Privacy Policy Hong Kong

1. Definitions

• Personal Data: Information related to a living individual that can identify them directly or indirectly, and recorded in a form in which it is accessible and usable.
• Data User: The party that controls the collection, holding, processing, or use of personal data.
• Data Processor: A party that processes personal data on behalf of a data user.

2. What We Collect

Depending on your interaction with us, we may collect the following categories of data:

• Account and Merchant Data: Names, company names, titles, contact details, registration information, merchant shop details, and content.
• Transaction and Payment Data: Orders, payment amounts, payment statuses (sensitive payment tool data processed by payment service providers).
• Customer Service and Communication: Inquiries, support records, and communication preferences you make with us or merchants.
• Technical and Usage Data: IP addresses, device and browser information, usage logs, error logs, and cookie identifiers.
• Job and Partnership Data: Personal information contained in your resumes or bids/cooperation documents, if applicable.

If you provide us with personal data of third parties (such as your customers) on behalf of a merchant, you should ensure that the necessary notices and consents have been obtained, as appropriate.

3. How We Use Data

We use personal data for legitimate purposes directly related to the functions or activities of the Platform, including:

1. Providing and maintaining the Platform, enabling account setup, fulfilling orders, processing payments, and logistics;
2. Providing technical support and customer service, debugging, and operational notices;
3. Improving and optimizing functionalities (such as fraud detection, performance monitoring, and user experience analysis);
4. Meeting legal, regulatory, or tax obligations, or responding to legitimate requests from law enforcement or government authorities;
5. With appropriate consent, used for direct marketing (see Section 4).

Personal data will not be used for any new purposes other than those directly related to the original purposes when collected without your voluntary express consent.

4. Direct Marketing

We may use your name and contact details to send you information about the Platform's products or services, feature updates, activities, or promotional materials. We will provide clear and easy-to-understand notifications and free opt-in/opt-out options for this purpose for the first time, and you can freely withdraw your consent or request us to stop direct marketing at any time.

If your personal data is provided to third parties for their direct marketing purposes, we will obtain your written consent in advance. When you withdraw your consent or request to opt out, we will promptly update the records and stop the relevant purposes.

5. How We Share Data

Under the circumstances necessary and compliant with the law, we may provide or share personal data to the following categories of recipients (only within the scope required):

• Service providers/data processors entrusted (e.g., cloud hosting, content delivery networks, data analysis, customer support, identity verification, payment and anti-fraud, logistics and delivery, short message/email services, video and live streaming providers);
• Merchants (when you have transactions or interactions with them);
• Professional consultants, insurance companies, audit or legal consultants (under confidentiality obligations);
• Law enforcement agencies, regulatory authorities, courts, or government departments (as required by law or necessary for the exercise or defense of legal rights).

6. Cross-Border Data Transfer

Our infrastructure and some service providers entrusted to us may be located outside Hong Kong. Although Section 33 of the Ordinance (on cross-border data transfer restrictions) has not yet come into effect, we will refer to the Personal Data Privacy Commissioner's Office (PCPD) best practices, including adopting recommended cross-border data transfer contract clauses, conducting reasonable due diligence, and referring to relevant standard contracts and guidelines in the Greater Bay Area cross-border data flow scenarios.

7. Data Retention

We only retain personal data for the period necessary to achieve the purposes set out in this Policy. Unless otherwise required by law, when data is no longer needed, we will take all reasonable steps to delete or anonymize such data. Merchants can download their data in their account settings, or request deletion as set out below (subject to technical, legal, or accounting retention requirements).

8. Data Security

We take reasonable and practicable technical and organizational measures to protect personal data from unauthorized or accidental access, processing, deletion, loss, or use, such as layered access control, transmission and static encryption (where appropriate), multi-factor authentication (MFA), vulnerability management, backup and disaster recovery, minimum privilege for employees, and training.

If a data breach involving personal data occurs, we will refer to PCPD's "Guidelines for Handling and Reporting Data Breaches" to assess the risk and, where appropriate, notify affected individuals and relevant authorities.

9. Cookies and Similar Technologies

We use necessary cookies for basic functions and may use preference, performance, and analysis cookies or pixel tags to improve the experience. You can manage or delete cookies through your browser settings; disabling non-essential cookies may affect some functions. Please refer to the Cookie Policy for details.

10. Your Rights (Access and Correction)

You have the right to request the following from us:

• Access to Personal Data: Request to confirm whether we hold your personal data and a copy thereof (we may charge a reasonable fee for processing).
• Correction of Personal Data: Request to correct inaccurate or incomplete personal data.
• Choice Against Direct Marketing: Free opposition or withdrawal of consent for direct marketing at any time.

We may refuse certain requests and provide reasons where permitted or required by law. To protect privacy, we may need to verify the identity of the applicant first. Please contact us using the method provided in Section 14.

11. Children's Privacy

This Platform is not intended for minors; if you are under the legal age, please use this Platform under the supervision and guidance of your parent or guardian.

12. Third-Party Services and Links

This Platform may contain links to third-party websites, applications, or services (e.g., payment, social media, or logistics services). The data processing practices of such third parties are subject to their respective privacy policies, and we are not responsible for their content or practices, please refer to their policies.

13. Updates to this Policy

We may update this Policy from time to time to reflect changes in operations, law, or regulations. When significant changes are made, we will notify you via this page, in-app notifications, or email prompts. If you continue to use the Platform after the update, it means you accept the updated Policy.

14. Contact Us

For any queries, access requests, or correction requests regarding this Policy or the processing of your personal data, or to withdraw consent for direct marketing, please contact: