Effective as of November 14, 2023

INTRODUCTION

We are committed to protecting your privacy. We pledge to fully meet the requirements of the Hong Kong Personal Data Privacy Ordinance (PDPO) and the EU General Data Protection Regulation (GDPR).

This Privacy Policy describes how we collect, use, store, share and protect the information collected through www.UpNow.com and www.EverCalmMenopause.com (each a “Website”), and their related mobile applications (each an “App”); collectively, the “Services”.

This Privacy Policy is incorporated into and subject to our Terms of Service. Capitalized words used but not defined in this Privacy Policy have the meaning given to them in the Terms of Service.

PLEASE READ THIS PRIVACY POLICY CAREFULLY because it affects your rights under the law. By using our Services and/or providing Personal Data to us, you acknowledge that you have read this Privacy Policy, and subject to your explicit consent which we may separately seek from you as may be required by applicable law, you consent to the terms of this Privacy Policy (including international transfers as set out in this Privacy Policy to countries outside where you are located).

If you do not agree with any part of this Privacy Policy, you may not access or use the Services. If you have concerns about the categories of Personal Data we collect, please do not provide any Personal Data to us without contacting us.

1. DATA WE COLLECT

1.1.  “Personal Data” means any information relating to an identified or identifiable natural person.

1.2.  We collect your Personal Data in the course of providing the Services to you. Depending on your use of Services, you may provide us with information about you such as your first name, email address, and other optional information.

1.3.  We do NOT collect sensitive or special categories of personal data.

2. COLLECTION OF DATA

2.1. Personal Data. We collect any Personal Data that you provide to us when you use  the Services, such as when you:

2.1.1. register for an Account;
2.1.2. fill out our contact forms; or
2.1.3.  make purchases on the Services.

2.2. Personal Data of Others. If you provide us with Personal Data of individuals other than you, such as for referral purposes, we will only use that Personal Data for the specific reason for which it was provided to us. By providing the Personal Data, you confirm that you have the right to process the data on behalf of the third-party individual in accordance with the applicable data protection laws.

2.3.  Non-Personal Data. We automatically collect certain types of Non-Personal Data about how you use and interact with the Services. This information includes your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version, URL clickstreams, goods/services viewed, page response times, download errors, how long you stay on webpages, what you do on those pages, how often, and other actions.

2.4.  Data From or Through Third-Party Websites. When you interact with the Services or your Account through a social media platform or other third-party sites, we may collect the Personal Data that you make available to us on that site, including your account ID or handle. We will comply with the privacy policies of the corresponding social media platform or third-party site. We will only collect and store such Personal Data that we are permitted to collect by the third-party site. If you choose to link or sign-in to your Account with or through a social networking service, we and that service may share certain information about you and your activities.

3. LEGAL BASES FOR PROCESSING OF DATA

The following are the legal basis for our use of your data:

3.1.  Consent: where you have consented to our use of your Personal Data. You may withdraw your consent to our use of your Personal Data at any time by contacting us.

3.2.  Contractual Necessity: where we are required to collect and handle your Personal Data to provide you with the services that we have contractually agreed to provide to you.

3.3.  Legitimate Interests: where we have a legitimate interest in using your Personal Data, and such purpose is not outweighed by any interests that you may have, or any prejudice that you may suffer, from the relevant use of your Personal Data.

3.4.  Should we need to process your Personal Data based on legal basis other than the above, we will inform you of such processing in advance and you may exercise your applicable rights in relation to such processing. Please note that without certain Personal Data, we may not be able to provide some or all of the Services or even to guarantee the full functionalities of the Services.

4. USE OF DATA

4.1.  Provide the Services. We use your data to provide and deliver the Services and process transactions related to the Services, including Account creation, registrations, subscriptions, purchases, and payments. The legal bases for this processing are your consent and legitimate interest.

4.2.  Operating and Improving the Services. We use your data to measure use of, analyze performance of, fix errors in, provide support for, improve, and develop the Services, including for testing features, interacting with feedback platforms, managing landing pages, browsing history and use of an App or Website, traffic optimization and data analysis and research, including profiling and the use of machine learning and other techniques.
The legal bases for this processing are contractual necessity and legitimate interest.

4.3. Support and Personalization. We use your data to manage your request, remember your login and settings, recommend the Services that might be of interest to you, identify your preferences, notify you of any updates, and personalize your experience with the Services. The legal bases for this processing is contractual necessity and legitimate interest.

4.4.  Communicate with you. We use your data to communicate with you in relation to the Services via different channels (e.g., by phone, email, chat) and to respond to your requests. The legal bases for this processing are consent and legitimate interest.

4.5.  Marketing. We use your data to market and promote the Services, provide you with newsletters and offers which may interest you. The legal bases for this processing are consent and legitimate interest (where we do not need your consent).

4.6.  Fraud and Abuse Prevention. We use your data to prevent and detect fraud, abuse, and illegal activities, to protect our security, of our customers, and or others. The legal basis for this processing is legitimate interest.

4.7.  Comply with Legal Obligations. In certain cases, we have a legal obligation to collect, use, or retain your data. For example, we process payment information to verify your identity and purchase history.

4.8.  With Your Consent. We may also ask for your consent to use your Personal Data for a specific purpose that we communicate to you. When you consent to our processing your Personal Data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.

4.9.  We never sell  your Personal Data. We never share your Personal Data with third-parties for their marketing purposes, unless you consent thereto. The list of third parties to whom we may disclose to and/or share your Personal Data with is available on request.

5. MARKETING COMMUNICATIONS; OPTING OUT

5.1. We will provide an option to unsubscribe or opt-out of further communication on any direct marketing communication sent to you at no charge. If you do not wish to receive further promotional materials from us, you may click unsubscribe from the promotion materials or write to us privacy@upnow.com.

6. SHARING OF PERSONAL DATA

6.1.  We do not disclose any Personal Data to any third-parties except as required by law or with your prior consent to provide you the Services.

6.2. We may share Personal Data:

6.2.1. for the purpose of providing the Services to you:
6.2.2.  when we are involved in a merger, acquisition, or sale of all or a portion of our assets; and/or
6.2.3.  as otherwise set out in this Privacy Policy.

6.3. We may also disclose your Personal Data to law enforcement, regulatory and other government agencies and authorities, professional bodies and other third-parties, as required by and/or in accordance with applicable law or regulation. This may include disclosures outside the country or region where you are located.

6.4. We may share Personal Data to the following parties for the sole purpose of providing the Services to you:

6.4.1. any personnel, agent, adviser, auditor, contractor, or service provider who provide services and advice to us in connection with the Services;
6.4.2. the persons in or outside Hong Kong to whom we are required to make disclosure under any law applicable.

7. SECURITY OF PERSONAL DATA

7.1. We take the security of your Personal Data very seriously. We have implemented generally accepted standards of technology and operational security to protect personally identifiable information from loss, misuse, alteration or destruction. We have security and organizational measures and procedures to secure the data collected and stored.

7.2. Connections to the Services are encrypted. We use SSL transfer protocol (https). We use servers that comply with strict international data security standards, including ISO 27001. We use two-factor verification for Accounts when applicable.

7.3. All Personal Data that you provide to us are secured on our Services and can be accessed only by authorized personnel who have agreed to maintain the confidentiality of your Personal Data.

7.4. However, the transmission of data over the internet (including by e-mail) is never completely secure. While we endeavour to protect Personal Data, we cannot guarantee the security of data transmitted to or by us.

7.5. If a Personal Data security incident arises, we shall respond to the incident, assess the likely impact of the incident, and take necessary actions to bring the incident under control. Where necessary, we will report to the appropriate authority, notify you of the incident and provide relevant information, as may be required under applicable laws and regulations.

8. STORING PERSONAL DATA

8.1. The Services are operated and published from Hong Kong and the United States of America. We attempt to protect the Personal Data of all users of the Services, and to comply with local laws to the extent they may apply to the Services. However, the Services are operated and published from Hong Kong and USA, and our policies are directed at compliance with their laws.

8.2. If you are using the Services from the European Union or other regions with laws governing Personal Data collection and use, please note that your personal data may be transferred to Hong Kong and USA, and to other jurisdictions, which may not have the same data protection laws as the European Union. You acknowledge that you understand: (i) your personal data may be used for the uses identified above in accordance with this Privacy Policy; and (ii) your personal data may be transferred to Hong Kong and USA.

8.3. We may use third-party service providers located around the world, who may use servers and other resources in various countries and territories to process your information. Thus, your Personal Data may be transferred to and stored outside the country or region where you are located (unless restricted under applicable laws and regulations or specifically agreed by agreement). Such jurisdictions may have different data protection laws. It is our policy to use only third-party service providers that are bound to maintain appropriate levels of security and confidentiality and process Personal Data only as required to provide the Services. This may include confidentiality agreements with parties that we commission to handle Personal Data, requiring them to process Personal Data in accordance with our requirements, this Privacy Policy, and any other relevant confidentiality and security measures.

9. RETENTION OF PERSONAL DATA

9.1. It is our policy to retain Personal Data only for as long as necessary for the fulfilment of the purposes for which the data are to be used, or as required by law, regulation or professional standards and to establish, exercise or defend our legal rights.

9.2. The retention period may also be based on criteria that include legally mandated retention periods, pending or potential litigation, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.

9.3. We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may fulfil your request.

9.4. Please contact us to receive detailed information regarding the retention period of your Personal Data.

10. YOUR RIGHTS

10.1. Subject to applicable laws, the following are your rights pertaining to your Personal Data:

10.1.1.  Right to Access. You have the right to ask whether we hold Personal Data about you and request copies of such Personal Data and information about how it is processed.
10.1.2.  Right to Correct. You have the right to request that inaccurate Personal Data that we hold about you be corrected.
10.1.3.  Right to Delete. You have the right to request deletion of your Personal Data that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements.
10.1.4.  Right to Restrict. You have the right to request us to restrict the processing of your Personal Data where the processing is inappropriate.
10.1.5.  Right to Object. You have the right to object to the processing of your Personal Data.
10.1.6.  Right to Data Portability. You have the right to request portability of your Personal Data that you have provided to us (which does not include information derived from the collected information), where the processing of such Personal Data is based on consent or a contract with you and is carried out by automated means.

10.2. We may charge a fee for your request to access your information, if permitted by applicable law.

10.3.  You may exercise these rights by sending us a request in writing and be sent to us to the Personal Data Controlling Officer, UpNow Health Limited, privacy@upnow.com.

10.4. When requested, and provided that it is practical and commercially feasible to comply with the request, we will reply to your request within 30 days or such time as prescribed under applicable law.

10.5. Should you not be satisfied with how we resolve your concern, you have the right to complain to the data protection authority in your territory.

11. THIRD-PARTY LINKS

11.1. This Privacy Policy applies only to our Services. Our Services may link to third-party sites that we do not control, and which do not operate under our privacy practices. When you link to third-party sites, our privacy practices no longer apply. We assume no responsibility for the information practices of these third-party sites that a user is able to access through our Services. We shall not be responsible for the privacy and security practices or the content of such sites. We encourage visitors to review each third-party site’s privacy policy that you visit.

12. OPTIONAL TOOLS

12.1. We may provide you with access to third-party tools over which we neither monitor nor have any control nor input. You acknowledge and agree that we provide access to such tools “as is” and “as available” without any warranties, representations, or conditions of any kind and without any endorsement. We shall have no liability whatsoever arising from or relating to your use of optional third-party tools. Any use by you of optional tools offered through the Services is entirely at your own risk and discretion and you should ensure that you are familiar with and approve of the terms on which tools are provided by the relevant third-party provider(s).

13. COOKIE POLICY

13.1.  Our Services use “cookies”, an element of data (usually, a very small file) that a website can send to your browser, which may then store it on your computer or device. These cookies allow us to correctly operate the Services and/or to provide you with pages or content that are tailored to you.

13.2. The Services also uses widgets, pixels, web beacons and other similar technologies.

13.3. The cookies and other similar technologies collect Non-Personal Data such as browser type, version, operating system, IP address, and the domain name of the server. This Non-Personal Data will be used only to compile general statistics about the number of visitors and use of our Services. This information can, in some cases, be carried from one visit of our Services (or related site) to the next (for example, to help you avoid having to re-enter certain information when you visit the same page later.

13.4.  The cookies may be saved permanently on your computer. You may always turn off some of the cookies through your browser or device, but this may affect your browsing of our Services.

13.5. The list of cookies we use is listed in your browser or device.

14. CHILDREN’S PERSONAL DATA

14.1.  We do not collect Personal Data of children. If we learn that we have collected any Personal Data from a child, we will take reasonable steps to delete such information. Parents or guardians who believe that their child has submitted Personal Data to us and would like to have it deleted should contact us at privacy@upnow.com.

15. UPDATES

15.1. We reserve the right to update or amend the Privacy Policy from time to time without notice. Please remember to visit this page from time to time to review any amendments to the Privacy Policy and their effect on your use of the Services. Your continued use of the Services implies your acceptance of such amendments.

16. CONTACT US

16.1. If you have any questions, comments or suggestions, please contact us or through privacy@upnow.com.

PREVIOUS VERSIONS

22 May 2018 – 28 Jun 2019

29 Jun 2019 – 13 Nov 2023