You should read this policy in full, but here’s a very brief summary with the key points we hope you take away from it:
First, we collect, store, and use information you share on our website. This includes your e-mail address, comments, messages sent to other members, and any other information you choose to enter on the website.
Second, if you purchase something for yourself or for anyone else on our website, we’ll collect payment and tax information (e.g., country of residence), contact and delivery information (e.g., e-mail address), and details of what you bought.
Finally, we record certain technical information whenever you use our website. This includes information about your device and about your visits to and use of our website, such as your IP address, browser type and version, page views, etc.
We use “persistent” cookies on our website. Persistent cookies will remain stored on your device until deleted, or until they reach a specified expiry date.
If we have an existing customer relationship with you (e.g., you have purchased something from us), we may also use Facebook Pixel to analyze the effectiveness of our Facebook ads. We cannot see your Facebook profile, or any other data you have shared with Facebook.
Most browsers allow you to reject all cookies, while some browsers allow you to reject just third party cookies. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including ours.
If you don’t provide the information requested we may not be able to provide the services which require the use of this information (e.g., certain features or assessments).
We use the information we collect to provide you with our services as well as content that’s relevant and personal to you. Consequently, it’s necessary for us to use your information to:
We have a legitimate interest in using your information in these ways. It’s necessary for us to do that to make our services and content as relevant to you as possible, and that’s in both of our interests.
In addition, we have a legitimate interest in maintaining our relationship with you, improving our website and services, and protecting both you and other users.
Consequently, we use your information to:
While our legitimate interests cover a lot of what we do, in the following circumstances other legal grounds apply to how we process your personal data:
Finally, in addition to what we discussed above, we’ll only use your information with your consent:
Please note you may withdraw your consent at any time.
Where you supply us with special category personal data we may also further process this data for research purposes – typically it will be anonymized so that it ceases to be personal data. In this case we’ll also rely on Article 9.2(j) of the General Data Protection Regulation (GDPR) to the extent the processing of personal data is involved.
We won’t provide your personal information to any third parties for the purpose of direct marketing by those parties.
As a worldwide digital service, we need to work with a number of providers, some of which are located outside the UK and the European Economic Area (EEA), e.g. in the U.S., in order to be able to operate our website and to make our services available online. Some of our staff also operate outside the EEA. Consequently, some of your personal data may be transferred outside the EEA. Some of the countries in question may not have data protection laws equivalent to those in force in the EEA.
We’ll ensure that any transfer of your personal information outside the EEA where the GDPR applies to such transfer will be subject to the appropriate or suitable relevant safeguards (e.g. European Commission approved contract), as permitted under the GDPR, with those measures designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
In general, we use contract clauses for such transfers (as per the Article 46.2 of the GDPR), unless the country in question is judged adequate under the Article 45 of the GDPR (including in the case of the U.S., Privacy Shield). We also limit access to your personal information to those members of our staff who have a business reason for knowing such information. If you’d like further information on this, please contact us.
Here’s a list of third party providers we’ll share your information with, if necessary:
We’ve listed all our third party providers here to be as transparent as possible. In practice, “sharing” is a very generous term when it comes to us transferring your information outside our company. We always transfer as little data as we can, also encrypting it where possible. For instance, our e-mail service provider would need to know your e-mail address to deliver a password recovery link, but we won’t tell them your age.
We use all reasonable security and access control measures to secure our accounts on third party websites and the data stored therein.
If you have an account on our website, you can use the psection to change most of your personal details. For instance, it allows you to:
If you delete your profile, we’ll anonymize your user record, removing your e-mail address, name, age, etc.
We won’t, however, delete your posts in Discussions, messages you sent to other members, your responses to our tests and surveys, log records, and other similar data. We need to keep that data for a number of reasons, such as protecting other users’ right of freedom of expression, preserving the integrity of our research, or ensuring the security of our website, and the retention of this data is necessary for us to provide our services to you and others.
If you decide to delete your profile, please make sure you first save any information you’d like to keep. Once the profile is gone, it’s gone – for instance, if you then realize that you haven’t saved that amazing poem another member sent you, we’ll have no way of recovering your account.
You can also ask us to correct any personal data you have provided to us, or to remove specific personally identifying information from our website. E.g., if you accidentally post your e-mail address in Discussions and ask us to remove it, we’ll do that.
We’ll need to verify the authenticity of any data correction or removal request – so please make sure your account is always linked to an active e-mail address. We don’t ask you for data such as your full name, address, or date of birth – your e-mail address is the only real identifier – so if you lose access to the address linked to your account, we’ll have no way of verifying you own the account.
To begin with, anyone can see your public profile, which shows information such as your name and personality test results. You can see what your public profile page looks like by following the link in the Overview section of the profile page, and you can also make your profile private in the Preferences section.
If you post content in our Discussions, comment sections, translation area, or anywhere else on our website where that’s possible, you should assume that anyone will be able to read that information – unless it’s clear that access to such information will be limited to yourself or a specific user (e.g., your private messages or notes in the Premium Profile). Depending on the section, other members may also see your name, gender, personality test results, and participation history (e.g., your previous posts).
Our staff, agents, suppliers, and subcontractors may also need to have access to your information where that’s necessary. This applies to any member of our group of companies – e.g., our subsidiaries and our ultimate holding company and all its subsidiaries.
For example, if you ask us to fix a misbehaving subscription, someone from our team will need to access your account to do that. However, access to your personal data is strictly limited and monitored, with sensitive details (such as your password) securely encrypted.
Besides that, there are also certain other circumstances where we may disclose your personal information:
We don’t serve ads on our website, and we don’t share your data with online advertisers. As a general rule, except as discussed above, we don’t share your personal information with any third parties.
We keep your information only for as long as we need it to provide services to you and to fulfil the purposes described in this policy or as otherwise described in our Terms and Conditions. This also applies to any other parties that we share your information with.
Here are some examples of categories of data along with their periods of retention:
We’ll depersonalize your information or remove it entirely from our systems once we no longer need it to comply with our legal or regulatory obligations, or for other purposes described in this policy.
You may only use our website if you’re over the age at which you can provide consent to data processing under the laws of your country. Regardless of local laws, children under 13 aren’t allowed to use our website. If you’re a parent and you learn that your child is using our website, and you don’t want them to, please get in touch with us.
As a small company, we don’t have the resources to verify and track parental consent – so unfortunately, if you’re below the age at which you can provide consent in your country, you aren’t entitled to use our website.
Under the GDPR you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see guidance from the UK Information Commissioner’s Office (ICO). ICO is the supervisory authority in the UK.
If you’d like to exercise any of those rights, please e-mail us. Keep in mind you’ll need to send the request from the e-mail address associated with your account in order for us to process it. We won’t be able to confirm you’re the account owner otherwise.
As already mentioned above, if you’d like to unsubscribe from our newsletter, you can also click on the unsubscribe link at the bottom of the e-mail. That’s usually immediate, but in rare cases it may take a few days for this to take place.
We take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information. For instance, we store this information on our secure (password and firewall-protected) servers, encrypt traffic to and from the website, and anonymize or pseudonymize personal information where possible.
Still, we can’t guarantee complete security of data sent over the internet – for example, someone may discover a vulnerability in the encryption protocol that we use, your internet service provider may record the data you send, and so on. Please take care when posting sensitive data.
You can find our contact information on our website. The best way to get in touch with us is via e-mail ([email protected]).
We, MRCS HK, are the data controller responsible for the information collected on our website.
You’re responsible for keeping your password and other login details confidential. Don’t share such information with anyone as whoever has it will have full access to all your information on our website.
Some of our articles and website sections contain links to other websites. We aren’t responsible for the privacy policies or practices of those websites.