This Privacy Policy applies to the products, services, website(s) provided, mobile application(s) provided and/or the business conducted, by COMEDI HEALTH TECHNOLOGY LIMITED (“COMEDI”, “we”, “our”, “us”, “the Company”) and explains how we handle Personal Data and comply with the requirements of Hong Kong SAR’s Personal Data (Privacy) Ordinance (“PDPO”). COMEDI takes the security and privacy of the Personal Data of its customers and users of its website(s) (such as www.comedi.com.hk) and of COMEDI’s mobile application(s) (such website(s) and mobile application(s) may be collectively or individually referred to as the “Comedi Health”; our mobile application(s) may be referred to as the “App”) very seriously.

This Privacy Policy will assist you in understanding how we collect, use, disclose and/or process the Personal Data you have provided to us or that we possess about you, as well as to assist you in making an informed decision before providing us with any of your Personal Data. The term “Personal Data” refers to information that is connected to you as an identifiable individual, defined under the PDPO to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access (“Personal Data”).

We may collect, use and hold a range of different Data about you. For purposes in connection with the provision of the Services and complying with laws, rules, guidelines, regulations and/or requests issued by applicable government authorities, courts, law enforcement or other authorities or regulatory bodies, you may be requested to provide Data such as, but not limited to:

(a) the name, date of birth and other details documented on your identification document (e.g. Hong Kong Identity Card and Passport);

(b) contact details, including name, address, phone number, mobile telephone number and email address;

(c) Data that you have shared with third party social media platform operators (e.g. account login name, profile picture, contact details);

(d) Data which you have uploaded onto our platform for storage via certain health devices;

(e) health information, including medical concerns, self-reported symptoms, existing medications, allergies and diagnosis;

(f) messages exchanges between you and our staff or representatives;

(g) insurance information;

(h) payment details, including credit card, debit card and other electronic banking Data;

(i) account details or Data relating to Services registered with us, including the relevant PIN, username or password, account numbers and/or service numbers;

(j) device specific information, such as hardware model, operating system, version, unique device identifier, serial numbers, setting configurations and software and mobile network configuration;

(k) information about how you use our Services, such as your network usage, how you use our network, and your location when you are using our Services;

(l) information that allows us to identify you for verification purpose, including biometric information like your fingerprints and voice pattern;

(m) health and biometric information (which could be provided to us when you use our Services);

(n) your credit and service history to enable us to assess your eligibility to our offers of Services or to accommodate your request for transfer of Services or your account with us;

(o) all Data requested by applicable government authorities, courts, law enforcement or other authorities or regulatory bodies to enable us to comply with or in connection with any law, rule, regulation, judgment or court order (whether within or outside of Hong Kong); and

(p) any other Data as may be required by us and our representatives and/or their respective contractors, sub-contractors, agents, representatives, business partners or representatives, service providers, healthcare providers, healthcare professionals (including doctors, dietitians, physiotherapists, psychologists, nurses, pharmacists and other medical and healthcare staff) from time to time and which is necessary for the provision of the Services and/or for your access to medical and healthcare consultation and prescription services provided by healthcare providers and/or healthcare professionals (collectively, the “Medical Consultation Services”) through our platform.

The use of information received from Health Connect will adhere to the Health Connect Permissions Policy, including the Limited Use requirements.

Provision of the Special Data mentioned immediately above is optional, although where the requested Service is a personalised Service or provision of the Service is dependent upon your provision of all requested Data, failure to provide the requested Data may prevent us from providing those particular Services to you.

Occasionally, you may need to provide Data about other individuals to us (e.g. when you request for a service on behalf of another individual). If so, we may require you to confirm your compliance with Part VIA of the Ordinance including confirming that you have informed those individuals of the use, disclosure and transfer of Data from you to us and from us to third parties and possible disclosure of the individual’s details (including their usage of our Services) by us to you; and that you have obtained those individuals’ authorisation and/or consent to such use, disclosure and transfer (or the extent to which such authorisation and/or consent was obtained). You should also advise them that we can be contacted for further information at the details stated under the “How to contact us” section below.

Data supplied by you will be held by us and will be accessible by our employees and authorised third parties specified below (consistent with the situations or for the purposes set out in this Privacy Statement) or as otherwise indicated by prior notice to you or, where required, by obtaining your consent.

In some instances, where required by law to do so, we may seek your consent to process the following types of “Special Data” to us so that we may further improve our Services and/or better tailor the type of information or content that we present to you. If you, at any time, have any queries about this Privacy Policy or any other queries in relation to how we may manage, protect and/or process your Personal Data, please email our Data Protection Officer at privacy@comedi.com.hk. This Privacy Policy is subject to Hong Kong SAR laws.

Purpose of collection and use of Personal Data

1.1 You need not supply any personal data in order to access the Company’s website or App. When you participate in, access or sign up to any of the Services, personal data is collected from you to enable us to provide you with the Services. You may decline to provide us with the requested personal data, but in such case we may not be able to provide the Services to you. By submitting your personal data you consent to the use of that data as set out in this Privacy Policy Statement.

Children’s Privacy

2.1 We do not and do not intend to, transact through Comedi Health directly with anyone we know to be under the age of 18. If you are under the age of 18, you should use Comedi Health only with the involvement of a parent or guardian and should not submit any Personal Data to us. By providing any Personal Data to us, you declare that you are over the age of 18.

Purposes For Collection, Use, Disclosure And Processing Of Personal Data

3.1 COMEDI will/may collect, use, disclose and/or process your Personal Data for one or more of the following purposes or any other directly related purposes:

(a) administering, facilitating, processing and/or dealing in any matters relating to your use or access of Comedi Health. Without limiting the generality of the foregoing, if you:

(i) gain access to or sign into Comedi Health, using your login credentials of a Social Networking Site, or;

(ii) use any features of a Social Networking Site such as its widgets, plug-ins and browser push notifications, made available to you on Comedi Health.

(b) monitoring, processing and/or tracking your use of Comedi Health in order to provide you with a seamless experience, facilitating or administering your use of the Comedi Health, and/or to assist us in improving your experience in using the Comedi Health;

(c) assessing and processing your request for the purchase of and/or subscription to our products and/or services;

(d) registering you as a customer of COMEDI and/or to deal with, process and/or administer the account that you may open with us, including to facilitate your transactions or activities on Comedi Health, or your transactions or activities with us;

(e) administering, facilitating, processing and/or dealing with your relationship with us, any transactions or activities carried out by you on Comedi Health. This includes processing your application, orders and payment transactions; implementing transactions and the supply of products and/or services to you that you have requested.

(f) carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf including responding to your customer service enquiries and complaints; or responding to or dealing with your interactions with us;

(g) contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your use of Comedi Health, your COMEDI membership and/or account with us, your relationship with us or any transactions made by you with us. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain Personal Data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;

(h) providing services to you as our account holder, as our customer, as a member of our loyalty program(s) or when requested by you; dealing with or administering your participation in contests, gamification, social events organized by us;

(i) sharing or disclosing (at our discretion) your suggestions, comments, feedback or content (including audio, video etc.) (collectively “Feedback”) that you provide through Social Networking Sites, to Comedi Health or to us, with other users of Comedi Health or with the public, for publicity and/or promotion purposes with a view to marketing or showcasing the business of COMEDI, and/or to acquiring customers, and/or for the purpose of providing the public with your Feedback which may be useful for the public’s purchasing decision or for the public’s information or otherwise. This includes us disclosing your name together with your Feedback. Without limiting the generality of the foregoing, in the above regard, your Feedback and name may/will be published or shared by us on public media platforms such as the newspaper, the Internet, in our (including our affiliates’) annual reports (if any) etc., and/or incorporated as part of Comedi’s marketing collaterals/materials or corporate video to be disclosed to the public, and you hereby consent to the same. Do not provide us with Feedback if you do not wish for such Feedback to be disclosed to the public. If you wish to give us your Feedback without it being disclosed to the public, please separately email our Customer Service Department at enquiry@comedi.com.hk of your email with the word “Confidential”;

(j) carrying out due diligence or other screening activities (including background checks) in accordance with Hong Kong’s legal or regulatory obligations;

(k) to prevent, investigate or prevent any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with and/or investigating complaints;

(l) making such disclosures as required by applicable laws, rules and regulations;

(m) conducting market research, statistical analysis and behavioral analysis to improve our services and facilities, or to improve our understanding of your interests, concerns and preferences, in order to enhance any continued interaction between yourself and us connected or in relation to Comedi Health, or improve any of our products or services. Without limiting the generality of the foregoing, we may/will in this regard send you surveys or request a face to face interview survey, by way of email or postal mail;

(n) storing, hosting, backing up (whether for disaster recovery or otherwise) of your Personal Data, whether within or outside Hong Kong SAR;

(o) facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of COMEDI or that of its affiliates/related corporations;

(p) for marketing purpose and in this regard, we would be providing you with marketing, advertising and promotional information, materials and/or documents relating to products, contests, services and/or events(including those of third party organisations whom COMEDI may collaborate with as set out in paragraph 4.1 below) hat COMEDI (including its affiliates/related corporations)or such third party organisations set out in paragraph 4.1 below may be selling, marketing, offering, organizing, involved in or promoting, whether such products, services and/or events exist now or are created in the future:

(i) by way of postal mail, electronic transmission to your email address(es), push notifications, other forms of in-app notifications or harnessing other technologies (such as geo-location technology) for our App on your mobile device(s) or other technologies on your computers, and/or through other modes of communication that is not the 3 DNC Modes, in compliance with the PDPO. You may opt out of this or withdraw from this at any time by sending an email to our Data Protection Officer.; and/or

(ii) if you have separately expressly consented to one or more of the following 3 DNC Modes, by way of the 3 modes of communications of voice calls, text messages or faxes (the “3 DNC Modes”) to your Hong Kong SAR telephone number, in compliance with the requirements of the PDPO.

For the avoidance of doubt, this subparagraph is without prejudice to subparagraph (m) above for which you have hereby consented to us contacting you for a survey, which you may subsequently opt out of by sending our Data Protection Officer notice;

(q) dealing with and/or facilitating a business asset transaction or a potential business asset transaction, where such transaction involves COMEDI as a participant or involves only a related corporation or affiliated company of COMEDI as a participant or involves COMEDI and/or any one or more of COMEDI’s related corporations or affiliated companies as participant(s), and there may be other third party organisations who are participants in such transaction. “business asset transaction” means the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation;

(r) to implement and maintain our information technology systems, including to store and process Personal Data in computer databases and servers located within and outside Hong Kong SAR;

(s) anonymization of your Personal Data. In this regard, you acknowledge that Personal Data that has been anonymized to the extent that your identity could not be practicably revealed directly or indirectly is no longer Personal Data and the requirements of the PDPO would no longer apply to such anonymized data.In this connection, we will not attempt to re-identify any individuals from anonymised data or to use the information or any individuals even if re-identification is possible;

(t) record-keeping purposes and producing statistics and research for internal and/or statutory reporting and/or record-keeping requirements, of COMEDI or of its affiliates/related corporations; and

(u) COMEDI’s reporting purposes including but not limited to reporting on COMEDI’s business performance;

(the purposes set out in this paragraph 3.1 above shall be collectively referred to as the “Purposes”).

3.2 For the avoidance of doubt, you acknowledge and consent to COMEDI sharing anonymised information such as but not limited to in the following circumstances. For the further avoidance of doubt, the PDPO does not apply to anonymised data that does not identify an individual and the PDPO does not provide you with a right to object to an organisation handling or processing anonymised data:

(a) Aggregate information. We may share anonymised aggregate information about our customers with advertisers and marketing partners;

(b) Behavioural-based advertising. A third party may use technology to collect anonymised information about your use of Comedi Health so that they can provide advertising about products and services tailored to your interest. That advertising may appear either when you are using Comedi Health, or using the Internet or your mobile device to visit other websites.

Sharing and Disclosure of Personal Information

4.1 All personal data collected and held by the Company will be kept confidential, but where disclosure is necessary for the Company to comply with any statutory obligations or requirements, or for the Company to provide the Services to you or to carry out the original purpose, or a directly related purpose, for which the personal data were collected, those data may be provided to the following parties (whether within or outside Hong Kong):

(a) Company’s associated companies, business partners, contractors, agents, sellers or suppliers of the goods/services, or other service operators, who are involved in the sales and marketing, administration or provision of the Services；

(b) Company’s business partners；

(c) Any other person under a duty of confidentiality to the Company including a member of its group of companies, IT consultants, data processors, auditors, accountants, or lawyers, which has undertaken to keep such information confidential; and

(d) Banks, financial institutions, insurance companies, credit card issuing companies or debt collection agencies.

(e) Competent court of law, law enforcement agencies, or other governmental or statutory authorities, institutions or organisations.

4.2 Any questions, comments, suggestions or information other than personal data sent or posted to our website, or any part of Comedi Health by you will be considered as voluntarily provided to the Company on a non-confidential and non-proprietary basis. We reserve the right to use, reproduce, disclose, transmit, publish and/or post elsewhere such information freely, including passing it to any associated company for example, in connection with the development and marketing of services and to meet user needs.

4.3 We may share non-personal data such as anonymised data and aggregated data relating to without limitation sales transactions, user traffic, logistics and warehouse performance publicly and with our partners including without limitation with existing and potential business partners, sellers or suppliers of the goods/services, start-up entrepreneurs and academics.

4.4 We will provide our preferred service providers with the information they need to perform their services and work with them to respect and protect your Personal Data. We require our service providers to adhere to strict privacy guidelines and not to use your Personal Data for unauthorised purposes.

4.5 Where your Personal Data is to be transferred out of Hong Kong SAR, we will comply with the PDPO in doing so.

Protecting and Managing Your Personal Data

5.1 All reasonable efforts are made to ensure that any personal data held by the Company is stored in a secure and safe place;

5.2 All personal data which we collect is kept confidential to the best of our ability. You will appreciate however, that we cannot guarantee the security of transmission.

5.3 If you purchase our business partners’ products or services, your personal data will be transferred to that business partner and your personal data will be used, processed, and stored in accordance with that business partner’s privacy policy, which is outside our control. Please refer to the relevant privacy policy of our business partner.

TRANSFER OF PERSONAL DATA OUTSIDE HONG KONG

6.1 If necessary, the Company may transfer the personal data to places outside the Hong Kong Special Administrative Region for carrying out the purposes, or the directly related purposes, for which the personal data were collected. All the transfer of those personal data will be carried out in compliance with the requirements of the PDPO.

RETENTION OF PERSONAL DATA

7.1 If you choose, or you are provided with, a user identification code, password or any other piece of information as part of our security procedures, you must treat such information as confidential. You must not disclose it to any third party. If your mobile number is used for account login, you shall ensure that timely update is made by logging in to your account at “Account Profile” when your mobile number is to be changed or returned to your mobile operator. This is important to ensure that your account information will not be accessed by a third party who may have acquired the right to use your discarded mobile number. You are solely responsible for securing your account in this particular way. We shall have no liability to you for any loss or damage in this regard.

DELETE ACCOUNT

8.1 If for some reason you ever want to delete your account (or account of your ward, if you act as his or her legal guardian), you can do that at any time after login in the app via the left Menu -> Account -> Delete Account, fill in the necessary information and press “Delete”. When an account is deleted, the profile information and any other content provided in the profile (such as the name, login, password, email addresses, and profile photos) are also deleted, unless the patient records, which the retention policy is under legitimate requirement of the electronic health ordinance.

USE OF COOKIES

9.1 COMEDI may use “cookies” (“Cookies”) to collect information about the use of the service by the user, which will help the user to return to the website. A “cookie” is a small piece of data sent by a web server that is stored in a web browser so that it can be read from the browser in the future. Currently, the data collected from the cookie file is used to improve the functionality of the service. The information provided by the COMEDI is organized and arranged based on the Company’s analysis of the user’s cumulative use of the service. Cookies help make the login process smoother and faster, as well as save data between calls.

9.2 You can turn off the cookie file function on your browser without affecting your browsing of the company’s website, but the cookie file does make the company’s services more convenient. Turning off the cookie file function may result in more complex use and more input procedures. You should also note that if you clear the cookie file function, it may affect some functions of the company’s services.

9.3 The company will not be held responsible for any personal loss caused by the use of “cookie files” to collect information.

Changes to this Privacy Policy

10.1 Our privacy practices will be continuously assessed against new technologies, business practices and our customers’ needs. As we update and diversify our services, our Privacy Policy may evolve. COMEDI reserves the right to change its Privacy Policy at any time and notify you by posting an updated version of the policy on Comedi Health. Please check the Comedi Health or send your request by email to privacy@comedi.com.hk. if you would like to receive the latest updated Privacy Policy.

LINKS

11.1 This Privacy Policy Statement only applies to the Company’s website. Our website may contain links to other sites and pages. By activating a link, such as for example by clicking on the banner of an advertiser, you leave our website and the Company does not exercise control over any personal data or any other information you give to any other entity after you have left our website. Access to and use of such other websites is at your own risk.

How to contact us

12.1 If you have any queries relating to our Privacy Policy, or if you wish to request for access to or correction of your Personal Data or to withdraw your consent, please contact or send your request to our Data Protection Officer by email to privacy@comedi.com.hk.

12.2 You may also contact us at the details above if you have a complaint about how we have handled your Personal Data. We will investigate your complaint and will use reasonable endeavours to respond to you in writing as soon as possible.

The Company reserves the right to charge you a reasonable fee for complying with a data access request as permitted by the PDPO.

In the event of any discrepancy or inconsistency between the English and Chinese versions of this Privacy Policy, the English version shall prevail.

We keep this Privacy Policy under regular review and place updates on Comedi Health from time to time.

Last Update: January 2024