Check-in Pax – Privacy policy

Last updated: 30 July 2024

 

Personal data controller: Check-in Pax Limited (collectively referred to as Check-in Pax, “us”, “our”, or “we”) with registered office at 2F Beverly House, 93-107 Lockhart Road, Wan Chai, Hong Kong, Business registration number: XXXXXX, incorporated under the laws of Hong Kong.

As the providers of the Check-in Pax platform (referred to as the “Platform”), we support you with innovative digital event management solutions and other related services in accordance with the Terms of Use (referred to as the “Terms and conditions”) and any agreements in place. Safeguarding the privacy of your personal data is a top priority for us. We will only access your account to assist with problem-solving or resolving software issues. We will not review any uploaded guest lists or files unless specifically requested by you. All account access is logged by IP address to ensure that no unauthorized access occurs, as long as the logs are retained.

The Platform can be accessed through the website: https://www.checkinpax.com (referred to as the “Website”). We handle personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals regarding the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (known as the “GDPR”).

Please keep in mind that we have dual roles: firstly, as the controller of your personal data as detailed in this privacy policy, and secondly, as the processor of personal data. The processing of personal data as a data processor is detailed in our Data Processing Agreement (DPA) policy, which is included in the terms and conditions.

In order to ensure transparency, we have categorized the personal data we process in accordance with our privacy policy into the following categories:

1. Identification Information: This category includes your name, surname, and the identification of the organization on whose behalf you are acting.
2. Contact Details: This category encompasses your email address, and optionally, you may provide us with your phone number.
3. Payment Data: This category covers information related to purchases, credit card details (transmitted directly to the payment processor without passing through our servers), billing address, payment details, chargebacks, fraud prevention information, details of individuals specified on invoices, requests, and statistical data.
4. Log Information and Platform Usage: This category involves processing technical information such as user logs within the Platform, IP addresses linked to the account, and other usage-related data.
5. Data Pertaining to Agreement Fulfillment: This category includes information regarding the fulfillment of mutual agreements, the scope of services provided under the agreement if associated with a specific individual acting on behalf of the Customer.
6. Communication Data: This category comprises personal data provided when contacting us through our Website, email communications, chats, conference calls and any other information conveyed during communication.

We collect personal data either directly from you or, if you are a user of our services and your account was created by your employer or contractual party, we may receive personal data from that employer or contractual party with whom we have a contractual relationship.

1. Purposes of Processing Personal Data

We process your personal data as a data controller for the processing purposes outlined below, based on the legal bases provided here, for a limited time and only to the extent described herein.

A.1 Provision of Services, Identity & Access We primarily process personal data to provide you with our services, create and manage your account on the Platform, and facilitate access for your employees, team members and other personnel. This includes activities such as account registration, billing, payment processing, and communication with us for inquiries. We may also send you notifications related to contract performance, new product releases, payment reminders, and essential updates.

For this purpose, we process your Identification information, Contact details, Payment data, Log information, and other usage-related data on the Platform, as well as communication data pertaining to contractual relationships. Payments are handled through a separate payment provider, and we do not store credit card information.

The legal basis for this processing is the performance of the contract between you and us, or our legitimate interest in contract performance if you are acting on behalf of a customer. Data is retained for the duration of the contract and as necessary to fulfill contractual obligations. Upon account cancellation, data is securely deleted within 30 days.

A.2 Protection of Rights, Duties, and Fraud Prevention

We may process your data to safeguard against unauthorized Platform usage, fraudulent activities, or violations of our Terms of Service. This includes protecting our rights, investigating potential threats, and preventing illegal activities.

For this purpose, we process various personal data categories including Identification information, Contact details, Payment data, Log information, and usage-related data. The legal basis for this processing is our legitimate interest in protecting our rights and preventing fraud. Data is retained for the duration necessary to enforce legal claims.

A.3 Fulfilling Legal Obligations

We process personal data to comply with legal obligations related to taxes, accounting, and regulatory requirements. We may also assist state authorities as mandated by law.

For this purpose, we process Payment data, Log information, and other usage-related data in accordance with legal obligations. Data is retained as required by law, typically up to 10 years.

A.4 Surveys and Communication

We may process data provided during communication for purposes such as responding to inquiries, conducting surveys, and maintaining communication channels.

For this purpose, we process Contact details and Communication data. The legal basis for this processing is our legitimate interest in supporting and promoting our products and services. Data is retained for a reasonable period to facilitate communication.

A.5 Newsletters and Commercial Communication

We may send commercial communications to customers who have provided their email address or subscribed to our newsletter list. Processing of email addresses and Identification information is based on legitimate interests for customer relations or consent for newsletter subscriptions.

Customers can opt out of receiving newsletters at any time using the unsubscribe links provided. Consent withdrawal is also an option.

A.6 Processing in Connection with Cookies on the Website and Platform

We process personal data for Platform operation, security, website traffic analysis, and web support and promotion purposes. This includes activities such as user identification, traffic monitoring, and personalized advertising based on user preferences.

Data processed includes technical data, cookies data, and analytical or marketing cookies provided by us or third parties with user consent. Personal data is retained for specific periods based on the processing purpose and until consent is withdrawn.

If you have any questions or concerns regarding the processing of your personal data, please contact us at privacy@checkinpax.com.

 

1. Sharing of Personal Data

We may disclose personal information to third parties who assist us in delivering our products and services to you. Additionally, there may be circumstances where we are required to share personal data with third parties. These third parties, as defined by the GDPR, are referred to as recipients of personal data.

A list of these recipients can be found in a separate document listing recipients and sub-processors, available here.

Furthermore, we may share your personal data with specific third parties acting as data controllers for the purpose of fulfilling legal obligations, as mandated by relevant laws (such as administrative authorities, law enforcement agencies, and judicial authorities). We may also be obligated to share your data with individuals who claim to have been affected by your actions.

When we transfer your personal data to controllers and processors in countries outside the European Economic Area (EEA), we only do so if the European Commission has determined that the country in question offers an adequate level of data protection. This includes cases where controllers or processors have implemented additional data protection measures, such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).

 

1. Your Rights in Data Processing and How to Exercise Them

You have the following rights regarding the processing of your personal data: (i) Request access to your personal data (ii) Withdraw your consent (iii) Request correction of your personal data (iv) Request deletion of your personal data (v) Request restriction of the processing of your personal data (vi) Request the transfer of your personal data (vii) Object to the processing of your personal data (viii) File a complaint with the relevant supervisory authority

For any inquiries or actions related to the processing of your personal data, such as questions, exercising your rights, or submitting a complaint, please contact us at privacy@checkinpax.com

We will handle your request promptly, within a maximum of 1 month. In exceptional circumstances, such as the complexity of your request, we may extend this period by an additional 2 months. We will always notify you of any such extension and the reasons for it.

You also have the right to file a complaint with the supervisory authority as outlined below.

C.1 Access Rights: You have the right to request confirmation of whether we are processing your personal data and to access information about the purpose, recipients, duration, and rights related to your data. You can request a free copy of your data, with additional copies subject to a fee. Your access may be limited to protect the rights of others.

1. 2 Withdrawal of Consent: You can withdraw your consent to data processing at any time, but this does not affect prior lawful processing or the processing of anonymized data.

C.3 Correction Rights: You can request correction of inaccurate personal data and completion of incomplete data as necessary.

C.4 Right to Erasure: You have the right to request the deletion of your personal data in certain circumstances, including but not limited to:

• When we no longer require your personal data for the purposes for which it was collected or processed.
• When you withdraw your consent, and there is no longer a legitimate reason for processing your data.
• When you object to the processing of your data and there are no other compelling reasons for its processing, or if you object to processing for direct marketing purposes.
• When your personal data is being processed in violation of the law.

C.5 Restriction of Processing: You have the right to request a restriction on the processing of your personal data in the following situations:

• When you contest the accuracy of your personal data, allowing for processing restrictions until accuracy is verified.
• When the processing is unlawful, and instead of deletion, you request a restriction on processing.
• When we no longer need your personal data for the original purposes but you require it for legal claims.
• When you object to the processing of your data, leading to a restriction until it is determined that our legitimate interests outweigh your objections.

 

C.6 Data Portability: You have the right to receive a copy of your data in a machine-readable format, subject to limitations to protect the rights of others.

C.7 Right to Object: You can object to processing based on legitimate interests, with specific provisions for opting out of newsletters.

1. File A Complaint

art from exercising your rights with our company, you have the option to lodge a complaint with the appropriate supervisory authority, namely the Office of the Privacy Commissioner for Personal Data situated at 12/F, Sunlight Tower, 248 Queen’s Rd E, Wan Chai, Hong Kong.

1. Updates to this Notice

We reserve the right to update this processing information periodically, therefore we recommend checking it frequently. Any revisions to this document will be published on our Website: www.checkinpax.com