At Marvelsoft Limited (“Marvelsoft”, “us”, “we”), we value your privacy and respect your interest in knowing how we collect and use personal information about you.This policy (“Policy”) sets out how we collect, process and hold your personal data (“Personal Data”) when you become a customer of ours, open an account with us, if you visit and use our website or otherwise provide Personal Data to us. We may also collect or process Personal Data that you give to us about third parties if you add them to your account or refer them to us. You agree that you have notified any other person whose personal data that you provide to us of this privacy notice and, where necessary, obtained their consent so that we can lawfully process their personal data in accordance with this policy. Depending on the manner in which we collect and process Personal Data we may be controller or processor of such data.
This Policy affects your legal rights and obligations so please read it carefully. If you have any questions, please contact us at [email protected] or Marvelsoft Limited - 7th Floor - Nan Fung Tower - 88 Connaught Road Central - Hong Kong.
All Personal Data that you provide to us must be true, complete, and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this.
- Process all personal data lawfully, fairly and in a transparent manner;
- Collect personal data for a specified, explicit and legitimate purpose;
- Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected;
- Ensure the personal data is accurate and up to date;
- Keep your personal data for no longer than is necessary for the purpose(s) for which it was collected; and
- Keep your personal data securely using appropriate technical or organisational measures.
This Policy is organized around the following questions.
- What Personal Data do we collect and act as a controller for?
- What Personal Data do we collect and do not act as a controller for?
- What Personal Data do we not collect?
- What do we use Personal Data for?
- How and when can Personal Data be shared with third parties?
- What are your choices and rights in relation to Personal Data that we hold and process?
- For how long will we keep your Personal Data?
- How do we protect your Personal Data?
- Will we transfer your Personal Data to other countries?
- Will we change this Policy?
- How to raise issues with us and provide us with your feedback?
This Policy sets out how Marvelsoft Limited and our affiliated companies if any (together, “Marvelsoft” (or “we”) handles your personal data. Marvelsoft is the data controller for your Personal Data in some circumstances. When our affiliated companies process personal data, they are joint controllers with Marvelsoft Limited for your personal data.
This Policy applies to any visitor to our websites; users of our products and services; individuals who contact us or with whom we communicated via phone, email, or otherwise; and customers, including both free trial and paid account holders (“Services”).
Marvelsoft processes your personal data in accordance with applicable regulations, including the EU data protection legislation such as the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as amended.
In general, we collect Personal Data about you directly from you, from others, and automatically when you want to use the Services (“Controlled Data”). We also process personal data to comply with the law, or to enter into or perform an agreement with you. If we cannot collect this data, we may be unable to on-board you as a customer or provide products or services to you.
When you become a customer and purchase Services, you will need to provide professional contact details as well as billing and payment information. This may include, full name, company name, telephone number, email address, billing/shipping address, and credit card/banking information. If you do not provide us this information, you may be unable to purchase our Services or your access to our Services may be limited.
We may collect or otherwise receive personal data such as your name, and professional contact details when you register for or attend an event where Marvelsoft is a sponsor or participant.
We collect information through our website or platform including when you submit online forms or orders, participate in surveys, join online forums, participate in webinars, request customer support, respond, and submit testimonials. Personal data gathered may include profile image, addresses of third-parties that you use the Services for or with, professional contact information, employment details, information about your use of Marvelsoft, and any other information you share with us.
You may share information in communications with us relating to the Services, including during phone calls (and call recordings), chats, or over email. Personal data gathered may include professional contact information, and any other information you choose to share. Please only provide us personal professional data that we need in order to respond to your request.
A third-party intermediary may be used to manage credit card processing. It is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
Marvelsoft may be granted access to information from the accounts you have with other providers. Subject to applicable laws, we may gather information about you from lead-sharing tools including LinkedIn Lead Generation, as well as public information - including internet searches relating to you or your company - in order to better provide our Services.
We may also collect information and capture CCTV images of visitors to our offices for the purposes of security, including crime prevention and detection, as well as the apprehension and prosecution of offenders; We may collect information during phone calls to check the identity of our clients; And we may also monitor or record phone calls for training and quality purposes.
Through the Services, you can also share and manage information by providing, sending, creating, uploading, and attaching (“Content”). In this Policy, we distinguish between Content and all other information (“Controlled Information”) about you. We have no control over the information contained within Content, including any Personal Data. Content does not include usage information, such as file size, access logs, what we collect about how you access, create, share, and manage Content. Marvelsoft is a data processor of the Content, and will only process personal data from the Content on your (data controller) behalf, and under your instructions or where otherwise required by applicable laws. For more information about Content, please refer to the agreement that governs your use of the Services.
Our Customers are responsible for ensuring that Content is compliant with regulations and collected and handled (including any personal data therein) in compliance with applicable laws. As a processor, we handle Content as instructed by our customers pursuant to our contractual agreements. We only access Content or Deposit as necessary for the following.
- Responding to customer support requests and as permitted by the customer;
- Complying with regulations or legal proceedings; and
- Investigating, preventing, or taking action against suspected abuse, fraud, or violation of our policies and terms.
Special Data should not be included in any Content or Controlled Information as the Services do not require the use of Special Data and Marvelsoft does not intentionally collect Special Data. Special Data is data that includes:
- personal data revealing racial or ethnic origin;
- personal data revealing political opinions;
- personal data revealing religious or philosophical beliefs;
- personal data revealing trade union membership;
- genetic data;
- biometric data (where used for identification purposes);
- data concerning health;
- data concerning a person’s sex life; and
- data concerning a person’s sexual orientation.
We do not collect data from or about children. The Services are not aimed at or provided to children and we do not encourage children in providing us with any personally identifiable information. We do not and will not knowingly collect any personal data from children. Parents and legal guardians should monitor their children’s Internet usage and instruct their children to never provide personal data through the Services. If you believe that a child has provided personal data to us through the Services, please contact us and we will delete such information.
If a Marvelsoft employee discovers that we have received Special Data or data about children, the employee will inform a designated contact within our company who will assess the processing of such data and any remedial action that needs to be undertaken.
We use the personal data we collect under this Policy for our legitimate business interests. These are as follows.
- To provide and operate the Services, implement your instructions, fulfill your orders and demands, process payments, abide by tax, money-laundering and other regulations, for delays, bug and error reporting and resolution, to perform upgrades and maintenance, and for similar purposes.
- To communicate with you for other customer service and support purposes.
To tailor content we send or display to you in order to offer customization and personalized help as well as instructions, and to otherwise personalize your experience using the Services.
- For direct marketing and promotional purposes, including to send you newsletters, promotions, or updates on products or services or new products or services we think may interest you (we do not use Content for direct marketing purposes). We will comply with local regulations that require opt-in consent in order to receive electronic messages. You can also opt-out of any marketing emails by following the opt-out instructions in the email or emailing [email protected]. Opting-out of marketing emails will not prevent us from contacting you in relation to the Services as long as you are a client with us.
- For research, analytical purposes and to improve our offering.
- To improve the Services and to develop additional products, services, and features.
- With respect to Content we may collect and analyze usage details to ensure service availability, including to anticipate storage needs, manage bugs, errors and logs.
- To establish, protect and defend rights, prevent unsecure, unauthorized, illegal or fraudulent access and other misuse of the Services.
- To comply with legal obligations, regulations and legal proceedings or investigations.
- For general business operations, administrative, accounting, recordkeeping, and legal purposes.
We are not in the business of selling personal data and will not sell personal data about you to a third party. Personal data may be shared about you with your consent, at your request, or as follows:
Marvelsoft is a data processor with respect to Content and certain other user information we collect in providing the Services. This means: (a) you control the information and determine how it may be used, and (b) we will process this information only under your written instructions or where otherwise required by applicable laws.
Content you choose to share with, or make available to, other users and how it is shared as designated by you depends on your decisions. We are not responsible for, nor does this Policy apply to, the collection, use, processing, or sharing of Content by other users in this manner. For example, Services may include links to other websites that use different privacy policies. Marvelsoft accepts no responsibility for information that you decide to submit via or through such websites. Our Services and website may at times include social media features and widgets (collectively “Widgets”), such as a "share this" button or other interactive programs that run on our Services. We do not provide, control or host Widgets. You understand that Widgets are subject to the privacy notices of the third-parties who provide, control and host them. Widgets can be used to provide you specific services from third parties (e.g., news, opinions, forums…). The use of Widgets may lead to the collection of your personal data, such as your email address.
Some of the features and functionality of the Services may involve disclosure of your personal data to other users of the Services as you allow such users to view all or portions of your Content.
Our Services or website may include interactive features, including blogs, forums, online communities, bulletin boards and publicly accessible blogs or links thereto (“Forums”). You should be aware that any information that you post in a Community Feature might be read, collected, and used by others who access them. We are not responsible for the personal data that you decide to include in Forums. To request removal of your personal data from a Community Feature, contact us at [email protected]. In some cases we have no control over blogs and community forums and may not be able to remove your information.
We may share information about you with third party vendors, consultants and other service providers (data processors) who are working on our behalf or providing services to us. We obtain appropriate contractual protections to limit these service providers’ use and disclosure of any information about you that we share with them.
We may use certain third parties for some of the infrastructure used to host data that is submitted through the Services, including data centers and cloud providers.
We use third party service providers to process your personal data to assist us in business and technical operations. Marvelsoft has data processing agreements with such service providers, and their use of and access to personal data is limited to specific purposes. They provide services relating to: billing, accounting, filings, customer support, internet and connectivity, marketing, security, and user experience.
We may from time to time employ the assistance of independent contractors to work on specific projects. We train these independent contractors on applicable Marvelsoft policies and they are required to adhere to substantially the same data security practices as are Marvelsoft employees.
We release information about you if we believe we must do so to comply with legal obligations and procedures.
We may control, process and disclose information about you, in order to enforce our agreements with you or to protect the rights and safety of Marvelsoft, our customers, our users, and the general public, or as evidence in litigation in which we are involved.
If Marvelsoft is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred to the acquiring entity as part of the transaction, and may also be reviewed as part of the due diligence review for the transaction.
We may share aggregate or anonymized information about users, usage of our Services with third parties for marketing, advertising, research, or similar purposes.
Cookies are small text files containing information downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies can either be session cookies or permanent cookies. A session cookie expires automatically when you close your browser. Cookies are useful because they allow a website to recognise a user’s device. Cookies have lots of different functions, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. You can find more information about cookies at: www.allaboutcookies.org.
We may share your email address or other information with the advertising platforms to assist us in reaching you with more relevant ads outside of our website; they are not permitted to use this information for their marketing purposes. If you’d like to opt out of this, please email [email protected]. Please be aware that if you delete cookies, block cookies or use another device, your opt-out will no longer be effective. For more information, go to www.aboutads.info.
You can terminate your agreement for Services with us pursuant to the terms of such Agreement. Following this, if you share any Content or information through our Services with other users, such Content or information will continue to be accessible to such users.
You control personal data contained in Content and can delete, modify, or limit use Content on our Services using your account.
You may opt-out of being contacted by us for marketing or promotional purposes by (i) following the opt-out instructions located in the emails we send, (ii) by changing the account privacy settings, or (iii) by emailing us at [email protected]. Please note that if you opt-out of marketing communications, Marvelsoft will continue to send you transactional or service-related communications unless you terminate your contract with us.
If you are based in the EEA, then under certain conditions, you may request that we: (i) provide you with a copy of the personal information that we hold about you, (ii) rectify any inaccuracies in the personal information and complete any incomplete personal information that we process about you (provided that for any such rectification you provide us with evidence of the inaccuracies), (iii) delete personal information we no longer have grounds to process; and (iv) restrict how we process your personal information whilst we consider an inquiry you have raised. Where applicable, you may also have the right to: (a) where processing is based on consent, withdraw your consent; (b) request that we transmit the personal information you have provided to us to a third party electronically; (c) object to the processing of personal information that we process in certain circumstances; and (d) object to direct marketing (including any profiling for such purposes) at any time.
These rights are subject to certain exceptions including to safeguard public interests and our interests and may not be available in the country in which you are based.
If you have the right to do so, you can exercise these rights by contacting us at [email protected].
If you are not satisfied with our use of your personal information or our response to your exercise of the rights listed above, you have the right to lodge a complaint with a supervisory authority, in the country of your habitual residence, place of work or place of the alleged infringement.
The periods for which we keep your information depend on why your information was collected and what we use it for. We will not keep your personal information for longer than necessary for our business purposes or for legal requirements. Except as noted below, we will retain your account profile data only as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention and other business administrative purposes); generally, where we no longer have a legitimate business purpose to retain it, we will anonymize or delete such personal data within 9 months after the closing of your account. However, we will retain your personal information longer where required for tax or accounting purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need to retain. In general, we will not keep personal data for longer than seven years following the last date of communication with you. Legitimate business purposes that we may rely on to keep your personal data when you are not a customer include direct marketing (except if you have opted-out) for up to two years, facilitating the restoration or establishment of a user account in the future, maintaining Marvelsoft’s business intelligence systems for analytics and other internal purposes. Where your information is no longer required, we will ensure its secure disposal.
Marvesoft takes seriously the security of the information it collects. We have implemented technology and security policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to collected information adapted to the nature of the data concerned. In particular, we aim to follow ISO 27001 principles. Although we have implemented technical, physical, and administrative safeguards to protect your information, no company, including Marvelsoft, can guarantee the absolute security of internet communications.
You understand that we are based in Hong Kong and you agree that the information we collect is governed by Hong Kong law. The information we collect may be transferred to, used from, and stored in Hong Kong or other jurisdictions in which Marvelsoft, its affiliates, or service providers are located; these jurisdictions may not guarantee the same level of protection of personal data as the jurisdictions in which you reside. Third parties who process Personal Data on our behalf must agree to use such personal data only for the purpose for which it is provided by us. Such third parties are required to provide adequate protections for personal data that is similar to that provided herein. Where required by applicable data protection laws, we will ensure that such third parties sign standard contractual clauses as approved under your jurisdiction.
We may be required to disclose Personal Data to comply with any legal requirements (including disclosing information to government agencies for pensions schemes or social benefits), public authorities, including to meet national security or law enforcement requirements.
We may update this Policy from time to time to reflect changes to our practices. We will notify our customers by email before we make any changes that materially affect the way we treat information previously collected from you.
If you have any questions or concerns regarding the way in which your personal data is being processed or you want to exercise your rights above.
Your views and feedback are important to us. Please provide us with any comments and suggestions.
Do not hesitate to reach out to Marvelsoft using the contact information below.
Marvelsoft’s Vice President of Legal, who serves as Company’s data protection contact, and can be contacted at [email protected] or at the following address:
7/F, Nan Fung Tower
88 Connaught Road
You also have the right to reach out directly to the Data Protection Authority in your jurisdiction. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact the Data Protection Authority at any time.
Last update 7th May 2020