Effective: 25 May 2018
Users confide in us for effectively online purchase of products and services. By providing our services we may collect information about your device (a computer, mobile phone or any other device that you use to browse and enter a website), e.g. its operating system and browser.
The data protection declaration of Morris Cookies (Asia) Limited based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
Who we are
Personal data (also “Personally identifiable information”) includes individual information by which you as a natural person are or can be identified by, e.g. your name, address, telephone number, email address or date of birth, as well as information which does not reveal your name, but which relates to you or your device and enables you to be treated individually. Non-personally identifiable data is information that cannot be connected to your real identity, e.g. the number of users visiting our website or other any other kind of aggregated information.
When you browse or register to use our Website or App, purchase a product or contact us, personal data you provide, such as your name, date of birth, contact details (including social media accounts), log in and payment information, will be collected.
we and our partner advertising networks, advertisers and advertising affiliates (Third Party Advertisers), will collect user information such as your location, language, assumed gender, IP address, when you visited our Website or App, how you arrived on our Website or App, where you visit after our Website or App, the pages you visited, how long you spend browsing individual pages on our Website or App, any products you have purchased, and the browser (where applicable) and device you used to access our Website or App.
In circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes. Calls may also be monitored without your consent in the following circumstances: to provide evidence of a business transaction; to prevent or detect a crime; to ensure that the Company complies with regulatory procedures; to see that quality standards or targets are being met; and to secure the effective operation of the telecom system.
We may use this information:
Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (e.g. contact, delivery or payment information) – if you do not do so, we may not be able to perform your contract or fulfil your request.
Morris Cookies work with a number of trusted suppliers, agencies and businesses in order to provide you with the highest quality products and services you expect from us e.g. delivery companies, fraud prevention agencies and product technicians amongst others. Some of the categories of third parties with whom we share your data are:
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of Morris Cookies, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We want to keep you up to date with information about new ranges, special offers and improvements to our website. When you set your account up, we will ask you if you want to receive this type of marketing information.
If you decide you do not want to receive this marketing information you can request that we stop by writing to the Data Protection Unit : G/F, No.33 Luen Cheong Street, Fanling N.T., Hong Kong, by emailing firstname.lastname@example.org, by changing your contact preferences in the Personal Details section of your account online. You may continue to receive mailings for a short period while your request is dealt with.
Data Protection Law requires us to meet at least one “legal ground” for processing personal data, currently set out in Article 6 of the GDPR. The grounds applicable to the personal data to which this notice relates are:
If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above.
If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, then unless you provide that information to us in a recruitment or employment context (in which case please see below) it is a condition of us receiving that information that you expressly consent (and you hereby do) to us processing that personal data for the purposes set out above. Accordingly, if you do not want us to process any such categories of personal data, please do not provide it to us.
If you provide us with any of the above types of data in relation to a job application or in the context of your work with us, the information will only be used so that we can monitor our compliance with the law and best practice in terms of equal opportunities and non-discrimination and, where applicable, to review and keep under review your ability to carry out the work for which you may be employed and any health and safety issues.
The data that we collect from you will be stored on our servers or those of our service providers in the US.
Some of the information you provide to us may be transferred outside the European Economic Area to countries such as Indonesia and Singapore . This is a transfer to a “third country”. For example, Morris Cookies has a business relationship with Company A who provide us with IT support in Indonesia. Colleagues in Indonesia may access it to undertake the activities described above.
Morris Cookies also works with suppliers and partners who may make use of cloud and/or hosted technologies. We undertake data security due diligence on our partners and ensure that these partners conform to appropriate accreditations.
Wherever transfers of data to third countries occurs Morris Cookies will ensure that the recipient is either (i) within the EEA, or (ii) in a country that the European Union has decided has adequate data protection laws in place, or (iii) has provided appropriate data protection safeguards of the sort approved by the European Union and which provide effective rights and remedies for you, further details of which are available from the contact details below.
All information you provide to us is stored on our secure servers or those of our service providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes it was provided. This may vary according to the type of information and the specific purpose and our obligations under other laws.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under Purposes for which we may use your information above. The only exceptions to this are where:
You have various rights under Data Protection Law. These include:
The right to data portability to electronically move, copy or transfer your personal information in a standard form in certain circumstances.
You can exercise any of the rights set out above by contacting email@example.com. In respect of certain of the rights referred to above, we may need more information from you, e.g. to provide further information in order to confirm your identity.
You also have the right to lodge a complaint with the applicable data protection supervisory authority if you are concerned that we are not respecting your rights under Data Protection Law. The Privacy Commissioner For Personal Data Hong Kong (PCPD the authority in Hong Kong which is responsible for overseeing the application of, and enforcing, Data Protection Law).
We may, based on information that you provide, make certain decisions on an automated basis. Such decisions include deciding if you pose a fraud or money laundering risk. In certain circumstances, you have the right to object to such decisions being made on an automated basis, if you want to know more please contact us on the details above.
Our sites may, from time to time, contain links to and from the websites of our branches networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Governing law and jurisdiction
You and Morris Cookies agree that any claim or dispute relating to the Website shall be governed by the law of Hong Kong Special Administrative Region. You agree to submit to the exclusive jurisdiction of the Hong Kong courts.
Copyright © 2017 Morris Cookies (Asia) Limited