Privacy and Cookies Policy
It also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the section What rights do I have?.
What Information Do We Collect?
We collect and process personal data about you when you:
- visit and/or register on any websites owned and operated by us (including ) (collectively, our Site);
- place an order with us as a guest or as a registered user on our Site;
- use a third-party service offered by service providers such as analytics companies, advertising networks and cooperatives, demographic companies, and any other third party service providers that we choose to collaborate or work with, and we obtain your personal data from those third parties;
- provide us with your personal data via: our physical stores, social media platforms/networks, websites, emails or telephone enquiries, your application for or use of our services or loyalty programmes (such as our membership programme);
- All direct payment gateways offered by our Site and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
- visit our physical stores or any other of our locations and your image is captured by our security CCTV (if applicable); and
- visit our physical stores or any other of our locations, and our data analytics cameras carry out real-time data analyses based on your image for statistical research purposes on an anonymous and aggregated basis as set out in our Data Analytics Policy (If Applicable) (see Section 13 below). The only personal data that will be collected and processed and used to analyse pathways throughout the store will be your facial biometric template derived from your facial image (i.e. numeric information describing different facial features).
How Do We Use This Information, And What Is The Legal Basis For This Use?
We process personal data for the following purposes:
To conduct our business and pursue legitimate interests, in particular:
- To provide our services to you, including: responding to any questions you may have, providing you with recommendations on products in our stores or on our Site; maintaining your shopping cart on our Site; assessing your applications with us for any of our services or loyalty programmes; providing our Membership Card to you; fulfilling any orders you may make with us (including verification and security checks of your details, processing of your payments, shipping products that you have ordered to you, and processing returns or exchanges of products you have purchased); personalizing our services to you and enhancing your experience in using our services; and
- We monitor use of our Site and our services (both online and offline), and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline;
- To analyse trends, usage, browsing and shopping behaviour with us (whether on an individualized or anonymized and aggregated basis), which helps us better understand how you and our collective customer base access and use our Site, stores and services, for the purposes of:
- improving our services;
- to respond to customer desires and preferences;
- measuring the effectiveness of our marketing campaigns;
- conducting marketing activities targeted at external, potential customers (on an aggregated and anonymized basis only); and
- crowdsource data analytics and hackathon activities (on an aggregated and anonymized basis only).
When you give us consent (if required):
- To provide you with direct marketing communications in relation to products, services, events, offers or promotions under the categories stated below, provided by: (a) us or our related companies (including our affiliate and subsidiary companies), (b) business partners, and (c) other third party providers. Such marketing communications may be in various forms, including advertisements, special events notifications or newsletters, and delivered via various methods in accordance with the personal data that you provide to us, such as by email, SMS, WeChat messages, smartphone app push notifications, notifications on your social media pages, in–app messaging or postal mail.
Such marketing communications may market or offer products or services (including special events and promotions) in the following categories: Dining, food and beverages, sports, music, film, television and other entertainment, clothing and accessories, jewellery, luggage and bags, cosmetics, personal health and hygiene, electronics, home furnishings, and housewares, automobiles, transport and travel, hotels, financial services, loyalty and reward programs, media services, entertainment services, social networking services, payment services, on-line advertising services, other e-commerce, information and communications and services, concierge services, and other products and services related to any of the foregoing, which we think may be relevant to you based on information you provide to us (for instance, via your participation in our surveys); and
- To allow you to register for and participate in our events and promotions, including verifying your identity at those events and promotions.
For purposes which are required by law:
- In response to requests by government or law enforcement authorities conducting an investigation.
Relying On Our Legitimate Interests
We have carried out an assessment on all the data processing activities described above in order to weigh up any privacy implications against our legitimate business interests. You can obtain information on any of our assessments by contacting us using the details set out later in this policy.
Withdrawing Consent Or Otherwise Objecting To Direct Marketing
Wherever we require your consent under applicable law, you will always be able to withdraw any consent provided to us. We shall cease to use your personal data for the purpose in respect of which you have withdrawn your consent, but we may still use, process, store and transfer your data for other purposes, such as those set out above. Specifically, in the case of customers from the European Economic Area (EEA), we are able to send you direct marketing without your consent, where we rely on our business or legitimate interests. Irrespective of the legal basis on which we rely to send you direct marketing, you have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by: (a) contacting our Privacy Officer at or sending your request by post; or (b) in the case of direct marketing emails, by clicking the unsubscribe link at the bottom of such emails.
Who Will We Share This Data With, Where and When?
We will share your personal data with the related companies of Harmony Moment Limited for the purposes set out in How do we use this information, and what is the legal basis for this use? section above.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes set out in How do we use this information, and what is the legal basis for this use? section above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data will also be shared with third party service providers, who will process it on our behalf for the purposes identified in Clause 3 above. In particular, we use the following third party providers:
- Courier services;
- Payment Services;
- E-mail/SMS/MMS/WeChat/Whatsapp blasting services;
- Telecom companies;
- Data storage and cloud service providers (for storage of your personal data and hosting of applications that process your personal data for the purposes identified in this policy);
- Google, Facebook and other advertising networks (for matching of your personal data with their database in order to send you our direct marketing materials through your Google and/or Facebook account(s));
- Data analytics and hackathon service providers and agencies (for the purposes stated in Clause How do we use this information, and what is the legal basis for this use? section above, in which only anonymized data will be sent to service providers for those purposes in Subclauses How do we use this information, and what is the legal basis for this use? section above)
Your data, in an anonymous form such that your identity cannot be ascertained, may also be sold to third parties for their own purposes.
In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
If you are located in the EEA, where information is transferred outside the EEA, and where this is to a business partner or third party service provider in a country that is not subject to an adequacy decision by the EU Commission, data will be adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or third party or business partner’s Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request to the contact mentioned in the section How do I get in touch with you below. Your personal data may be transferred to Hong Kong and Macao Special Administrative Regions, Mainland China, Taiwan Region, Indonesia, Singapore, Australia, United States, and Japan.
What rights do I have?
Where permitted by law, you have the right to ask us for a copy of your personal data; to correct , delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us in a structured, machine readable format, and to ask us to share (port) this data to another controller.
In addition, if you are located in the EEA you can object to the processing of your personal data in some circumstances (in particular, where we do not have to process the data for business or other legitimate interests, purposes for which consent has been given (including direct marketing) or other legal requirements).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are available under applicable laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests assessment, you can get in touch with us – or our privacy officer – using the details set out below. (Applicable only if you are located in EEA: If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.)
How Do I Get In Touch With You?
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at . You may also access, verify or update your personal data by logging into the Site.
Who Is The Data Controller?
The data controllers are Harmony Moment Limited, and its related companies; contact details can be found in the section How do I get in touch with you above.
How Long Will My Data Be Kept?
Where we process registration data, we do this for as long as you are an active user of our Site and it is required for business and legitimate interests or legal requirement.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in the future.
(Applicable if you are located in EEA only) Where we process personal data for site security purposes, we retain it for 7 years after any business and legitimate interests no longer exists, and where we process personal data in connection with performing a contract or for a competition, we keep the data for 7 years from your last interaction with us.
(if Applicable) We will not keep the images captured by our analytics cameras for more than 1 day, and such images will be anonymized and aggregated before any use of the same for the purposes stated in How do we use this information, and what is the legal basis for this use? section above.
Web browser cookies.
What is a cookie?
A cookie contains a small amount of data and (typically) a unique identifier. When you access any of our websites or platforms (or those of third-party providers) a cookie will be sent to your device. The cookie records information about your online preferences and therefore allows us to tailor our websites and any contact with you to your specific interests.
The information we obtain by monitoring all visits to our websites enables us to improve, through anonymous analysis, our services to our customers and visitors.
Your web browser may also provide us with information concerning your device, such as an IP address or details about the browser you are using. For example, if you are looking at a specific location or property, we may use your location to ensure that any web pages or communications are tailored to you.
Please note, you are able to change your cookies settings to control access to any device you are using.
Visitor Analytics is a simple website analytics service which measures the traffic and visitors' general details of our website. Collecting these statistics, we can make our website visitors' experience better (e.g. which pages they visit and when, where they are approximately located, where does a user land first or if they are coming from a specific referral).
Basically, as a website owner using Visitor Analytics, we are using cookies to collect data about our visitors' device type and screen size, approximate location, browser, OS, IPs, page visits, bounce rate, conversions and popular content on the website. All this data is pseudonymized and Visitor Analytics will never use the collected data to identify individual users or to match it with additional information on an individual user. Each visitor has control over the placement of cookies.
Visitor Recordings is an additional feature to Visitor Analytics (described above) in the form of a simple website replay tool that records where our website visitors scrolled to and what they clicked on our website. We can see this information in playbacks and so called heatmaps. Collecting these statistics helps us to make our website more user-friendly and to reproduce and fix technical errors.
Basically, as a website owner using Visitor Recordings, we are using a snippet of tracking code to collect data about our visitors’ journey on our websites, so which subpages they visit, what they clicked on, where they moved their mouse cursor to and where they scrolled. All this data is pseudonymized and Visitor Analytics will never use the collected data to identify individual users or to match it with additional information on an individual user.
How to control cookies
You can control and/or delete cookies as you wish by checking your browser settings on each device - for details, see our About Cookies page.
Changes to our privacy and cookies policy.
We may make changes and update our privacy and cookies policy from time to time and in accordance with updated legislation. Any such changes will be shown here as part of our privacy and cookies policy and will apply from the date that they are published. We are unable to contact you directly to inform you of these changes, other than in response to a specific request made to our Privacy Officer as referred to above.
Effective on 01 April 2020