We are committed to protecting your privacy as a user (referred to as "User", "you" or "your"), and we take our responsibility regarding the security of your Personal Data (defined below) very seriously. We will be clear and transparent about the Personal Data we are collecting and what we will do with that Personal Data.
(a) the types of Personal Data we collect on the illio website, or one of our other products or services, all of which are part of illio's platform (the "Platform") and how we collect it;
(b) how we hold and use the Personal Data;
(c) with whom we may share it;
(d) the choices available to you regarding our use of your Personal Data;
(e) the measures we take to protect the security of your Personal Data; and
(f) how you can contact us about our privacy practices.
- Who is responsible for processing your Personal Data
- What Personal Data we collect (including by automated means)
- Why and how we use your Personal Data
- How do we protect and manage your Personal Data (including international transfers and retention periods)
- Who do we share your Personal Data with
- Your rights and choices
- Links to other websites
- How to contact us
illio's collection, processing and retention of the Personal Data may be governed by various laws, principles and regulations which may apply to you depending on your location (including the European General Data Protection Regulation ("GDPR"), the UK Data Protection Act 2018, the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) ("PDPO"), the Singapore Personal Data Protection Act 2012 ("PDPA") and/or the Australian Privacy Act 1988 (Cth) ("APA")) (together, the "Applicable Data Laws").
1. Who is responsible for processing your Personal Data?
illio Technology Limited, a company incorporated in Hong Kong (No. 2845489) and its affiliates (referred to as "illio", "we" or "us") is the “data controller” (i.e. the organisation responsible) of all Personal Data that is collected from our customers for the purposes of Applicable Data Laws.
2. What Personal Data do we collect (including by automated means)?
Personal Data has the meaning given in the Applicable Data Laws and includes any information or opinion relating to you which allows us to identify you, such as your name, phone number, postal address, email address, details of products or services you have purchased, payment details and information about your access to the Platform.
Specifically, we may (either directly or indirectly) collect the following categories of Personal Data with respect to Individual Users (the collection of those items marked with an asterisk is necessary for the purposes of the creation and administration of your user account on the Platform ("User Account") and illio may not be able to continue providing access to the Platform in the event that any of this information is withheld):
(a) name,* home address,* e-mail address,* mobile telephone number,* credit/debit card or other payment details*;
(b) information such as nationality, place and date of birth, and gender;
(c) information, excluding anonymised or aggregated data, relating to your Portfolio Data with respect to individual Users;
(d) information you provide about yourself and any preferences in your User Account;
(e) communications with us or directed to us via letters, emails, chat services and calls;*
(f) where you have selected particular services or features on the Platform (e.g. receiving contacts and calendar information, including credentials and any information from your communications with us); and
(g) the location of your computer or device through which you access the Platform.*
We may (either directly or indirectly) collect the following categories of Personal Data with respect to individuals who act on behalf of a Corporate User in connection with the use of the Platform:
(a) name, contact address, contact e-mail address, mobile telephone number, credit/debit card or other payment details if paying on behalf of the Corporate User;
(b) certain information relating to the individual position with the Corporate User and capacity to act on behalf of the Corporate User in connection with the Platform; and
(c) communications with us or directed to us via letters, emails, chat services and calls;*
(d) the location of the computer or device through which the Platform is accessed.*
Some personal details are considered “sensitive” Personal Data under Applicable Data Laws. We will process any such data only if you have given your explicit consent, or it is necessary (for instance if you request special assistance), or you have deliberately made it public, or otherwise in compliance with Applicable Data Laws.
3. Why and how do we use your Personal Data?
Your Personal Data (which for our Individual Users includes Portfolio Data) may be used for the following purposes:
3.1 Provide features of the Platform and the products and services you request: We use the Personal Data you give us to provide the Platform and the products and services you request, including:
(a) to create and set up your User Account; and
(b) if you use the Platform to track your portfolio activity, we will collect and store this information so that you can review it on the Platform and track your progress.
3.2 Communicate information about our services and for other promotional purposes: With your consent, or as otherwise permitted by Applicable Data Laws, we will use your Personal Data to provide information that we believe is of interest to you, prior to, during, and after your interactions with us, including marketing communications and news concerning our products, services, events and other promotions. You can opt-out at any time after you have given your consent to such communications.
3.3 Customer service communications: we use your data to manage our relationship with you as our customer and to improve our services and enhance your experience with us (e.g. to respond to your inquiries when you reach out to us). From time to time, we may also conduct customer surveys to gauge satisfaction with our Platform and the services and products that we provide.
3.4 Administrative or legal purposes: We use your Personal Data to operate our business, including for statistical and marketing analysis, systems testing and to diagnose technical and service problems, maintenance and development of our Platform, or in order to deal with a dispute or claim. We may also perform data analysis based on the data we collect from you for statistical and marketing analysis purposes – for example, we may use information about how users of our Platform search for and find specific content or functionality to better understand the best ways to organise and present the content that we offer.
3.5 Security, administrative, crime prevention/detection and legal purposes: We may use your Personal Data to verify your information and identity, and to protect against, identify and prevent fraud and other unlawful activities. We may also share your Personal Data with government authorities or enforcement bodies for compliance with legal requirements, or as otherwise required or permitted by Applicable Data Laws.
(a) to comply with applicable laws, regulations, rules or other regulatory requirements (including codes, guidelines and other requirements issued by a regulatory or other authority from time to time, and including Applicable Data Laws) ("Applicable Laws");
(b) if it is in our legitimate interests to do so as a business (e.g. for administrative purposes) and to improve the functionality of our Platform; and
(c) where you have consented to our using your Personal Data (e.g. for marketing related uses).
4. How do we protect and manage your Personal Data (including international transfers and retention periods)?
4.1 Encryption and security
We follow strict security procedures in the storage and disclosure of your Personal Data, and to protect it against misuse, unauthorised access, modification or disclosure and accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the internet.
4.2 International transfers of your Personal Data
illio operates businesses in multiple jurisdictions, some of which are not located in the European Union or European Economic Area (EEA). The Personal Data that illio collects from users will be stored in the EEA but might also be shared with third party data recipients that are not located in the EEA. Therefore, the Personal Data that you provide to illio may, and you consent to such Personal Data to, be transferred internationally to countries other than the jurisdiction in which you initially provided your data.
4.3 Retention of your Personal Data
We will not retain your data for longer than is necessary to fulfil the purpose for which it is being processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the Personal Data, the purposes for which we process it, and whether we can achieve those purposes through other means.
We also consider the periods for which we might need to retain Personal Data in order to comply with Applicable Laws, or to deal with complaints and queries, and to protect our legal rights in the event of a claim being made.
In general, this means that we will likely keep your Personal Data for as long as your User Account is open. Following closure of your User Account, we will retain your Personal Data for a period of up to fourteen (14) days so that we can contact you if necessary and to comply with our internal processes and any Applicable Laws. After fourteen (14) days, all Personal Data will be deleted except for some basic identifying data to help us identify you, should you decide to become a User again.
When we no longer need your Personal Data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the Personal Data that we use, and if we can anonymise your Personal Data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
5. Who do we share your Personal Data with?
(a) other companies and members within the illio group;
(b) our third party ancillary partners (identified on our website), who may offer products and services on or through our Platform. If you choose to purchase services offered on our Platform by third parties, you may be a customer of both illio and these third parties, and we and our partners may collect and share information about you, such as your contact details and your billing information. We are not responsible for third parties’ use of your Personal Data where such use is permitted for their own purposes. You should consult their privacy policies for further information;
(c) other companies, contractors or agents that assist us in providing services to you, including legal services, debt collection, administration services, customer services and information technology support;
(d) only where you have provided consent, other companies, contractors or agents in connection with our marketing efforts, or marketing platform providers;
(f) government authorities, law enforcement bodies and regulators for compliance with Applicable Laws, or where otherwise required by Applicable Laws; and
(g) our legal and other professional advisers in order to enforce our legal rights in relation to our contract with you.
6. Your rights and choices
In certain circumstances, under Applicable Data Laws, you may have the right to:
(a) Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it;
(b) Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
(c) Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
(d) Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see (e) below);
(e) Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
(f) Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you;
(g) Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
(h) Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format; and
(i) Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed, unless we have another proper and legitimate basis for doing so.
If you wish to exercise your rights related to your Personal Data (including the rights set out above), please contact the illio team using the details in Section 9.
While you will generally not be required to pay a fee to access your Personal Data or to exercise any of your other statutory rights, we may charge a reasonable fee if your request for access is clearly completely unfounded or excessive or decline to comply with such requests where permitted by Applicable Data Laws.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it and to prevent unauthorised modification of your Personal Data.
You also have the right to lodge a complaint about our processing of your Personal Data with the body regulating data protection in your jurisdiction.
7. Links to other websites
Our Platform may provide links to other websites for your convenience and information. These websites may operate independently from us. If you visit any website linked to our Platform, you are subject that website’s own privacy policies. Linked websites may have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites are not owned or controlled by us, we are not responsible for their content, any use of the websites, or the privacy practices of the websites.
9. How to contact us?