EMMA BY AXA PRIVACY POLICY
GENERAL TERMS
Last updated: [08/01/2024]
STATEMENT OF POLICY
The protection of privacy in relation to personal data is the concern of every person in AXA China Region Insurance Company (Bermuda) Limited (Incorporated in Bermuda with limited liability) / AXA China Region Insurance Company Limited / AXA General Insurance Hong Kong Limited / AXA Wealth Management (HK) Limited (referred to hereinafter as “AXA Hong Kong”, “Company”, “we”, “our” or “us”). AXA Hong Kong respects personal data privacy and is committed to fully implementing and complying with the requirements under the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”). Personal data will be collected only for lawful and relevant purposes and all practicable steps will be taken to ensure that personal data held by AXA Hong Kong is accurate. AXA Hong Kong will take all practicable steps to ensure security of the personal data and to avoid unauthorised or accidental access, erasure or other use.
The “Mainland China Appendix” (appended to this Emma by AXA Privacy Policy) will also apply if you are located in Mainland China.
STATEMENT OF PRACTICES
Information collected when you visit this Platform
Information is collected when you visit or use the Emma by AXA website and mobile application (together, this “Platform” or “Emma by AXA”). AXA Hong Kong also maintains its general Privacy Policy at [link]. In relation to personal data processing relating to the Platform, this Emma by AXA Privacy Policy prevails if there is any inconsistency with AXA Hong Kong’s general Privacy Policy.
When you access this Platform, cookies will be stored in your device’s and computer’s hard drive. The purpose of using cookies is to 1) facilitate the content display and successful redirection to the correct page upon your clicking on the changing banner; and 2) remember that you have visited this Platform as well as what interested you on this Platform, such as the pages you viewed.
We do not collect or store any personal data from you under this circumstance. You have a choice not to accept the cookies, but if you do, certain functionality, i.e. banner redirection and certain content display may not be available.
We also use GPS technology to determine your current location. Some of our location-enabled services require your personal data for the feature to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.
We also collect personal data including device data, physiological data, mental health data, usage data and location data through the use of mobile SDK. When your device syncs with our servers (including through background syncs on your Mobile Application), the above data will be transferred from your device to our servers.
Other information that we collect from you directly, and any information we received from other sources including third parties, family members, associates or policyholders, joint policy holders, contingent owners, insureds, beneficiaries, including minor beneficiaries, assignees, trustees and claimants of products and services will also be stored on our servers.
Statistics on visitors to this Platform
We may perform ourselves or engage with third parties to provide us with certain analytical services to better understand users of this Platform. This may involve the use of our own and third party technologies to collect and store anonymous information when you use this Platform, but we do not collect any information which identifies your personal identity until you are otherwise specifically required to so do. This may include using cookies, Google Analytics and similar mechanisms. We and our service providers may make a record of your visit that includes but not limited to username, token, passcode, device ID, API responses, operating systems, IP addresses (and domain names), the types and configurations of browsers, network provider, language settings, geo-locations, previous sites visited, source and medium of visits, and time/duration and the pages visited.
Your visit to this Platform may be recorded for general analysis for website enhancement and optimisation. Anonymous information may be gathered through the use of cookies. These cookies include retargeting cookies and are placed by AXA Hong Kong or by advertising networks that AXA Hong Kong works with. We use these cookies to ensure that the advertising and website content that we serve you, on this Platform or other websites, is aligned to your browsing habits. For example, to remind you of the products or services you have shown an interest in. These cookies are also used to limit the number of times you may see an advert/content and to tailor the messaging we serve you. They may also be used for market research and to help measure the effectiveness of an advertising campaign.
If you would prefer, you can set your browser to disable cookies or inform you when they are set.
Third parties
We may engage with third parties to provide us with certain analytical services to better understand our visitors, who may use various third party technologies to collect and store anonymous information when you visit this Platform, and this may include using cookies, web beacons and similar mechanisms (including use of new technologies) to collect information when you click on or move your cursor over their buttons. We may have access to this information to permit us to identify other websites that you have visited that are also associated with that third party. In doing so, however, these third parties do not collect personal information (unless you explicitly provide it to them), and we do not give any personally identifiable information to them. These third parties may collect certain non-personally identifiable information such as what web site a visitor came from, your IP address, and what type of browser you are using. These companies may also use non-personally identifiable information during your visits to this and other websites in order to provide advertisements about goods and services likely to be of greater interest to you, and we do not control the dissemination of these third party cookies, web beacons and similar mechanisms.
Links to third party
This Platform may contain links to third party websites. AXA Hong Kong has no control over these third party websites. You should review the privacy policies applicable to these third party websites to understand the ways in which these third parties may collect and deal with your personal information.
Retention
AXA Hong Kong ensures personal data is not kept longer than is necessary for the fulfillment of the purpose for which the data is or is to be used
Security
AXA Hong Kong takes appropriate steps to protect the personal data we collected against unauthorised or accidental access, modification, erasure, loss or use.
Personal data electronically sent to AXA Hong Kong is protected through encryption controls (a secure means of transmission).
Collection and Usage of Personal Data
In providing you with services available on this Platform, from time to time during the use of Emma by AXA mobile application and web portal, AXA Hong Kong collects your personal data which may be used, stored, processed, transferred, disclosed or shared by us for purposes (“Purposes”), including:
1. offering, providing or marketing to you the products/services of AXA Hong Kong, other companies of the AXA Group (“our affiliates”) or our business partners (see “Use and provision of personal data in direct marketing” below), and administering, maintaining, managing or operating such products/services;
2. processing and evaluating any applications or requests or transactions made by you for products/services offered by AXA Hong Kong and our affiliates;
3. providing subsequent services to you, including but not limited to administering the policies issued;
4. any purposes in connection with any claims made by or against or otherwise involving you in respect of any products/services provided by AXA Hong Kong and/or our affiliates, including verifying identity or investigation of claims;
5. evaluating your financial needs or performing health and financial needs analysis to offer health information or insurance products suggestions;
6. offering health information services, e.g. providing a progress report, which contains your health score, steps taken, calories burned, resting heart rate, sleep and distance covered;
7. offering personal organisation and storage services;
8. designing new or enhancing insurance products/services/ other financial products for customers;
9. conducting market research for statistical, data analytics, actuarial research or other purposes;
10. monitoring the platform usage to provide us with information to be used in automated decision-making and profiling such as marketing profiling;
11. matching any data held which relates to you from time to time for any of the purposes listed herein;
12. making disclosure as required by any applicable law, rules, regulations, codes of practice or guidelines or to assist in law enforcement purposes, investigations by police or other government or regulatory authorities in Hong Kong or elsewhere;
13. conducting identity and/or credit checks and/or debt collection;
14. complying with the laws of any applicable jurisdiction;
15. carrying out other services in connection with the operation of AXA Hong Kong’s business;
16. improving the accuracy of our risk profiling & customised health services to you;
17. providing of customer services, administering and protecting our business and the mobile application including troubleshooting, data analysis and system testing;
18. providing us with information to be used in automated decision-making and profiling such as marketing profiling;
19. distribution of prizes/ gifts, contacting winners and announcing winners on newspaper and AXA website for our campaigns, events, lucky draws or other contents that you have participated;
20. communicating with you including to send you administrative communications about any account you may have with us or about future changes to this Emma by AXA Privacy Policy; and
21. other purposes directly relating to any of the above.
Please note that if you do not provide us with your personal data, we may not be able to provide the information, products or services you need or process your request, and you may not be entitled to any prizes/ gifts from our campaigns, events, lucky draws and other contests.
If you wish to stop profiling activities, please inform us in writing to the address in the section on “Data Access and Correction”. AXA Hong Kong shall, without charge to you, ensure that you are not included in future profiling activities.
Transfer of personal data
Personal data will be kept confidential but, subject to the provisions of any applicable law, may be provided to:
1. any of our affiliates, any person associated with AXA Hong Kong, any reinsurance company, claims investigation company, your broker, industry association or federation, fund management company or financial institution in Hong Kong or elsewhere and in this regard you consent to the transfer of your data outside of Hong Kong;
2. any person (including private investigators) in connection with any claims made by or against or otherwise involving you in respect of any products/services provided by AXA Hong Kong and/or our affiliates;
3. any agent, contractor or third party who provides administrative, data processing, telecommunications, health and medical services (including teleconsultations), marketing, distribution, underwriting, technology or other services (including direct marketing services) to AXA Hong Kong and/or our affiliates in Hong Kong or elsewhere and who has a duty of confidentiality to the same;
4. credit reference agencies or, in the event of default, debt collection agencies;
5. any actual or proposed assignee, transferee, participant or sub-participant of our rights or business; and
6. any government department or other appropriate governmental or regulatory authority in Hong Kong or elsewhere.
For our policy on using your personal data for marketing purposes, please see the section below “Use and provision of personal data in direct marketing”.
Transfer of your personal data will only be made for one or more of the Purposes specified above.
Use and provision of personal data in direct marketing
AXA Hong Kong intends to:
1. use your name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data held by AXA Hong Kong, our affiliates, our co-branding partners and our business partners from time to time for direct marketing;
2. conduct direct marketing (including but not limited to providing reward, loyalty or privileges programmes) in relation to the following classes of products and services that AXA Hong Kong, our affiliates, our co-branding partners and our business partners may offer:
a. insurance, banking, provident fund or scheme, financial services, securities and related products and services;
b. products and services on health, wellness and medical, food and beverage, sporting activities and membership, entertainment, spa and similar relaxation activities, travel and transportation, household, apparel, education, social networking, media and high-end consumer products;
3. the above products and services may be provided by AXA Hong Kong and/or:
a. any of our affiliates;
b. third party financial institutions;
c. the business partners or co-branding partners of AXA Hong Kong and/or affiliates providing the products and services set out in 2 above;
d. third party reward, loyalty or privileges programme providers supporting AXA Hong Kong or any of the above listed entities;
4. in addition to marketing the above products and services, AXA Hong Kong also intends to provide the data described in 1 above to all or any of the persons described in 3 above for use by them in marketing those products and services, and AXA Hong Kong requires your written consent (which includes an indication of no objection) for that purpose.
Before using your personal data for the purposes and providing to the transferees set out above, AXA Hong Kong must obtain your written consent, and only after having obtained such written consent, may use and provide your personal data for any promotional or marketing purpose.
You may in the future withdraw your consent to the use and provision of your personal data for direct marketing.
If you wish to withdraw your consent, please inform us in writing to the address in the section on “Data Access and Correction”. AXA Hong Kong shall, without charge to you, ensure that you are not included in future direct marketing activities.
Data Access and Correction
Under the PDPO, you have the right to ascertain whether AXA Hong Kong holds your personal data, to obtain a copy of the data, and to correct any data that is inaccurate. You may also request AXA Hong Kong to inform you of the type of personal data held by it.
Requests for access and correction or for information regarding policies and practices and kinds of data held by AXA Hong Kong should be addressed in writing to:
Life Insurance | Data Privacy Officer AXA China Region Insurance Company (Bermuda) Limited (Incorporated in Bermuda with limited liability) /AXA China Region Insurance Company Limited Customer Service Centre Suite 2001, 20/F, Tower Two, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong |
Property & Casualty | Data Privacy Officer AXA China Region Insurance Company (Bermuda) Limited (Incorporated in Bermuda with limited liability) /AXA General Insurance Hong Kong Limited 5/F AXA Southside, 38 Wong Chuk Hang Road, Wong Chuk Hang, Hong Kong |
Health & Employee Benefits | Data Privacy Officer AXA China Region Insurance Company Limited/AXA General Insurance Hong Kong Limited 10-11/F, AXA Southside, 38 Wong Chuk Hang Road Wong Chuk Hang, Hong Kong |
Non-Policyholders | Data Privacy Officer AXA China Region Insurance Company Limited/AXA General Insurance Hong Kong Limited 13/F, AXA Southside, 38 Wong Chuk Hang Road Wong Chuk Hang, Hong Kong |
A reasonable fee may be charged to offset AXA Hong Kong’s administrative and actual costs incurred in complying with your data access requests.
Emma by AXA Privacy Policy - Mainland China Appendix
Last updated: [08/01/2024]
1. Introduction
Our Emma by AXA Privacy Policy (as supplemented by this Mainland China Appendix) applies to explain how we collect, store, use, process, transmit, provide, disclose or delete (together, “Process”) your Personal Data if you are located in Mainland China. For the purpose of this Emma by AXA Privacy Policy – Mainland China Appendix, Mainland China excludes Hong Kong, Macau and Taiwan. To the extent that there is any conflict between the General Terms of this Emma by AXA Privacy Policy and this Mainland China Appendix, this Mainland China Appendix shall apply.
This Emma by AXA Privacy Policy is closely related to your use of our services. We strongly encourage you to read in detail this Emma by AXA Privacy Policy, confirm that you fully understand the content in it, and accordingly, choose how to use our services. We endeavour to use clear and plain language to express any terms in this Emma by AXA Privacy Policy. For your attention, we have highlighted (in bold) the terms on Processing of your Personal Data that may significantly affect your rights and interests.
2. Purposes of Processing your Personal Data
2.1. “Personal Data” means any type of information (recorded via electronic means or otherwise) associated with an identified or identifiable natural person, but excluding information after anonymisation handling. Personal Data may include Sensitive Personal Data.
2.2. “Sensitive Personal Data” means Personal Data which, if leaked or used illegally, may easily cause harm to the dignity of natural persons, or cause harm to personal or property safety, including biometric information, religious belief, specific identity information, health and medical information, financial account information, individual location tracking information and Personal Data of minors under the age of 14.
2.3. Necessity and impact on individual’s rights and interest in Processing Sensitive Personal Data. You need to carefully consider whether your Sensitive Personal Data should be disclosed to us. It is necessary for you to provide us with such Sensitive Personal Data, so that AXA Hong Kong can provide certain services to you. If you do not provide us with your separate consent, AXA Hong Kong may not be able to provide certain services to you. Specifically, it is necessary that we Process your identification information, health records, driving offences records, marital status, financial background information to consider your insurance application, insurance fees, your claims and other business functions as set out below.
2.4. Given the range of specific products or services available to each user may be different, the basic or extended business functions and the types and scope of Personal Data Processed may be different for each user. Please refer to the business functions available for your account on the Platform.
Basic business functions and system permission to access Personal Data
2.5. We Process your Personal Data (including Sensitive Personal Data highlighted in bold) for operating the Platform and providing you with our services for the basic business functions. Unless otherwise stated, the Personal Data we Process for basic business functions are necessary. If you refuse to provide the relevant Personal Data for our Processing, AXA Hong Kong may not be able to provide certain services to you.
2.6. We will ask for your consent to our Processing of your Personal Data for each of the following purposes and business functions in this paragraph 2.6. You can withdraw your consent to each of the following at any time by disabling our access rights in your device settings or Emma by AXA settings:
(a) to enable you to submit evidence about your claims on the Platform, you may need to upload image information. We would, therefore, need to obtain your authorisation to activate functionalities, including using your device camera for photo-taking, accessing image files and photo albums; and
(b) when you log in the Platform through Face ID, your facial information is only stored on your device locally, and we will only receive your facial verification results without storing or retaining your original facial information.
2.7. We may access your device clipboard, but we will not collect the clipboard information.
2.8. Your Personal Data may be Processed as follows:
Business Functions Necessary to Improve our Services/Products
2.9. We may Process your Personal Data for the purposes of improving our service quality. If you refuse to provide the relevant Personal Data for our Processing, AXA Hong Kong may not be able to provide certain services to you, but it will not affect your use of the basic business functions and other extended business functions.
2.10. Your Personal Data may be Processed as follows:
| Business Functions Necessary to Improve our Services/Products and Processing Purposes and Means | Sensitive Personal Data Processed | Other General Personal Data Processed |
1. | To design new or enhance products/services/other financial products for customers | Financial background, health information (if voluntarily provided by you) | Name, contact details, products and services portfolio information, demographic data (such as age of family members) related to you or your family (if voluntarily provided by you) |
2. | To improve the accuracy of risk profiling and customer health services | Financial background, health information and records | Name, contact details, products and services portfolio information |
3. | To conduct market research for statistical, data analytics, actuarial research or other purposes | None | Name, gender, age, contact details, products and services portfolio information, educational details, employment details, occupation, lifestyle information |
4. | To carry out Automated Decision Making and profiling such as marketing profiling, including monitoring Platform usage to obtain information to be used in Automated Decision Making (see paragraph 6 of this Mainland China Appendix for your rights in relation to Automated Decision Making) | Marital status, browsing history within this Platform, event history of browser within this Platform | AXA ID, date of birth, gender, preferred language, contact phone number, number of child, region, browser type, device name, operation system, language, access time |
5. | To market products/ services of the Company, our affiliates and our business partners (see “Use and provision of personal data in direct marketing” in the General Terms of the Privacy Policy) | IP address, web browsing information, marital status and health information (if voluntarily provided by you) | Name (if voluntarily provided by you), contact details (if voluntarily provided by you), demographic data (such as age) related to you or your family (if voluntarily provided by you), products interest and services portfolio information |
6. | To complete enrolment for events/ newsletters/ campaigns/ promotion activities and conduct identity checking for gift fulfilments or redemptions | IP address, web browsing information, health information (if voluntarily provided by you) | Name, contact details, products and services portfolio information, demographic data (such as age) related to you or your family (if voluntarily provided by you) |
Other Extended Business Functions and system permission to access Personal Data
2.11. To provide you with greater user experience on the Platform, we may Process your Personal Data for the following extended business functions. If you do not provide your Personal Data for an extended business function, you will not be able to use the corresponding services, but it will not affect your use of the basic business functions and other extended business functions. You could choose to provide your Personal Data to us and select to use the extended business functions at your preference.
2.12. We will ask for your consent to our Processing of your Personal Data for each of the following purposes and business functions in this paragraph 2.12. You can withdraw your consent to each of the following at any time by disabling our access rights in your device settings:
(a) we Process GPS technology to determine your current location. Some of our location-enabled services including Find a Doctor require your Personal Data for the feature to operate. You can withdraw your consent at any time by disabling Location Data in your settings; and
(b) we also Process Personal Data including device data, physiological data, mental health data, usage data and location data through the use of mobile software development kit (“SDK”). When your device syncs with our servers (including through background syncs on your Mobile Application), the above data will be transferred from your device to our servers.
2.13. The extended business functions include:
| Extended Business Functions and Processing Purposes and Means | Sensitive Personal Data Processed | Other General Personal Data Processed |
1. | For you to use “Ask Emma” (a chatbot) which responds to your general enquiries on the Platform | None | Name, contact details, products and services portfolio information |
2. | For providing initial recommendations based on your health symptoms or health information
| Health symptoms, health information, facial features (provided that facial features will not be stored by AXA Hong Kong for this purpose) | Age, gender |
3. | To perform health analysis to offer health information or insurance products suggestions | Health symptoms, health information and records, facial features (provided that facial features will not be stored by AXA Hong Kong for this purpose) | Name, contact details, products and services portfolio information, demographic data (such as age) related to you or your family (if voluntarily provided by you) |
4. | For you to use health related supporting services (including contacting medical service providers and providing support on personal wellness or health) | Health symptoms, health information and records, health score, steps taken, calories burned, resting heart rate, sleep and distance covered, exercise records, location data, policy number | Name, phone number, email address, age, preferred contact method, preferred language, enquiry, information about your products and services portfolios serviced by AXA Hong Kong |
5. | For you to use AXA Goal which rewards you with rebate or other offers for achieving step count goals | Health information including step counts | Name, contact details, information about your products and services portfolio serviced by AXA Hong Kong |
6. | To send festive greetings e.g. birthday greetings | None | Name and contact details, date of birth |
2.15. There are several ways for us to collect your Personal Data, including that AXA Hong Kong may:
(a) directly collect your Personal Data from you (such as when you apply for insurance or make insurance claims);
(b) collect your Personal Data from family members, associates or policyholders, joint policy holders, contingent owners, insureds, beneficiaries, including minor beneficiaries, assignees, trustees, payors of insurance premium, and claimants of products and services;
(c) collect your Personal Data from the reinsured (such as where your Personal Data is held with an insurance company and we provide reinsurance services to such insurance company); and
(d) from other third parties including our business partners, such as medical service providers (e.g. hospitals or clinics).
If you wish to raise any inquiries about the source of your Personal Data, please contact our relevant Data Privacy Officer. Contact details are set out under “Data Access and Correction” in the General Terms.
2.16. Cookies. Please refer to ”Information collected when you visit this Platform”, “Statistics on visitors to this Platform” and “Third Parties” sections in the General Terms of the Privacy Policy. The purpose of using cookies is to (a) facilitate the content display and successful redirection to the correct page upon your clicking on the changing banner; and (b) remember that you have visited this Platform as well as what interested you on this Platform, such as the pages you viewed. When you visit this Platform, we may perform ourselves or engage third parties to automatically collect certain data from you (which may or may not include Personal Data). This may include using cookies, Google Analytics and similar mechanisms to make a record of your visit that includes but not limited to username, token, passcode, device ID, API responses, operating systems, IP addresses (and domain names), the types and configurations of browsers, network provider, language settings, geo-locations, previous sites visited, source and medium of visits, and time/duration and the pages visited. You may refuse to accept the cookies, but if you do, certain functionality, such as banner redirection and certain content display may not be available. Most web browsers allow some control of most cookies through the browser settings (e.g. refusing or deleting cookies). To find information relating to other browsers, visit the browser developer's website.
2.17. With your prior consent (if required under applicable data protection laws), AXA Hong Kong may market products or services or deliver messages to you based on your preferences, interests and other personal characteristics. Where information submitted to us by you is used for the purpose of push notifications, we will notify you of the same. These messages may be marketed or delivered to you by way of letter, email, short message service, through social media platforms and/or push notifications within the Platform. If you do not wish us to target our marketing based on your personal characteristics or if you wish to opt out from targeted marketing or profiling activities, please inform us in writing to the address in the section on “Data Access and Correction” in the General Terms. AXA Hong Kong shall, without charge to you, ensure that you are not included in future profiling activities. You may also turn off the permission for access to notifications in your device settings or Emma by AXA settings. After the access is disabled, you will not be able to receive push notifications from the Platform.
2.18. The Company shall not be required to obtain your consent to Process your Personal Data if any of the following situations applies:
(a) where the Processing of Personal Data is necessary for the conclusion or performance of a contract to which you are a contracting party, or where it is necessary to carry out human resources management according to lawfully formulated labour rules and lawfully concluded collective contracts;
(b) where it is necessary to perform a statutory responsibility or obligation;
(c) if it is necessary to respond to a public health emergency, or to protect the life, health or property safety of an individual in case of an emergency;
(d) where Personal Data is Processed within a reasonable scope to carry out news reporting, public opinion supervision or any other activity for public interest purposes;
(e) where the Processing relates to Personal Data published by you or otherwise already lawfully disclosed, within a reasonable scope in accordance with applicable laws; or
(f) if the Processing of Personal Data is directly related to:
(i) national security and national defence;
(ii) public safety, public health and major public interest; or
(iii) criminal investigations, criminal prosecutions, adjudication or enforcement of judgments; and/or
(iv) ensuring the safe and stable provision of our product or services, and the Processing is necessary.
2.19. In the event that AXA Hong Kong Processes your Personal Data that is collected indirectly from a third party, AXA Hong Kong will require such third party to comply with applicable data protection laws in Processing the Personal Data, and we may require such third party to confirm that: (a) it has lawfully obtained the relevant Personal Data from you; (b) it has notified you of AXA Hong Kong’s Emma by AXA Privacy Policy and other relevant documents and obtained all necessary consent from you for the Processing of Personal Data for the relevant purpose and in accordance with AXA Hong Kong’s Emma by AXA Privacy Policy; and (c) it will assist AXA Hong Kong to obtain any further consent from you in the case that the Processing of Personal Data by AXA Hong Kong will go beyond the scope of the initial consent obtained.
3. Minors’ Personal Data
3.1. AXA Hong Kong will only Process Personal Data of individuals under 14 years old with separate consent from their parents or guardians. We will only Process the Personal Data of an individual under 14 years old where it is necessary to provide the relevant services to him or her, and we will adopt security measures to limit adverse impact to the individual’s rights and interests. If you are under 14 years old, please provide this Emma by AXA Privacy Policy to your parents or guardians. We retain our right to reject providing services to you if we do not have your parents or guardians’ separate consent to Processing Personal Data of individuals under 14 years old.
3.2. Where AXA Hong Kong has obtained separate consent from parents or guardians for Processing their minors’ Personal Data, AXA Hong Kong will protect and only Process those minors’ Personal Data in the same manner (using the same types of Personal Data for the same purposes and means of Processing, retaining for same period and providing same data subject rights) and in the same locations as set out in the Emma by AXA Privacy Policy (as supplemented by this Mainland China Appendix). If the parents or guardians refuse to provide separate consent for our Processing of their minors’ Personal Data which is necessary, AXA Hong Kong may not be able to provide certain services to their minors. To exercise any data subject rights, raise any inquiries or complaint for minors, please refer to the “Data Subject Rights” section below.
Sharing with Third Party Data Controllers
4.1. The Company may from time to time during our provision of services to you transfer your Personal Data to third parties set out in the “Transfer of Personal Data” section in the General Terms of this Emma by AXA Privacy Policy, among which some third parties who will Process your Personal Data according to their own purposes and methods of Processing (“Third Party Data Controllers”). These Third Party Data Controllers may be located within or outside Mainland China. We will only transfer and/or disclose your Personal Data to these Third Party Data Controllers upon obtaining your separate consent, and in accordance with applicable data protection laws in Mainland China. Where AXA Hong Kong is jointly Processing your Personal Data with a Third Party Data Controller, we shall ensure that our responsibilities in Processing your Personal Data are clearly and distinctively defined.
4.2. You can contact AXA Hong Kong for the relevant information regarding those Third Party Personal Data Controllers, such as their identity, contact information, retention period, location, the processing activities undertaken by them (including types of Personal Data being processed, and the purposes and means of processing), their responsibilities in relation to Processing of your Personal Data and (where applicable) the legal bases for the transfers of your Personal Data to outside of Mainland China. Our contact details are set out in the “Data Access and Correction” section in the General Terms of this Emma by AXA Privacy Policy.
4.3. For details about exercising your data subject rights with respect to Personal Data shared with Third Party Data Controllers, please see paragraph 7 below.
Transfer to our appointed data processors
4.4. Furthermore, AXA Hong Kong may transfer your Personal Data to third parties appointed by us who only Process your Personal Data according to the purposes and means instructed by us, including any third party set out in the “Transfer of Personal Data” section in the General Terms of this Emma by AXA Privacy Policy, and who has a duty of confidentiality to the same. Where these data processors are located outside of Mainland China, we will only transfer and/or disclose your Personal Data to these data processors upon obtaining your separate consent, and in accordance with applicable data protection laws of Mainland China. You can contact AXA Hong Kong for the relevant information regarding these data processors based outside Mainland China and (where applicable) the legal bases for such transfers to outside of Mainland China. Our contact details are set out in the “Data Access and Correction” section in the General Terms of this Emma by AXA Privacy Policy.
4.5. When AXA Hong Kong shares your Personal Data with any third parties, AXA Hong Kong will strive to ensure (including but not limited to using contractual measures or adopt encryption for transfer to ensure) that such third parties comply with this Emma by AXA Privacy Policy and other appropriate confidentiality and security measures that AXA Hong Kong requires them to comply with when using your Personal Data, except for the Personal Data you provide directly to the third parties through the use of their services.
4.6. With the continuous development of our business, AXA Hong Kong may engage in mergers, acquisitions, dissolution, liquidation, transfer of assets or similar transactions, and in such cases, (i) AXA Hong Kong shall inform you of information that is required under applicable Mainland China data protection laws; and (ii) your Personal Data may be transferred to any actual assignee or purchaser of all or any part of our (and/or our affiliates’) business and/or assets; and our service providers in these situations.
Transfer to Third Party Data Controllers and our appointed data processors located outside of Mainland China
4.7. Where necessary for the relevant purposes identified above, AXA Hong Kong may transfer your Sensitive Personal Data to Third Party Data Controllers or data processors located outside Mainland China. The Company may not be able to provide certain services to you if we do not carry out such transfer. The Company has adopted contractual and security measures to protect your relevant rights and interests in relation to the transfer. In particular, where required by law, AXA Hong Kong and such Third Party Data Controllers or data processors located outside Mainland China will enter into a data transfer agreement.
Third Party SDK Access
4.8. In addition, to ensure reliable services on the Platform, we work with our authorised business partners which provide their plug-in programs or SDKs, and which may Process your Personal Data with your consent. You may see the details of these authorised business partners and SDKs here.
5. Retention and Security of your Personal Data
5.1. The Company and its data processors Process your Personal Data in Hong Kong, Macau, Mainland China, Singapore, Australia, Brazil, Canada, France, Germany, India, Ireland, the Isle of Man, Japan, Mauritius, South Korea, Switzerland, United Kingdom and United States.
5.2. Unless required by applicable laws and regulations or with your consent, we will generally retain your Personal Data for 7 years from the last activity or interaction with us. After the end of the retention period, we will delete or anonymise your Personal Data.
5.3. In order to ensure the correct use and to maintain the accuracy of Personal Data collected from you, as well as preventing unauthorised or accidental access, disclosure, alteration, loss or other use of Personal Data, AXA Hong Kong has implemented various internal management policies (including physical, electronic and management measures) and various security technologies and procedures based on the classification of Personal Data AXA Hong Kong collects from you. For example:
(a) your Personal Data will only be accessed by AXA Hong Kong’s personnel on a “need-to-know” basis;
(b) AXA Hong Kong ensures that its personnel are regularly trained on data protection matters;
(c) where required by applicable Mainland China data protection laws and regulations, AXA Hong Kong will encrypt and/or de-identify your Personal Data;
(d) to mitigate any potential risks of unauthorised Processing of your Personal Data, AXA Hong Kong maintains a security incident response plan; and
(e) where required by applicable Mainland China data protection laws and regulations, AXA Hong Kong will also seek to inform you and the relevant authorities of any incidents concerning the Personal Data AXA Hong Kong Processes on your behalf.
6.1. “Automated Decision Making” means the use of computer programs or algorithms to automatically analyse or assess personal behaviours, habits, interests or hobbies, or financial, health, credit or other status, and make automated decisions based on such analysis or assessment.
6.2. From time to time AXA Hong Kong may Process your Personal Data through Automated Decision Making in the following scenarios to the extent permitted by applicable laws and regulations:
(a) Processing your AXA ID, date of birth, gender, preferred language, contact phone number, number of child, region, marital status, through Automated Decision Making for the purpose of sending you direct marketing communications and/or push notifications which contain content specifically targeting you;
(b) Processing your browser type, device name, operation system, language, access time, browsing history within this Platform, event history of browser within this Platform through Automated Decision Making for the purpose of enhancing your browsing experience at this Platform, and displaying content on this Platform targeting you; and
(c) providing your data to our Automated Decision Making service providers, so that they may use Automated Decision Making to place advertisements on this Platform which contain content specifically targeting you. Please also refer to paragraphs 4.4 to 4.5 of this Mainland China Appendix for further information.
6.3. You have the following rights in respect of Automated Decision Making:
(a) where AXA Hong Kong Processes your Personal Data through Automated Decision Making to send direct marketing messages or push notifications to you, you have the right to opt-out from such Automated Decision Making processing; and
(b) where the decision made through the Automated Decision Making has a material impact on your personal interest, you also have the right to request for an explanation of such decision, and the right to refuse our Processing through Automated Decision Making.
If you would like to exercise your rights referred to in this paragraph 6.3, please refer to paragraph 7 below.
7.1. You (or your next of kin or you acting on behalf of your minors) are entitled to exercise the following data subject rights under the applicable Mainland China data protection laws:
(a) access, copy, (where your Personal Data is inaccurate or incomplete) correct and/or supplement any of your Personal Data held by AXA Hong Kong;
(b) restrict or reject the Processing of your Personal Data held by AXA Hong Kong;
(c) request deletion or de-registration of your Personal Data which is held by AXA Hong Kong (where the purposes of Processing have been or cannot be fulfilled or are no longer necessary, where AXA Hong Kong ceases to provide the services or the retention period ends, where there is a breach of applicable law in AXA Hong Kong’s Processing or otherwise required by applicable law);
(d) deletion of Emma by AXA user account;
(e) withdraw your consent to AXA Hong Kong Processing your Personal Data;
(f) request AXA Hong Kong to transfer your Personal Data to another organisation, if such transfer is permitted by applicable laws;
(g) the rights set out in paragraph 6.3 above in respect of Automated Decision Making; and
(h) request that we explain AXA Hong Kong’s rules on Processing of your Personal Data.
7.2. If you wish to exercise any of the rights in paragraph 7.1 above, and raise any inquiries or complaint, please contact our relevant Data Privacy Officer. Contact details are set out under “Data Access and Correction” in the General Terms. You can also delete your user account by accessing the “settings” within the Emma by AXA application.
To the extent permitted by relevant laws and regulations, AXA Hong Kong reserves the right to (i) refuse unreasonable requests (for example, requests which infringe the privacy of others); and (ii) charge a reasonable fee for the cost of processing any request set out in paragraph 7.1 above.
8. Updates to this Emma by AXA Privacy Policy
8.1. This Emma by AXA Privacy Policy may be updated from time to time. You may check the most updated Emma by AXA Privacy Policy on this Platform by going to Emma by AXA settings.