Privacy Policy

Effective starting 20 Dec 2021

Jockey Club TourHeart+

Data Privacy and Security Policy

This policy sets out how Jockey Club TourHeart+ and its subsidiaries (collectively, "JCTH+", "we", "our" or "us") collect, use, store and handle personal data, and contains details on:

1. what information we collect about you when you visit our website, use our Products or Services, or otherwise interact with us;
2. how we use, share, store, handle and secure the information; and
3. how you may access and control the information.

We undertake to comply with the requirements of the Cap.486 Personal Data (Privacy) Ordinance and CUHK’s University Guidelines on Personal Data Protection that your personal data is accurate, securely kept and used only for statistical and service promotional purposes.

In this policy:

"Personal Information" refers to personal information and particulars provided by you and all information collected, generated and compiled by us about you from time to time;

"Platform" means our website being https://www.jctourheart.org, our application and any such other medium on which we rely to promote and conduct the Project from time to time; and

"Products [or Services]" means such content, courses, products or services, both online and offline, related to research, assessment, evaluation, psychoeducation, psychological interventions and stepped care provided by JCTH+.

"Project" is as defined in our Terms of Service.

1. What information we collect about you

a) We collect the following types of information about you:

 i. account and profile information that you provide when you register for an account or sign up for our Products or Services on our Platform, for example your name, email address, physical address and telephone number (collectively, "Account Data");

ii. information you provide through our support channels, for example when you report a problem to us or interact with our support team, including any contact information, documentation, or screenshots (collectively, "Support Data");

iii. content you provide through use of our Products or Services, for example information contained in the documents that you create in our app (collectively, "User Content");

iv. communication, marketing, and other preferences that you set when you set up your account or profile, or when you participate in a survey or a questionnaire that we send you (collectively, "Preference Data");

v. information about your device or Internet connection, for example your internet protocol (IP) address, browser information and information we collect through cookies pursuant to our Cookies Policy and other data collection technologies (collectively, "Technical Data"); and

vi. information about your use of or visit to our Platform, for example your clickstream to, through, and from our Platform, Products you view, use, or search for, download or other errors, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods to browse away from the page (collectively, "Usage Data").

2. Purposes of collection and use

a) We only use your Personal Information where the relevant laws and regulations allow us to. We use your Personal Information only where:

i. we need to perform the contract we have with you, including to operate our Products or Services, to provide customer support and personalised features, and to protect the security of our Platform;

ii. we use it for research and development to improve our Products or Services, and in order to protect our legal rights and interests;

iii. we need to comply with a legal or regulatory obligation.

b) If you have given us consent to use your Personal Information for a specific purpose, you have the right to withdraw your consent at any time by contacting us (please refer to paragraph 12 for contact information), but please note this will not affect any use of your information that has already taken place.

c) We would only share your Personal Information with our subsidiaries, affiliates, holding companies, joint ventures and associated companies (the 「Group」) for marketing purpose with your express specific consent.

d) For visitors to or users of our Platform who are located in the European Union, we have set out our legal bases for processing your information in the Legal Bases Table at the end of this policy.

3. Disclosure and Transfer of Personal Data

To facilitate the purposes mentioned in paragraph 2 above, we may transfer, disclose, grant access to or share your Personal Information with third parties located within or outside Hong Kong, and your Personal Information may be transferred within or outside Hong Kong subject to the following:

a) We will disclose Personal Information when required to do so by law, for example, in response to a court order or requests from law enforcement agencies or regulatory authorities.

b) We may share your Personal Information with third parties such as employees, related companies, including members of our Group, joint venture partners, agents, independent contractors, business partners and Service providers (such as cloud service provider), as necessary for any of the purposes stated above. In addition to adhering to the guidelines promulgated by the PDPO from time to time, where Personal Information is provided to third party organizations, the Personal Information will only be transferred to such third parties that, amongst others, respect privacy, offer sufficient guarantees in respect of the technical competence and organisational measures governing the use and processing of personal data, and that have a good track record on data protection, are subject to our periodic audits and owe a duty of confidentiality to JCTH+ or any other relevant Group members.

c) We will not use Open API to share your Personal Information without your consent.

d) If you use any third-party software in connection with our Products or Services, for example any third-party software that our Platform integrates with, you might give the third-party software provider access to your account and information. Policies and procedures of third-party software providers are not controlled by us, and this policy does not cover how your information is collected or used by third-party software providers. We encourage you to review the privacy policies of third-party software providers before you use the third-party software.

e) Our Platform may contain links to third-party websites over which we have no control. If you follow a link to any of these websites or submit information to them, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before you submit information to them.

4. Accuracy of Personal Data

a) We have certain procedures in place to maintain Personal Information at a reasonable level of accuracy, completeness, and relevancy for the purpose for which the Personal Information is to be used. We aim to keep your data accurate and up to date. However, we rely on you to disclose all material information to us and to inform us of any errors or changes in such information.

b) Individuals may amend their Personal Information, as appropriate, set out in 「Your rights」 section below.

5. Retention of Personal Data

a) Our policy is to retain Personal Information no longer than is required to fulfil the purpose (or any directly related purpose) for which the data was to be used, subject to legal, statutory and regulatory requirements mandating the retention of data. After such time, we will delete or anonymise your Personal Information, or if this is not possible, we will securely store your Personal Information and isolate it from further use. We periodically review the basis and appropriateness of our data retention policy based on the prevailing laws and regulations.

6. Security of Personal Data

a) We have put in place appropriate physical, electronic, and managerial procedures to safeguard and help protect Personal Information against unauthorized or accidental access, processing, erasure or other use.

b) We have adopted the following measures to protect the security and integrity of your Personal Information:

 i. any document that you create, store, and e-sign in our app is stored in encrypted form on disk and securely transmitted with TLS/SSL encryption;

 ii. any payment transactions are encrypted using TLS/SSL technology;

iii. access to your Personal Information is restricted to personnel or service providers on a strictly need-to-know basis, who will only process your Personal Information based on our instructions and who are subject to a duty of confidentiality; and

iv. our security practice in respect of information collection, storage, and processing practices are reviewed regularly.

c) We have put in place procedures to deal with any suspected privacy breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

d) While we implement safeguards designed to protect your Personal Information, please note that no transmission of information on the Internet is completely secure. We cannot guarantee that your Personal Information, during transmission through the Internet or while stored on our systems or processed by us, is absolutely safe and secure.

7. Direct Marketing

a) If we intend to use your Personal Information (including your name and contact details) collected from you for direct marketing purposes (e.g. to send you marketing communications about research activities, news, offers or promotions, in relation to the Products or Services of JCTH+ and the Group), we will first obtain your consent (or an indication of no objection) before doing so.

b) If we intend to provide your Personal Information (including your name and contact details) collected from you to third parties for their use in direct marketing, we will first obtain your consent (or an indication of no objection) before doing so.

c) You may opt out of receiving marketing materials from us by using the unsubscribe link in our communications or by contacting us (please refer to paragraph 12 for contact information). Please note, however, that even if you opt out from receiving marketing materials from us, you will continue to receive notifications or information from us that are necessary for the use of our Products or Services.

8. Your rights

a) You have the right to:

i. be informed of what we do with your Personal Information;

ii. request a copy of Personal Information we hold about you;

iii. require us to correct any inaccuracy or error in any Personal Information we hold about you;

iv. request erasure of your Personal Information (note, however, that we may not always be able to comply with your request of erasure if the Personal Information is still necessary for the purpose which we originally collected it for, or for record keeping or legal compliance purposes);

v. object to or restrict the processing by us of your Personal Information (including for marketing purposes);

vi. request to receive some of your Personal Information in a structured, commonly used, and machine-readable format, and request that we transfer such information to another party; and

vii. withdraw your consent at any time where we are relying on consent to process your Personal Information (although this will not affect the lawfulness of any processing carried out before you withdraw your consent).

b) Our Platform enables you to update certain information about yourself, for example you may change your business or Personal Information by updating your account settings in our app.

c) As a security measure, we may need specific information from you to help us confirm your identity when processing your privacy requests or when you exercise your rights.

d) Any request under this paragraph will normally be addressed free of charge. However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive, or excessive.

e) We will respond to all legitimate requests within forty (40) days. Occasionally, it may take us longer than 40 days if your request is particularly complex or if you have made a number of requests.

9. Changes to this policy

This policy may be amended from time to time. You may access and obtain a copy of this Policy, as amended from time to time, at [Link] so that you are always informed of the way we collect and use Personal Information.

10. Policy towards children

a) Our Products and Services are not directed to individuals under 16. We do not knowingly collect Personal Information from individuals under 16. If we become aware that an individual under 16 has provided us with Personal Information, we will take steps to delete such information. Contact us if you believe that we have mistakenly or unintentionally collected information from an individual under 16.

b) Specifically, in the People’s Republic of China, we will not knowingly collect or maintain Personal Data from persons who are under 14 years of age without prior consent from a parent or guardian; and will only collect or maintain Personal Information from persons between 14 and 18 years of age if explicit consent has been obtained from such person or his/her parent or guardian.

11. Language

a) This policy is written in the English language and may be translated into Chinese. In the event of any inconsistency between the English version and the translated version of this policy, the English version shall prevail.

12. Contact us

a) Please contact us atjctourheart@cuhk.edu.hk or submit any written request to:

Jockey Club TourHeart+ Project

326C 3rd Floor, Sino Building, Department of Psychology, CUHK, Shatin, N.T. Hong Kong

Tel: +852 3943-3462

Attn: Professor Winnie W.S. Mak

b) Please contact us in the first instance if you have any questions or concerns. If you have unresolved concerns, you have the right to file a complaint with a data protection authority in the country where you live or work or where you feel your rights have been infringed.

LEGAL BASES TABLE