Fleur East and affiliates (collectively referred to as “we”, “our” or “us”) respects your privacy and is committed to protecting your personal data.
Your personal data will be collected and processed within the European Union. The legislation known as General Data Protection Regulations (also known as GDPR), gives everyone within the European Union, European Economic Area and European Free Trade Area the right to know what we do with your data, why and how you can withdraw your consent for us to do that, plus details of who we are and how you can contact us.
- The data that we collect about you
As part of you registering for or using our Services, we will collect personal data or information meaning any information about an individual from which that individual can be identified (“Personal Data”). The Personal Data we collect can fall into several types as below:
- first name; last name; e-mail address; phone number; location (“Identity Data”)
- information about how you use our Services including how you interact with our Services (“Usage Data”)
- internet protocol (IP) address; your login data and the time and date the Services were used; browser type and version; time zone setting and location; browser plug-in types and versions; operating system and platform and other technology on the devices you use to access the Services; error data (“Technical Data”)
Personal Data will be collected by your direct online interactions with us or by automated technologies like cookies, server logs, analytics providers, advertising networks, search information providers and other similar technologies.
When you connect with services offered by third-parties, such as by “Liking” us on Facebook or following us on Twitter, or when you link to certain of our Services, this may include your Personal Data being transferred, and you hereby permit such transfers. The data we receive is dependent upon your privacy settings with the third-party. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to any Service we offer.
We will not collect any data about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health or genetic or biometric data, or any criminal convictions or offences.
Where we need to collect your Personal Data by law, or under the terms of a contract we have with you with respect to our Services, and you fail to provide that Personal Data when requested, we may not be able to provide you with the Services and may have to cancel some or all of the Services you use but we will notify you if this is the case at the time.
Our Services are available only for those over the age of 18 or between the ages of 7 and 18 with the consent of a parent or guardian. Our Services are not targeted to, intended to be consumed by, or designed to entice individuals under the age of 7. If you know of or have reason to believe anyone under the age of 7 has provided us with any Personal Data, please contact us.
- How we use your Personal Data
We have set out below a description of all the ways we plan to use your Personal Data and which legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your Personal Data.
|Purpose||Data Type||Lawful basis for processing including basis of legitimate interest|
|Managing our relationship with you||Identity Data||Performance of our obligations to you under a contract; necessary for our legitimate interests to keep our records updated.|
|Ads and other sponsored content||Identity Data||Necessary for our legitimate interests in running our business and in offering the Services.|
|To administer our Services including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data||Identity DataUsage DateTechnical Data||Performance of our obligations to you under a contract; necessary for our legitimate interests in running our business and in offering the Services.|
|Using data analytics||Technical DataUsage Data||Necessary for our legitimate interests in running our business and in offering the Services.|
If you have given us your express opt-in consent, we may offer you certain marketing services through analysis of your Identity Data, Usage Data and Technical Data. You have the right to withdraw consent to marketing at any time by contacting us.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
- Disclosures of your Personal Data
We work with third-party partners who help us provide and improve our Services. We don’t sell any of your Personal Data to anyone and we never will. We also impose strict restrictions on how our partners can use and disclose the Personal Data we provide.
We provide aggregated statistics and insights that help people and businesses understand how people are engaging with our Services.
We provide advertisers with reports about the kinds of people seeing their ads and how their ads are performing, but we don’t share information that personally identifies you (information such as your name or email address that by itself can be used to contact you or identifies who you are) unless you give us permission. For example, we provide general demographic and interest information to advertisers to help them better understand their audience.
We share Personal Data about you with companies that aggregate it to provide analytics and measurement reports to our partners.
When you subscribe to receive premium content, or buy something from one of our Services, the content creator or seller can receive your public information and other information that you share with them, as well as the information needed to complete the transaction, including shipping and contact details.
We provide information and content to vendors and service providers who support our business, such as by providing technical infrastructure services, analysing how our Services are used, providing customer service, facilitating payments or conducting surveys.
We may disclose your Personal Data to our external service providers acting as processors who provide IT and system administration services and also to our professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers, as the case may be, who provide consultancy, banking, legal, insurance and accounting services, as the case may be.
We may also disclose your Personal Data to HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with all relevant laws. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Your Personal Data will be located in datacenters located inside the European Economic Area (EEA) and which treat your Personal Data in accordance with all relevant EEA laws. If we do transfer any of your Personal Data outside of the EEA we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please note that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.
- Retention of your Personal Data
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we must keep basic information about our customers (including Identity Data and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your Personal Data (see “Your rights in respect of your Personal Data” below).
- Your rights in respect of your Personal Data
Under the GDPR you have the following rights:
The right of access: You have the right to request access to your Personal Data which enables you to receive a copy of your Personal Data, so you can check that it is accurate and that we are lawfully processing it. We will do this within one month unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right of rectification: You have the right to request correction of your Personal Data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new Personal Data you provide to us. We will correct the information we store, then inform any third parties that we may have provided that information to requesting that they rectify the information they hold too. We will do this within one month unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right to erasure: You have the right to request erasure of your Personal Data (also known as the right to be forgotten). This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your Personal Data unlawfully or where we are required to erase your Personal Data to comply with respective laws. We will do this within one month unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right to restrict processing: You have the right to object to the processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. We will consider these requests and take appropriate action within one month of the request (including where appropriate informing any third parties of this restriction) unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we may need an extension of time.
The right to data portability: You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format (such as in Excel or Word format). Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. We will provide this free of charge within one month of the request unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right to object: You have the right to request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish your Personal Data’s accuracy; (b) where our use of your Personal Data is unlawful but you do not want us to erase it; (c) where you need us to hold the Personal Data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it. If we agree with your written objection then we will not use the data in the way to which you are objecting within one month, unless the request is complex, or we have too many requests to deal with, in which case, we will inform you within one month that we may need an extension of time.
Rights of automated decision making and profiling: We may make automated decisions (via a computer algorithm) on certain aspects of the marketing materials that we send to you. We do not make any other automated decisions on your information. We do not make any decision on what the GDPR regulations suggest is a ‘special category’ of Personal Data nor make any decisions based on ethnicity, race, sex, gender or disability. If you object to the automated data processing that we perform on your Personal Data, then you may ask us not to do this. Since this decision making is integral to how we send marketing materials, then we will simply remove any marketing consent that you have given to us, which will result in your data not being processed in this way. We will do this free of charge within one month, unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we may need an extension of time.
The right to withdraw consent: You have the right to withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide some or all of the Services to you. We will advise you if this is the case at the time you withdraw your consent.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights), however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
- Data Security
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your Personal Data. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. We will store all your Personal Data on our secure servers, however, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping your password and user details confidential for accessing any of our Services. We will never ask you for your password. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and to notify you and any applicable regulator if the security, integrity or confidentiality of your Personal Data has been compromised, in accordance with any applicable laws and regulations.
- Amendments to our Privacy and Data Protection Policy
- Contact us
Room 1103B, 11/F, Join-In Hang Sing Centre
2-16 Kwai Fung Crescent, Kwai Chung
N.T, Hong Kong