For the purpose of the GDPR, Next Chapter, whose address is at Unit 1307A, 13/F., Two Harbourfront, 22 Tak Fung Street, Hung Hom, Kowloon, Hong Kong, is the controller who determines the purposes and means of processing of your personal data collected through the website owned and/or operated by us or on our behalf (www.nextchapterraise.com) (our website, its gateway and pages collectively referred as "Site").
This Policy is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you have provided to us, as well as to help you to make an informed decision before providing us with your personal data.
If you, at any time, wish to enquire about this Policy or about how we may manage, protect and/or process your personal data, make a complaint, access or correct your personal data, exercise any other rights you have under the Personal Data Protection Ordinance and (where applicable) the GDPR or withdraw your consent for us to collect, use, disclose and/or process your personal data, please do not hesitate to contact our Data Protection Officer by email at firstname.lastname@example.org
1. We collect personal data and online identifiers and non-personal data
Your personal data is collected by us in various circumstances, such as when you:
- the information you provide to us for registration is true and correct;
- if you are an individual, you are over the age of 18 years;
- the Account is for your own use and benefit and not as trustee or agent or on behalf of any other party;
- if you are a corporation, the person registering an Account on your behalf is properly authorised by you to do so.
- You provide all your personal data voluntarily. However, if you opt not to provide certain personal data, you may not be able to use all our services. For example, if you do not supply the personal data required to set up your Account, we reserve the right not to process your application as a member, and so no contract for provision of any of our services will be formed.
- If you provide us with any personal data relating to a third party (e.g. information about your spouse, children, parents, employees and/or authorized representatives), you represent to us that you have obtained the consent of the third party to you providing us with their personal data for the respective purposes.
- Finally, when you visit and use our Site, we may also collect information about you using online identifiers such as cookies and web beacons (see paragraph 12 for more detail).
- We also collect certain non-personal data when you visit and use our Site. Such data is entirely anonymous and is aggregated for statistical analysis ("Aggregate Information").
- We may use an independent company (the "Third Party Market Research Company") to measure and analyse usage across our Site. We use the Third Party Market Research Company’s services to collect Aggregate Information on the usage of our Site which assists us in analysing the usage of our Site. This is so that we can improve the content and navigability of our Site as well as our services and facilities.
2. Purposes and legal bases for collection, use, disclosure and processing
Your personal data may be collected, used, disclosed and/or processed for one or more of the following purposes and, where you are a data subject in the European Economic Area (that is you are physically located in the European Economic Area), on the following legal bases recognized under the GDPR:
Purposes of processing Legal bases for processing For research, editing, documenting and publishing - consent - legitimate interests (to allow us to prepare and enhance our services) To provide member services to you - consent - contract performance (to allow us to provide to you our services) - legitimate interests (to allow us to provide our services) To send you promotions as well as marketing and advertising materials - consent To conduct market research, profiling and statistical analysis and other development activities - consent - legitimate interests (to allow us to provide and improve our services) To verify your membership fee payments - contract performance - legitimate interests (to ensure payments have been properly made) To send you information about any administrative changes, updates and/or amendments to our policies, terms and conditions - consent - contract performance - legitimate interests (to keep you informed about changes that may affect you) To respond to or follow up on your queries, requests and/or complaints - legitimate interests (to allow us to respond to you) To protect and enforce our contractual and legal rights and obligations - legal claims To comply with any applicable laws and regulations or to assist in law enforcement - legal obligation and/or investigations by any governmental authority, public agency, statutory board or similar authority - legal claims - legitimate interests (to prevent unlawful activities)
Where you are a data subject in the European Economic Area, the legal bases for our processing and use of your personal data are further elaborated as follows:
- Consent: Where you have consented to our use of your personal data. You may withdraw your consent to the use of your personal data by contacting us (see paragraph 8).
- Contract performance: Where processing of your personal data is necessary for the performance of our contract with you or in order to take steps at your request prior to executing a contract with us;
- Legal obligation: Where we need to use your personal data to comply with our legal obligations;
- Legitimate interests: Where our use of your personal data is necessary for our legitimate interests. We will only rely on this basis if we consider that such legitimate interests are not overridden by any interests or fundamental rights and freedoms that you may have, or any prejudice that you may suffer, from the relevant use of your personal data; and
- Legal claims: Where your personal data is necessary for us to establish, exercise or defend any legal claims.
3. Sharing of personal data
Your personal data may be disclosed, for one or more of the purposes listed in paragraph 2 above, to the following third parties (whether located in Hong Kong or abroad):
- agents, contractors or third party service providers (“Service Providers”) who provide operational services to us, such as information technology, training, market research, administration of our Site, as well as storage and archival services;
- our subsidiaries and holding companies, and the subsidiaries of our holding companies (collectively, our “Associated Companies”);
- debt collection agencies or dispute resolution centres in the event of default or disputes;
- anyone to whom we transfer or may transfer our rights and duties;
- banks, credit card companies and their respective service providers;
- our professional advisors such as our auditors and lawyers;
- relevant government regulators or authority or law enforcement agency to comply with any laws or rules and regulations imposed by any governmental authority; and
- any other party to whom you authorize us to disclose your personal data
- In situations in which the above third parties receive your personal data from us, we will require the third parties to exercise reasonable care in protecting your personal data so that it is in compliance with the Personal Data Protection Ordinance and (where applicable) the GDPR.
4. Direct marketing
We intend to use your personal data for direct marketing purpose. We may not use your personal data for such purpose unless we have received your consent to such intended use. Our direct marketing may be conducted via various communication channels such as your email address, correspondence address, phone number and SMS. In this connection, please note that:
- Your name, email address, correspondence address, mobile phone number and gender may be used by us in direct marketing.
- The following classes of services may be marketed by us using your personal data: events, professional services of our partners, and fundraising opportunities.
- We also intend to provide your personal data to our Associated Companies for their use in direct marketing. We may not do so unless we have received your written consent to such intended provision. In this connection, please note that the personal data described in above may be provided by us to our Associated Companies for their use in direct marketing and our Associated Companies may use your personal data to market the goods and services as described above.
- We will use and provide your personal data for direct marketing purpose only in accordance with the Personal Data Protection Ordinance.
- You may indicate your consent to the intended use and provision of your personal data for direct marketing purposes above by ticking the box(es) indicating your consent when providing us with your personal data through our Site or through membership subscription forms (i.e. through your Account).
- Please refer to paragraph 10 below on how to opt out of our direct marketing communications.
5. Your rights
You may request to access or correct your information in accordance with the Personal Data Protection Ordinance. In addition, where you are a data subject in the European Economic Area, in certain circumstances you have the right under the GDPR to:
- access and rectify your personal data;
- request us to erase your personal data without undue delay;
- restrict how we process your personal data;
- where our processing of your personal data is based on consent, withdraw your consent at any time;
- object to our processing of your personal data on the basis of legitimate interests, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;
- object to direct marketing (including any profiling for such purposes) at any time;
- receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such data to another data controller without hindrance from us; and
- lodge a complaint with a supervisory authority.
- You may do so by submitting your request to us via email. Please refer to our contact details at paragraph 12 of this Policy.
6. Retention of personal data
- We will retain your personal data collected for as long as it is necessary to fulfil the purpose for which it is collected, the legal and/or business purposes of Next Chapter, and/or as may be required by applicable law.
- When destroying personal data, we will take commercially reasonable and technically feasible measures to make the data irrecoverable or irreproducible, as may be required by applicable law.
- We take the security and protection of your personal data very seriously. As such, we store your personal data on secure servers and have put in place appropriate security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal of your personal data.
- However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
- If you do not wish to receive any further information from us regarding our services, offers, promotions or events via email, you may unsubscribe by clicking the unsubscribe link included in our email correspondence.
- If you do not wish to be contacted via voice call, text message and/or fax message regarding our services, offers, promotions or events, you may inform us via email or letter. Please refer to our contact details at paragraph 12 of this Policy.
- If you do not want your personal data to be provided to our Associated Companies for their use in direct marketing, you may opt-out of such provision by contacting us via email or letter. Please refer to our contact details at paragraph 12 of this Policy.
- Please note that if you withdraw your consent for a limited purpose, we may still contact you or use your information for other purposes for which you have not withdrawn your consent and such personal data may still be shared, as permitted under the Personal Data Protection Ordinance, (where applicable) GDPR and other applicable law.
9. Cross border data transfer
- We may transfer your personal data to Service Provider(s) in jurisdictions outside the European Economic Area and Hong Kong. Such transfer, if subject to the GDPR, would be made with appropriate or suitable safeguards (the details of which can be obtained from our Data Protection Officer) or with your explicit consent.
10. Contact Details
11. Online identifiers (cookies and web beacons)
- Cookies are small data files sent to your browser or device to store information about you when you visit our Site.
- Most browsers automatically accept cookies. You can, however, modify your browser settings to disable cookies. If you choose to do so, some of the functionality of our Site may be impaired.
- Some cookies will not collect information that personally identifies you. They will collect more general information such as how users arrive at and use our Site, or a user’s general location. However, some other cookies can identify you and may contain or collect personal data. The type of information we collect as a result of a cookie is specific to your computer and may include, without limitation, the Internet Protocol (IP) address and the date and time you accessed our Site. The data stored on a "cookie" can be retrieved by us when you visit our Site.
- In addition to cookies, we may also use web beacons and other similar technologies to deliver or communicate with cookies, in order to better understand how you interact with the content on our Site.
- We also may include web beacons in email messages to determine whether messages have been opened and acted upon, and how.
- The information we obtain in this manner enables us to customize the services we offer, as well as measure the overall effectiveness of our online content, advertising campaigns, and the products and services we offer through our Site.
- Our advertising partners may also place web beacons and other similar ad tracking technologies on our Site to collect information.
- You can refuse web beacons by refusing to accept cookies.
12. Changes to Policy
- We regularly review our policies, procedures and processes from time to time and reserve the right to amend the terms of this Policy at our absolute discretion. We will notify you of changes to this Policy by posting the amended policy with the date it was revised on our Site.
- Please visit our Site from time to time to ensure that you are well informed of our latest policy in relation to personal data protection.