Introduction
Your privacy is important to us. It is Wehu’s policy to respect your privacy regarding any information we may collect from you across our website, and other sites we own and operate.
PI or also referred to as “personal information” and “PI”, as described in various privacy laws and information security standards, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
In addition, the terms “collect”, “process”, “treat”, “use”, “share”, “disclose”, “divulge” and analogous words shall refer to your PI and other data collected from our visitors and end users.
As a user of our website(s), you might be asked to agree to this Privacy Policy by clicking on the “I Agree” checkbox on the registration page, welcome pop-up box, initial web tab, banner or other analogous means. Through that action, you thereby acknowledge and agree to the terms of this Privacy Policy, which is and constitutes a legal, binding agreement between you and Wehu.
At Wehu, we view privacy as a key part of the value that we deliver to our end-users, and this Privacy Policy was developed to describe our core values regarding the data our customers entrust to us. If you do not agree to its terms, your remedy shall consist of not opening an account and exiting the web tab through which you visited our site.
Accordingly, by registering with us and/or otherwise using our products and services, you consent to the collection, transfer, processing, storage, and disclosure of your PI as described in this policy.
TL;DR; We will never sell any of your data. Our business model comes from paid subscriptions. No data of our free plan or paid plans is and never will be sold.
1. Information we collect
Log data
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
Personal information
We may ask for personal information, such as your:
- Name
- Website address
- Payment information
Business data
Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.
Non-Personal Information
Includes information such as anonymous usage data, that is, that cannot be used to personally identify an individual person, including general demographic information that we may collect and preferences that are generated based on the data you submit, such as:
- Number of clicks
- Platform type
- Anonymized data
- IP address & geo-location
- Metadata of emails
- HTML5 local storage
- Browser cache
- IP address
- Cookies
- Internet tags
- Navigational data
Social Media Platforms
We may collect certain personal information commonly disclosed by third party social media platforms when our users use single sign on authentication services such as those provided by Amazon, Google and Facebook (as available). This also includes information publicly available from the developer and advertisers APIs from third party social media platforms.
For more information, please read the terms and policies of such third party platforms. Please take into account that such third party platforms may in turn disclose and share your personal information according to their own rules, guidelines and policies. Any changes in such platform’s functionalities will be the sole and final responsibility of the social media network. Common types of personal data provided by social media platforms include:
- Friends list
- Personal image gallery
- Viewing history
- Viewing preferences
- Likes
- Saved items
- Saved pages
2. Legal bases for processing
We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.
These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:
- it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or
- we need to process your data to comply with a legal obligation.
Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
3. Collection and use of information
We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:
- to provide you with our platform’s core features;
- to process any transactional or ongoing payments;
- to enable you to access and use our website, associated applications and associated social media platforms;
- to contact and communicate with you;
- for internal record keeping and administrative purposes;
- for analytics, market research and business development, community management, including to operate and improve our website, associated applications and associated social media platforms;
- for user evaluation, marketing offers, products and services and assess whether we can provide certain features to you;
- for the protection of our services, such as fraud monitoring, identity theft and fraud prevention; and
- to enforce our terms, policies and services against misuse or abuse and to ensure compliance with our Terms of Use, including in relation to content our customers send or display through Wehu.
4. Disclosure of personal information to third parties
We may disclose personal information to:
- third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
- our employees, contractors and/or related entities;
- sponsors or promoters of any competition we run;
- credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you.
Third Party Data Controller Platforms
We may share certain personal information of yours when you elect to interact with a third party platform of Wehu, apply for their services or offerings or otherwise link or sync your Wehu account to their platforms. This Privacy Policy does not apply where Wehu processes PI as a service provider (or as a data processor as it may result analogous on other personal data regulations) on behalf of a customer or entity who acts as the data controller (e.g., the end-user of tax, accounting or credit history software products).
In certain circumstances, there may be more than one data controller processing your PI. In these situations, we act as an independent data controller over our PI processing activities – meaning that we make determinations over how your personal information will be processed independently from those of third party data controllers.
Said other data controllers have their own obligations under applicable information privacy laws, and Wehu is not responsible for the processing of third part data controllers (including our own end-users) and you should contact them directly for any queries on how they process your personal information and for exercising your privacy rights in relation to such processing.
5. International transfers of personal information
The personal information we collect is stored and processed in Hong Kong, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.
6. Your rights and controlling your personal information
Choice and consent: By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you must have, and warrant to the extent permitted by law to us, that you have your parent or legal guardian’s permission to access and use the website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website or the products and/or services offered on or through it.
We reserve the right to request any and all applicable proof of identification and consent proof from our users, at any moment, without prior notice, and at our sole and final discretion. Upon the failure to provide such proof of age, we reserve the right to immediately freeze, block or cancel the account, with no liability.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
Privacy Requests: You retain the right to access, amend, correct or delete your personal information where it is inaccurate at any time. To do so, please contact us as indicated on our contact section. Your privacy request must include, at the least, the following information: (i) your complete name, address and/or e-mail address in order for us to notify you the response to your request; (ii) attached documents establishing your identity; and (iii) a clear and concise description of the personal information with regard to which you seek to enforce any of your privacy rights. If you request rectification, please indicate amendments to be made and attach documentation to back up your request.
Upon receipt of your privacy request, and after due review, we may then edit, deactivate and/or delete your personal information from our services for the maximum term allowed by the GDPR for each applicable case. In case of secure databases under our control where deletion is impossible, we will make such information permanently inaccessible.
Notification of data breaches: We will comply laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
7. Cookies
We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. Please refer to our Cookie Policy for more information.
8. Business transfers
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.
9. Limits of our policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
10. Changes to this policy
At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.
If we make a significant change to this privacy policy, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.
11. Security of Information
If you make a purchase on our site, our third party payment processors will execute, manage and process payments encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. PCI-DSS requirements help ensure the secure handling of credit card information by our site and its service providers. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard and American Express.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all requirements and implement additional generally accepted industry standards.
You can be assured that personal information collected through our site is secure and is maintained in a manner consistent with current industry standards. The importance of security for all personal information associated with our subscribers is of utmost concern to us.
Your personal information is protected in several ways, and we protect inputted information by undertaking the reasonable technical and administrative security measures (e.g. firewalls, data encryption, physical & administrative access controls to the data and servers) that limit the risk of loss, abuse, unauthorized access, disclosure, and alteration.