GEA Limited (hereinafter referred to as “GEA”, “we”, “us” or “our”) undertake to fully meet the requirements of the Personal Data (Privacy) Ordinance, Chapter 486 of the Laws of the Hong Kong (“PDPO”). In doing so, we will ensure our staff comply with the PDPO in respect of all personal information and data submitted by you via our products (e.g. mobile application), services and website.

GEA want you to feel secured when using our services. Committed to protecting your privacy, we safeguard your personal information (or “personal data”) to maintain customer trust.

This Privacy Policy (the “Policy”) describes how GEA collect, use, share and transfer information about you and the choices that you can make about the way your information is collected, used, shared and transferred.

Services covered by this Privacy Policy

This policy applies to all services available from GEA. We strongly recommend you to read this policy before using any service of GEA. By using GEA services, you are agreeing in advance to the current and future terms of this Privacy Policy. This policy is applicable to both registered and non-registered users, and the provisions herein may be updated, revised, varied and/or amended from time to time as GEA deems necessary.

Information we collected

Personal Data

Personal Data is information and/or data that identifies you as an individual, such as your name, date of birth, age, gender, nationality, mailing address, email address, mobile number, photo, employment information, income level, credit card, bank account, etc. We occasionally collect additional personal information from you to facilitate a transaction and to comply with all applicable anti-money laundering and counter-terrorist financing laws, regulations and our internal policies.

You are not obliged to provide the information requested, however, we may not be able to render certain services in the event that you fail to do so.

Device and Connection Information

We automatically collect device information when you install, access and use our services. This includes information such as mobile carrier, mobile device model, operation system, browser type and version, IP address…etc.

Usage and Log Information

We collect service-related, diagnostic, and performance information. This includes information about your activity, log files, diagnostic, crash, website, and performance logs and reports.

Cookies

We use cookies to operate and provide our services, to remember your choices, such as your language preferences, and to customize our services for you.

Status Information

We collect information about your online and status message changes on our services, such as whether you are online (your “online status”), when you last used our services (your “last seen status”), and when you last updated your status message.

How we use

Our primary purpose in collecting personal information is to provide you with a safe and efficient experience and to provide you with services and features that better meet your needs or requests.

We collect and use your information for the following purposes:

• To verify your identity;
• To consider and process your application for any service;
• To communicate with you;
• To facilitate the daily operation of the services provided to you and to provide the services to you;
• To conduct customer due diligence as required by law and regulations;
• To provide you with marketing and promotional materials for your enjoyment of benefits as members;
• To compile and analyse aggregate statistics about the users’ use of our website and service usage by the users for our internal use and to conduct research for service improvement;
• To handle and investigate complaints or suspected suspicious transactions (whether in relation to GEA or product carrying or incorporating to it’s participants);
• To design new or improving existing services provided by GEA and GEA’s affiliates (that is, GEA’s group company and its subsidiaries);
• To facilitate GEA’s use of your personal data for purposes relating to the provision of services offered by GEA and/or our merchants, and marketing services, special events and/or promotions of GEA and/or our merchants;
• To assist in prevention, detection and investigation of crime and suspicious transactions;
• To meet our obligations, requirements or arrangements, whether compulsory or voluntary, to comply with, or in connection with, any law, regulation, codes guidelines, guidance or requests issued by any regulatory, governmental or other authorities and any other party;
• To manage, operate and maintain the GEA system, including audit, and exercising GEA’s and your rights under the GEA Terms and Conditions; and
• To enable an actual or proposed assignee of GEA to evaluate the transactions intended to be the subject of the assignment.

How we collect information

We collect data when you provide information to us or through the use of web technology.

Disclosure or Transfer of Data

We agree to take all practicable steps to keep all your personal data confidential and/or undisclosed, subject to the provisions in this section. Generally speaking, we will only disclose and/or transfer your personal information to our personnel and staff for the purpose of providing services to you. However, we may disclose and/or transfer such information to third parties for the purposes stated above. Such third parties include:

• any third party who have been duly authorized by us to use such information under a duty of confidentiality to us;
• any GEA agents, affiliates, subsidiaries or associates who have been duly authorized by us to use such information under a duty of confidentiality to us;
• any agent, contractor, professional advisors or third party service provider who provides professional, administrative, telecommunications, computer, payment, data processing or storage, debt collection or other services to us in connection with the operation of our business;
• any law enforcement agencies and/or regulatory bodies for compliance with applicable laws, rules, regulations, codes and/or guidelines and / or any person or entity to whom GEA, its subsidiaries and/or affiliates are under a binding obligation to make disclosure under the requirements of any law, rule, regulation, code and / or guideline and / or order of any competent court of law, law enforcement agencies and / or regulatory bodies, but such disclosure will only be made under proper authority; and
• any person with your consent.

Personal data collected may be transferred, stored and processed in any country in which GEA operate. You are deemed to have agreed to, consented to and authorized us to disclose and/or transfer your personal information under the circumstances stated above.

Use of Personal Data in Direct Marketing

We intend to use your data in direct marketing and we require your consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

• your name, contact details, products and other service portfolio information, transaction pattern and behaviour, financial background and demographic data held by us from time to time may be used by us in direct marketing;
• the following classes of services, products and subjects may be marketed: (i) financial, insurance, credit card, banking and related services and products; (ii) reward, loyalty, co-branding or privileges programmes and related services and products; (iii) services and products offered by our co-branding partners and merchants which accept payment by way of the GEA or it’s participants; and (iv) donations and contributions for charitable and/or non-profit making purposes;
• the above services, products and subjects may be provided by or (in the case of donations and contributions) solicited by GEA and/or (i) any member of the GEA group; (ii) third party financial institutions, insurers, credit card companies, securities and investment services providers; (iii) third party reward, loyalty, co-branding or privileges programme providers; (iv) co-branding partners of GEA and merchants which accept payment by way of the GEA or it’s participants; and (v) charitable or non-profit making organisations; and
• in addition to marketing the above services, products and subjects itself, we also intend to provide the data described in paragraph (1) above to all or any of the persons described in paragraph (3) above for use by them in marketing those services, products and subjects, and we require your consent (which includes an indication of no objection) for that purpose.

If you do not wish us to use or provide to other persons your data for use in direct marketing as described above, you may exercise your opt-out right at any time by notifying us.

Access and correct your information

You may access your personal information that we have collected and correct factual errors in your personally information by sending us a request that credibly shows error.

To protect your privacy and security, we will take reasonable steps to verify your identity before granting access or making corrections. We reserve the right to charge you a reasonable fee for complying with any request for access to your data.

Security

We will always strive to ensure that your personal data will be protected against unauthorized access and have implemented appropriate electronic and managerial measures in order to safeguard, protect and secure your personal information.

All personal information provided by you are only accessible by the authorized personnel of GEA or our authorized third parties, and such personnel shall be instructed to observe the terms of this policy when accessing such data. You may rest assured that your personal information will only be kept for as long as is necessary to fulfill the purpose for which it is collected. Registered users should safeguard his/her unique username and password / PIN by keeping it secret and confidential and never share these details with anyone.

We may use third party payment gateway service providers to facilitate electronic transactions. Regarding sensitive information provided by you, such as credit card number for completing any electronic transactions, the web browser and third-party payment gateway communicate such information using secure socket layer technology (SSL).

No method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to protect your personal information against unauthorized access, we cannot guarantee its absolute security.

Retention of Personal Data

Once we obtained your personal data, it will be maintained securely in our system. The personal information and other data will be retained by us after deactivation of the relevant service within a certain period subject to the law requirement.

Contact us

All requests regarding access to or correction of your personal information should be made in writing to:

The Compliance Officer
GEA Limited
21/F, Olympia Plaza
255 King’s Road
North Point
Hong Kong

If you have questions regarding this Policy, please contact our Customer Service at +852 3959-5852 or email us at compliance_group@gea.io (TBC).

Changes in this Policy

We reserve the right to update, revise, modify or amend this policy in the following manner at any time as we deem necessary and you are strongly recommended to review this policy frequently. Any update, revise, modify or amend this policy, we will post latest version to our website (www.gea.io) and/or other places we deem appropriate.