Privacy Policy
ÖKOSIX® place great value on honesty and clarity and we are committed to building a strong and lasting relationship with our consumers based on trust and mutual benefit. Part of this commitment means safeguarding and respecting your privacy and your choices. Respecting your privacy is essential to us. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.
OUR PRIVACY PROMISE
1) We respect your privacy and your choices.
2) We make sure that privacy and security are embedded in everything we do.
3) We do not send you marketing communications unless you have asked us to. You can change your mind at any time.
4) We never offer or sell your data.
5) We are committed to keeping your data safe and secure. This includes only working with trusted partners.
6) We are committed to being open and transparent about how we use your data.
7) We do not use your data in ways that we have not told you about.
8) We respect your rights, and always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.
For more information about our privacy practices, below we set out what types of personal data we may receive from you directly or from your interaction with us, how we may use it, who we may share it with, how we protect it and keep it secure, and your rights around your personal data. Of course all situations may not apply to you. This Privacy Policy gives you an overview of all possible situations in which we could interact together.
The more you interact with us, the more you let us know you and the more we are able to offer you tailored services.
When you share personal data with us or when we collect personal data about you, we use it in line with this Policy. Please read this information and our Q&A page (if any) carefully.
WHAT WILL YOU FIND IN THIS PRIVACY POLICY?
Please note that you must be at least 18 years old or older to use our services, or older where the terms for a specific service require this.
WHO WE ARE
ÖKOSIX® is a part of the OKOSIX Limited brand portfolio. OKOSIX Limited is responsible for the personal data that you share with us. When we say "ÖKOSIX®", "us", "our" or "We", this is who we are referring to. OKOSIX Limited is a "data user" for the purposes of the Personal Data (Privacy) Ordinance (Cap. 486).
Please see the "Contact Us" section for our contact details.
CONTACT
If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at hello@okosix.com.
WHAT IS PERSONAL DATA?
“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymized data such as a unique ID number). This means that personal data includes things like email/home addresses/mobile phone, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and welfare information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.
WHAT DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?
We believes that you, the consumer, are at the heart of what we do. We love hearing from you, learning about you, and creating and delivering products that you enjoy. And we know that many of you love talking to us. Because of this, there are many ways that you might share your personal data with us, and that we might collect it.
How do we collect or receive your data?
We might collect or receive data from you via our websites, forms, apps, devices, ÖKOSIX® products or brands pages on social media or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites/apps or stores/beauty salon), sometimes we collect it (e.g. using cookies to understand how you use our websites/apps) or sometimes we receive your data from other third parties, including other ÖKOSIX® Group entities.
When we collect data, we indicate the mandatory fields via asterisks where such data is necessary for us to:
- perform our contract with you (e.g. to deliver the products you have purchase on our websites/apps);
- provide you with the service you have asked for (e.g. to provide you with a newsletter, birthday offers or account status); or
- comply with legal requirements (e.g. invoicing).
If you do not provide the data marked with an asterisk, this may affect our ability to provide the products and services.
We set out further details in the table below, explaining:
1) During what interaction your data may be provided or collected? This column explains what activity or situation you are involved in when we use or collect your data. For example, whether you are making a purchase, signing up to a newsletter, or browsing a website/app.
2) What personal data may we receive from you directly or resulting from your interaction with us? This column explains what types of data we may collect about you depending on the situation.
3) How and why we may use it? This column explains what we may do with your data and the purposes for collecting it.
4) What is the legal basis for using your personal data? This column explains the reason we may use your data.
Depending on the purpose for which the data is used, the legal basis for the processing of your data can be:
· Your consent;
· Our legitimate interest, which can be:
§ Improvement of our products and services: more specifically, our business interests to help us better understand your needs and expectations and therefore improve our services, websites / Apps / devices, products and brands for our consumers’ benefit.
§ Fraud prevention: to ensure payment is complete and free from fraud and misappropriation.
§ Securing our tools: to keep tools used by you (our websites/Apps/devices) safe and secure and to ensure they are working properly and are continually improving.
· The performance of a contract: more specifically to perform the services you request from us; or
· Legal grounds where a processing is required by law.
Information overview on your interactions with us and their consequences on your data | |||
---|---|---|---|
During which interactions may you provide and we may collect your data? |
What personal data may we receive from you directly or resulting from your interaction with us? |
How and why we may use your data? | What is the legal basis for using your personal data? |
Account Creation and management Information collected during the creation of an account on ÖKOSIX® websites/apps, through a social media login, or in store. |
Depending on how much you are interacting with us, those data may include: · name and surname; · gender; · email address; · address; · phone number; · photo; · birthday or age range; · ID, username, and password; · personal description or preferences; · order details; and · social media profile (where you use social login or share this personal data with us). |
To: · manage your orders; · manage any competitions, promotions, surveys or lucky draws you choose to enter; · respond to your questions and otherwise interact with you ; · offer you a loyalty program; · allow you to manage your preferences; · send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences); · offer personalized services based on your beauty characteristics; · monitor and improve our websites/apps ; · run analytics or collect statistics; and · secure our websites/apps and protect you and us against fraud; |
· Performance of a contract · Consent · Legitimate Interest |
Newsletter and commercial communications subscription |
Depending on how much you are interacting with us, those data may include: · email address; · name and surname; · personal description or preferences; and · social media profile (where you use social login or share this personal data with us). |
To : · send you marketing communications (where you have asked us to) which may be tailored to your “profile” based on the personal data we know about you, and your preferences (incl. location of your favourite store); and · run analytics or collect statistics. |
· Consent · Legitimate Interest |
· Keep an up to date suppression list if you have asked not to be contacted; |
· Legal grounds To keep your details on a suppression list if you have asked us not to send you any direct marketing anymore. |
||
Purchases and order management Information collected during the purchase process made on ÖKOSIX® website/apps/social pages or in store |
Depending on how much you are interacting with us, those data may include: · name and surname; · email address; · address (delivery and invoicing); · phone number; · personal description or preferences; · social media profile (where you use social login or share this personal data with us); · transaction information including purchased products and store location; · payment and information; or · purchase history |
To · contact you to finalize your order where you have saved your shopping cart or placed products in your cart without completing the checkout process; · inform you when a product you wanted to purchase is available; · process and follow your order including delivering the product to the address you indicated; · manage the payment of your order. To be noted, payment information (credit card number / Paypal, Alipay or WeChat Pay information / bank account details) are not collected by us but directly by payment service providers; · manage any contact you have with us regarding your order; |
· Performance of a contract: To provide you with the service you requested (purchase). |
· secure the transactions against |
· Legitimate interest To protect you and us from fraudulent transaction and to ensure the payment is complete and free from fraud and misappropriation. |
||
Online browsing For information on specific Cookies placed through a given website/app, please consult the * Cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on |
Depending on how much you are interacting with us, those data may include: · data related to your use of our websites/apps: · where you came from; · login details; · pages you looked at; · videos you watched; · ads you click on or tap; · products you search for; · your location; · duration of your visit; and · products you selected to create your basket. Technical information: · IP address; · browser information; and · device information. A unique identifier granted to each visitor and the expiration date of such identifier. |
We use Cookies, where relevant, with other personal data you have · to allow proper functioning of our · to ensure the website/app is secure · to run statistics: · to deliver online behavioural advertising: · to allow sharing of our content on social media (sharing buttons |
· Legitimate interest: · Consent |
Promotional operations Information collected during a game, contests, promotional offer, sample requests, surveys. |
Depending on how much you are interacting with us, those data may include: · name and surname; · email address; · phone number; · birth date; · gender; · address; · personal description or preferences; · social media profile (where you use social login or share this personal data with us); and · other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites/apps, or by participating in a contest, game, survey). |
· to complete tasks that you have asked us to, for example to manage your participation in contests, games and surveys, including to take into account your feedback and suggestions; · for statistics purposes; and · to send you marketing communications (where you have asked us to) |
· Performance of contract · Legitimate Interest · Consent |
User Generated Content Information collected when you submitted some content on one of our social platforms or accepted the re-use of content you posted on social media platforms by us. |
Depending on how much you are interacting with us, those data may include: · name and surname or alias; · email address; · photo; · personal description or preferences; · social media profile (where you use social login or share this personal data with us); and · other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites/apps). |
· In accordance with the specific terms and conditions accepted by you: o to post your review or content; and o to promote our products. · For statistics purposes. |
· Consent To reuse the content you posted online. |
· Legitimate Interest To help us better understand your needs and expectations and therefore improve and promote our services, products and brands. |
|||
Use of Apps and devices Information collected as part of your use of our Apps and/or devices. |
Depending on how much you are interacting with us, those data may include: · name and surname; · email address; · location; · birth date; · personal description or preferences; · photo; · welfare data including skin tone, skin/hair type; and · geolocation. |
To · provide you with the service requested (for example, virtually test our products, purchase our products through the App or on related e-com websites; advice and notifications regarding your sun exposure, your hair routine); · analyse your welfare characteristics and recommend the appropriate products (including bespoke products) and routines; · provide you product & routine recommendations; · for research and innovation by scientists within ÖKOSIX® Group; · for monitoring and improvement of our Apps and devices; and · for statistics purposes. |
· Performance of a contract
|
Enquiries Information collected when you ask questions (e.g. through our consumer care) relating to our brands, our products and their use. |
Depending on how much you are interacting with us, those data may include: · name and surname; · phone number; · email address; and · other information you have shared with us about yourself in relation to your enquiry (which may include welfare and health data). |
· To answer your enquiries; · where needed, to connect you with the relevant services; · for statistics purposes; and · for post-market surveillance: o to monitor and prevent any undesirable effect linked to the use of our products; o to perform studies relating to the safe use of our products; and o to perform and follow-up on corrective measures taken, where needed. |
· Consent · Legitimate interest · Legal grounds |
Sponsorship | Depending on how much you are interacting with us, those data may include: · name and surname; · phone number; and · email address. |
· To send information on our products and or information tagged in a wish list to a person at another person’s request. |
· Performance of a contract · Legitimate interest |
Automated Decision Making
For purposes of securing transactions placed through our websites/apps/devices against fraud and misappropriation, we use third party provider’s solution(s).The method of fraud detection is based on, for example, simple comparisons, association, clustering, prediction and outlier detections using intelligent agents, data fusion techniques and various data mining techniques.
This fraud detection process may be completely automated or may involve human intervention where a person takes the final decision. In any case, we take all reasonable precautions and safeguards to limit access to your data.
As a result of automatic fraud detection, you may (i) experience delay in the processing of your order / request whilst your transaction is being reviewed by us; and (ii) be limited or excluded from the benefit of a service if a risk of fraud is identified. You have the right to access information on which we base our decision. Please see “Your Rights and Choices” section below.
Profiling
When we send or display personalised communications or content, we may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s personal preferences, interests, economic situation, behaviour, location, health, reliability, or movements). This means that we may collect personal data about you in the different scenarios mentioned in the table above. We centralize this data and analyse it to evaluate and predict your personal preferences and/or interests.
Based on our analysis, we send or display communications and/or content tailored to your interests/needs.
You have the right to object to the use of your data for “profiling” in certain circumstances. Please see “Your Rights and Choices” section below.
Who may access your Personal data?
We may share your personal data within ÖKOSIX® Group to comply with our legal obligations, to prevent fraud and/or to secure our tools, to improve our products and services, or after having obtained your consent to do so.
Depending on the purposes for which they were collected, and only on a need-to-know basis some of your personal data may be accessed by ÖKOSIX® Group entities worldwide, where possible in a pseudonimized way (not allowing direct identification), and where necessary to provide you with requested services.
We may also share your personal data in a pseudonimized way (not allowing direct identification) with ÖKOSIX® Research & Innovation scientists, including those located outside of your country, for research and innovation purposes.
Where permitted, we may also share some of your personal data including those collected through Cookies between our brands to harmonize and update the information you share with us, to perform statistics based on your characteristics and to tailor our communications.
Please visit the ÖKOSIX® group website, for further details on the ÖKOSIX® Group, its brands and its locations.
We may share your personal data for marketing purposes with third party or entities of the ÖKOSIX® Group.
We only share your personal data with third parties for direct marketing purposes with your consent. In this context, your data is processed by such third party, acting as a data user, and its own terms and conditions and privacy notice apply. You should carefully check their documentation before consenting to the disclosure of your information to that third party.
Your personal data may also be processed on our behalf by our trusted third party providers.
We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We always use our best efforts to ensure that all third parties we work with keep your personal data secure. For instance, we may entrust services that require the processing of your personal data to:
· third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search engine, user generated content curation tools;
· advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact and questions;
· third parties required to deliver a product to you e.g. postal/delivery services;
· third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications that may contain data about you (such services could sometimes imply access to your data to perform the required tasks);
· payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you; and
· third parties that assist us for customer care and post-market surveillance purposes.
We may also disclose your personal data to third parties:
· in the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets. If ÖKOSIX® or a part of its assets is acquired by a third party, personal data held by it about its customers relating to those assets is one of the transferred assets. Where appropriate, in such case, the buyer acting as the new data user processes your data and its privacy policy governs the processing of your personal data;
· if we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or to protect the rights, property, or safety of ÖKOSIX® , our customers, or employees
· if we have your consent to do so; or
· if we are permitted to do so by law.
We may disclose your personal data to our partners:
· in the event the service you subscribe to was co-created by ÖKOSIX® and a partner (for example, a co-branded app). In such case, ÖKOSIX® and the partner process your personal data each for their own purposes and as such your data is processed:
o by ÖKOSIX® in accordance with this Privacy Policy; and
o by the partner acting also as a data user under its own terms and
conditions and in accordance with its own privacy policy;
· in the event you agreed to receive marketing and commercial communications from a ÖKOSIX® partner through a dedicated opt-in (for instance, through an App branded by ÖKOSIX® and made available to its partners). In such case, your data is processed by the partner acting as a data user under its own terms and conditions, and in accordance with its privacy policy; and
· we may publish on our supports content from social networks. In the event you consult content from social networks on our website/apps, a Cookie from such social network may be stored on your device. We invite you to read the Cookie Policy of these social networks for more information.
We do not offer or sell your personal data.
Where we Store your Personal data
The data that we collect from you may be transferred to, accessed from, and stored at a destination outside Hong Kong SAR. It may also be processed by staff members operating outside the Hong Kong SAR who work for us or for one of our service providers.
ÖKOSIX® transfers personal data outside of the Hong Kong SAR only in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we take steps to make sure that third parties adhere to the commitments set out in this Policy. These steps may include reviewing third parties’ privacy and security standards and/or entering into appropriate contracts.
For further information, please contact us as per the “Contact” section below.
How Long Do We Keep Your Personal data
We only keep your personal data for as long as we need it for the purpose for which we hold your personal data, to meet your needs, or to comply with our legal obligations.
To determine the data retention period of your data, we use the following criteria:
where you purchase products and services, we keep your personal data for the duration of our contractual relationship;
where you participate in a promotional offer, we keep your personal data for the duration of the promotional offer;
where you contact us for an enquiry, we keep your personal data for the duration needed for the processing of your enquiry;
where you create an account, we keep your personal data until you require us to delete it or after a period of inactivity (no active interaction with brands) defined in accordance with local regulations and guidance;
where you have consented to direct marketing, we keep your personal data until you unsubscribe or require us to delete it or after a period of inactivity (no active interaction with brands) defined in accordance with local regulations and guidance; and
where cookies are placed on your computer, we keep them for as long as necessary to achieve their purposes (e.g. for the duration of a session for shopping cart cookies or session ID cookies) and for a period defined in accordance with local regulations and guidance.
We may retain some personal data to comply with our legal or regulatory obligations, as well as to allow us to manage our rights (for example to assert our claims in Courts) or for statistical or historical purposes.
When we no longer need to use your personal data, it is removed from our systems and records or anonymised so that you can no longer be identified from it.
Is Your Personal data Secure?
We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.
We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site. As such, any transmission is at your own risk.
Links to Third Party Sites and Social Login
Our websites and Apps may from time to time contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible or liable for these policies. Please check these policies before you submit any personal data to these websites.
We may also offer you the opportunity to use your social media login. If you do so, please be aware that you share your profile information with us depending on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.
Social Media and User Generated Content
Some of our websites and Apps allow users to submit their own content. Please remember that any content submitted to one of our social media platforms can be viewed by the public, so you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.
YOUR RIGHTS AND CHOICES
ÖKOSIX® respects your right to privacy: it is important that you are able to control your personal data. You have the following rights:
Your rights | What does this mean? |
---|---|
The right to be informed | You have the right to obtain clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Policy. |
The right of access |
You have the right to access to the personal data we hold about you (subject to certain restrictions). We may charge a reasonable fee taking into account the administrative costs of providing the information. Requests manifestly unfounded, excessive or repetitive may not be answered to. To do this, please contact us at the details below. |
The right to rectification |
You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. To do this, please contact us at the details below. If you have an account, please correct your own data via your “My Account” function. |
The right to object to direct marketing, including profiling |
You can unsubscribe or opt out of our direct marketing communication at any time. It is easiest to do this by clicking on the “unsubscribe” link in any email or communication we send you. Otherwise, you can contact us using contact detail below. If you would like to object to any profiling, please contact us at the details below. |
The right to withdraw consent at any time for data processing based on consent |
You can withdraw your consent to our processing of your data when such processing is based on consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. We refer to the table inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on consent. If you would like to object to withdraw your consent, please contact us at the details below. |
To deal with your request, we may require proof of your identity.
A Chinese version of this Privacy Policy is available. In the event of discrepancy, the English version shall prevail.
COLLECTION OF YOUR PERSONAL DATA
We, ÖKOSIX® Hong Kong Limited (“we” or “OKOSIX® ”) trading as OKOSIX® (“Brand”), will collect and store your personal information pursuant to this Personal Information Collection Statement (“Your Data”). It is mandatory for you to provide your personal information marked with asterisks (*) and voluntary for those without an asterisk (*); but if you do not, we may not be able to provide you with our products and services.
PURPOSES FOR WHICH YOUR PERSONAL DATA ARE USED
We will use Your Data for the following purposes (as the case may be):
a) fulfilling, managing and contacting you about your purchase of our goods and/or services at our online or retail stores (including our retail/department store partners), and your online purchase accounts;
b) creating, managing and contacting you about your Brand membership and member rewards (including enquiries and implementation on loyalty points accrual or redemption);
c) providing you with free products, samples or gifts in relation to any contest, lucky draw, game, competition, event or promotion which is organised by ÖKOSIX® as you may participate;
d) communicating with you regarding your enquiries about our goods and/or services;
e) identification and verification to facilitate any of the above purposes;
f) internal research, profiling and analytics;
g) (subject to any written consent you may give) direct marketing purpose; and
h) any other directly related purposes
(collectively, the “Use Purposes”).
Where you have given your written consent, we may contact and communicate with you by phone call, SMS, email, mail or via interactive conversations over social media platform messengers (e.g. Facebook message, Instagram message, WhatsApp message, WeChat message, etc.) with our beauty advisors.
TRANSFER OF YOUR PERSONAL DATA
For the Use Purposes, we may transfer, grant access to or share Your Data with:
a) ÖKOSIX® or any member of its group companies or affiliates, whether located
within or outside of Hong Kong SAR (together the “ÖKOSIX® Group”);
b) any of ÖKOSIX® ’s or ÖKOSIX® Group member’s third party service providers or agents who provides payment, IT, research, profiling, analytics, marketing, call
centre, administrative and any other services which support the business operation of ÖKOSIX® or any ÖKOSIX® Group member;
c) in relation to payment for your purchase of our goods and/or services, credit
reference agencies, credit, debit and/or charge card companies and/or banks; and
d) social media platform providers (including those which may be located in the PRC and the United States).
USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING
We cannot use and/or transfer your personal information for direct marketing without your consent. If you opt-in, we will use Your Data to send you promotions, news and updates regarding (as the case may be) related products and services from our Brand in Hong Kong SAR and Macau SAR via the communication channels you indicate (e.g. phone call, SMS, email, mail, Facebook message etc.)
YOUR RIGHTS AND CONTACT US
You have the right to request access to or correction of information held by us about you. If you wish to access or correct your personal information, please contact us at hello@okosix.com. For any unsubscribe from direct marketing or other general enquiries, please contact us at hello@okosix.com.
This Statement is written in the English language and may be translated into the Chinese language. In the event of any inconsistency, the English version shall prevail.