Privacy policy

OMNICHAT LIMITED, (hereinafter “we”, “us” or “our”) respects personal data (the “Personal Data”) of individuals. We set forth in this privacy policy (the “Policy”) how we or companies commissioned by us (data processors) collect, use, process, store and share the Personal Data that visitors of our website, our clients or their respective customers (collectively as the “Clients” or “you” or “your” or “yours”) provide to us, or that we gather from any use of our website (https://www.omnichat.ai/), software applications, chatbots, mobile applications, or any other products and services provided by us (the “Products and Services”).

In line with relevant data protection laws, including but not limited to the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO“), the European General Data Protection Regulation (“GDPR“), and other applicable national data protection laws (collectively known as “Applicable Laws“), we collect, use, process, store, and transfer the Personal Data of our Clients.

Personal Data means any information that relates to an identified or identifiable living individual. Different pieces of information, which collectively identify a particular person also constitute personal data.

You will be asked to consent to the terms of this Policy when making an enquiry, registering for events or interacting with us via Products and Services. To the extent permitted by Applicable Law, your continued use of our Products and Services constitutes your consent to the Policy.

If you do not agree to this Policy, please do not provide any Personal Data when requested and should refrain from using our Products and Services.

A. LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process Personal Data if one of the following legal basis applies:

1. The Client’s consent: We process Personal Data if the Client has given us explicit consent to use their Personal Data. Your consent can be withdrawn at any time.
2. Contractual obligations: We process Personal Data in order to fulfil our contractual obligations under contracts we entered into with you.
3. For a legitimate interest: We process Personal Data where we believe there is a legitimate reason to protect your interests or the interests of a third party.
4. Under a legal obligation: We process Personal Data where it is necessary to do so in compliance with any legal obligations, such as for the cooperation with law enforcement or regulatory authority, or the exercising of our legal rights.

B. COLLECTION OF PERSONAL INFORMATION

Depending on the type of Products and Services that are used, we may collect the following types of information through Products and Services:

1. Identification information – we will collect identification information from Clients to process any of the Client’s requests and instructions as well as to deliver our Products and Services, including but not limited to name, address, email address and contact information, membership ID numbers or other royalty membership schemes, profile or passwords, etc.
2. Data collected for Products and Services – we will collect information that is necessary for us to fulfil your requests and instructions.
3. Data concerning connection and devices – we will collect information automatically when you access or use our Products and Services, including but not limited to geo-location data, device id, IP address, web pages viewed, browsing time, click-activities, redirections, pages you visited before entering into our websites, etc.
4. Data collected by Cookies or other tracking technologies – we and our service providers will collect information by Cookies or other tracking technologies to allow us to better understand your access and use of our Products and Services. Please see Section D for more information.
5. Data relating to your purchase activities, including but not limited to purchase history, delivery histories, payment methods, particulars of the payment tools, etc.
6. Data you voluntarily provided to us, including but not limited to your reviews, feedback, opinions or other interactions you have with us about our Products and Services.
7. Data for detection, investigation or prevention of fraud, misuse of our Products and Services or other violations of any applicable laws

We also collect other Personal Data provided to us as part of the Products and Services or for specific purposes made known to you at the time of collection.

Data may also be provided to us by third parties who we assume have obtained your consent or otherwise are permitted by Applicable Laws to share such data with us.

It is worth noting that some of the above information and data we collect are for processing for and on behalf of the Client for their purposes.

C. USE OF PERSONAL DATA

Depending on the type of Products and Services that are used, we may collect, use and process Personal Data for the following purposes:

1. to provide you with and maintain our Products and Services, including but not limited to our software applications and chatbots;
2. to evaluate, customise and improve the Products and Services and the user experience;
3. to provide our Clients with customer and/or technical support;
4. to analyse the use and trends of the Products and Services;
5. to customize the Products and Services, in particular by providing features or ads which correspond to the interests and/or preferences of Clients;
6. to manage any abusive, unlawful or dishonest use of our Products and Services or violation of our terms and conditions or any applicable laws;
7. to prepare and offer push ads, promotions, rewards, or other types of content or features that match your interests and preferences;
8. to improve the safety and reliability of our Products and Services;
9. to comply with our legal obligations under applicable laws;
10. to research and develop other services; or
11. any other purposes described in this Policy or for specific purposes made known to you at the time of collection.

In addition, with the Client’s express consent, we will also use Personal Data collected by us for direct marketing and promotional purposes. Please see our Section E on Direct Marketing.

D. COOKIES

We use analytic technologies, such as cookies, or other automated tracking and technologies provided by third parties to collect information through automated means in order to understand the usage of the Products and Services.

1. Cookies

   Cookies, or similar technologies (such cookies or other similar technologies, “Cookies”), are small computer files stored on your devices used to access our Products and Services.

   You can choose to allow the installation of these Cookies or choose to disable them later. You can consent or reject, or request to be alerted when cookies are stored by adjusting your web browser settings (for websites) or device settings (for software applications), or through third-party cookie providers. However, should you refuse the installation of Cookies, the Products and Services, along with some features, might not function as expected.

   Broadly speaking, we use cookies to:

   1. distinguish users of our Products and Services;
   2. collect data about Clients’ interests, behaviours of viewing and using our Products and Services to improve our Products and Services; and
   3. optimizing our marketing and advertising campaigns and those of our business partners.

E. DIRECT MARKETING

Only with the explicit consent of our Clients, shall we use a Client’s name, email address and mobile phone number to send direct marketing materials including news, offers, promotions, and joint marketing offers that we consider may be of interest to you. If any Client prefers not to receive any direct marketing communications, they may withdraw any consent given without charge at any time by contacting us.

Even if you opt out of direct marketing, we may still send you other non-marketing communications as necessary for us to provide our Products and Services to you.

F. RETENTION OF PERSONAL DATA

We keep Personal Data for a period not exceeding what is required for the purposes for which the Personal Data is collected and in accordance with the Applicable Laws (“Retention Period”).

Without affecting the general rule above, we will retain and store Personal Data:

1. when collected for our Clients, for a duration until our Clients instruct us to destroy or return such Personal Data or for a period of time as agreed between us and our Clients under separate agreements;
2. for the time as long as necessary to provide the Products and Services;
3. for the duration necessary to process and handle the requests of our Clients;
4. for up to three (3) months after the Client’s contract has ended; or
5. for the time needed for compliance with applicable laws.

When the Retention Period ends or at the request of the Client, we will delete the Personal Data or otherwise anonymise the Personal Data to a point where it is impossible to reidentify an individual. The Retention Period may be changed upon the cancellation of or re-enrollment in the Products and Services, or in accordance with Applicable Laws.

G. SHARING AND TRANSFER OF PERSONAL DATA

We share information collected as outlined below and where Clients have asked us to do so or otherwise consented, on a need-to-know basis:

1. Omnichat affiliates: Personal Data collected may be accessed by or shared with our affiliates which may be located in Hong Kong or Taiwan region.

2. Service providers: We will share Personal Data collected with third-party service providers or sub-processors who process such data for us for purposes set out in Section C or for purposes of our Clients. This includes:

   1. cloud services providers: AWS Cloud (Singapore) and/or MongoDB Cloud located in Singapore and Hong Kong, which may not be located where the Clients are located.
   2. hosting services provider: Amazon Web Services (AWS) located in Singapore and Hong Kong; MongoDB Atlas located in Singapore and Hong Kong
   3. legal, accounting and other professional services providers located in Hong Kong;
   4. payment gateway or payment processing services providers located in the United States; and
   5. customer relationship maintenance services providers located in the United States;
3. government or law enforcement authorities; and/or
4. our assignees or successors.

When we transfer the Personal Data, we will protect the Personal Data as described in this Policy and comply with applicable legal requirements for providing adequate protection for the transfer of Personal Data.

We have a data processing addendum with our trusted partners that are incorporated in our service agreements with our data processing and storage partners. Our support, developers and other team members are located in different parts of the world, and they may have access to Personal Data from outside of where the Client lives in order to provide timely support to constantly maintain our Products and Services.

By using the Products and Services, you agree that Personal Data may be processed by such subcontractors in countries that may not offer the same degree of data protection as the country where the Client lives. We will, however, only transfer the Personal Data in compliance with Applicable Laws.

We have taken reasonable contractual measures to ensure that our subcontractors would process Personal Data in accordance with our directions and for our purposes as set forth in this Policy. Our subcontractors are prohibited from using Personal Data for any other purposes without the Data Subject’s consent.

H. SECURITY OF PERSONAL DATA

We take different measures to secure Personal Data. We use appropriate organizational and technical means to protect Personal Data against any loss, destruction, alteration, or unauthorized, unlawful or abusive use of Personal Data. We placed the same obligations on our subcontractors who process Personal Data for our purposes and on our instructions.

Personal Data is encrypted in the database while at rest and in transit. We strictly restrict the scope of personnel who can access Personal Data and information, and require them to comply with their contractual confidentiality obligations. In the event of a data breach or other security incident of Personal Data, we will activate an emergency response plan to prevent the expansion of such security incidents and notify you in the form of push notifications, public announcements, etc.

To the extent permitted by Applicable Laws, we shall not be held liable for any direct or indirect loss, damages, or costs sustained or incurred by the Data Subject in the event of a data breach, or if the Personal Data is subject to unauthorized use, access, deletion, or alteration.

I. DATA SUBJECT RIGHTS

The Client enjoys the following rights under the Policy:

1. The right to be informed

   This Policy outlined the types of information we collect, the purposes of processing Personal Data and the legal basis for doing so as well as the transfer, storage and handling by us of your Personal Data.

2. The right of access

   Clients are entitled to access Personal Data that is in our possession or under our control. The right of access includes the right to know how we use Personal Data in practice and with whom we share such information.

3. The right of rectification

   Clients may contact us to correct any of the Personal Data that is in our possession or under our control.

4. The right to erasure and the right to restrict processing to storage

   Clients may ask us to remove or delete Personal Data or to restrict the processing of Personal Data where there are no valid reasons for any continued processing. However, the right to erasure is subject to our lawful rights under Applicable Laws to retain Personal Data for our legitimate purposes, such as the enforcement of our legal rights.

   If a Client requires us to restrict the processing of Personal Data other than for storage purposes, we may use such Personal Data again if there are valid reasons under Applicable Laws for us to do so.

5. The right to data portability

   The Client has the right to receive a copy of the Personal Data we process. The Client may request us to transfer it to another party, except under certain circumstances.

6. The right to object

   The Client has the right to object to our processing or use of Personal Data at any time. In particular, Data Subjects can object to our use of Personal Data for direct marketing purposes.

7. The right to be notified of breaches

   We shall notify the Client and any applicable regulators in writing in the event of a suspected or actual breach of the Personal Data.

J. CHILDREN

Our Products and Services are not directed at people under the age of 18 (“Children”). We do not knowingly collect, solicit, market or process Personal Data belonging to Children.

K. PROCESSING FOR CLIENTS

You acknowledge and understand that some of our Clients will regularly disclose to us Personal Data collected by such Clients in the course of accessing and using our Products and Services. Where applicable, the Clients agree to grant us a non-exclusive right to process such Personal Data as a data processor solely to provide our Products and Services.

In the scenarios where we are processing Personal Data as a data processor for our Client’s purposes, we shall:

1. process, use or disclose Personal Data as necessary for the performance of our contractual obligations owed to our Clients or otherwise under Clients’ consent;
2. make no independent use of such data whatsoever for its own purposes;
3. act at all times only in accordance with the Client’s instructions and requirements with respect to such Personal Data;
4. ensure that we have in place reasonably appropriate technical and organizational measures to protect against unauthorized or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data;
5. ensure that all personnel who have access to and/or process Personal Data are obliged to keep such data confidential;
6. notify the Clients without undue delay on becoming aware of a personal data breach affecting Personal Data;
7. on the Client’s written direction, delete or return Personal Data and copies thereof to the Client; and
8. maintain, complete and accurate records and information to demonstrate our compliance with this clause.

L. THIRD-PARTY LINKS

Our Products and Services may include links to third-party websites which are not governed by this Policy. We do not collect or access data that may have been collected by these third parties at their discretion.

The inclusion of third-party links does not mean that we approve, authorize or otherwise are affiliated with the websites to which the links connect. Clients are advised to remove the privacy notice of such third-party websites before providing any Personal Data to such websites or using the services of such websites.

We are not responsible for the use of Personal Data by such third parties and we cannot guarantee that they have the same level of data protection policy as us.

M. CONDITIONS OF USE OF OUR PRODUCTS AND SERVICES

The terms of this Policy are incorporated into our Terms of Use which Data Subjects may refer to at the following link: https://www.omnichat.ai/terms.

N. CHANGES TO THE POLICY

We reserve the right to change the Policy at any time. If we change the Policy, we will communicate the changes to you through notifications or alerts provided to you under the Products and Services, or any other appropriate means, for example, by email, so that the Client will be fully informed of such changes. Any changes to the Policy will take effect thirty (30) days after such changes have been communicated to you. Your continued use of our Products and Services will be deemed as an acceptance of the changes to the Policy.

O. SEVERANCE

If any part or provision of this Policy is prohibited or deemed to be void or unenforceable, that part or provision shall be ineffective to the extent of such prohibition or unenforceability without invalidating the remaining provisions hereof.

P. GOVERNING LAW

This Policy shall be governed by, and construed in accordance with, the laws of the Hong Kong Special Administrative Region (“Hong Kong”). Any dispute, controversy, difference or claim arising out of or relating to this Policy, including the existence, validity, interpretation, performance, breach or termination thereof or any dispute regarding non-contractual obligations arising out of or relating to it shall be referred to and finally resolved by arbitration administered by the Hong Kong International Arbitration Centre (“HKIAC”) under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted. The seat of arbitration shall be Hong Kong. This arbitration clause shall be governed by Hong Kong law. The number of arbitrations shall be one. The arbitration proceedings shall be conducted in English.

Q. COMMUNICATE WITH US

If you have any questions or concerns regarding this Policy or to exercise your rights under this Policy, please contact our Data Protection Officer:

Name: Pak Hui

Address: Unit 704, 7/F, The Whitney, 183 Wai Yip Street, Kwun Tong

Email Address: teams@omnichat.ai

Telephone Number: +852 28899282