Last modified: August 22, 2019
1.1 Enya Inc. and Enya Hong Kong Limited (Enya, the Company, we, us, or our) prioritizes the privacy of its customers and treats all personal and private data provided to us as confidential. Enya pledges to comply with the requirements of the Personal Data (Privacy) Ordinance of Hong Kong (the Ordinance) and, where practicable as a matter of best practice, internationally recognized standards of Personal Data privacy protections.
The Application of This Policy
2.2 This Policy gives effect to Enya's commitment to protect customers' personal information and has been adopted by Enya. Nothing in this Policy shall limit your rights under the Ordinance.
Collection and Use of Personal Information
Types of Personal Data We Collect and/or Process
4.2 In respect of the Health Information, we will only use it for the purpose listed in Clause 3.1 in accordance with accordance with Clause 5.4 below.
Disclosures and Transfer of Your Personal Information
5.1 In providing services to you, it may be necessary for Enya to disclose, transfer, use, process and store your Personal Data to/at our offices, affiliates, operations and business partners. Enya may share your Personal Data with: companies which are in the same group of companies as Enya, such as subsidiaries, parent companies and other affiliates; and third parties that Enya uses to deliver its services and the website, as well as help Enya run its business.
5.3 In accordance with the Ordinance, Enya takes steps to ensure any and all of the aforementioned third parties protect the Personal Data entrusted to it and use Personal Data for purposes only as specified by Enya. This includes ensuring that such third parties are bound by contractual duty to keep confidential any Personal Data they come into contact with against unauthorized access, use and retention, and to only use the Personal Data for authorized purposes.
5.4 Enya reserves the right to disclose any Personal Data and information Enya holds on you if Enya: is compelled to do so by a court of law; is requested to do so by a governmental entity; and/or determines it is necessary or desirable to comply with the law.
5.5 Enya also reserves the right to retain information collected and to process such information to comply with accounting and tax rules and regulations, as well as, for safety and security assessments as Enya may deem necessary.
5.6 Enya may share aggregated and anonymised demographic information with business partners, affiliates or other entities. This aggregate and anonymised information is not linked or traceable to any personally identifiable information about you.
5.7 For the purpose of providing the Services to you, we may transfer your name and contact details outside AWS Asia Pacific (Hong Kong) to additional servers and infrastructure in the United States. Although we believe the data protection laws for that region are substantially similar to, or serves the same purposes as, the Ordinance, you nevertheless consent to the transfer of your Personal Data to AWS servers in US East (N. Virginia), United States.
ENSURING SECURITY OF PERSONAL DATA
6.1 Enya retains Personal Data collected for as long as it may be necessary to fulfil the purpose (including any directly related purpose) which the information was initially collected for.
6.2 To maintain the accuracy of your Personal Data, as well as preventing unauthorised access to and ensuring the correct use of your Personal Data, Enya carries out appropriate physical, technical and administrative protective measures to control and safeguard the collection, access and disposal of the Personal Data Enya collects. These measures are subject to ongoing review and monitoring. In particular, we use industry-standard security (e.g. to provide end-to-end encryption) and also advanced techniques such as secure multiparty computation to protect your Health Information and your Results, both when they are transferred from our Partners to us and when we transfer them to you. Your Health Information and your Results also remain encrypted with industry-standard security when they are at rest with us. This encryption is designed to ensure that neither we nor third parties have access to your Results; subject to Clause 5.4 above, you alone decide with whom you share your Results.
6.2.2 We impose access controls to our physical premises. Access is limited to authorised personnel, based on their job functions and roles. Our access control measures include multi-factor authentication.
6.2.3 We require all of our employees to complete security and privacy training on a regular basis.
6.2.4 If you use our in-app customer support function, we will identify you through a random number so that we can respond to your questions without requiring you to disclose your identity.
Links to Third Party Sites
7.1 We may provide links that will direct users to third party operated sites or content that are not owned or managed by Enya. Personal Data submitted to or obtained by third parties will not be under the protection of this Policy. Enya shall not be responsible for any loss, misuse or alteration of Personal Data arising from access of any third party operated sites.
How to Access or Correct Your Personal Information
8.1 You are entitled to access, correct, or delete any Personal Data relating to your profile held on our database. You may access or delete your Personal Data via the appropriate options in the user interface.
8.2 If you wish to submit a request for correction of your Personal Data, or in the event that the user interface does not provide the options you require in relation to your Personal Data, please submit any such requests in writing and addressed to our Privacy Compliance Officer at [email protected].
8.3 When submitting your request, please provide contact information and the User ID (located at the 'Account' page of the app) so Enya can attend to your enquiry.
9.1 Some of Enya's webpages may use 'cookies' to enhance customers' experience on our website. Cookies are small pieces of information transmitted from our web server and automatically stored on your computer's browser to record your preferences. Cookies, by themselves, do not disclose personally-identifiable information unless you choose to provide such information to us.
10.1 This Policy may be modified from time to time. Any changes to this Policy will become effective upon posting of the revised Policy on the Enya website at www.enya.ai/privacy.html. Enya will also endeavour to notify you of any modifications to this Policy by directly notifying you via email or other methods of communication.
10.2 This policy is governed by and shall be construed in accordance with the laws of Hong Kong Special Administrative Region.
10.3 This Policy is written in the English language and may be translated into other languages. In the event of any inconsistency, the English version shall prevail.