PRIVACY POLICY
1.
Privacy generally
This privacy policy applies
to the handling of personal data by Crowdstar
Technology Limited (Crowdstar,
we, us, our).
We understand the
importance of protecting an individuals personal data. This privacy policy sets out how we aim to
protect your personal data, your rights in relation to your personal data if
you provide to us and how we collect, hold, use, disclose, and otherwise manage,
your personal data when we provide you with our products and services, and when
you access our websites.
In collecting, holding,
using, disclosing and otherwise managing your personal data, we will comply
with the Personal Data (Privacy) Ordinance (Cap. 486) and the Personal Data (Privacy) (Amendment)
Ordinance (Applicable Laws).
We will regularly review
our policies and procedures regarding personal data and may therefore update
and amend this privacy policy from time to time. Any updated privacy policy will be made
available on the Crowdstar website, https://www.crowdstar-tech.com,
or can otherwise be obtained by contacting us and requesting a copy.
2.
Kinds of personal data
collected
Personal data means
information relating directly or indirectly to a living individual; from which
it is practicable for the identity of the individual to be directly or
indirectly ascertained; and in a form in which access to or
processing of the data is practicable.
We operate the business
of game development and publishing as well as provide game marketing services
to our clients. In conducting this business, or as a result of our other
interactions or dealings with you, we may collect your personal data.
The kinds of personal
data that we collect will vary depending on our particular interaction or
dealing with you. However, generally speaking, the kinds of personal data we collect
may include:
a)
your
contact information such as your name, telephone number and email address;
b)
your
preference information regarding our products and services;
c)
details
regarding the transactions you undertake in respect of our business; and
d)
other
information necessary to provide you with information regarding our products or
services or undertake any transactions or dealings with you.
We may also hold other
kinds of personal data as permitted or required by law or other kinds of personal
data that we notify you of at or about the time of collection.
Generally, we do not
collect sensitive information about individuals. Information about your health,
racial or ethnic origin, political persuasions, criminal record and religious
or philosophical beliefs are all examples of sensitive information. If we do need to collect sensitive information
about you, we will only do so with your consent or where we are required to do
so by law.
3.
How we collect personal
data
Generally, we collect
your personal data directly from you. For
example, we may collect your personal data:
a)
when
you register or apply for an account with us, request information or services
from us, or otherwise provide us with your details;
b)
where
you enter into, or propose to enter into, a transaction with us, including the
provision of our products or services;
c)
where
you use our websites, applications, products or other online services or otherwise
interact with us; or
d)
if
you post information to our website, application or any of our social media
sites or otherwise interact with us.
There may be occasions
when we collect your personal data from someone other than you, for example:
a)
from
our other service providers that help us provide our services;
b)
from
our related entities, including but not limited to holding companies or
affiliated companies;
c)
from
third parties you authorise to disclose your information to us;
d)
from
a publicly maintained record or other publicly available sources of information
including social media and similar websites; or
e)
from
third parties if you connect to our services or register an account with us using
an external third-party application, such as Facebook or Google.
Generally, we will only
collect your personal data from sources other than you if it is unreasonable or
impracticable to collect that personal data from you.
4. Purposes
for which personal data is used
Generally speaking, we collect,
hold, use or disclose personal data so that we can maintain, improve and
provide you with our products and services.
Some examples of the
purposes for which we collect, hold, use and disclose your personal data include
to:
a)
determine
your eligibility for or products and services, including verifying your
identity;
b)
administer
services and products to you;
c)
communicate
with you, including informing you of changes and updates to our policies, terms
and conditions, and other administrative information;
d)
help
us to manage the services we provide to you, including personalising your
experience with our services;
e)
provide
you with marketing, advertising and promotional information, materials and/or
documents relating to game-related services that may be of interest to you or
for which you may be eligible (as detailed in paragraph 5 below);
f)
enforce
obligations owed to us;
g)
respond
to your queries and provide you with information you request from us;
h)
conduct
our business and facilitate the supply of our services to you;
i)
contact
you to obtain your feedback regarding our products or services or to conduct
other market research;
j)
administer,
manage and process any transactions you enter into, or propose to enter into,
with us;
k)
conduct
investigations in cases of fraud, credit or data security risks;
l)
analyse
the information we collect so that we can administer, support, improve and
develop our business and the services we offer (including by monitoring or
recording our interactions with you for training purposes);
m)
establish,
exercise or defend a legal right or to participate in any legal or
administrative proceedings; and
n)
comply
with the obligations of Crowdstar under any
applicable laws, regulations, rules, directives, orders, instructions, guidance
and requests from any local or foreign authorities, including regulatory,
governmental, tax and law enforcement authorities.
In addition to the
purposes listed above, we may use your personal data for purposes related to
the above purposes, other purposes which we notify you of when we collect the
information and for purposes otherwise permitted or required by law.
Where personal data is
used or disclosed, we take steps reasonable in the circumstances to ensure it
is relevant to the purpose for which it is to be used or disclosed. You are under no obligation to provide your personal
data to us. However, without certain
information from you, we may not be able to provide services or information to
you or may be limited in how we can interact with you.
5. Use
of personal data for marketing purposes
In
addition to the purposes outlined in paragraph 4
above, we may use and disclose your personal data in order to inform you of promotions,
competitions, giveaways, events, goods or services that may be of interest to
you. This may include we disclosing the information
to our related companies or other entities with which we have a commercial
relationship or arrangement for the purpose of the other entity contacting you
for such marketing purposes. We may also
use your personal data to invite you to participate in marketing research,
surveys and other similar activities.
You
can choose to receive marketing and other promotional materials through various
modes including but not limited to email, direct mailers, short message
service, telephone calls, facsimile and other mobile messaging services. In
respect of sending telemarketing messages to your telephone number via short
message service, telephone calls (voice or video), facsimile and other mobile
messaging services, we will do so only if You have provided your clear and
unambiguous consent in writing or other recorded form for us to do so.
If
you do not wish to receive such communications, you can opt-out by contacting us
via the contact details set out in paragraph 13
of this privacy policy or through the opt-out mechanism contained in a
marketing communication to you.
6. Disclosure
of personal data
We disclose your personal
data for the purpose for which we collect it.
As a result, generally, we may disclose your personal data for a purpose
set out in paragraphs 4 and 5 of this privacy policy,
to the following persons. This may
include disclosing your personal data to:
a)
our
related companies;
b)
service
providers and contractors and other third parties and their respective
officers, employees, agents or subcontractors who provide goods or services to
us (including our technology service providers, our business consultants, risk,
credit, compliance and identification verification companies, legal and
accounting firms, auditors, insurers and other professional advisers or
administration service providers);
c)
other
third parties that are integral to the provision of our services;
d)
people
or entities considering acquiring an interest in Crowdstar
or any business or assets of Crowdstar;
e)
other
parties who invest in or acquire an interest in Crowdstar
or any business or assets of Crowdstar;
f)
relevant
regulatory bodies, government, tax authorities, law enforcement agencies or
other administrative, self-regulatory or statutory agencies, or stock exchange
or clearing house where required by law; and
g)
any
other party to whom you authorise us to disclose your personal data to.
We may also disclose
your personal data for other purposes if we notify you of the disclosure at or
about the time of collecting the information, we have otherwise received your
consent or the disclosure is required or authorised by law.
If you post information
or other content to public sections of our websites or to our social media
sites, you acknowledge that the information or content may be viewed by the
public and/or users of the relevant website or social media site.
7.
Overseas disclosures
We may transfer your personal
data to countries/territories outside Your area where any of our related
companies or service providers may be located. To the extent that we may need
to transfer your personal data overseas, we will protect the personal data so
transferred and ensure that we provide a standard of protection that is
comparable to the protection under Applicable Laws.
We take reasonable steps
to ensure that any such overseas recipients do not hold, use or disclose your personal
data in a way that is inconsistent with the obligations imposed under Applicable
Laws.
8.
Links to other websites
When you access our
websites or other online services, we may provide as a convenience to you links
to other websites, including websites operated by our partners, associates, or
independent third parties. These links are provided as a convenience to you. Each website has its own privacy practices, as
described in that websites privacy policy. Those practices may be different than the
practices described in this privacy policy, and we encourage you to read each
websites privacy policy carefully before you use or submit information to that
website. Additionally, to the extent
that you follow a link to a website operated by an independent third party,
please be aware that we exercise no authority or control over that third party,
and cannot be and are not responsible for any information that you may submit
to that website.
9.
Cookies
When you visit our
websites or other online services, we will generally leave a Cookie in the
memory of your web browser. The website or
other online service may only function properly if Cookies are enabled. Our websites and online services may use
persistent Cookies to authenticate you as a user and display content that is
relevant and specific to you.
Cookies are very small
files that store information about your visit to and use of a website. Most major commercial Internet sites use them
and they make your Internet surfing more useful and less time-consuming because
they store information that is reusable each time you visit our website, such
as birthday and other preferences you have chosen to share with us.
Cookies cannot access
and read the files on your hard drive. They
do allow us to provide information and products that are more meaningful to you
without asking you the same questions every time you visit us. You may get Cookies from our advertisers. We cannot pre-screen these Cookies since they
come directly to you from other sites. We hope you will want the better service that
Cookies allow, but if you prefer, you can set your browser to refuse Cookies. However, by doing that, your access to our
website, may be
compromised or limited. This may also affect the provision of certain services
through our website.
10.
Security of personal
data
We take steps reasonable
in the circumstances to ensure that the personal data it holds is protected
from misuse, interference and loss and from unauthorised access, modification
or disclosure.
We hold personal data in
electronic forms in secure databases on secure premises, accessible only with
the appropriate passwords by authorised staff, contractors or agents on a need
to know basis and is disclosed or shared using secured methods (personal data
is encrypted when necessary). Where personal data is held in hard copy, it will
be held in controlled, access restricted premises which only authorised
personnel or contractors will be permitted to access.
The processes and
systems we use to secure your personal data include:
a)
the
use of identity and access management technologies to control access to systems
on which information is processed and stored;
b)
the
implementation of strict internal security standards and confidentiality
policies when sharing of personal data between our related companies;
c)
requiring
all employees to comply with internal information security policies and keep
information secure;
d)
requiring
all employees to complete training about information security; and
e)
monitoring
and regularly reviewing our practice against our own policies and against
industry best practice.
We have in place
procedures for training our employees about their obligations under this privacy
policy, disciplining them for failure to follow this privacy policy. We also
have in place internal procedures to confirm general company compliance with
this privacy policy.
We will destroy or
de-identify personal data in circumstances where it is no longer required,
unless we are otherwise required or authorised by law to retain the
information.
11.
Access and correction
We take steps reasonable
in the circumstances to ensure any personal data it holds is accurate,
up-to-date, complete, relevant and not misleading.
In addition, under Applicable
Laws, you have a right to seek access to and correction of your personal data
that is collected and held by us. If at
any time you would like to access or correct the personal data that we hold
about you, or you would like more information on our approach to privacy,
please contact us using the details set out in paragraph 13 below. We will grant access to the extent required
or authorised by Applicable Laws or other laws and take steps reasonable in the
circumstances to correct personal data where necessary and appropriate.
To obtain access to your
personal data:
a)
you
will have to provide proof of identity to ensure that personal data is provided
only to the correct individuals and that the privacy of others is protected;
b)
we
request that you be reasonably specific about the information you require; and
c)
we
may charge you a reasonable administration fee, which reflects and will not
exceed the cost to us for providing access in accordance with your request.
We will endeavour to
respond to your request to access or correct your personal data within 30
business days from your request. If we refuse
your request to access or correct your personal data, we will provide you with
written reasons for the refusal and details of complaint mechanisms.
If
you are dissatisfied with our refusal to grant access to, or correct, your personal
data, you may make a complaint to the Office of the Privacy Commissioner for
Personal Data.
12.
Personal data related to
minors
We
attach great importance to the protection of the personal data of minors, and
minors under the age of 18 are not allowed to use our services without the
consent of their legal guardians. If you are the legal guardian of a minor
under the age of 18, you should supervise and control the minors use of our
services and ensure that the minor has obtained your express consent before
providing personal data to us.
In
the event that we collect personal data from a minor with the consent of a
legal guardian, we will only use or publicly disclose this information as
permitted by law, with the express consent of the legal guardian, or as
necessary to protect the minor.
If
a minor uses our services without the consent of his/her legal guardian, the
minors legal guardian has the right to contact us and request us to delete the
minors personal data, which we will do immediately after verification.
If we discover that we
have collected personal data from a minor without obtaining the prior consent
of a verifiable legal guardian, we will endeavour to delete the relevant data
as soon as possible.
For further information
or enquiries regarding your personal data, or if you would like to opt-out of
receiving any promotional or marketing communications or make a privacy
complaint, please contact us using any of the following contact details:
Email: support@crowdstar-tech.com
14.
Privacy complaints
Please direct all
privacy complaints to us. At all times,
privacy complaints:
a)
will
be treated seriously;
b)
will
be dealt with promptly;
c)
will
be dealt with in a confidential manner; and
d)
will
not affect your existing obligations or affect the commercial arrangements
between you and us.
We will acknowledge your
complaint within 14 business days of receipt and endeavour to resolve it within
30 business days, unless we inform you otherwise and seek your agreement in
writing.
We will commence an
investigation into your complaint. You will be informed of the outcome of your
complaint following the completion of the investigation. In the event that you
are dissatisfied with the outcome of your complaint, or an extension to the
time in which we will resolve it, you may refer the complaint to the Office of
the Privacy Commissioner for Personal Data.