1.2 Data Controller
Explora Consulting is a “data controller” of your personal data.
In simple terms, this means that we (i) “control” your personal data, including making sure that it is kept secure; and (ii) make certain decisions on how to use and protect your personal data, but only to the extent that we have informed you about the use or as otherwise permitted by law.
1.3 Contact Information and Complaints
Our full contact details are:
8th Floor, Morrison Commercial Building, No.31 Morrison Hill Road, Wan Chai, Hong Kong
Attn: Data Privacy Manager
If you are currently staying within the European Economic Area, you have the right to make a complaint at any time to your country’s supervisory authority for data protection issues. For a current list of national data protection authorities, please visit the European Data Protection Board’s website at https://edpb.europa.eu/about-edpb/board/members_en.
We would, however, appreciate the chance to deal with your concerns before you approach your country’s supervisory authority, so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
1.5 Third-Party Links
2. THE DATA WE COLLECT ABOUT YOU
2.1 The types of personal data we collect, use and store about you will depend on the services you have requested from us and/or the nature of your interaction with us. The personal data we store is adequate, relevant and limited to what is necessary for the purpose of processing with the utmost lawfulness, fairness and transparency. With the Platform, we store the provided raw data and enrich it with a set of machine learning engines to provide additional information and insight. When you are using our Product(s) and/or Website(s), we collect and process the following types of your personal data:-
- your first name, last name, username or similar identifier (“Identity Data”);
- your billing address, corporate email address and corporate telephone numbers (“Contact Data”);
- your organisation corporate bank account and payment card details (“Financial Data”);
- details about payments to and from you and other details of products and services you have purchased from us (“Transaction Data”);
- your IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Product(s) and/or Website(s) (“Technical Data”);
- your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses (“Profile Data”);
2.2 We further collect information about how you use the Product(s) and/or Website(s) (“Usage Data”), which is listed below:-
- Device and usage data: Data about your device and the product and features you use, including information about your hardware and software, how our Product(s) perform, as well as your settings
- Payment and account history: Data about your payment and activities associated with your account.
- Browse history: Data about the webpages you visit on our website(s).
- Device, connectivity, and configuration data: Data about your device, your device configuration, and nearby networks. For example, data about the operating systems and other software installed on your device, including product keys. In addition, IP address, device identifiers (such as the IMEI number for phones), regional and language settings, and information about WLAN access points near your device.
- Error reports and performance data: Data about the performance of the Product(s) and any problems you experience, including error reports. Error reports (sometimes called “crash dumps”) can include details of the software or hardware related to an error, contents of files opened when an error occurred, and data about other software on your device.
- Troubleshooting and help data: Data you provide when you contact Explora Consulting for help, such as the use of our Product(s) and/or Website(s), and other details that help us provide support. For example, contact or authentication data, the content of your communications with Explora Consulting, data about the condition of your device, and the use of our Product(s) and/or Website(s) related to your help inquiry. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.
- Searches and commands: Search queries and commands when you use our Product(s) and/or Website(s) with search or related productivity functionality.
- Voice data: Your voice data, such as the search queries or commands you speak.
- Text, inking, and typing data: Text, inking, and typing data and related information. For example, when we collect inking data, we collect information about the placement of your inking instrument on your device.
- Images and related information, such as picture metadata: we collect metadata from our client’s interaction with the Product(s) only for platform improvement and troubleshooting. For example, we collect the image you provide when you use a Bing image-enabled service.
- Contacts and relationship: Data about your contacts and relationships if you use a product to share information with others, manage contacts, communicate with others, or improve your productivity.
- Dummy data: we generate such data for testing.
- Location data: Data about your device’s location, which can be either precise or imprecise. For example, we collect location data using Global Navigation Satellite System (GNSS) (e.g., GPS) and data about nearby cell towers and Wi-Fi hotspots. Location can also be inferred from a device’s IP address or data in your account profile that indicates where it is located with less precision, such as at a city or postal code level.
- your preferences in receiving marketing from us and our third parties and your communication preferences (“Marketing and Communications Data”).
- Client’s store staff data: store staff ID, first name, middle name, last name, Chinese name, email for purpose of sales performance analysis.
2.3 We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data), nor do we collect any information about criminal convictions and offences. Furthermore, we do not modify private data, use our clients’ data for our internal purpose nor sell our client’s data, any insight from our client’s analysis or meta data collected from our client’s interaction with the Product(s).
3. HOW WE COLLECT YOUR DATA
3.1 Direct Interactions
We collect Identity Data, Contact Data and Financial Data about you that you provide to us by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:-
- apply for our products or services;
- register on our Product(s) and/or Website(s);
- request other marketing material to be sent to you;
- look for support services from us;
- give us feedback or contact us in any way or form.
3.2 Automated Technologies and Interactions
As you interact with our Product(s) and/or Website(s), we will automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
A cookie cannot give us access to your computer or to information beyond what you provide us and we don’t store personally identifiable information such as your name or address in cookies we create, but we do use encrypted information gathered from them to help improve your experience on our Website(s). If you do not wish to enable cookies, you’ll still be able to browse the Website(s) and use them for research purposes.
Our Product(s) and/or Website(s) use additional identifiers, such as the advertising ID in Windows, for similar purposes, and may also contain web beacons or other similar technologies, as described below.
Storing your preferences and settings
Sign-in and authentication
Storing information you provide to a website
3.2.1 How to control cookies:
Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. For example, in Explora Consulting Edge, you can block or delete cookies by selecting Settings > Privacy > Advanced Settings > Cookies. Please refer to your browser’s privacy or help documentation to find Instructions for blocking or deleting cookies in other browsers.
Certain features of our Product(s) and/or Website(s) depend on cookies. If you choose to block cookies, you cannot sign in or use some of those features, and preferences that are dependent on cookies will be lost. If you choose to delete cookies, any settings and preferences controlled by those cookies, including advertising preferences, are deleted and will need to be recreated.
Additional privacy controls that can impact cookies, including the Tracking Protection feature of Explora Consulting browsers, are described in the “How to access and control your personal data” section of this privacy statement.
3.2.2 Our use of web beacons and analytics services
Some of our webpages contain electronic tags known as web beacons that we use to help deliver cookies on our Website(s), count users who have visited those websites, and deliver co-branded products. We also include web beacons or similar technologies in our electronic communications to determine whether you open and act on them.
In addition to placing web beacons on our Website(s), we sometimes work with other companies to place our web beacons on their websites or in their advertisements. This helps us develop statistics on how often clicking on an advertisement on a Explora Consulting website results in a purchase or other action on the advertiser’s website.
3.3 Third Parties
We are also working closely with third parties (including, for example, analytics providers and other third party providers of services).
We will receive personal data about you from such third parties as set out below:-
- Contact Data, Financial Data and Transaction Data from providers of payment services such as WIRECARD, based inside and outside the EEA;
- Contact Data from mailing list providers such as Mailchimp and Sangrid; and
4. HOW WE USE YOUR PERSONAL DATA
4.1 Data Usage
We are committed to only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you (“Performance of Contract”).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (“Legitimate Interests”).
- Where we need to comply with a legal obligation (“Legal Obligations”).
We plan to use your personal data for the following purposes, and pursuant to the corresponding legal bases:-
|Type of Data
|Lawful Basis and Basis of Legitimate Interest
Registration as a new customer
Identity Data; Contact Data.
Performance of Contract
Signing in to the Product(s)
Identity Data; Contact Data; Profile Data; Financial Data; Transaction Data;
Performance of Contract
Processing and delivery of your order
Identity Data; Contact Data; Financial Data; Transaction Data; Marketing and Communication Data.
Performance of Contract; Legitimate Interest (to recover debts due to us).
Identity Data; Contact Data; Profile Data; Marketing and Communication Data.
Performance of Contract; Legal Obligations; Legitimate Interest (to keep your records updated and to study how customers use the Product(s) and our services).
Enabling you to partake in a prize draw, competition or complete a survey
Identity Data; Contact Data; Profile Data; Usage Data; Marketing and Communication Data.
Performance of Contract; Legitimate Interest (to study how customers use the Product(s) and our services and grow our business).
Administration and Protection of our Product(s) and/or Website(s) (including troubleshooting, data analysis, testing, system maintenance, support reporting and hosting of data)
Identity Data; Contact Data; Technical Data;
Legitimate Interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise); Legal Obligations
Delivery of relevant website content and advertisements to you and understanding the effectiveness of the advertising we serve to you
Identity Data; Contact Data; Profile Data; Usage Data; Marketing and Communication Data; Technical Data.
Legitimate Interest (to study how customers use the Product(s) and our services, to develop them, to grow our business and to inform our marketing strategy).
Using data analytics to improve our Website(s), the Product(s), our services, marketing, customer relationships and experiences
Usage Data; Technical Data.
Legitimate Interest (to define types of customers for the Product(s) and our services, to keep our Website(s) and the Product(s) updated and relevant, to develop our business and to inform our marketing strategy).
Suggestions and recommendations about goods or services that may be of interest to you
Identity Data; Contact Data; Profile Data; Usage Data; Marketing and Communication Data.
Legitimate Interest (to develop the Product(s), our services and grow our business).
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please feel free to contact us any time.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4.2 Data usage associated with Hummingbirds Analytics Account
Personal data associated with your account includes credentials, name and contact data, payment data, device and usage data, your contacts, information about your activities, and your interests and favourites. Signing into your account enables personalization, consistent experiences across products and devices, allows you to make payments using payment instruments stored in your account, and enables other features.
The data associated with your account, and how that data is used, depends on how you use the account. Please refer to the table in the above Clause 4.1 for further details on the lawful basis and basis of legitimate interest on how we use your data.
4.2.1 Creating your Hummingbird Analytics account.
When you create a account, you will be asked to provide certain personal data and we will assign a unique ID number to identify your account and associated information. While our Product(s) involves payment, it requires a real name, you can sign in to.
4.2.2 Signing in to Hummingbird Analytics
When you sign in to your account, we create a record of your sign-in, which includes the date and time, information about the product you signed in to, your sign-in name, the unique number assigned to your account, a unique identifier assigned to your device, your IP address, and your operating system and browser version.
Signing in to your account enables improved personalization, provides seamless and consistent experiences across devices, permits you to access and use cloud data storage, allows you to make payments using payment instruments stored in your account, and enables other enhanced features and settings. When you sign in to your account, you will stay signed in until you sign out.
4.2.3 Signing in to third-party products or websites.
4.3 More on the purposes of processing
4.3.1 Provide our Product
We use data to operate our Product(s) and provide you with rich, interactive experiences. Additionally, we use data to contact you. For example, we may contact you by phone or email or other means to inform you when a subscription is ending or discuss your licensing account. We also communicate with you to secure our products, for example by letting you know when product updates are available.
4.3.2 Product improvement
We use data to continually improve our Product(s), including adding new features or capabilities. For example, we use error reports to improve security features and usage data to determine what new features to prioritize.
Our Product(s) and/or Website(s) include personalized features, such as recommendations that enhance your productivity and enjoyment. These features use automated processes to tailor your product experiences based on the data we have about you, such as inferences we make about you and your use of the Product(s), activities, interests, and location. We also provide controls to disable personalized features.
4.3.4 Product activation
We use data—such as subscription identifiers—to activate products that require activation.
4.3.5 Product development
We use data to develop new products. For example, we use data, often de-identified, to better understand our customers’ computing and productivity needs which can shape the development of new products.
4.3.6 Customer support
We use data to troubleshoot and diagnose problems, provide other customer care and support services.
4.3.7 Help secure and troubleshoot
We use data to help secure and troubleshoot our Product(s) and/or Website(s). This includes using data to protect the security and safety of our Product(s) and/or Website(s) and customers, detecting malware and malicious activities, troubleshooting performance and compatibility issues to help customers get the most out of their experiences, and notifying customers of updates to our Product(s) and/or Website(s). This may include using automated systems to detect security and safety issues.
We use data to protect the safety of our Product(s) and/or Website(s) and our customers. Our security features and products can disrupt the operation of malicious software and notify users if malicious software is found on their devices. For example, some of our products systematically scan content in an automated manner to identify suspected spam, viruses, abusive actions, or URLs that have been flagged as fraud, phishing, or malware links; and we reserve the right to block delivery of a communication or remove content if it violates our terms.
We use data we collect to develop product updates and security patches. Updates and patches are intended to maximize your experience with our Product(s), help you protect the privacy and security of your data, provide new features, and ensure your device is ready to process such updates.
4.3.10 Promotional communications
We use data we collect to deliver promotional communications. You can sign up for email subscriptions and choose whether you wish to receive promotional communications from Explora Consulting and Hummingbird Analytics by email, SMS, physical mail, and telephone. For information about managing your contact data, email subscriptions, and promotional communications, see the How to access and control your personal data section of this privacy statement.
4.3.11 Relevant offers
Explora Consulting uses data to provide you with relevant and valuable information regarding our Product(s). We analyze data from a variety of sources to predict the information that will be most relevant to you and deliver such information to you in a variety of ways.
We use data we collect through our interactions with you, through providing services, and on third-party web properties, for advertising in our Product(s) and on third-party properties. We may use automated processes to help make advertising more relevant to you. For more information about how your data is used for advertising, see the Advertising section of this privacy statement.
4.3.13 Transacting commerce
We use data to carry out your transactions with us. For example, we process payment information to provide customers with the product and/or service they subscribed or purchased from the website(s).
4.3.14 Reporting and business operations
We use data to analyze our operations and perform business intelligence. This enables us to make informed decisions and report on the performance of our business.
4.3.15 Protecting rights and property
We use data to detect and prevent fraud, resolve disputes, enforce agreements, and protect our property. For example, we use data to confirm the validity of software licenses to reduce piracy. We may use automated processes to detect and prevent activities that violate our rights and the rights of others, such as fraud.
4.3.16 Legal compliance
We process data to comply with law. For example, we process contact information and credentials to help customers exercise their data protection rights.
With appropriate technical and organizational measures to safeguard individuals’ rights and freedoms, we use data to conduct research, including for public interest and scientific purposes.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the following parties for the purposes set out in the table above:-
- External Third Parties as set out in the Definitions Section below; and
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
5.1 International Transfers
We will share your personal data within our company in Hong Kong, but we may also transfer your data to other jurisdictions.
Please understand that we will generally ensure a similar degree of protection to your personal data as it is afforded in the EEA by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- We may use specific contracts or contract clauses approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please do not hesitate to contact us anytime if you want further information on the specific mechanism used by us when transferring your personal data.
5.2 Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
5.3 Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Other criteria used to determine the retention periods may include:
Whether Users anticipate that we retain such data until their affirmative removal
In such cases, we would aim to maintain the data until you actively delete it. Note that there may be other reasons why the data has to be deleted sooner, for example if you exceed limits on how much data can be stored in your account.
If there is an automated control enabling the customer’s access and deletion of the personal data at any time
If there is not, a shortened data retention time will generally be adopted.
Is the personal data of a sensitive type
If so, a shortened retention time would generally be adopted.
Has the user provided consent for a longer retention period
If so, we will retain data in accordance with your consent.
Is our product subject to a legal, contractual, or similar obligation to retain or delete the data
Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data retained for the purposes of litigation. Conversely, if we are required by law to remove unlawful content, we will do so.
In some circumstances, you can ask us to delete your data: see “Your Legal Rights within the EEA” or “Your Legal Rights within Hong Kong” below for further information.
In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
6.1 We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your Identity Data, Contact Data, Technical Data, Usage Data and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing emails and newsletters from us if you have requested information from us or purchased products or services from us, or if you provided us with your details in our events or registered for a promotion and, in each case, you have expressly consented to receiving such marketing emails and newsletters.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
6.2 Opting Out
You can ask us or third parties to stop sending you marketing messages at any time by:-
- by contacting us anytime at email@example.com or firstname.lastname@example.org with respect to the Product(s); and
- by following the opt-out links on any newsletter or marketing message sent to you.
Where you opt-out of receiving these marketing messages or newsletters, this will not apply to personal data provided to us as a result of a product or service purchase, product or service experience or other transactions (which we will continue to process in order to perform a contract with you or as a result of our regulatory or legal obligations).
6.3 Your communications preferences
In addition to the above, you can also make choices in respect of your communications preferences by signing in with your account, updating your contact information, managing your contact preferences, opt out of email subscriptions, and choose whether to share your contact information with Explora Consulting partners. These choices do not apply to mandatory service communications that are part of the Product(s), programs, activities, or to surveys or other informational communications that have their own unsubscribe method.
6.4 Browser-based controls
When you use a browser, you can control your personal data using certain features. For example:
6.4.1 Cookie controls
You can control the data stored by cookies and withdraw consent to cookies by using the browser-based cookie controls described in the Cookies section of this privacy statement.
6.4.2 Tracking protection
You can control the data third-party sites can collect about you using tracking protection some browsers. This feature will block third-party content, including cookies, from any site that is listed in a tracking protection list you add.
7. YOUR LEGAL RIGHTS WITHIN THE EEA
7.1 List of Rights if you are staying with the EEA
If you are currently staying within the EEA, under certain circumstances, you may have rights under data protection laws in relation to your personal data. These rights include:-
- Right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us, as any personal data must remain accurate, kept up-to-date, corrected or deleted when inaccurate. Accuracy also depends on the data provided by the client: Explora will not alter or delete the provided data.
- Right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Platform Users cannot alter or remove the data loaded to the platform: clients may access the data loaded to the platform either through their own IT department or Explora, given that they take our service of data loading.
If you wish to exercise any of the rights set out above, please contact us at email@example.com or firstname.lastname@example.org with respect to the Product(s).
8. YOUR LEGAL RIGHTS IN HONG KONG
If you are currently staying in Hong Kong, you are entitled, in accordance with the Personal Data (Privacy) Ordinance (Cap. 486, the laws of Hong Kong) (the “Ordinance”), to check whether we hold data about you and to have access to those data. If any of these data are incorrect or inaccurate, you have the right to correct or update them. Requests for access to or to correct personal data should be addressed to our Data Privacy Manager at email@example.com or firstname.lastname@example.org with respect to the Product(s). In accordance with the Ordinance, we are entitled to charge a reasonable fee for processing any data access or correction requests.
9. HOW TO ACCESS AND CONTROL YOUR PERSONAL DATA
9.1 You can access and control your personal data that Explora Consulting has obtained with our Product(s) and/or Website(s). In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law.
9.2 If your organization, such as your employer, provides you with access to and is administering your use of our Product(s) and/or Website(s), please contact your organization to learn more about how to access and control your personal data.
9.3 You can access and control your personal data that Explora Consulting has obtained, and exercise your data protection rights, using various tools we provide on our Product(s) and/or Website(s), for instance, you may access to your account if you wish to access, edit, or remove the profile information and payment information in your account, change your password, add security information or close your account by visiting the Website.
9.4 Not all personal data processed by Explora Consulting can be accessed or controlled via the tools above. If you want to access or control personal data processed by Explora Consulting that is not available via the tools above, you can always contact us at email@example.com or firstname.lastname@example.org with respect to the Product(s) and/or Website(s). We try to respond to all legitimate requests made by you within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9.6 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
10. OTHER IMPORTANT PRIVACY INFORMATION
10.1 Security of personal data
Explora Consulting is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data (such as a credit card number or password) over the internet, we protect it through the use of encryption. Explora Consulting complies with applicable data protection laws, including applicable security breach notification laws.
10.2 Where we store and process personal data
Personal data collected by Explora Consulting may be stored and processed in your region and in any other country where Explora Consulting or its affiliates, subsidiaries, or service providers operate facilities. Typically, the primary storage location is in the customer’s region, often with a backup to a data centre in another region. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.
“External Third Parties” shall mean (a) service providers based in Hong Kong who provide IT and system administration services; (b) professional advisors including lawyers, bankers, auditors and insurers based in Hong Kong who provide consultancy, banking, legal, insurance and accounting services; and (c) the Inland Revenue Department, regulators and other authorities based in Hong Kong who require reporting of processing activities in certain n circumstances.
“Legitimate Interests” shall mean the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
“Legal Obligations” shall mean processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
“Performance of Contract” shall mean processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.