Effective Date: 15 December 2024

Preamble
Check-in Pax is a product of Central Pacific Consultants Limited, a company registered with the Hong Kong Company Registry under number BR 53642392, with its registered office at 2/F Beverly House, 93-107 Lockhart Road, Wan Chai, Hong Kong (hereafter “Check-in Pax”). Check-in Pax operates a solution for event management, including guest list and event confirmation management, via its website www.checkinpax.com (the “Site”).

These Terms of Use of Check-in Pax Services constitute a legal agreement between Check-in Pax and any user of the Site (the “User”). By accessing, browsing, or using our Services, the User agrees to be unconditionally bound by these Terms. Acceptance of these Terms can occur by clicking to accept, by agreeing where this option is provided, or by using the Services. By subscribing to or using the Site, Platform, or Services, the User confirms that they have read and accepted these Terms, and that they are at least 18 years of age and have the legal right to enter into this agreement. If the User is accessing the Services on behalf of a legal entity, they represent and warrant that they are authorized to bind that entity to these Terms. The User also confirms that their organization is not based in Cuba, Iran, North Korea, or Syria. Any special conditions negotiated between Check-in Pax and the User shall prevail over these General Conditions of Use.

Definitions

• User: Any natural or legal person authorized to use the Check-in Pax Services.
• Services: Features provided by Check-in Pax via the Site, including the Check-in App, guest list management, email/SMS sending, and reporting.
• Data Processor: Check-in Pax, which processes data at the request of Users.
• User’s Data: Data processed by Check-in Pax on behalf of Users.
• Personal Data: Information relating to an identified or identifiable natural person.
• Software: The suite of software owned and/or operated by Check-in Pax necessary to provide the Services.
• Version: All releases of the Software developed by Check-in Pax.
• Parties: Check-in Pax and the User.

1. Purpose of Check-in Pax Services
Check-in Pax provides solutions for event and guest list management, marketed via the Site, specifically tailored for high-profile and invitation-only events.

2. User Account Management
To use Check-in Pax Services, Users must create an online account. Users are responsible for the accuracy of the information provided and must update their information promptly. Users must maintain the confidentiality of their account access and immediately notify Check-in Pax of any unauthorized use. Users bear all costs resulting from unauthorized use until Check-in Pax is notified. Check-in Pax is not liable for damages resulting from unauthorized use of User accounts.

Check-in Pax will store guest details, notes, email templates and delivery records of emails sent through its platform on behalf of Users. Upon termination of an account initiated by the User through the account settings, User Data will be permanently deleted, subject to any legal obligations that may require Check-in Pax to retain certain data for specific purposes. Check-in Pax is committed to protecting the integrity and confidentiality of Users’ personal information in accordance with our Privacy Policy, which outlines our data handling practices.

3. Financial Conditions
Users may create an account on Check-in Pax and can utilize the Services for test events limited to 20 guests at no cost. Once Users are ready to activate an event and exceed the test event limitations, they must pay the applicable fees based on the selected Services and the number of guests.

All fees for activated events are due at the time of activation and are non-refundable, regardless of whether the event is canceled or rescheduled. Users should ensure that all details are correct before proceeding with payment. Payment methods accepted include credit cards and options offered via Stripe in multiple currencies. For package purchases, bank transfers are also accepted.

If Users wish to cancel an activated event, they must notify Check-in Pax via email at questions@checkinpax.com at least 7 days prior to the event date. Refunds or credits for future events for canceled events are at the sole discretion of Check-in Pax.

4. Use of the Services

4.1 Compliance with Regulations
Users must ensure that information sent via Check-in Pax Services complies with applicable laws and regulations, including those related to data protection and digital marketing.

4.2 User Responsibilities Regarding Personal Data
Users are responsible for the processing of personal data on their guest lists and must comply with applicable regulations, including the GDPR if they are in the EU. Users must ensure that personal data is collected and processed lawfully, that data subjects are informed, and that their rights are respected. Users must also obtain necessary consent from recipients before sending communications.

4.3 Protection of User’s Personal Data
Check-in Pax has implemented measures to secure personal data, including firewalls, antivirus protection, and encrypted data transmission. Access to personal data requires authentication.

4.4 Limitation of Use of the Service
The Services are provided “as-is,” and Check-in Pax disclaims all warranties. Users must comply with guidelines provided in the Documentation and are prohibited from using the Services for illegal activities or in violation of third-party rights.

4.5 Fair Usage Policy
To ensure the integrity and quality of our services, Check-in Pax enforces a Fair Usage Policy regarding the use of email and SMS functionalities:

• Usage Limits: Users may send invitations to a maximum of 2000 guests per event. Exceeding this limit without informing us may result in account suspension.
• Intended Use: The email/SMS functionalities are intended solely for sending event invitations and confirmations. Users are prohibited from using these features for mass marketing or unsolicited communications.
• Prohibited Activities: Users may not use Check-in Pax Services to send spam or unsolicited marketing emails. Violations may result in immediate account suspension or termination.
• Monitoring: Check-in Pax reserves the right to monitor usage patterns and enforce this Fair Usage Policy. Users may be notified of any suspected violations and given an opportunity to rectify the situation.

5. Responsibilities and Guarantees

5.1 Responsibilities of Check-in Pax
Check-in Pax is liable only for direct damages resulting from its negligence and is not liable for indirect damages. Any compensation is limited to the amount paid by the User for Services in the six months prior to the incident. This limitation does not apply in cases of gross negligence or willful misconduct.

5.2 Responsibilities of Users
Users are solely responsible for the content of their uploaded guest list data and communications and must indemnify Check-in Pax against any claims resulting from violations of these Terms or applicable laws.

6. Changes to Terms and Policies
Check-in Pax may modify these Terms and its policies. Continued use of the Services constitutes acceptance of any changes. Users will be notified of substantial changes via email and will receive a summary of the changes at least 30 days prior to the effective date of such changes. Users may opt-out of the Services if they disagree with the changes.

7. Duration and Termination
These Terms are effective indefinitely. Users may terminate their account at any time by providing written notice to Check-in Pax. Upon termination, fees already paid are non-refundable. Check-in Pax may terminate accounts for non-compliance with these Terms with prior notice. Upon termination, event and guest list data will be deleted/purged from our servers, in accordance with our Privacy Policy and Data Processing Agreement (DPA).

8. Force Majeure
Neither party is liable for failure to perform obligations due to force majeure events, including natural disasters, strikes, or governmental restrictions.

9. Protection of Personal Data
User information is processed according to Check-in Pax’s Privacy Policy, which is accessible at www.checkinpax.com/security.

10. Data Processing Agreement (DPA)
Check-in Pax and the User acknowledge that the processing of personal data is governed by a separate Data Processing Agreement (DPA). The DPA outlines the specific terms and conditions under which Check-in Pax processes personal data on behalf of the User. By using the Services, the User agrees to the terms of the DPA, which is available at www.checkinpax.com/security.

11. Partial Invalidity
If any clause of these Terms is found to be invalid, the remaining clauses shall remain in effect.

12. User Consent for Communication
By creating an account and using our Services, Users consent to receive communications from Check-in Pax regarding their account, services, and updates, including invitations and confirmations sent to their guests.

13. Use of Logos
Users grant Check-in Pax the right to use their event logo and/or customer logo on Check-in Pax’s website and marketing materials unless explicitly communicated otherwise by the User. No event details will be shared or disclosed by Check-in Pax. Users may provide written notice to Check-in Pax if they do not wish for their logos to be used in this manner.

14. Indemnification Clause
Users agree to indemnify and hold harmless Check-in Pax from any claims, damages, or liabilities arising from their use of the Services or violation of these Terms.

15. Account Suspension
Check-in Pax reserves the right to suspend a User’s account temporarily in the event of suspected fraudulent activity or security breaches. Users will be notified of the suspension and may appeal the decision by contacting Check-in Pax.

16. Governing Law and Jurisdiction
These Terms are governed by Hong Kong law. Disputes shall be submitted to the Commercial Court of Hong Kong. In the event of a dispute, the Parties agree to first attempt to resolve the matter through mediation before resorting to litigation.

17. Acknowledgment of Understanding
By using the Services, the User acknowledges that they have read, understood, and agree to these Terms and Conditions.

Contact Us
For questions regarding these Terms, please contact us at questions@checkinpax.com.

This Data Processing Agreement (“Agreement”) is incorporated into the Terms of Service (“Terms”) of Check-in Pax and is effective as of the date you accept the Terms.

Effective Date: 15 December 2024

Parties:

• Check-in Pax, a product operated by Central Pacific Consultants Limited.
  Registered office: 2F Beverly House, 93-107 Lockhart Road, Wan Chai, Hong Kong
  Business Registration Number: 53642392
  (Hereinafter referred to as “Processor”)
• You
  (Hereinafter referred to as “Controller”)

1. Definitions

• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Processing” means any operation or set of operations performed on Personal Data, including collection, storage, use, transfer, and deletion.
• “Data Subject” means the identified or identifiable natural person to whom Personal Data relates.
• “Services” means the event management platform and associated services provided by the Processor.

2. Purpose of Processing

The Processor shall process Personal Data on behalf of the Controller solely for the purpose of providing the Services, including but not limited to:

• Uploading and managing guest lists before the event and during event check-in.
• Collecting RSVPs through registration forms.
• Sending emails and/or SMS to guests.
• Conducting data analytics and generating event reports.

3. Roles and Responsibilities

• You are the sole data controller of the Personal Data uploaded to the Processor’s platform. The Processor acts as a data processor and provides the tools and functionalities necessary for you to manage Personal Data in accordance with applicable data protection laws.
• The Processor shall process Personal Data only as necessary to provide the Services and shall not use Personal Data for any purpose other than as specified in this Agreement or as required by law.
• Check-in Pax’s Obligations: The Controller hereby appoints Check-in Pax to process Controller Data on Controller’s behalf for the purposes described in the Terms (including this DPA) and its privacy policy. Check-in Pax shall process Controller Data in accordance with Controller’s instructions, as further specified in the Terms and this DPA. All Controller Data processed under the Terms (including this DPA) will be stored, organized, and made available to Controller as the Controller. Check-in Pax shall appoint a Data Protection Officer: dataprotection@checkinpax.com.

4. Data Deletion and Retention

• Upon your request, the Processor shall delete or make available for download all Personal Data at the end of the provision of Services. The data will be provided in a commonly used electronic format.
• If you choose to delete the data, the Processor will ensure that all Personal Data is securely deleted from its systems, unless applicable law requires the storage of the Personal Data for a specified period.
• Data Destruction or Export: The Controller may, at any time during the performance of the Terms, (i) access or delete Controller Data processed by Check-in Pax directly via the Platform or (ii) retrieve the data that the Controller has uploaded on the Platform or reports relating to the data by clicking on the “export button” in Controller’s Check-in Pax account. Upon termination of the Terms, Check-in Pax shall, upon Controller’s request, destroy all Controller Data within three (3) months of termination. Upon request by Controller, Check-in Pax shall provide Controller with written confirmation of such destruction. Notwithstanding the foregoing, Check-in Pax reserves the right to retain Controller Data for longer periods where a longer retention period is required by applicable law.

5. Security Measures

The Processor implements a comprehensive set of technical and organizational measures to ensure a level of security appropriate to the risk associated with processing Personal Data. These measures include, but are not limited to:

• Encryption of Personal Data.
• Access controls to limit access to authorized personnel only.
• Regular security audits and assessments.
• Multi-factor authentication for access to sensitive data.
• Regular penetration testing to identify vulnerabilities.
• Data breach detection and response procedures.
• Security: Check-in Pax undertakes to take all commercially reasonable and legally necessary precautions, in respect of the nature of Personal Data and the risks presented by the processing, to preserve the security of Personal Data and in particular, to prevent it from being distorted, damaged, or accessed by unauthorized third parties. Check-in Pax shall implement and maintain appropriate technical and organizational security and confidentiality measures available on demand.

6. Sub-Processors

• The Processor may engage sub-processors to carry out specific processing activities on behalf of the Controller. The Processor shall ensure that any sub-processor is bound by data protection obligations that are no less protective than those set out in this Agreement.
• A list of approved sub-processors can be found here www.checkinpax.com/security.

7. Data Subject Rights

• The Processor shall assist you in fulfilling your obligations to respond to requests from Data Subjects exercising their rights under applicable data protection laws, including the right to access, rectify, or erase Personal Data.

8. Compliance with Laws

• Each party shall comply with all applicable data protection laws, including the GDPR, in relation to the processing of Personal Data under this Agreement.

9. Liability

• The Processor shall not be liable for any indirect, incidental, or consequential damages arising out of or in connection with this Agreement. The Controller shall indemnify and hold harmless the Processor against any claims arising from Controller’s instructions or failure to comply with applicable data protection laws.

10. Term and Termination

• This Agreement shall remain in effect for as long as the Processor processes Personal Data on behalf of the Controller. Either party may terminate this Agreement with written notice if the other party breaches any material term of this Agreement and fails to cure such breach within thirty (30) days of receiving notice.

11. Governing Law

• This Agreement shall be governed by and construed in accordance with the laws of Hong Kong.

12. Assistance and Audit

• Assistance: To the extent the Controller is unable to independently access the relevant Controller Data via the Platform, upon written request by the Controller and at Controller’s expense, Check-in Pax shall reasonably assist and cooperate with the Controller to respond to a Data Subject request to exercise rights as required by applicable Data Protection Laws or a request from applicable data protection authorities relating to the processing of Personal Data under the Terms. If any such request is made directly to Check-in Pax, Check-in Pax shall not respond to such request directly without the Controller’s prior authorization unless legally compelled to do so. If Check-in Pax is legally compelled to directly respond to such a request, Check-in Pax shall promptly notify the Controller and provide the Controller with a copy of the request unless legally prohibited from doing so. Check-in Pax may directly execute a data subject’s request if (i) the request is an automatic unsubscription or if (ii) the request refers to an unsolicited communication, a prohibited use of the Services, or a potential breach of this Agreement by the Controller or one of Check-in Pax’s customers. In cases (i) and/or (ii), Check-in Pax will execute the request of the data subject without the prior approval of the Controller. In case (ii), Check-in Pax may suspend the possibility of sending any electronic communication to the domain of the person concerned.
• Audit: Check-in Pax endeavors to provide the Controller with all the information and documents necessary for the Controller to demonstrate its compliance with the obligations set out in this DPA. Check-in Pax undertakes to accede to all reasonable requests made by the Controller to verify that Check-in Pax complied with the contractual obligations imposed by this DPA. If the Controller requires further documentation related to this DPA, upon the Controller’s written request and at reasonable intervals and the Controller’s sole expense, and subject to the confidentiality obligations set forth in the Terms, Check-in Pax shall make available to the Controller documentation regarding Check-in Pax compliance with the obligations set forth in this DPA in the form of a copy of Check-in Pax’s then most recent third-party audits or certifications or comparable documentation as determined by Check-in Pax or, upon request by the Controller, documentation of a Sub-Processor’s compliance with this DPA (collectively, “Audit Documentation”). The Controller acknowledges that: (i) documentation of a Sub-Processor’s compliance shall be considered confidential and (ii) certain Sub-Processors may require the Controller to execute a non-disclosure Terms with them to view Sub-Processor documentation.
• Audit Limitations: The audits described in Section 12.2: (i) may not occur more than one (1) time per contract year; (ii) will be limited to Controller Data processing activities performed by Check-in Pax on behalf of the Controller; (iii) may not involve any on-site investigation, except as mutually agreed in writing by Check-in Pax and the Controller; and (iv) available Audit Documentation shall be limited to the extent necessary for Check-in Pax to comply with the legal rights of Check-in Pax employees.

13. International Data Transfers

• If Personal Data is transferred outside of the jurisdiction in which the Controller is located, Check-in Pax shall ensure that adequate safeguards are in place to protect the Personal Data in accordance with applicable data protection laws, including the GDPR. Specifically, Check-in Pax will utilize Standard Contractual Clauses or other appropriate mechanisms as required by applicable law to ensure that Personal Data is adequately protected during international transfers.

14. Client-Specific Terms

• The Processor acknowledges that the Controller may have specific requirements regarding data processing. Custom terms or modifications to this Agreement may be negotiated on a case-by-case basis. Such modifications may involve additional costs and can be included as part of Check-in Pax’s enterprise plan, which offers enhanced features and support tailored to meet the needs of larger organizations.

15. Data Breach Notification

• In the event of a Data Breach, Check-in Pax shall notify the Controller without undue delay, and in any event within 24 hours of becoming aware of the breach. The notification shall include, at a minimum, the following information:
  • The nature of the breach, including the categories and approximate number of Data Subjects affected.
  • The likely consequences of the breach.
  • The measures taken or proposed to be taken to address the breach, including measures to mitigate its possible adverse effects.

16. Reputation Management

• In the event of a data breach or incident that may impact the Controller’s reputation, Check-in Pax shall work collaboratively with the Controller to manage the situation. This includes providing timely information, assisting in communications, and supporting the Controller in any necessary public relations efforts to mitigate reputational damage.

17. Employee Training

• Check-in Pax shall ensure that its employees who have access to Personal Data are trained on data protection and security measures annually and upon hiring. This training will cover relevant data protection laws, security protocols, and the importance of safeguarding Personal Data.

18. Review Period

• This Agreement shall be reviewed at least annually to ensure compliance with applicable data protection laws and to reflect any changes in the processing of Personal Data. Any significant changes in data protection laws or practices will trigger an immediate review of this Agreement.

19. Third-Party Audits

• Check-in Pax shall provide documentation of its ongoing ISO certification process and any other relevant third-party audits or certifications to demonstrate compliance with applicable data protection standards.

20. Additional Costs for Audits

• Any requests for additional documentation or audits beyond the standard compliance reports provided by Check-in Pax may incur additional costs. The Controller seeking such audits or specific compliance documentation will be informed of the associated fees in advance. These services may be included as part of Check-in Pax’s enterprise plan, which offers enhanced features and support tailored to meet the needs of larger organizations.

By accepting the Terms, you agree to the terms of this Data Processing Agreement.

Effective Date: 15 December 2024

Subprocessors

Check-in Pax employs third-party subprocessors, including cloud computing providers and customer support software, to deliver our services effectively. We establish Data Processing Agreements (DPAs) with each subprocessor to ensure compliance with GDPR, safeguarding personal data at all times.

 

Entities as Personal Data Recipients According to the Privacy Policy:

Entity Name	Purpose	Location	Measures for Transfer
Google, Inc.	Analytics, reCAPTCHA & Google Workspace	Worldwide data centers	Registered under Data Privacy Framework
Amazon Web Services	Cloud hosting services	United States (us-west-1) Asia Pacific (Hong Kong) (ap-east-1) Asia Pacific (Singapore) (ap-southeast-1) Europe (Ireland) (eu-west-1)	DPA in place
Brevo (formerly Sendinblue)	Emailing	Europe (Belgium)	Registered under Data Privacy Framework. Link to DPA
Stripe, Inc.	Payment service provider	USA	Registered under Data Privacy Framework
Xero	Accounting software	USA	DPA in place

 

Entities as Subprocessors According to the Concluded DPA:

Entity Name	Purpose	Location	Measures for Transfer
Amazon Web Services	Cloud hosting services	United States (us-west-1) Asia Pacific (Hong Kong) (ap-east-1) Asia Pacific (Singapore) (ap-southeast-1) Europe (Ireland) (eu-west-1)	DPA in place
Brevo (formerly Sendinblue)	Emailing for user account services and event campaigns	Europe (Belgium)	Registered under Data Privacy Framework. Link to DPA

 

Effective: 15 December 2024

Personal Data Controller
Check-in Pax (collectively referred to as “us”, “our”, or “we”) is a software product of Central Pacific Consultants Limited with registered office at 2F Beverly House, 93-107 Lockhart Road, Wan Chai, Hong Kong, Business registration number: 53642392, incorporated under the laws of Hong Kong.

This privacy policy outlines how Central Pacific Consultants Limited, operating under the brand name Check-in Pax, collects, uses, and protects your personal information.

As the providers of the Check-in Pax platform (referred to as the “Platform”), we support you with innovative digital event management solutions and other related services in accordance with the Terms of Use and any agreements in place. Safeguarding the privacy of your personal data is a top priority for us. We will only access your account to assist with problem-solving or resolving software issues. We will never review any uploaded guest lists or files unless specifically requested by you and our customer support team does not have access to your guest data unless you grant them access rights. All account access is logged by IP address to ensure that no unauthorized access occurs, as long as the logs are retained.

The Platform can be accessed through the website: https://www.checkinpax.com (referred to as the “Website”). We handle personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals regarding the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (known as the “GDPR”).

Please keep in mind that we have dual roles: firstly, as the controller of your personal data as detailed in this privacy policy, and secondly, as the processor of personal data. The processing of personal data as a data processor is detailed in our Data Processing Agreement (DPA) policy, which is included in the terms of service.

Categories of Personal Data Processed
In order to ensure transparency, we have categorized the personal data we process in accordance with our privacy policy into the following categories:

• Identification Information: This category includes your name, surname, and the identification of the organization on whose behalf you are acting.
• Contact Details: This category encompasses your email address, and optionally, you may provide us with your phone number.
• Payment Data: This category covers information related to purchases, credit card details (transmitted directly to the payment processor without passing through our servers), billing address, payment details, chargebacks, fraud prevention information, details of individuals specified on invoices, requests, and statistical data.
• Log Information and Platform Usage: This category involves processing technical information such as user logs within the Platform, IP addresses linked to the account, and other usage-related data.
• Data Pertaining to Agreement Fulfillment: This category includes information regarding the fulfillment of mutual agreements, the scope of services provided under the agreement if associated with a specific individual acting on behalf of the Customer.
• Communication Data: This category comprises personal data provided when contacting us through our Website, email communications, chats, conference calls, and any other information conveyed during communication.

We collect personal data either directly from you or, if you are a user of our services and your account was created by your employer or contractual party, we may receive personal data from that employer or contractual party with whom we have a contractual relationship.

Purposes of Processing Personal Data
We process your personal data as a data controller for the processing purposes outlined below, based on the legal bases provided here, for a limited time and only to the extent described herein.

• A.1 Provision of Services, Identity & Access
  We primarily process personal data to provide you with our services, create and manage your account on the Platform, and facilitate access for your employees, team members, and other personnel. This includes activities such as account registration, billing, payment processing, and communication with us for inquiries. We may also send you notifications related to contract performance, new product releases, payment reminders, and essential updates.
  For this purpose, we process your Identification information, Contact details, Payment data, Log information, and other usage-related data on the Platform, as well as communication data pertaining to contractual relationships. Payments are handled through a separate payment provider, and we do not store credit card information.
  The legal basis for this processing is the performance of the contract between you and us, or our legitimate interest in contract performance if you are acting on behalf of a customer. Data is retained for the duration of the contract and as necessary to fulfill contractual obligations. Upon account cancellation, data is securely deleted within 30 days.
• A.2 Protection of Rights, Duties, and Fraud Prevention
  We may process your data to safeguard against unauthorized Platform usage, fraudulent activities, or violations of our Terms of Service. This includes protecting our rights, investigating potential threats, and preventing illegal activities.
  For this purpose, we process various personal data categories including Identification information, Contact details, Payment data, Log information, and usage-related data. The legal basis for this processing is our legitimate interest in protecting our rights and preventing fraud. Data is retained for the duration necessary to enforce legal claims.
• A.3 Fulfilling Legal Obligations
  We process personal data to comply with legal obligations related to taxes, accounting, and regulatory requirements. This may include retaining records for auditing purposes, compliance with financial regulations, and other legal mandates that require us to maintain certain information for a specified period. In some cases, we may also assist state authorities as mandated by law.
• A.4 Surveys and Communication
  We may process data provided during communication for purposes such as responding to inquiries, conducting surveys, and maintaining communication channels.
  For this purpose, we process Contact details and Communication data. The legal basis for this processing is our legitimate interest in supporting and promoting our products and services. Data is retained for a reasonable period to facilitate communication.
• A.5 Newsletters and Commercial Communication
  We may send commercial communications to customers who have provided their email address or subscribed to our newsletter list. Processing of email addresses and Identification information is based on legitimate interests for customer relations or consent for newsletter subscriptions.
  Customers can opt out of receiving newsletters at any time using the unsubscribe links provided. Consent withdrawal is also an option.
• A.6 Processing in Connection with Cookies on the Website and Platform
  We process personal data for Platform operation, security, website traffic analysis, and web support and promotion purposes. This includes activities such as user identification, traffic monitoring, and personalized advertising based on user preferences.
  Data processed includes technical data, cookies data, and analytical or marketing cookies provided by us or third parties with user consent. Personal data is retained for specific periods based on the processing purpose and until consent is withdrawn.

If you have any questions or concerns regarding the processing of your personal data, please contact us at privacy@checkinpax.com.

Google reCAPTCHA Usage
To enhance the security of our login and sign-up processes, we utilize Google reCAPTCHA v3 technology. This advanced iteration offers a more comprehensive solution for distinguishing between human users and bot traffic, utilizing behavioral analysis to monitor user interactions and prevent automated abuse. By focusing on enhanced bot detection, reCAPTCHA v3 provides a seamless user experience while safeguarding our online platform. In the process, reCAPTCHA collects certain information from users, including IP addresses, browser information, and user interactions with our site. This data is shared with Google and may be used for various purposes, including improving their services and ensuring compliance with data protection laws. By using our website, you consent to the collection and processing of your data as described in Google’s Privacy Policy.

Data Security Measures
We implement robust security measures to protect your personal data, including encryption, access controls, and regular security audits. We are committed to safeguarding your information and preventing unauthorized access.

Cookies and Tracking Technologies
We may use cookies and similar tracking technologies to enhance your experience on our Platform. You can manage your cookie preferences through your browser settings. For more details on how we use cookies, please refer to our Cookie Policy www.checkinpax.com/security.

Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy or as required by law. Upon account cancellation, data is securely deleted within 30 days, unless otherwise required to be retained for legal compliance.

Sharing of Personal Data
We may disclose personal information to third parties who assist us in delivering our products and services to you. Additionally, there may be circumstances where we are required to share personal data with third parties. These third parties, as defined by the GDPR, are referred to as recipients of personal data.
A list of these recipients can be found in a separate document listing recipients and sub-processors, available here www.checkinpax.com/security.
Furthermore, we may share your personal data with specific third parties acting as data controllers for the purpose of fulfilling legal obligations, as mandated by relevant laws (such as administrative authorities, law enforcement agencies, and judicial authorities). We may also be obligated to share your data with individuals who claim to have been affected by your actions.
When we transfer your personal data to controllers and processors in countries outside the European Economic Area (EEA), we only do so if the European Commission has determined that the country in question offers an adequate level of data protection. This includes cases where controllers or processors have implemented additional data protection measures, such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).

Your Rights in Data Processing and How to Exercise Them
You have the following rights regarding the processing of your personal data:

• Request access to your personal data
• Withdraw your consent
• Request correction of your personal data
• Request deletion of your personal data
• Request restriction of the processing of your personal data
• Request the transfer of your personal data
• Object to the processing of your personal data
• File a complaint with the relevant supervisory authority

For any inquiries or actions related to the processing of your personal data, such as questions, exercising your rights, or submitting a complaint, please contact us at privacy@checkinpax.com.
We will handle your request promptly, within a maximum of 1 month. In exceptional circumstances, such as the complexity of your request, we may extend this period by an additional 2 months. We will always notify you of any such extension and the reasons for it.

You also have the right to file a complaint with the supervisory authority as outlined below.

• C.1 Access Rights: You have the right to request confirmation of whether we are processing your personal data and to access information about the purpose, recipients, duration, and rights related to your data. You can request a free copy of your data, with additional copies subject to a fee. Your access may be limited to protect the rights of others.
• C.2 Withdrawal of Consent: You can withdraw your consent to data processing at any time, but this does not affect prior lawful processing or the processing of anonymized data.
• C.3 Correction Rights: You can request correction of inaccurate personal data and completion of incomplete data as necessary.
• C.4 Right to Erasure: You have the right to request the deletion of your personal data in certain circumstances, including but not limited to:
  • When we no longer require your personal data for the purposes for which it was collected or processed.
  • When you withdraw your consent, and there is no longer a legitimate reason for processing your data.
  • When you object to the processing of your data and there are no other compelling reasons for its processing, or if you object to processing for direct marketing purposes.
  • When your personal data is being processed in violation of the law.
• C.5 Restriction of Processing: You have the right to request a restriction on the processing of your personal data in the following situations:
  • When you contest the accuracy of your personal data, allowing for processing restrictions until accuracy is verified.
  • When the processing is unlawful, and instead of deletion, you request a restriction on processing.
  • When we no longer need your personal data for the original purposes but you require it for legal claims.
  • When you object to the processing of your data, leading to a restriction until it is determined that our legitimate interests outweigh your objections.
• C.6 Data Portability: You have the right to receive a copy of your data in a machine-readable format, subject to limitations to protect the rights of others.
• C.7 Right to Object: You can object to processing based on legitimate interests, with specific provisions for opting out of newsletters.

File a Complaint
Apart from exercising your rights with our company, you have the option to lodge a complaint with the appropriate supervisory authority, namely the Office of the Privacy Commissioner for Personal Data situated at 12/F, Sunlight Tower, 248 Queen’s Rd E, Wan Chai, Hong Kong.

Updates to this Notice
We reserve the right to update this processing information periodically; therefore, we recommend checking it frequently. Any revisions to this document will be published on our Website: www.checkinpax.com.