this privacy policy explains how the mrorganic Group manages the personal information that we collect, use and disclose, and how to contact us if you have any further queries about our management of, or would like to request access to, your personal information.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information is recorded in a material form or not.
Collection of personal information by mrorganic
The types of information we may collect include:
a) identifying and contact information (for example, your name, address, age, date of birth,[1] gender, and email address);
b) financial information (for example, credit or debit card details);
c) health information (for example, where a customer may suffer an adverse reaction to a product);
d) if you visit our website, register an account with us and/or purchase products through our website, your username and password, IP address, information about your purchases and your other activity on our website (for example, tracking which areas of the website you visit and the content you view);
e) other information which you may include in your profile or in other communications to the mrorganic Group; and
f) other information with your consent or where required by law.
We collect personal information in connection with your use or purchase of mrorganic’s products and services, to provide you with the products and services you request, as well as information on other products and services offered by us. Where possible, we will collect personal information directly from you or a person authorised to provide this information on your behalf. This can be through our website, in one of our retail stores or counters, over the phone or by email. Should we collect your personal information from a third party, we will take reasonable steps to ensure that the third party has obtained your consent to provide your personal information to us.
If you do not provide personal information requested of you to mrorganic or, withdraw your consent to our collection, use and disclosure of your personal information at any time (subject to contractual and legal restrictions and
reasonable notice), we may be unable to provide you the products or services you have requested or contact you in the future. If you no longer wish to receive copies of our newsletter, or information about our products, services, store launches, events or other promotional information you may unsubscribe by contacting us as described below. For communications sent by e-mail or other electronic means you will also be able to unsubscribe using the unsubscribe mechanism in the message itself.
Cookies
If your web browser is set up to accept cookies, a cookie will be stored on your hard drive when you visit mrorganic’s website. Cookies allow mrorganic to collect information about your computer, which may include your IP address (a number assigned to your computer when you register with an Internet Service Provider), type of browser, operating system, domain name, and the details of any website which has referred you to our website. mrorganic uses cookies to track and collect information about which parts of mrorganic’s site and newsletter (including links to other websites) are being visited by you.
Cookies also allow mrorganic to recognise your computer while you are on mrorganic’s website, and to send you to the country of origin and language you selected on your first visit to mrorganic’s site. This information is used to maintain the quality of our service and to provide tracking and statistics regarding the use of our website.
If you would rather not have this information stored on your computer, you can configure your browser so it does not accept cookies. However, if you disable cookies you may not be able to access all parts of this website, including the purchase section.
Use of personal information by mrorganic
Generally, mrorganic will use your personal information for purposes connected with our business operations, which may include:
a) to develop, market, sell or otherwise provide products, services or information;
b) fulfil your purchase orders for our products, services and/or gift certificates;
c) provide you with copies of our newsletter or information about our products, store launches, partnerships, events or other marketing or promotional
information with your consent [2];
d) to maintain, update and service your account with us;
e) to maintain, administer and improve our systems;
f) improve our website, including to modify it to your usage, history and preferences and troubleshoot problems; and
g) Conduct internal administrative activities, research, analytics, planning and project development.
Disclosure of personal information by mrorganic
In order to properly conduct our activities, we may disclose or transfer personal information to other persons or organisations including:
a) our service providers (including affiliates acting in this capacity) that provide services on our behalf, for example information technology, mailing, billing, marketing and/or data hosting or processing services; or otherwise, to collect use, disclose, store or process personal information on our behalf for the purposes described in this Privacy Policy;
b) parties connected with the proposed or actual financing, securitisation, insuring, sale, assignment or other disposal of all or part of mrorganic or our
business or assets, for the purposes of evaluating and/or performing the proposed transaction; and
c) other parties to whom we are authorised or required by law to disclose information.
Data quality and security
mrorganic takes reasonable steps to:
a) make sure that the personal information we collect, use and disclose is accurate, complete and up to date;
b) protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure; and
c) where permitted by law, destroy or permanently de-identify personal information that is no longer needed for purposes for which it was collected.
mrorganic's credit card transactions are fulfilled by an authorised banking institution. When collecting credit card information for online purchases, mrorganic offers secured server transactions that encrypt your information in transit to help prevent others from accessing it. Personal information is stored on servers that are protected by appropriate safeguards, and will be accessible by authorised employees and agents who require access in connection with their responsibilities. Your credit card details are encrypted and then removed from our system once your order has been dispatched.
Unsolicited personal information
We don’t usually collect unsolicited personal information.
Where we receive unsolicited personal information, we’ll determine whether or not it would have been permissible to collect that personal information if it had been solicited.
If we determine that collection would not have been permissible, to the extent permitted by law, we’ll destroy or de-identify that personal information as soon as practicable.
Anonymity
mrorganic will generally provide individuals with the option of not identifying themselves when entering into transactions when it is lawful and practicable to do so. However, on many occasions, we will not be able to do this. For example, we will need your address in order to deliver any products purchased through our website.
Disclosure of personal information overseas[3]
mrorganic may, in the course of carrying out our business, disclose personal information to overseas affiliates and service providers, including between
members of the mrorganic Group.
Access to and Correction of Your Personal Information You have the right to request access to and correction of your personal information. [4] If you have any questions or concerns about how we handle your personal information, or would like to request a copy of the personal information we hold about you, please contact our Privacy Officer at privacy@mrorganic.hk or in writing at:
Privacy Officer
mrorganic Group
UNIT NO.2 31/F ONE MIDTOWN, NO.11 HOI SHING ROAD, TSUEN WAN N.T
mrorganic will provide you with access to your personal information and amend any of your personal information which is inaccurate or out of date to the extent required by the applicable laws[5] . If we provide you with copies of any information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.
Changes to this policy[6]
This Privacy Policy is effective from 1 September 2016]. This Privacy Policy may be updated from time to time. To obtain a copy of the latest version at any time, visit our website or contact us by email: privacy@mrorganic.hk.
Complaints
If you consider a breach of the applicable privacy laws or your rights in relation to privacy has occurred, you may contact us and we will attempt to resolve your complaint.
[1] Please see our comments on the Hong Kong Client Profile Card regarding collection of birthday information.
[2]No changes to the Privacy Policy is required. We have amended the Client Profile Card to comply with the PDPO. Under the PDPO, if a data user (i.e. mrorganic) intends to use and/or transfer personal data for direct marketing purposes, it must provide specified information and obtain consent from the data subjects.
It is not legally required to include the prescribed information in the Privacy Policy and obtain consent via the Privacy Policy, as long as these steps are taken before conducting any direct marketing activities.
To keep changes to the Privacy Policy to a minimum , we have included the prescribed information and consent mechanism in the Client Profile Card.
[3]No changes to the Privacy Policy is required for compliance with the PDPO.
However, for your information, there is currently no cross border data transfer of personal data in Hong Kong. Section 33 of the PDPO prohibits the cross border data transfer except in certain circumstances (e.g. with consent of the data subjects), but the provision is not yet in force. In December 2014, the Privacy Commissioner published the Guidance on Personal Data Protection in Crossborder Data Transfer to assist data users to prepare for the eventual implementation of section 33, but the guidance is for voluntary compliance only and there is no firm date for the implementation of section 33.
[4]Under the PDPO, a data user is required to explicitly inform the data subjects of their rights to access and correct personal data.
[5]Under the PDPO, there are specific circumstances in which a data user may refuse to comply with data access requests and data correction requests.
Impracticality is not a valid ground of refusal and therefore we have amended this sentence so that mrorganic will only refuse compliance with a data access request or data correction request according to the PDPO.
[6]No changes is required to this section for compliance with the PDPO.
However, for your information, under the PDPO, if a data user wishes to use the personal data for new purposes or transfer the data to a new class of transferees subsequent to collection, express consent is required. Implied consent by continuous use is insufficient. mrorganic should build in a mechanism to obtain express consent from the customers to a change of the purpose of use or transferee of data (e.g. through a pop up window to inform the customers of the changes in the privacy notice and to require them to click on an “agree” button before entering the app). Other changes not affecting use or transferees do not require consent. Please let us know if you need further advice on this.