本私隱聲明旨在解釋我們如何收集、持有、處理、使用、保護、儲存、分享及轉移（統稱「處理」）閣下在使用本網站（https://gogoxinsurance.com/）（「本網站」）時向我們提供的數據及／或資訊，包括但不限於閣下的個人數據及資訊（「數據」）。本私隱聲明涵蓋我們持有、營運、提供及／或導致存在的「線上」及「線下」（例如透過電話或親身收集資訊）活動。本私隱聲明特別討論我們在相關法律下就個人數據私隱所承擔的義務。在切實可行的情況下，我們致力於在全球業務中按照相關法律所載的原則及程序營運。如我們的業務受收集相關數據的司法管轄區以外的私隱法例管轄，本私隱聲明在切實可行且與該等法例一致的範圍內適用。

數據的提供屬自願性質。閣下可選擇不向我們提供所要求的數據，但未能提供可能影響我們向閣下提供資訊及服務或回應閣下查詢的能力。GoGoX Insurtech Limited（「GGI」）不會透過本網站收集任何可識別閣下個人身份的資訊，除非及直至閣下使用及瀏覽本網站、購買我們的產品或服務、註冊成為會員、與我們互動、登記接收有關我們產品及服務的消息，或以其他方式與我們溝通（包括要求技術支援時）。

請仔細閱讀本私隱聲明，以了解我們的私隱政策及慣例。本私隱聲明中使用的「我們」一詞指GGI。

GGI對數據收集、處理及保護的立場

在與數據收集及保護相關的所有事宜中，我們致力實施及遵循現代最佳實踐。在可能的情況下，我們已採納確保跨境合規的做法。本私隱聲明所載的資訊符合或超越以下普遍接受的數據原則：

– 個人數據須公平及合法地處理——除非合約要求或為我們的合作夥伴所必需，否則我們不會收集或處理任何數據；

– 個人數據只應為一個或多個指定及合法目的而取得——如上所述及本文件所解釋，GGI僅在需要時才收集及處理數據；

– 個人數據須具相關性——GGI收集的數據僅為所需，不多不少。客戶或其他人提出的任何要求將即時處理，或在下一個工作日內處理；

– 個人數據須準確——GGI收集的所有數據均被視為準確，任何變更將在合理可行的情況下盡快更新；

– 個人數據僅在其服務目的存續期間保留——GGI儲存的所有數據僅在需要或法律要求的期間內保留；

– 個人數據須僅按照當地及國際法律處理——所有數據的收集、處理及儲存均以符合所有相關數據保護法律及法規的方式進行，並確保我們的員工遵守嚴格的保安及保密標準；及

– 須採取適當的技術及保安措施以保護個人數據——GGI採用穩健的資訊科技解決方案及標準操作程序，以確保所有個人數據安全，且僅供需要使用的人員存取。

我們如何收集數據？

作為保險經紀，GGI在合約上有義務收集及保留潛在及現有客戶的若干個人數據。所收集的數據反映保險人為使保險經紀提供報價、處理申請及啟用保障所要求的資訊。

我們通常會在向閣下收集資訊時，標明哪些資訊屬強制性質（即開設帳戶所需的資訊，以及使閣下能夠存取本網站功能並接收保險人或GGI代保險人所創建的申請表格及其他書面文件所需的任何服務及資訊。非必要的數據將不會被要求）。閣下在任何時候均有權要求查閱、更改或刪除我們已收集的數據。閣下亦可選擇不向我們提供所要求的數據，但未能提供可能影響我們與閣下進行業務或回應閣下查詢的能力。透過電話及電郵收集的數據可能會為培訓、品質保證及防止欺詐的目的而被記錄。使用該等通訊方式即表示閣下同意有關記錄。

我們將以下列方式收集及儲存閣下的數據：

– 直接收集——當閣下向我們提供該等資訊時（例如，透過電話、電郵、短訊或親身與我們進行的查詢及溝通）；

– 間接收集——透過閣下使用我們的網站、應用程式或社交媒體平台；或閣下透過任何其他方式向我們提供的資訊。

收集哪些數據？

收集的個人數據可包括以下部分或全部內容：

– 身份資訊——姓名、地址、個人聯絡詳情（包括電郵地址及電話號碼、年齡、性別、國籍、職位及所有擬受保險計劃保障的人士的家庭結構）；

– 病歷——主要保單持有人及所有擬受保險計劃保障的人士的病歷；

– 保險——主要保單持有人的保險購買、保障及索賠記錄；

– 生活方式資訊——所有受保險計劃保障的人士的生活方式資訊；及

– 付款方式——主要保單持有人及其配偶的付款方式相關詳情（包括信用卡及銀行帳戶資訊）。

向企業收集數據

上述清單亦適用於GGI向其銷售保險的企業。對於企業，保險人可能還會要求提供額外數據，包括：

– 上述所有類型的僱員數據；

– 商業登記、稅務登記記錄及所有權資訊；

– 僱員薪酬記錄——僅適用於人壽／傷殘計劃。

向兒童收集數據

GGI向家庭銷售保險保障。這意味著可能需要收集兒童的數據，因為保險人在合約上要求如此。對於所有就18歲以下兒童收集的數據，GGI將聯絡兒童的父母或監護人，首先取得同意並解釋所收集的數據及收集原因。

在我們以未成年人（18歲以下的任何人士）作為主要保單持有人的情況下（例如，一名準備前往海外的學生聯絡我們尋求保險），我們將聯絡該未成年人的父母或監護人，並確保就所要求的數據取得同意。父母或監護人將參與所有溝通及任何決定。

我們為何收集閣下的數據及我們將數據用於何種目的？

收集數據的目的如下：

– 核實閣下的身份；

– 向閣下提供服務、本網站、應用程式或社交媒體平台上的內容的存取；

– 向閣下提供有關GGI保險或財富管理產品的推廣資訊；

– 按特定保險公司的申請要求提供資訊；

– 管理及處理保險保單、保險索賠及醫療及保安核保審查；

– 營運、保護、改善及優化服務的所有功能；改善及自訂本網站的用戶體驗及使用趨勢，並開發新的服務、功能及特色；

– 通知閣下本網站的變更或回應閣下的任何通訊及／或要求；

– 監察本網站的使用情況及調查任何已報告的事件、投訴或潛在的服務違規行為；在適用且符合相關法律的情況下，將數據與為其他目的及從其他來源（包括第三方）收集的其他數據進行配對，以提供服務予閣下；

– 便利我們處理數據，用於與我們提供的服務相關的目的，如營銷服務、特別活動及／或推廣；及

– 在我們懷疑閣下觸犯法例、懷疑存在欺詐行為、相關法律或法庭命令要求時，或應相關公共及執法機關的要求，向相關當局披露及／或協助相關當局，以遵守我們在不時適用的法律及法規下的義務。

除非適用法律及法規允許，如我們擬將閣下的個人數據用於本私隱聲明所述以外的目的，我們將取得閣下的同意。

如相關法律要求，我們將就更改數據處理方式徵求閣下的明確同意，否則在該等變更後繼續使用服務即構成閣下接受當時生效的經修訂聲明。

閣下的數據可能提供予哪些人士？

個人數據將予以保密，但在法律允許或為滿足收集個人數據的目的或直接相關目的所需的情況下，可向以下各方提供該等數據：

– 任何獲授權為GGI的銷售代理的人士，就GGI提供的產品及服務的分銷而言；

– GGI的任何其他關聯公司或人員，在需要知悉的基礎上，就索賠處理、續保、會計、營銷、行政及客戶支援職責而言；

– 任何提供行政管理、數據處理、電訊、電腦、付款、追收債務、技術外判、法律顧問、客戶服務中心服務、郵寄及印刷服務的承包商或第三方服務供應商，就GGI業務的營運及GGI向閣下提供服務而言；

– 任何司法管轄區的任何政府或監管機構，或GGI必須向其披露數據的任何人士。

我們亦保留在我們真誠地認為適當及必要的情況下披露閣下資訊的權利，以 (i) 預防責任、(ii) 保護我們免受欺詐性、濫用性或非法使用或活動的影響、(iii) 調查及為自己辯護任何第三方索賠或指控、(iv) 保護服務及用於提供服務的任何設施或設備的安全或完整性，或 (v) 保護我們的財產或其他合法權利，或他人的權利、財產或安全。

GGI儲存數據多長時間？

GGI在用戶為客戶期間或可合理被視為潛在客戶且未通知我們其選擇退出任何營銷通訊的意願期間儲存數據。此外，透過GGI購買產品或服務的用戶，其數據將在其與我們的業務關係結束後儲存最多七年，因為該等數據可能因稅務、政府及財務合規原因而需要保留。

我對數據有何控制權及如何更改我的同意？

根據適用法律及法規，閣下可能有權：

– 核實GGI是否持有任何關於閣下的個人數據，並查閱任何該等數據；

– 要求GGI更正或刪除任何與閣下有關且不準確的個人數據；

– 撤回閣下對將個人數據用於直接促銷的同意或「選擇退出」；

– 就GGI的數據處理方式提出投訴；及

– 查詢GGI有關個人數據的政策及慣例。

有關查閱、更正、投訴或其他關於閣下個人數據的查詢，請聯絡：

GGI資料保護主任

香港九龍觀塘鴻圖道73-75號KOHO 11樓

[email protected]

根據適用法律及法規，GGI有權收取與處理任何個人數據要求直接相關及必需的費用。

將數據用於直接促銷目的

就直接促銷而言，在法律允許的情況下，我們可使用我們收集的閣下個人數據資訊，用於營銷及推廣其他保險服務及產品，惟須取得閣下的同意。該等數據包括閣下的地址、電話號碼、電郵及姓名，並可能轉移予GGI的關聯公司。

如閣下不希望閣下的個人數據被用於上述自願性質的目的，請透過[email protected]聯絡我們，或致函上述地址。

如閣下未提出「選擇退出」要求，GGI可繼續將個人數據用於自願性質的營銷目的。如閣下擬撤回同意或停止接收資訊或直接促銷，請聯絡[email protected]。

反垃圾郵件政策

GGI對垃圾郵件採取嚴格政策，禁止發送群發電郵或任何形式的未經請求電郵。我們僅向要求接收電郵的人士發送電郵，並遵循公認的許可制電郵指引。如閣下懷疑GGI被他人用於發送垃圾郵件，請將相關活動報告至[email protected]，我們將進行調查。

GGI網站上的Cookies

GGI可能在本網站上使用cookies及其他工具。繼續使用本網站即表示閣下同意我們在閣下的電腦上放置cookies。所收集的資訊（包括但不限於：閣下的IP地址（及域名）、瀏覽器軟件、閣下瀏覽器的類型及配置、語言設定、地理位置、操作系統、引薦網站、瀏覽的頁面及內容，以及瀏覽時間）將用於確保本網站的運作及使閣下能安全登入、編製有關訪客如何到達及瀏覽本網站的綜合統計數據以用於網站增強及優化目的，以及幫助我們了解如何改善閣下在本網站上的體驗。

本私隱聲明的修訂

GGI保留隨時在不另行通知的情況下，透過通知閣下有關變更、更新或修改來增加、變更、更新或修改本私隱聲明的權利。如我們決定更改個人數據政策，該等變更將在本網站上公告，以確保閣下始終了解我們收集哪些資訊、如何使用該等資訊以及在何種情況下披露該等資訊。任何該等變更、更新或修改在發佈後即時生效。在適用法律要求的情況下，我們亦可能在對本私隱聲明作出重大變更時通知閣下，並在法律要求時徵求閣下對該等變更的同意。

The purpose of the Privacy Statement is to explain how we collect, hold, process, use, protect, store, share and transfer (collectively referred to as “processing”) the data and/or information you provide to us when you use this website (https://gogoxinsurance.com/) (“Website”), including but not limited to your personal data and information (“Data”). The Privacy Statement covers both “online” and “offline” (e.g. collection of information by telephone or in person) activities that we hold, operate, provide and/or cause to exist. The Privacy Statement specifically discusses our obligations under relevant laws with respect to the privacy of personal data. Where practicable, we are committed to operating in accordance with the principles and procedures stated in relevant laws in our global business. If our business is governed by privacy legislation other than that of the jurisdiction in which the relevant data was collected, the Privacy Statement applies to the extent it is practicable and consistent with that legislation. 

The provision of Data is voluntary. You may choose not to provide us with the requested Data, but failure to do so may inhibit our ability to provide information and services to you or to respond to your enquiries. GoGoX Insurtech Limited (“GGI”) will not collect any information that identifies you personally through this Website unless and until you use and browse the Website, buy our products or services, register as a  member, interact with us, sign-up to receive news about our products and services, or otherwise communicate with us (including where requesting technical support).

Please read the Privacy Statement carefully to understand our privacy policies and practices. The terms ‘we’, ‘our’, and ‘us’ used in this Privacy Statement refer to GGI.

GGI’s stance on data collection, processing, and protection

In all things related to data collection and protection, we strive to implement and follow modern best practices. Where possible we have adopted practices that ensure we are compliant across borders. The information contained within this Privacy Statement meet or exceed the following generally accepted data principles:

– Personal data is processed fairly and legally – We do not collect or process any Data unless it is contractually required or it is necessary for our partners;

– Personal data shall be obtained only for one or more specified and lawful purposes – As noted above and explained through the document, GGI only collects and processes Data when we need to;  

– Personal data shall be relevant – Data collected by GGI is only what is needed, and nothing more. Any requests made by clients or otherwise are followed through immediately, or within the next business day;  

– Personal data shall be accurate – All Data collected by GGI is deemed to be accurate and any changes are updated as soon as reasonably possible;

– Personal data shall be kept only for as long as it serves a purpose – All Data stored by GGI is kept only as long as needed or legally required;

– Personal data shall be processed only in accordance with local and international law – All Data collection, processing, and storage is done in a way that is compliant with all relevant data protection laws and regulations, and ensures compliance by our staff with strict standards of security and confidentiality; and

– Appropriate technical and security measures must be taken to secure personal data – GGI employs robust IT solutions and standard operating procedures that ensure all personal data is secure and only available to those who use it.

How do we collect data?

As an insurance broker, GGI is contractually obligated to collect and retain certain personal data of both potential and existing clients. The Data collected reflects what is required by insurers in order for the insurance broker to offer quotes, fulfill applications, and enable coverage.

We will usually identify any information which is mandatory (i.e. information required for creating an account, and enable you to access the features of the Website and receive any services and information required for application forms from the insurer, or ones created by GGI on behalf of an insurer, and other written documents. Data that is not necessary will not be requested.) when we collect the information from you. At any time, you will maintain the right to request to view, change or delete the Data we have collected. You may also choose not to provide us with the requested Data, but failure to do so may inhibit our ability to do business with you or to respond to your enquiries. Data collected via telephone and emails may be recorded for training purposes, quality assurance and fraud prevention. By committing to these communication methods you consent to the recordings.

We will collect and store your Data either:

– Directly when you provide such information to us (for example, through your enquiries and communications via telephone, email, text messaging or in person with us);

– Indirectly through your use of our websites, apps, or social media platforms; or where you have provided it to us through any other means.

What data is being collected?

The personal data collected can include some or all of the following:

– Identity information – Name, address, personal contact details (including email address and telephone numbers, age, gender, nationality, job title and family structure of all persons to be covered by an insurance plan); 

– Medical history – medical history of the primary policyholder and all persons to be covered by the plan;

– Insurance – insurance purchases, coverage and claims history of the primary policyholder;

– Lifestyle information – of all persons covered by the plan; and

– Method of payment – details related to method of payment (including credit card and bank account information) of the primary policyholder as well as any spouses.

Collection of Data from businesses

The above list also applies to businesses that GGI sells to. For businesses, additional Data may also be requested by the insurer. This could include:

– Employee data of all types listed above;

– Business registration, tax registration records, and ownership information;

– Employee salary record – for life/disability plans only.

Collection of Data from children

GGI sells insurance coverage to families. This means that a child’s data may need to be collected, as is contractually required by an insurer. With all Data collected for children under 18, GGI will contact the parents or guardian of the children to first gain consent and to explain what Data is being collected and why.

In situations where we are dealing with a minor (any person under the age of 18) as the primary policy holder (e.g., a student going overseas contacts us looking for insurance) we will contact the parent or guardian of the minor and ensure that consent for requested Data is provided. Parents or guardians will be involved in ALL communications and any decisions made.

Why we collect your Data and what do we use the Data for?

Data is collected for the following purposes:

– To verify your identity;

– To provide you with the services, access to the content on the Website, apps or social media platforms;

– To provide you with promotional information related to insurance or wealth management products of GGI;

– To provide information as required by a particular insurance company’s application requirements; 

– To administer and process insurance policies, insurance claims and medical and security underwriting checks;

– To operate, protect, improve and optimize all the features of the services; to improve and customize the user experiences and usage trends of the Website, and to develop new services, features and functionalities;

– To notify you about changes to the Website or respond to any communication and/or request from you;

– To monitor the use of the Website and to investigate any reported incidents, complaints or potential breaches of the services; Where applicable and subject to compliance with  the relevant laws, to match the Data with other Data collected for other purposes and from other sources including third parties in relation to the provision of services to you;

– To facilitate our processing of the Data for purposes relating to the provision of services offered by us such as marketing services, special events and/or promotions; and

– To disclose to and/or assist relevant authorities where we suspect you have committed an offense, where we suspect existence of fraud or when required by the relevant laws or court orders, or as requested by relevant public and law enforcement authorities and to comply with our obligations under the applicable laws and regulations from time to time.

Unless permitted by applicable laws and regulations, we will obtain consent from you if we wish to use your personal data for purposes other than those stated in this Privacy Statement.

We will seek your express consent to change how we process the Data if required by the relevant laws, but otherwise use of the services following such change constitutes your acceptance of the revised statement then in effect.

Who may be provided with your Data?

Personal data will be kept confidential but may, where permitted by law or where such disclosure is necessary to satisfy the purpose or a directly related purpose for which the personal data was collected, provide such Data to the following parties:

– Any person authorized to act as sales agent for GGI in relation to the distribution of products and services offered by GGI; 

– Any other affiliates or personnel of GGI, on a need-to-know basis, in relation to the handling of claims, renewals, accounting, marketing, administrative and client support duties;

– Any contractor or third-party service provider who provides administration, data processing, telecommunications, computer, payment, debt collection, technology outsourcing, legal advisors, call center services, mailing and printing services in connection with the operation of GGI’s business and GGI’s provision of services to you;

– Any government or regulatory bodies in any jurisdiction or any person to whom GGI must disclose Data.

We also reserve the right to disclose  your information that we believe, in good faith, is appropriate and necessary to (i) take precautions against liability, (ii) protect ourselves from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third party claims or allegations, (iv) protect the security or integrity of of the service and any facilities or equipment used to make the service available, or (v) protect our property or other legal rights, or the rights, property or safety of others.

How long does GGI store data?

GGI stores data for as long as a user is a client or can reasonably be considered a potential customer without having notified us of their intention to opt out of any marketing communications. Beyond this, users that purchase products or services through GGI will have their Data stored for up to seven years following the end of their business with us, as such Data may be needed for reasons related to taxation, governmental, and financial compliance.

What control do I have over data and how do I change my consent?

Under applicable laws and regulations, you may have the right to:

– Verify whether GGI holds any personal data about you and to access any such Data;

– Require GGI to correct or delete any personal data relating to you which is inaccurate;

– Withdraw your consent or ‘opt out’ for use of personal data for direct marketing;

– Make a complaint about GGI’s data handling; and

– Enquire about GGI’s policies and practices in relation to personal data.

Requests for access, correction, complaints or other queries relating to your personal data should be addressed to:

GGI Data Protection Officer
11/F, KOHO, 73-75 Hung To Road, Kwun Tong, Hong Kong
[email protected]

Under applicable laws and regulations, GGI has the right to charge costs which are directly related to and necessary for the processing of any personal data request.

Use of Data for direct marketing purposes

 For the purposes of direct marketing, we may, where permitted by law, use your personal data information collected by us in marketing and promotion of other insurance services and products, subject to your consent. This Data includes your address, phone number, email and name, and may be transferred to companies affiliated to GGI. . 

If you would prefer your personal data not be used for the voluntary purposes listed above, please contact us at [email protected] or write to us at the address set out above.

Without an “opt-out” request from you, GGI may continue to use personal data for voluntary marketing purposes. If you wish to withdraw your consent or to stop receiving information or direct marketing, please contact [email protected]

Anti-Spam Policy

GGI has a strict policy against spamming and forbids the sending of mass emails or unsolicited emails of any kind. We only send emails to those who have requested to receive it to follow accepted permission-based email guidelines. If you suspect that GGI has been used by someone to send spam, report the activity to [email protected] and the issue will be investigated.

GGI Cookies on the GGI website

GGI may use cookies and other tools on the Website. By continuing to use the Website, you are agreeing to us placing cookies on your computer. The information collected (including but not limited to: your IP addresses (and domain names), browser software, types and configurations of your browser, language settings, geo-locations, operating systems, referring website, pages and content viewed, and durations of visit) will be used to ensure operation of the Website and enable you to log in securely, for compiling aggregate statistics on how our visitors reach and browse our Websites for web enhancement and optimisation purposes, and to help us understand how we can improve your experience on it.

Amendments to this Privacy Statement

GGI reserves the right, at any time and without notice, to add to, change, update or modify this Privacy Statement, simply by notifying you of such change, update or modification. If we decide to change our personal data policy, those changes will be notified on our website so that you are always aware of what information we collect, how we use the information and under what circumstances the information is disclosed. Any such change, update or modification will be effective immediately upon posting. Where required by applicable law, we may also notify you in the event of material changes to this Privacy Statement and, where required, seek your consent to those changes.