provided by Google at: http://www.google.com/intl/en/analytics/privacyoverview.html.
We have implemented certain Google Analytics Advertising Features (Google Analytics Demographics and Interest Reporting). You can opt out of the Google Analytics Advertising Features through Google Ad settings or by visiting https://tools.google.com/dlpage/gaoptout. We will use the data provided by Google Analytics Demographics and Interest Reporting as described under "How We Use the Data ".
To disable other third-party web analytics service provider cookies, some browsers indicate when a cookie is being sent and allow you to decline cookies on a case-by-case basis. You may also turn off cookies in your browser.
9. Targeted Advertising
We may also use third-party platforms, including platforms operated by social networks, such as Google, Facebook and Pinterest, to show interest-based ads. We may convert your email address, telephone number or other information into a unique value which can be matched by those third parties with a user on their platform or with other data they may have collected from you. This matching allows interest-based ads to be delivered on those platforms. To opt out of these ads, you must change your advertising preferences on those third-party platforms. These platforms may have their own privacy notices or policies, which we strongly suggest you review.
10. How We Use the Data Collected by Automated Means
We may use the data collected through automated means on this site for market research, data analytics and system administration purposes, such as to determine whether you have visited us before or are new to the site, to tailor ads displayed to you on our site and elsewhere to your interests and history with us, and for compliance with our legal obligations, policies and procedures, including compliance with relevant industry standards and the enforcement of our Terms and Conditions. We also may use the data in other ways for which specific notice is provided at the time of collection.
11. Push Notifications and In-App Alerts and Updates
When you download one of our mobile applications, we may provide you with the option to opt in to receive push notifications from us on your mobile device in connection with that mobile application. These push notifications may include promotional communications regarding our products and services. You may, after downloading the applicable mobile application, opt out of receiving push notifications by adjusting the settings on your mobile device. Opting out of push notifications will not affect other communications you receive from us, such as email communications. You also may receive alerts and updates within our mobile applications regarding our products and services or your accounts with us. To opt out of receiving these alerts and updates, you may uninstall the applicable mobile application from your mobile device.
12.Data We Share
We do not rent, sell, or otherwise (except as described hereinbelow) disclose personal data we collect from you to permit third parties from directly market to you. But as may be required for the purposes discussed in earlier sections, we may share your personal data with:
• Miricor Enterprises Holdings Limited and its affiliates, associated companies, any companies in which it has interests, and our affiliates within the Miricor Enterprises Holdings Limited umbrella of companies;
• third party service providers who perform services on our behalf based on our instructions. We do not authorize these service providers to use or disclose the data except as necessary to perform services on our behalf or comply with legal requirements. Examples of these service providers include entities that process credit card payments, fulfill orders, and provide web hosting, advertising and marketing services;
• third parties through social networks, widgets and plug-ins. If you use any features made available to you on our website by a third party, it may result in data being collected or shared between us and the third party. For example, if you use Facebook’s "Like" feature, Facebook may register the fact that you "liked" us and may post that information on Facebook.
Where we need to share your personal data to third parties for the performance of purposes discussed above on our behalf, we would request such parties to adopt a privacy practice with personal data handling measures at an equivalent or even stricter level.
In addition, we may disclose data about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
If you do not wish to have us disclose your data to any third party, please refer to our “Contact Us” and “Personal Data Collection Statement” sections and leave your name, member number and contact phone number.
13. Your Rights and Choices
We offer you certain choices in connection with the personal data we collect from you, such as how we use the data and how we communicate with you. To update your preferences, ask us to remove your data from our mailing lists or submit a request, please contact us as mentioned below.
• Email Opt-Out
You can at any time tell us not to send you marketing communications by email by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated in the "Contact Us" section below. You also may opt out of receiving marketing emails from XOVĒ Hong Kong by sending an opt-out request to email@example.com.
• Postal Mail Opt-Out
You can request XOVĒ Hong Kong to stop sending you marketing communications by postal mail by following the instructions that may be included in our promotional mail. You can also request us to refrain from sending you promotional mails by contacting us as indicated below.
• Social Networking Application Opt-Out
To remove or delete our social media applications from your social networking account, follow the instructions from the social network.
For Facebook: please see instructions provided by the Facebook Help Center.
• Geo-Location data
When you use one of our mobile applications, you may be asked for your geo-location via such mobile application. You may choose not to share your geo-location details by adjusting your mobile device’s location services settings. To decline sharing your geo-location details, follow the instructions on your mobile device on changing the relevant settings; otherwise, please contact your service provider or device manufacturer.
• Withdrawing Consent
You may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your personal data. We will apply your preferences going forward. In some circumstances, withdrawing your consent to our use or disclosure of your personal data will mean that you cannot take advantage of some of our products or services.
• Accessing Personal Data
You have the right to request access to and receive details about the personal data we maintain about you. In accordance with section 19 of the Ordinance, we will comply with your request upon receipt of the same within 40 days. According to section 20(3)(a) of the Ordinance, if your request is not in writing in the Chinese or English language, we may refuse to comply with your request. Pursuant to section 28 of the Ordinance, we may impose a reasonable fee on your data access request. However, if you do access your personal data for reasonable corrections, we may at our discretion waive the fees.
• Correcting or Updating Personal Data
You may request for a correction or update of your personal data by contacting us as mentioned in the “Contact Us” and “Personal Data Collection Statement” sections below and providing us with correct or updated information. In accordance with section 23 of the Ordinance, we will amend your personal data within 40 days upon our receipt of your request. There is no charge for correcting personal data.
14. Data Transfers
15. How We Protect Personal Data
We maintain appropriate administrative, technical and physical safeguards designed to protect the personal data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, no security system is perfect, and we cannot promise that data about you will remain secure in all circumstances, including the security of your data during transmission to us or the security of data on your mobile device.
16. Data Preservation
During the period when we maintain a business relationship with you, we will keep all your transaction records for auditing purpose. Our general policy is to keep the relevant data for a reasonable period of time.
17. Links to Other Websites
Our website may provide links to other websites for your convenience and information. These websites may operate independently from us. Linked sites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites you visit are not owned or controlled by us, we are not responsible for the sites’ content, any use of the sites, or the privacy practices of the sites.
19. Contact Us
20.Personal data Collection Statement
As a customer of XOVĒ Hong Kong, you may need to provide your personal information (the “Relevant Data”) when you purchase or try out our products and/or services (the “Relevant Services”). If the Relevant Data is incomplete or incorrect, we may not be able to provide or continue to provide you with the Relevant Services.
You agree that the personal data provided to us can be used and stored by us for the following uses or other uses as required by the law from time to time: -
- Provision of related services, including:
- membership discounts: shopping discounts, value-added discounts, point discounts, joint discounts and membership activity discounts;
- membership services: telephone appointments, applications, setting up accounts online, daily operations, enquiries, suggestions, complaints, handling suspicious transactions, continuing and terminating use of membership services;
- marketing (only with your consent) in relation to our beauty services and products; and
- surveys to better understand the customer’s needs and provide better services.
- Handling of the benefits arising from or in connection with the Related Services;
- Analysis, verify and/or reviewing of your credit, payment and/or status in relation to the Related Services; and
- Processing of payment instructions, direct debit arrangements and/or credit arrangements as requested by you.
In the event that we have obtained the required consent from you, we may disclose and transfer your personal data (whether in Hong Kong or overseas) to Miricor Enterprises Holdings Limited and its affiliates, associated companies, any companies in which it has interests, and our affiliates within the Miricor Enterprises Holdings Limited umbrella of companies, third party service providers who perform services on our behalf based on our instructions, and third parties through social networks, widgets and plug-ins. If you use any features made available to you on our website by a third party, it may result in data being collected or shared between us and the third party.
According to the Ordinance, you have the right to:-
- determine whether we hold your personal data;
- access your personal data held by us at a reasonable time;
- access your personal data held by us using reasonable means; and
- request us to amend any incorrect data.