Privacy policy

Privacy Policy Overview

This Privacy Policy (the “Policy”) governs the data handling practices of the Velin application and website (collectively, the “Platform“), which are operated by Velin Limited and/or its associated entities (hereinafter referred to as the ‘Company‘, ‘We’, ‘Us’, or ‘Our’). We are fundamentally committed to upholding your data integrity and privacy through rigorous adherence to this Policy.

This document serves as a comprehensive disclosure detailing: (i) the categories of data the Company may acquire or process from you while you utilize its websites, applications, and corresponding electronic services (collectively, the ‘Services‘); and (ii) the Company’s established procedures for the collection, utilization, preservation, safeguarding, and regulated disclosure of said data.

We strongly advise a diligent review of this Policy to fully comprehend the Company’s stipulations regarding your personal information. By engaging with or utilizing Our Services, or by formally registering an account with the Company, you are providing explicit consent to and agree to be bound by all terms and conditions herein. This constitutes an acknowledgment of the Company’s right to collect, employ, disclose, and retain your personal data as delineated.

This Policy is formally integrated into and governed by Our established Terms of Service (“Terms”) and must be interpreted harmoniously alongside those Terms. All defined terms utilized herein, but not explicitly defined, shall retain the meaning ascribed to them within the Terms. As an electronic document under relevant The Personal Data (Privacy) Ordinance (the “PDPO”), this Policy does not necessitate a physical, electronic, or digital signature from either the Company or the Client.

This Policy is subject to periodic modification. Your continued engagement with the Company’s Services subsequent to the implementation of any amendments shall be deemed as your unqualified acceptance of such changes. Therefore, regular review of the Policy is highly recommended to stay informed of all updates.

Applicability and Exclusions

This Policy is exclusively applicable to data collected by the Company through its Services, including communications received via email, text, and other electronic means linked to the Services.

The Policy does not extend to any information furnished by you to, or collected by, any third-party entity utilized in conjunction with Our Services. The Company explicitly encourages you to directly consult the data privacy protocols of such third-parties regarding their specific handling practices.

Information Acquisition Methodology

Certain aspects of Our Services may be accessed without the revelation of any personal identifiers, while other features necessitate the submission of personal data. We also gather Non-Personal Information (data incapable of being used for individual identification, such as web page visitation metrics). To access specific exclusive features and benefits within Our Services, you may be required to submit Personally Identifiable Information (PII)—data used for specific identification (detailed below).

  • Data Integrity Obligation: Inaccurate PII submission may adversely impact your Service accessibility, the quality of service delivery, and Our ability to establish effective communication channels. You bear the sole responsibility for maintaining the accuracy and currentness of the PII provided to the Company (e.g., email and contact numbers are essential communication conduits).

Categories of Information Collected

Velin systematically acquires various data types from and pertaining to the users of Our Services, including:

  1. Personally Identifiable Information (PII): Data that can be associated with a specific individual, whether directly or in combination with other data likely accessible to Us. This excludes anonymized or aggregated data. PII encompasses, but is not limited to:

    • Identifiers: Full name, email address, contact numbers (mobile and fixed line), residential jurisdiction (e.g., Hong Kong, specific districts), postal code, and date of birth.

    • Financial and Occupational Data: Educational attainment, occupation, marital status, monthly income, employer details, social security/tax identification numbers (as required by law), and detailed work experience.

    • Identification Documents: (As legally required for identity verification) Hong Kong Identity Card (HKID) number, Tax Identification Number, or equivalent jurisdictional documents.

  2. Technological and Usage Data: Information concerning your network access, the hardware/software deployed to access Our Services, and detailed usage patterns.

Data Collection Sources

Information acquisition is executed via two (2) primary channels:

  • Direct Submission: Data actively furnished by you to the Company.

  • Automated Harvesting: Data collected passively as you navigate the Services (e.g., usage details, IP addresses, tracking technologies like cookies and web beacons).

Specific Information Provided by the Client

  • Account and Profile Data: Full name, email address, postal code, password, optional demographic data (gender, mobile number), and publicly displayed profile image. PII may be retrieved from third-party sign-in platforms (e.g., Google, Facebook), stored as made available by your permissions on those services.

  • Preference and Configuration: User-defined settings, including time zone and language.

  • User-Generated Content (UGC): Data furnished through the Services, including product reviews, photographs, public comments, customized lists, follower data, ordering records, and contact details of individuals notified of orders.

  • Activity Logs: Records of search queries, selected results, Service duration metrics, feature usage, and advertisement interaction data.

  • Communications Log: Interactions between you and other users/suppliers, participation in surveys/promotions, requests for specific features, and communication related to employment postings.

  • Transactional Data: Information necessary for processing and completing financial requests, including billing and payment instrument details (shared with PCI compliant payment gateway processors).

  • Public Postings (User Contributions): Information intentionally submitted for publication on publicly accessible areas of the Services (e.g., ratings, tips, photos). Note: The publication of User Contributions is at your own risk. While security measures are implemented, absolute security cannot be guaranteed.

Information Collected Automatically

We automatically process data concerning the devices and computers (including mobile hardware) utilized to access the Services, even when access occurs without formal registration.

  • Usage and Location Data: Detailed records of service usage, including traffic statistics, geolocation data (real-time, if device permissions allow), logs, communication data, and the resources accessed.

  • Device Telemetry: Data about your computing environment, including IP address, operating systems, browser type, unique device identifiers (e.g., IDFA, GAID), and mobile network details.

  • Stored Assets and Files: Access to metadata and files on your mobile device (e.g., photographs, contacts), as permitted by device settings.

  • Mobile Status and Activity: The online/offline status of mobile applications, and information regarding the presence, absence, and details of other applications installed on your mobile device (collected to personalize user experience and services).

  • Referral Data: The URL of the last web page visited prior to accessing Our websites.

Data Utilization Framework

The acquired information is employed across multiple operational and strategic domains:

  • Order Fulfillment: Processing, executing, and delivering orders, handling payments, and communicating essential information regarding products, services, and offers.

  • Service Enhancement: Providing core functionality, conducting performance analysis, remediating technical errors, and improving overall usability and operational effectiveness.

  • Personalization and Recommendations: Generating feature, product, and service recommendations based on identified user preferences and customizing the Service experience.

  • Statutory Compliance: Collecting and using data as mandated by Hong Kong law (e.g., collecting establishment and bank details from sellers for identity verification).

  • Communication: Interacting with you across various channels (e.g., phone, email, chat) concerning the Services.

  • Targeted Advertising: Displaying interest-based advertisements for relevant features and products, strictly without utilizing personally identifying information for this display.

  • Risk Mitigation: Employing data for fraud prevention, abuse detection, and credit risk assessment (using scoring methodologies) to protect the security of all stakeholders.

  • Internal Governance: Administering contests, enforcing contractual obligations (including billing), conducting research (on user base and service usage), auditing, and balancing privacy protocols with research needs using anonymized data.

Information Disclosure Protocols

We may release PII collected from or provided by you, as outlined in this Policy, under the following circumstances:

I. General Disclosures

  • Affiliated Entities: To holding companies, subsidiaries, and affiliates operating under common ownership.

  • Contractual Partners: To contractors, advertisers, and third-party service providers (e.g., logistics, payment collection) bound by contractual confidentiality obligations restricting data use solely to the purposes disclosed to them.

  • Corporate Restructuring: To an acquiring entity in the event of a merger, divestiture, restructuring, or asset transfer where user PII constitutes a transferred asset.

  • Marketing (Third-Party): To third-parties for the marketing of products or services deemed beneficial or relevant to you.

  • Specific Consent: For any other purpose explicitly disclosed or for which express consent is obtained from the client.

II. Specific Disclosure Scenarios

  • Service Providers: Sharing data with external vendors for functions such as communication delivery (emails, SMS, push notifications), voice recognition services, usage analysis, and payment processing/collection.

  • Legal & Regulatory Compliance: Disclosing information when deemed necessary in good faith to investigate, prevent, or address possible illegal activities, comply with legal processes (e.g., subpoena, court order), or protect the rights, property, and safety of the Company, its employees, users, or the public. This includes sharing with Hong Kong law enforcement and government agencies.

  • Social Network Integration: Interactions with social media features (e.g., “Like” buttons) are governed by the respective social media company’s privacy policies.

  • Contract Enforcement: Sharing data to enforce the Company’s Agreement and Terms of Service, including billing and collection efforts.

Data Handling and Security

Third-Party Links and Services

Our Services may contain links to external websites. We are not liable for the content or privacy practices of these linked sites. We strongly recommend reviewing the privacy policies of all external third-parties.

Anonymous and De-identified Data

We reserve the right to anonymize and/or de-identify collected information. The subsequent use and disclosure of this aggregated and de-identified data are unrestricted by this Policy.

Cookies

We use cookies (alphanumeric identifiers) to collect data and offer certain features. Cookies are utilized for recognized identifiers and third-party marketing purposes. Most browsers accept cookies by default, but you retain control over these settings.

Security Precautions

We implement reasonable physical, electronic, and managerial safeguards (including secure server use and industry standards) to prevent unauthorized access and maintain data security. However, users must acknowledge the inherent security implications of data transmission over the internet, which cannot guarantee absolute security. Users must safeguard their own login credentials.

Permissible Age (Age of Majority)

The Services are not intended for users under the age of 18 (“Permissible Age”), unless permitted by relevant Hong Kong laws. We do not knowingly collect PII from minors, and any account found to belong to a person below the Permissible Age will be deleted immediately. Use of the Services is restricted to persons capable of forming a legally binding contract.

Data Retention and Deletion

Users can close their account via profile settings. A formal request for PII deletion can be made to the Grievance Officer. Notwithstanding deletion requests, we retain the right to preserve PII in compliance with applicable Hong Kong laws for a duration no longer than necessary for the original collection purpose or legal mandate. Data may be archived for investigation or retained in anonymized form for research.

Client Consent

By accessing or utilizing the Services, you explicitly consent to the collection, usage, storage, disclosure, and processing of your information (including sensitive personal data) in alignment with this Policy. If you disclose third-party PII, you warrant that you possess the requisite authority to allow Us to use that information.