Users confide in us for effectively online purchase of products and services. By providing our services we may collect information about your device (a computer, mobile phone or any other device that you use to browse and enter a website), e.g. its operating system and browser.
The data protection declaration of Morris Cookies (Asia) Limited based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
Who we are
What personal data we collect and when we collect it
Personal data (also “Personally identifiable information”) includes individual information by which you as a natural person are or can be identified by, e.g. your name, address, telephone number, email address or date of birth, as well as information which does not reveal your name, but which relates to you or your device and enables you to be treated individually. Non-personally identifiable data is information that cannot be connected to your real identity, e.g. the number of users visiting our website or other any other kind of aggregated information.
When you browse or register to use our Website or App, purchase a product or contact us, personal data you provide, such as your name, date of birth, contact details (including social media accounts), log in and payment information, will be collected.
we and our partner advertising networks, advertisers and advertising affiliates (Third Party Advertisers), will collect user information such as your location, language, assumed gender, IP address, when you visited our Website or App, how you arrived on our Website or App, where you visit after our Website or App, the pages you visited, how long you spend browsing individual pages on our Website or App, any products you have purchased, and the browser (where applicable) and device you used to access our Website or App.
In circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes. Calls may also be monitored without your consent in the following circumstances: to provide evidence of a business transaction; to prevent or detect a crime; to ensure that the Company complies with regulatory procedures; to see that quality standards or targets are being met; and to secure the effective operation of the telecom system.
Purposes for which we may process your information
We may use this information:
- to process, fulfil and provide you with information relating to your orders;
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you, or permit selected third parties to provide you, with information about goods or services we offer, so long as, where required by law, you have given the relevant consent;
- to notify you about changes to our products and services;
- for fraud and theft prevention;
- to ensure that content from our sites is presented in the most effective manner for you and for your computer;
- if you have submitted a job application, in order to evaluate and manage that application, and to manage your employment if you are successful;
- for our own legal and risk management purposes;
- to measure or understand the effectiveness of advertising we serve to you and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our sites about goods or services that may interest you.
Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (e.g. contact, delivery or payment information) – if you do not do so, we may not be able to perform your contract or fulfil your request.
Who we share your information with and why
Morris Cookies work with a number of trusted suppliers, agencies and businesses in order to provide you with the highest quality products and services you expect from us e.g. delivery companies, fraud prevention agencies and product technicians amongst others. Some of the categories of third parties with whom we share your data are:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- advertisers and advertising networks that require the data to select and serve relevant adverts to you;
- analytics and search engine providers that assist us in the improvement and optimisation of our sites;
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of Morris Cookies, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Keeping in touch with you
We want to keep you up to date with information about new ranges, special offers and improvements to our website. When you set your account up, we will ask you if you want to receive this type of marketing information.
If you decide you do not want to receive this marketing information you can request that we stop by writing to the Data Protection Unit : G/F, No.33 Luen Cheong Street, Fanling N.T., Hong Kong, by emailing firstname.lastname@example.org, by changing your contact preferences in the Personal Details section of your account online. You may continue to receive mailings for a short period while your request is dealt with.
Legal basis of processing
Data Protection Law requires us to meet at least one “legal ground” for processing personal data, currently set out in Article 6 of the GDPR. The grounds applicable to the personal data to which this notice relates are:
- Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, that is the ground on which we are processing that data;
- Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data;
- Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your interests or fundamental rights and freedoms which require protection of your data do not override those legitimate interests (our legitimate interests comprise the management, marketing and promotion of our business, products and services the supply of our products and services, and the recruitment and management of staff);
- If you have given your consent to our processing the data, that is the basis on which we are processing that data.
If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above.
Special Categories of personal data
If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, then unless you provide that information to us in a recruitment or employment context (in which case please see below) it is a condition of us receiving that information that you expressly consent (and you hereby do) to us processing that personal data for the purposes set out above. Accordingly, if you do not want us to process any such categories of personal data, please do not provide it to us.
If you provide us with any of the above types of data in relation to a job application or in the context of your work with us, the information will only be used so that we can monitor our compliance with the law and best practice in terms of equal opportunities and non-discrimination and, where applicable, to review and keep under review your ability to carry out the work for which you may be employed and any health and safety issues.
Where we store your personal data
The data that we collect from you will be stored on our servers or those of our service providers in the US.
Some of the information you provide to us may be transferred outside the European Economic Area to countries such as Indonesia and Singapore . This is a transfer to a “third country”. For example, Morris Cookies has a business relationship with Company A who provide us with IT support in Indonesia. Colleagues in Indonesia may access it to undertake the activities described above.
Morris Cookies also works with suppliers and partners who may make use of cloud and/or hosted technologies. We undertake data security due diligence on our partners and ensure that these partners conform to appropriate accreditations.
Wherever transfers of data to third countries occurs Morris Cookies will ensure that the recipient is either (i) within the EEA, or (ii) in a country that the European Union has decided has adequate data protection laws in place, or (iii) has provided appropriate data protection safeguards of the sort approved by the European Union and which provide effective rights and remedies for you, further details of which are available from the contact details below.
All information you provide to us is stored on our secure servers or those of our service providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long we retain your data
Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes it was provided. This may vary according to the type of information and the specific purpose and our obligations under other laws.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under Purposes for which we may use your information above. The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
What rights you have over your data
You have various rights under Data Protection Law. These include:
- The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;
- If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;
- The right to ask us for access to the data we hold about you and how we use it;
- The right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;
- The right to ask us to delete your data in certain circumstances;
- The right to ask us to restrict our processing of your data in certain circumstances;
- The right to object to our processing of your data in certain circumstances;
The right to data portability to electronically move, copy or transfer your personal information in a standard form in certain circumstances.
You can exercise any of the rights set out above by contacting email@example.com. In respect of certain of the rights referred to above, we may need more information from you, e.g. to provide further information in order to confirm your identity.
You also have the right to lodge a complaint with the applicable data protection supervisory authority if you are concerned that we are not respecting your rights under Data Protection Law. The Privacy Commissioner For Personal Data Hong Kong (PCPD the authority in Hong Kong which is responsible for overseeing the application of, and enforcing, Data Protection Law).
We may, based on information that you provide, make certain decisions on an automated basis. Such decisions include deciding if you pose a fraud or money laundering risk. In certain circumstances, you have the right to object to such decisions being made on an automated basis, if you want to know more please contact us on the details above.
Our sites may, from time to time, contain links to and from the websites of our branches networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Governing law and jurisdiction
You and Morris Cookies agree that any claim or dispute relating to the Website shall be governed by the law of Hong Kong Special Administrative Region. You agree to submit to the exclusive jurisdiction of the Hong Kong courts.
Copyright © 2017 Morris Cookies (Asia) Limited