top of page

Privacy Policy

BrandElements_04.png

1. OUR COMMITMENT TO PRIVACY


At CMRS Group we are committed to your privacy. This policy explains our data processing practices, how information is collected, used and protected, and your legal rights. All data we have access to will be collected, processed and protected according to applicable data protection laws, such as the Personal Data (Privacy) Ordinance in Hong Kong, the PIPL (Personal Information Protection Law) in China, the PDPA (Personal Data Protection Act) in Singapore, the PDPA (Personal Data Protection Act) in Thailand, the APPI (Act on the Protection of Personal Information) in Japan, the GDPR (General Data Protection Regulation) in the UK and the EU, the CCPA (California Consumer Privacy Act) in California, or any other data protection or privacy laws that apply to our business.

We may change this privacy policy from time to time, including in order to comply with evolving laws and regulations or due to changes in our business and technology. You should consult this page from time to time in order to be aware of any updates.


2. WHO WE ARE


The company that decides the ways and purposes for which your data is processed (also known as the “data user” or “data controller”) is CMRS Group Holding Limited.


Where we process data on behalf of our business clients (e.g. data relating to their customers or potential customers), we act on their instructions as a data processor or service provider. In this case, you should contact the client who you interacted with.


For any data privacy or data protection-related issues, we can be contacted as set out in Section 11.


3. DATA COLLECTION


The data we collect about you depends on your relationship with CMRS Group, if you are a web or app user, a business partner, a prospect, an employee etc.


3.1. End-user data

CMRS Group is a company operating in the field of social media marketing and advertising. We provide strategy, creative, communications, relationship management and analytics services for the benefit of our clients, giving them the ability to reach users on social media who are most likely to be interested in their products and services and provide information and customer service to those users. For example we may set up and manage pages and campaigns for our clients on Facebook or other social media platforms and help them to market their products and services and manage their interactions with their customers and potential customers on those platforms.



Normally, all data collection is voluntary and the legal basis for processing of your data by us and by our clients will be your consent. There may be exceptions, for example where you wish to make or inquire about a purpose in which case we will need your correct personal data in order to fulfil your request. We and our clients may also have a legitimate interest (which is compatible with your privacy rights and interests) to collect and process personal data for campaign management and analytics purposes, e.g. measuring visibility of and interactions with ads, ensuring they are not displayed too often, and checking for fraudulent clicks or other illegal behaviour.


3.2 Business contacts data

If you are a business contact, e.g. if you are or work for one of our current or potential clients, agencies, suppliers, influencers, or other business partners, we may hold some personal data about you. We will need that data in order to communicate with you, invoice and collect payments, make payments, provide information, and manage contracts and products and services that we offer or obtain. That data may include your name, business email address, billing address, office address, business phone numbers, title, expertise, employer etc. We would only hold this information where it is necessary for the intended purpose; e.g. it may be because you are a client (and we need to invoice you, communicate with you regarding our services, etc.) or you may be a prospect and we would have obtained that information from exchanging emails or business cards, from public sources, networking, or during meetings or events.


This data processing is necessary for our legitimate interests in performing, managing and marketing our services or evaluating new services and supplies. You can still exercise your rights in relation to that personal data and contact us as set out in Section 11.


3.3. Employee data

If you are a CMRS Group employee, please refer to our HR policies and employee handbook. If you are applying for a position with CMRS Group, we will provide any required data processing information as part of the application process.


4. TYPES OF DATA WE COLLECT AND PROCESS


CMRS Group collects any information that you voluntarily provide when interacting with our clients’ pages and campaigns which may include:

  • social media name and bio;

  • social media posts;

  • public messages;

  • direct messages;

  • engagement information;

  • information relating to purchases such as email, address, phone number, credit card information etc.

  • automatically collected data which relates to your interactions with pages and campaigns (ads seen, engagement with those ads, clicks etc.) and may also include cookie and device data such as cookie IDs, device IDs, IP addresses, URLs visited, user agent, timestamp, and statistical, demographic and behavioural information.


Our clients may also provide us with data relating to their existing or potential customers which we will then process as part of marketing campaigns on their behalf.


5. HOW WE USE YOUR DATA


CMRS Group collects data in order to provide social media communications and advertising-related services to our clients, manage advertising campaigns, or generate insights and analytics. We and our advertiser and technology partners may use this information in order to:

  • fulfil orders and purchases;

  • provide customer service;

  • answer enquiries about products and services;

  • send you information you have requested;

  • set-up, manage, test, and improve advertising campaigns;

  • buy, track, and report on ads displayed;

  • model and create audiences likely to share interests or preferences;

  • create profiles based on impressions and campaign data, which may include data from different devices, websites or apps, which we may enhance and combine with data collected from third parties;

  • detect fraud from situations which could not have been caused by human behaviour, such as a massive amount of clicking in a limited period of time.


6. DATA ACCURACY, RETENTION AND SECURITY


CMRS Group holds your personal data according to stringent security and encryption standards, and will take all practicable steps to ensure that the personal data we hold is accurate. We retain data only for as long as is necessary for the purposes for which it was collected.


We have in place appropriate physical, electronic, technical and organizational measures and procedures to safeguard and secure the personal data we hold against unauthorised or accidental access, processing, erasure, loss or use. As soon as reasonably practicable, once services to a client have been completed, all personal data held by us for those services will be securely destroyed and permanently erased from our systems.


Our retention policy for business contacts data is as follows, i.e. we will erase your data:

  • Three years after the last contact

  • Five years after the end of the contractual relationship (or if longer the legal period for claims or tax or accounting recordkeeping).


7. INTERNATIONAL DATA TRANSFERS


In order to operate our business efficiently, we have to transfer data to our key partners, suppliers, clients, some of which have servers or data centres located in different parts of the world.


We may provide data to other companies in our corporate group, clients, and technical service providers based outside the place where you are located that require access to it in connection with the provision of our services. In particular, we work with reputable external organizations (such as social networks, measurement, analytics, and verification services), to which we provide certain data which may include personal data, on the basis of detailed written agreements requiring among other things compliance with applicable laws and security standards.


If our services for clients or work with partners, processors, sub-processors involve any transfers of personal data out of the place of collection, then we will rely on safeguards such as standard contractual clauses approved by the competent authorities, and any required data protection or security assessments. If we receive a valid request, a copy of the applicable safeguards in relation to international data transfers may be made available.


If any governmental body, law enforcement agency, or regulatory authority requested data from us, then we would normally comply with such request without having to notify you.


8. CHILDREN’S DATA


CMRS Group strives not to collect any children’s data. If you are a parent/guardian and you believe that CMRS Group may be processing data from someone that you have parental responsibility for, please contact us as set out in Section 11.


9. COOKIES


We use cookies on our own websites. Cookies are used to help your browser navigate the website and make full use of all its functionalities, such as logins, preferences, linguistic parameters, themes, among other common functionalities.


We may also use cookies within advertising campaigns for measurement purposes, and receive data collected by social networks using their own cookies.


Cookies come in different types:

  • session cookies which make it easier for you to navigate on websites; they expire when you close your browser;

  • persistent cookies which enable us to track and target interests of users to improve the user experience on our clients’ websites or social media pages; persistent cookies do not expire when you close your browser; they stay for a certain period of time in order to recognize users;

  • advertising and social media cookies which allow us to track identifiers and serve relevant ads on the internet;

  • necessary cookies without which we could not provide a service that you request or set up a communication with you.


If you wish to change your cookie preferences, some online services may not work as expected, but you always can do so as follows:


Web: You can configure your web browser to remove cookies by following the directions provided in your browser’s “help” or “settings” section.


Mobile: You can manage consents relating to targeted advertising on mobile devices by following the instructions from the device maker, e.g.:

  • Android: Open the Google Settings app > Ads

  • iOS: Choose Settings > Privacy > Tracking


10. INDIVIDUAL RIGHTS


Applicable data processing laws grant individuals various rights to be informed and to control the use of their personal data. Depending on where you are located and which laws apply to you, these may include:

  • the right to know what personal data has been collected about you and the purposes for which it will be used;

  • the right the right to request access to your personal data that we process;

  • the right to ask us to correct inaccurate personal data relating to you;

  • the right to receive confirmation of whether or not your personal data is being processed, and how it is used, sold or shared;

  • the right to receive a copy in a portable format for transmission to another organization;

  • the right to ask to have it erased / deleted;

  • the right to limit use of sensitive information;

  • the right to object to personal data processing for direct marketing, targeted advertising, profiling for significant purposes, or to sales or sharing of personal data.

  • the right not to be discriminated against for exercising any of your rights.



If you have interacted with one of our clients and wish to exercise any of your legal rights, or have another issue or inquiry, you should contact that client. In other cases, please contact us using the details below. If you make such a request, including through an authorized agent, we reserve the right to verify your identity and the agent’s authorization. However, we may not be able to respond to your request if it is not permitted or foreseen under the laws that apply to your situation, or an exemption applies.


Where we process any data based on your consent, then you are always allowed to withdraw that consent at any time by contacting us (though the processing that took place before withdrawal will still be legal).


We are committed to resolving with you any issues or doubts you may have in relation to processing of your data. If you believe that your rights have not been respected at any time, then you may also have a right to complain to the Data Protection or Supervisory Authority in your country to ask them for a resolution.


11. CONTACT US


For any data privacy or data protection-related issues, we can be contacted at



CMRS Group Holding Limited

18B MG Tower

133 Hoi Bun Road, Kwun Tong

Hong Kong, SAR

privacy@cmrsgroup.hk

Last Updated: 2024-03-19

bottom of page