Privacy Statement & Personal Data Collection Statement

1.1. "Associated Companies"

"Associated Companies" shall have the meaning under section 2(1) of the Companies Ordinance (Cap. 622 of the Laws of Hong Kong).

1.2. "Company" or "We"

"Company" or "We" refers to Working Bird Limited, its associated companies and their respective directors, shareholders, members, employees, consultants, managers, and legal representatives. The Company, as a Data User, is responsible for determining the purposes and means of processing personal data as described in this Policy.

1.3. "Platform"

"Platform" refers to all online platforms or mobile applications owned and operated by the Company that support the core functions of the Company and are made available to users and third-party providers. The Platform includes but is not limited to:

• The Company's technological platform;
• Digital portals;
• Websites;
• Mobile applications; and
• Other related systems intended to maintain the Company's operations.

1.4. "Personal Data"

"Personal Data" as defined under the PDPO, means any data:

• Relating directly or indirectly to a living individual;
• From which it is practicable for the identity of the individual to be directly or indirectly ascertained; and
• In a form in which access to or processing of the data is practicable.

"Personal Data" includes but is not limited to a living individual's name, identity card number, biometric data, address, telephone number and email address, etc.

1.5. "Data Subject"

"Data Subject" means the living individual who is the subject of the personal data.

1.6. "Processing"

"Processing" means any operation performed on personal data by automated means or otherwise, including but not limited to:

• Collection, recording, organization;
• Storage, modification, retrieval;
• Use, transmission, dissemination;
• Combination, restriction; and
• Erasure or destruction.

1.7. "Consent"

"Consent" means any voluntary, explicit indication of the Data Subject's agreement to the processing of their personal data through:

• Clear affirmative action;
• Freely given specific statement; and
• Informed and unambiguous indication of wishes.

1.8. "Data User"

"Data User" (also referred to as "Data Controller" in certain contexts) means a person who, either alone or jointly or in common with other persons, controls the collection, holding, processing or use of personal data.

1.9. "Data Processor"

"Data Processor" means a person (except an employee of the Data User) who processes personal data on behalf of a Data User and does not process the personal data for any of the person's own purposes.

1.10. "Third Party"

"Third Party" means any person other than:

• The Data Subject;
• The Data User; and
• Data Processors.

The above definitions shall be interpreted in accordance with applicable laws, particularly the PDPO. In the event of any conflict between these definitions and applicable laws, the applicable laws shall prevail.

2.1. Basic Personal Data

• Full name
• Gender
• Date and place of birth
• Photos and images
• Job title and position
• Educational and professional qualifications
• Work experience

2.2. Contact Information

• Residential and correspondence addresses
• Phone numbers (including mobile numbers)
• Email address
• Other contact methods

2.3. Information for Verification of Identity

• Hong Kong Identity Card number and copy
• Other identification documents

Note: We only collect such sensitive Personal Data to the extent that is permitted by applicable laws and necessary for accurate verification of your identity.

2.4. Financial Information

• Bank account details
• Payment records
• Finance-related documents

2.5. User Data

• Internet Protocol (IP) address
• Browser type and version
• Domain name
• Login time and records
• Location data
• Activity logs on the Platform

2.6. Interaction Records

• Records of telephone calls between you and the Company
• Email correspondence
• Online interaction records
• Voice recordings
• Records of enquiries and complaints made with the Company

2.7. Service-Related Information

• Service application information
• Service usage records
• Service preferences
• Feedback

2.8. Other Information

• Information about other individuals
• Other personal data you may provide to us from time to time
• Relevant information about you obtained from public channels

2.9. Special Notes

• We will provide a Personal Information Collection Statement on the webpage that collects Personal Data to inform you of the purposes of collecting the data, the classes of persons to whom the data may be transferred and other related information.
• Supply of Personal Data to the Company is non-obligatory but failure to do so may result in the Company being unable to provide you with the relevant services or information. We will clearly indicate whether the supply of certain Personal Data is voluntary or obligatory (and if the latter is the case, the consequence for you if you do not supply the Personal Data).
• We commit to collecting only Personal Data that is necessary for achieving the purposes as set out in section 3 below.
• We implement special protection measures for the collection, use and storage of sensitive Personal Data (such as Hong Kong Identity Card numbers).
• You may need to provide Personal Data about other individuals (such as your spouse or children) to the Company. In order to comply with the PDPO, you are required to have first obtained the authorization of such individuals before using, disclosing and transferring their Personal Data, including giving consent on their behalf to the Company's use, disclosure and transfer of their Personal Data. If necessary, the Company may require you to provide any supporting documents in proving such authorization. You should also advise them that the Company can be contacted for further information.

2.10. Data Updates

We may periodically request you to update your Personal Data to ensure its accuracy and timeliness. You are responsible for ensuring that all Personal Data provided to us is accurate, complete, and up-to-date.

3.1. Data Collection Purposes

Your Personal Data may be collected, used, processed and retained for the following purposes or any directly related purposes:

Provision of Basic Services

• Processing your account registration and management
• Verifying your identity
• Providing and maintaining our services
• Processing your enquiries, comments, and complaints
• Fulfilling contractual obligations with you
• Providing customer support services

Service Optimization and Analysis

• Conducting internal statistical surveys and analysis
• Improving our applications, platforms, and software
• Analyzing user behavior and preferences
• Evaluating and improving user experience
• Monitoring service quality
• Conducting market research and user surveys

Communication and Security

• Conducting necessary communications with you
• Sending service notifications and updates
• Safeguarding network and data security
• Preventing fraud and abuse
• Maintaining security of the Platform

Legal Compliance

• Complying with legal and regulatory requirements
• Responding to legal processes or requests
• Fulfilling regulatory obligations
• Exercising or defending legal rights

3.2. Direct Marketing

We will obtain your explicit consent for direct marketing carried out by us through clear opt-in mechanisms, such as checkboxes during registration or account setup, to ensure that you are fully informed of the purposes and scope of marketing communications. We may use your Personal Data for direct marketing, subject to the following:

• Only the following types of Personal Data will be used for direct marketing:
• Name
• Email address
• Correspondence address
• Mobile number
• Categories of products and services that may be marketed include:
• The Company's services and related products
• Offers and promotions, including gifts, discounts, privileges, promotional offers and joint promotional programs with partners

It is our intention to only send you communications that you may want to receive. When you opt-in or do not opt-out from receiving promotional materials, we will contact you regularly via e-mail, SMS messages and/or WhatsApp messages.

You can unsubscribe from all marketing communications. Every time you receive an e-mail, an SMS message or a WhatsApp message from us, you will be provided with the choice to opt-out of future e-mails, SMS messages or WhatsApp messages by following the instructions provided therein. You may also opt-out by contacting us at cs@workingbird.com.hk if you no longer wish any of your Personal Data to be used in any of the above described direct marketing purposes without charge.

We do not share your Personal Data with Third Parties for their direct marketing purposes.

3.3. Data Sources

We may collect your Personal Data from the following sources:

• Directly from you
• Analytics providers
• Data aggregators
• Technical service providers
• Public sources

3.4. Non-Personal Data Collection

We may also collect information that does not constitute Personal Data, such as:

• Browser type
• Usage duration
• System logs
• Other technical data

3.5. Other purposes

We will seek your consent before collecting, using, processing and retaining your Personal Data for any other purposes than those set out above.

4.1. General Principles

All Personal Data we collect will be stored only for a duration that is relevant to the purpose for which it is collected and for as long as permitted or required by the applicable laws.

4.2. Retention Periods

• Your Personal Data will normally be retained for the following durations:
• Account information: 7 years after termination of the account
• Transaction records: 7 years after completion of the transaction
• Disputed transactions: Additional 2 years after dispute resolution
• Communication records: 7 years
• Your Personal Data may be retained for an extended period of time under the following circumstances:
• Unresolved disputes or complaints
• Ongoing legal proceedings
• Regulatory investigation requirements
• Fraud prevention
• Other reasonable business purposes
• When we no longer need to retain your Personal Data, we will securely anonymize or destroy it in accordance with sections 4.4 and 4.5 below.

4.3. Data Processing Methods

Your Personal Data will be processed by us or a Data Processor in the following manner:

Active Personal Data

• Secure storage in the Company's systems
• Regular backup protection
• Encryption protection
• Access control management

After the Termination of an Account

• Automatic archiving upon expiration
• Regular cleaning checks
• Secure destruction procedures
• Destruction process documentation

4.4. Anonymization Processing

• This section 4.4 applies to:
• Data no longer requiring personal identification
• Data for statistical analysis
• Data for research purposes
• Service improvement related data
• The aforesaid data will be processed by us or a Data Processor in the following manner:
• Removal of personal identifiers
• Ensuring non-reidentification
• Systematic verification of anonymization effectiveness
• Regular review of processing methods

4.5. Data Destruction

• We will destroy your Personal Data where:
• The relevant retention period as set out in section 4.2 above has expired;
• We no longer need to retain your Personal Data because the purpose(s) for which it was collected has already been achieved;
• You request us to do so; or
• We are required to do so by law.
• Your Personal Data will be destroyed in the following manner:
• Electronic files: Secure deletion
• Physical documents: Shredding
• Backup data: System purge
• Third-party data: Requiring destruction proof

4.6. Special Notes

• Data destruction is an irreversible process.
• Anonymized data (which is not your Personal Data) may be retained permanently.
• Complete clearing of backup systems requires time.
• We will regularly update our Data Retention policy as set out in this section 4.

5.1. Security Commitment

The Company commits to implementing appropriate technical and organizational measures to protect the security of your Personal Data. We employ industry-standard security technologies and procedures to prevent accidental or unlawful destruction, accidental loss, unauthorized modification, disclosure, and access to your Personal Data.

5.2. Data Transmission Security

Our website uses appropriate encryption systems to protect data transmission. However, we must emphasize that inherent risks exist in internet data transmission, and we cannot guarantee absolute security. Others may potentially intercept data sent to or transmitted through our website, and we cannot guarantee complete protection against hacking or attacks.

5.3. Storage Security Measures

To ensure that your Personal Data remains secure under our custody, we implement multiple protection measures as follows:

• All Personal Data is stored on secure servers with password protection.
• We implement strict access controls allowing only authorized senior officers or staff to access relevant data.
• We carry out regular system security updates and maintenance.
• We have in place comprehensive backup mechanisms to prevent accidental data loss.

5.4. Personnel Management

All staff assigned to handle Personal Data:

• Undergo rigorous screening procedures;
• Receive regular data protection training;
• Are familiar with the Company's privacy policies and related procedures; and
• Clearly understand their responsibilities in protecting the security of Personal Data.

5.5. Data Breach Handling

In the event of a data breach, we will:

• Assess the scope and severity of the incident;
• Immediately take appropriate measures to control the situation, including, but not limited to:
• conducting a thorough search for the lost items containing personal data;
• requesting the unintended recipients to delete or return any mistakenly sent documents;
• requesting internet companies to remove relevant links from their search engines; and
• disabling system functions that may be relevant to the data breach);
• Assess the risks of harm that may be caused to Data Subjects, such as threats to personal safety, theft and financial loss;
• Depending on the consequences of and severity of the data breach, notify affected Data Subjects and relevant law enforcement agencies where necessary;
• Conduct a post-breach review and strengthen existing Personal Data handling practices to prevent similar incidents; and
• Keep a comprehensive record of the incident documenting the details of the data breach, how it was contained and remedial actions taken by the Company.

5.6. Your Responsibilities

To enhance data protection, we recommend you to:

• Properly safeguard personal account passwords
• Change passwords regularly
• Avoid logging into accounts on public devices
• Report suspicious activities to the Company promptly
• Regularly check account activities
• Before clicking any external links or hyperlinks:
• Self-assess risks and security
• Verify link authenticity and reliability
• Beware of suspicious or unusual URLs
• Avoid providing Personal Data on unknown external websites
• Remember the Company is not responsible for consequences of clicking external links
• Report suspicious links or inappropriate content to the Company immediately

5.7. Continuous Improvement

We commit to:

• Regularly reviewing and updating security measures
• Upgrading security levels with technological developments
• Maintaining high standards of data protection
• Continuous training of relevant personnel
• Promptly responding to new security threats

7.1. Basic Rights

As a data subject, you have the following rights:

• Right of Access: The right to access Personal Data held by the Company about you
• Right of Correction: The right to request correction or updating of inaccurate Personal Data held by the Company
• Right to Withdraw Consent: The right to withdraw previously given consent
• Right to Information: The right to understand how the Company has used or disclosed your Personal Data in the past year

7.2. Procedures for Exercising Rights

To exercise the above rights, please contact us through the following methods:

• Email to: cs@workingbird.com.hk
• Please clearly state your request and provide sufficient information for us to verify your identity.

Please note:

• We may take up to 30 working days to process your request.
• To protect your Personal Data security, we may require you to provide additional information to verify your identity before processing your request.
• We may charge reasonable fees for processing your request.
• When you make a request, any communication between you and the Company may be retained and added to your Personal Data.

7.3. Processing of Data Updates

When you request to update your Personal Data:

• We will process the relevant updates within a reasonable time.
• Data recipients who have previously received your Personal Data from the Company under section 6 above will be notified of such updates.

7.4. Impact of Withdrawing Consent

When you choose to withdraw consent, please note:

• Withdrawing consent may affect our ability to provide services to you.
• In some cases, it may lead to termination of existing service relationships.
• Even after withdrawing consent, we may still need to retain certain Personal Data due to legal requirements.

7.5. Exemptions

Please note that under the Ordinance:

• Certain categories of Personal Data may be exempt from access rights.
• In certain circumstances (such as legal proceedings and crime prevention), we may not be able to fully satisfy your request.
• If we cannot satisfy your request, we will explain the reasons.

7.6. Response Commitment

We commit to:

• Seriously handling your requests to exercise any rights under section 7.1;
• Responding within statutory time limits;
• Providing clear explanations; and
• Taking reasonable steps to satisfy your requests.

7.7. Complaint Handling

If you are dissatisfied with our handling of your request:

• You may lodge a complaint with the Company's Data Protection Officer through cs@workingbird.com.hk.
• You have the right to lodge a complaint with relevant government departments.
• We will seriously handle each complaint and make improvements.

8.1. What are Cookies?

Cookies are small text files placed on your computer or mobile device by websites. These files help websites remember your data and preferences, thereby providing a more personalized service experience.

8.2. How do we use Cookies?

The Company uses Cookies to:

• Identify your identity and login status
• Record your preferences
• Analyze website traffic and usage
• Improve website functionality and user experience
• Collect web browsing data for statistical purposes
• Maintain normal website operation

The data we collect may include but is not limited to:

• Login and authentication data
• Browsing activity records
• Usage preferences
• Website interaction methods

8.3. Types of Cookies

The Cookies we use include:

• Essential Cookies: Used to ensure basic website functionality
• Functional Cookies: Used to remember your preferences
• Analytics Cookies: Used to collect usage data to improve services
• Traffic Recording Cookies: Used to track web traffic for statistical purposes

8.4. Important Declarations

Please note:

• Cookies do not grant us access to your computer
• We do not collect personal data through Cookies
• Collected statistical data will be deleted after a period of time
• Cookies are only used to improve your browsing experience

8.5. Cookie Control

You can:

• Control Cookies through browser settings
• Choose to accept or reject Cookies
• Delete stored Cookies at any time

Please note that if you choose to disable Cookies:

• Some website functions may not be available
• Some services may not function properly
• Personalized experience may be affected

8.6. Cookie Consent

• When first using this website, we will seek your consent to use Cookies
• You can choose to accept all or some Cookies
• You can change Cookie preferences at any time

8.7. Cookie Retention Period

• Some Cookies are automatically deleted after closing the browser
• Some Cookies will expire after a specific period
• Cookie data for statistical purposes will be regularly cleared

9.1. Age Restrictions

The Company's services, applications, and platforms are only available to individuals aged 18 or above. We are committed to protecting the personal data of minors and take special measures to ensure their privacy is fully safeguarded.

9.2. Processing of Minor's Personal Data

The Company will not intentionally solicit or collect personal data from individuals under 18 without prior consent from parents or guardians.

If it is discovered that a minor's personal data has been provided to the Company without parental or guardian consent, all such data and related records will be deleted from the system and destroyed within a reasonable timeframe.

9.3. Parental and Guardian Rights

If you are a parent or legal guardian of a minor:

• You have the right to request access to the minor's personal data held by the Company.
• You have the right to request correction or deletion of the minor's personal data held by the Company.
• You have the right to withdraw consent previously given by you or the minor.
• To exercise any of the above rights, please immediately notify the Company's Data Protection Officer through cs@workingbird.com.hk and provide relevant supporting documents. The Company will prioritize processing your request.

9.4. Protection Measures

To protect minors, the Company:

• Requires users to confirm their age before providing services; and
• Has age verification mechanisms in place.

9.5. Your Confirmation

Using the Company's services indicates that you:

• Confirm that you are aged 18 or above;
• Agree to our collection and use of personal data in accordance with this Policy; and
• Understand that consent can be withdrawn at any time.

9.6. Data Deletion Commitment

After receiving a request to delete a minor's personal data, the Company will:

• Immediately stop processing the relevant personal data;
• Complete deletion within a reasonable timeframe;
• Ensure that the relevant personal data will not be further used; and
• Notify relevant data recipients to stop using such personal data.

10.1. Update Rights

To properly manage, protect, and process your personal data, the Company will regularly review current policies, procedures, and processes. The Company reserves all rights to change, revise, and update this Policy at any time in response to the following circumstances:

• Changes in laws and regulations;
• Business development needs;
• Technical update requirements and/or
• User feedback.

10.2. Update Notifications

When there are important updates to this Policy:

• The Company will provide advance notice to you, explaining the modification intentions and relevant rationale;
• The modified policy text will be published on this webpage;
• Updated content will be marked with revision dates; and
• Major changes will be specially marked.

10.3. Effective Arrangements

Regarding the effectiveness of updated policies:

• Revised versions will take effect immediately upon publication; and
• If you continue to use our services after policy updates, it indicates your acceptance and agreement to the relevant updated terms.

10.4. Your Responsibilities

We recommend that you:

• Regularly review this Policy;
• Pay attention to notifications about any updates to this Policy;
• Understand the content of policy updates; and
• Evaluate whether to accept and agree to the updated terms.

10.5. Objection Handling

If you have objections to any updates to this Policy:

• You may submit opinions to us via email at cs@workingbird.com.hk;
• You may choose to stop using the services; and/or
• You may exercise the rights listed in section 7.1 above.

If you have any questions about this Policy, or wish to exercise your rights regarding your personal data, please contact us through the following methods:

Email: cs@workingbird.com.hk

If there are any ambiguities or inconsistencies between the Chinese and English versions of this Policy, the English version shall prevail.

Using the services provided by the Company indicates your agreement to the Company's use of your personal data in the manner described above. You further agree to the Company's use of your personal data for the purposes described in section 3 above and related incidental purposes.

1. Purposes of Collection

The Company may collect, use, process, and retain your personal data for one or more of the following purposes:

Service Provision and Management

To process your account registration, management, and identity verification; to provide, maintain, and improve the services of the Platform; to fulfill our contractual obligations to you; and to handle your enquiries, comments, and complaints, and provide customer support.

Platform Optimization and Analysis

To conduct internal statistical surveys and analysis; to evaluate and enhance user experience; to monitor service quality; to analyze user behavior and preferences; and to conduct market research.

Communication and Security

To conduct necessary communication with you, including sending service notifications and updates; to safeguard network and data security, and to maintain the information security of the Platform; and to prevent fraud and abuse.

Legal and Compliance

To comply with the requirements of applicable laws, regulations, or court orders in Hong Kong; to respond to legal processes or enquiries from regulatory authorities; and to exercise or defend the legal rights of the Company.

Direct Marketing

Upon obtaining your explicit consent, to use your name and contact information (including email address, correspondence address, and mobile phone number) to promote the Company's services, related products, offers, and promotional activities to you. You may, at any time, request to stop receiving any direct marketing information free of charge by using the unsubscribe link provided in our promotional messages or by emailing us at cs@workingbird.com.hk.

2. Classes of Transferees

The Company will keep your personal data confidential but may, for the purposes stated above, transfer or disclose your data to the following classes of recipients (regardless of whether they are located within or outside Hong Kong):

Internal Units of the Company

Our associated companies, authorized staff members, and other internal units for which such information is necessary for operational purposes.

External Service Providers and Business Partners

Third-party service providers, professional advisors, and business partners who provide administrative, technical, data processing, payment, identity verification, cloud storage, legal, accounting, insurance, or other services to the Company.

Government or Regulatory Bodies

Any government department, law enforcement agency, or regulatory authority to whom we are required to disclose information under the law or to comply with regulatory obligations.

Other Third Parties

Advertising and marketing partners, and research and analytics service providers who provide support services to achieve the purposes stated above.

Where cross-border data transfer is involved, the Company will take appropriate measures to ensure that the data recipient has a level of data protection comparable to the standard of the PDPO in Hong Kong.

3. Obligation and Consequences of Providing Data

The provision of your personal data to the Company is voluntary. However, should you fail to provide the accurate information we require, it may result in the Company being unable to process your service application, provide all or part of the Platform's functionalities, or communicate with you effectively.

4. Rights of Access and Correction of Data

In accordance with the PDPO, you have the right to access the personal data we hold about you and to request the correction of any inaccuracies. We have the right to charge a reasonable fee for processing your data access request.

Should you wish to exercise these rights, please contact our Data Protection Officer in writing via the following channel:

Data Protection Officer Email: cs@workingbird.com.hk

This statement may be amended from time to time. Any changes will be posted on the Platform.