Protecting your privacy
We are dedicated to processing your Data in accordance with the required standards. This includes protecting your privacy and ensuring the security of your Data in compliance with where applicable, the requirements of the Personal Data Protection Act 2010 ("the Act") and any other relevant applicable laws and regulations.
Our purposes of processing your Data
In the course of your dealings with us, we will request that you provide data and information about yourself ("Personal Data") to enable us to enter into transaction with you or to deliver the necessary services and/or deliverables in connection with our business. Collection of personal data is relevant in connection with our business process, execution, including delivery of services and/or deliverables and customer relationship management.
We may collect, use and retain the Personal Data for, amongst others, the following purposes:
- Payments: Payment processing and/or verification of transaction details and/or credit card privilege entitlements;
- Member Account and Activity Handling: Registration for membership; identity verification; statement; members' rewards input; gift redemption; purchase and activity contact etc.; date of birth may be used for giving out birthday privileges or gifts;
- Handling of Personal Data Requests: Verification of identity for handling requests for access, correction and erasure of personal data;
- Statistics: Carry out statistics and data analysis, such reports will contain only anonymous data for customers' reference as well as improving our service and product quality;
- Mobile App Services: Our system may identify the handset by memorizing the International Mobile Station Equipment ("IMEI") number through registration by the user as a VIP Member. By using the same handset, the user is not required to enter his/her password again for the next purchase. We will also monitor and analyze the download status of Emperor Cinemas mobile app to ensure system performance. Media Access Control Address ("MAC Address") are collected for the purpose of analyzing the hit rate of our mobile app in order to source and make available promotional or marketing information that you may be interested;
- Direct Promotions and Marketing: Only after obtaining your consent the Company may send or contact you from time to time to share promotional or marketing information, which include our film introduction, cinema activities, members' privileges and gifts; also business partners' services and products: travel, banking and finance, beauty and cosmetics, property and shopping mall, entertainment, sports, music, gaming, transportation, automobile, household, fashion & clothing, retail, dining, food, beverage, insurance, gambling, education, health and well-being, drugs, culture & arts, environmental protection, charity, book and magazines, social networking, technology & e-commerce, mobile application, mobile payment, cloud services, media and consumer products and services. Please refer to "Direct Promotions and Marketing" for how we use the Data for such purpose.
- Compliance of laws, rules, guidelines, regulations and/or requests issued by applicable government authorities, courts, law enforcement or other authorities or regulatory bodies.
(collectively, "the Services")
Types of Data we collect
You may be requested to provide Data such as, but not limited to:
- your name, gender, date of birth and other details documented on your National Registration Identity Card ("NRIC") or other legal identity card and/or travel document;
- contact details including but not limited to address, phone number, mobile telephone number and/or email address, etc.;
- information that you have shared with third party social media platform operators (e.g. account login name, profile picture, contact details, etc.,);
- payment details including but not limited to credit card, debit card and other electronic banking data, billing name and address;
- account details or data relating to the Services registered with us including but not limited to the relevant PIN, username or password, account numbers and/or service numbers;
- device specific information such as hardware model, operating system, version, IMEI number and MAC Address, setting configurations and software and mobile network configuration;
- information about how you use our Services such as your network usage, how you use our network, and your location when you are using our Services;
- your credit and service history to enable us to assess your eligibility to our offers of Services or to accommodate your request for transfer of Services or your account with us;
- all data requested by applicable government authorities, courts, law enforcement or other authorities or regulatory bodies to enable us to comply with or in connection with any law, rule, regulation, judgment or court order (whether within or outside of Hong Kong); and
- any other data as may be required by any members of the Company and/or their respective contractors, sub-contractors, intermediaries, agents, business partners or representatives, brokers, underwriters from time to time and which is necessary for the provision of the Services.
- the following types of "Special Data", so that we may further improve our Services and/or better tailor the type of information or content that we present to you:
- gender and ethnicity;
- marital status;
- month and date of birth;
- education and profession;
- monthly income range;
- hobbies and leisure activities;
- the Services that you have subscribed for; and
- contact details, etc.
Provision of the Data mentioned immediately above is voluntary. However, where the requested Service is a personalised Service or provision of a product is dependent upon your provision of all requested Data, failure to provide the requested Data may prevent us from providing those particular Services to you.
How we collect Data
We collect Data in a number of ways, including but not limited to, from:
- you directly, for example, through our communications with you by telephone, letter, fax or email, when you attend our functions, complete an application or user feedback form or agreement for any of our Services, or when you interact with us through our websites, mobile apps or interactive applications including but not limited to Facebook, Twitter, Instagram, etc., or when you contact us with a query or request, or during the ordinary course of the continuation of our business relationship with you, or when we are legally required to do so;
- third parties such as business partners, or other customers, or your representatives with your consent;
- publicly available sources;
- our own records of how you use our Services;
- your visits on our websites or mobile apps (see "Other Privacy Data" section below); and/or
- your participation in surveys or marketing promotions organised by us or on our behalf, etc.
Other Privacy Data
To better serve your needs and preferences, our web servers may collect data relating to your website, device or app activity. We may also collect aggregated, anonymous, statistical data on the server's usage so that we may better cater to the behaviour of users of our websites and mobile apps. This type of data may include, but is not limited to:
- browser type, version and user agent;
- operating system;
- IP (Internet Protocol) address and/or domain name;
- connection data, statistics on page views and/or referral URLs;
- device ID, location and phone contacts;
- videos watched or searched for;
- links or images clicked on;
- cookies and/or browser, app or web server log data; and
- device and software characteristics and/or configuration.
Our websites are initially set up to accept cookies. You can opt-out of or delete historical cookies by changing the settings on your web browsers; however, if you do so, you may find that certain features on our website and/or our mobile apps do not work properly. (Note: Disabling the cookies function may cause inaccessibility to some parts of our websites and thus, you may not be able to enjoy our Services. If you use different computers in different locations, you will need to ensure that each browser is adjusted to suit your cookie preferences.)
Our legal basis for using your Data including how we transfer your Data
We have a legitimate interest in properly administering the Services. In addition, our use of your Data may be necessary for the performance of the Services that you have requested. In order to provide such requested Services, we may, to the extent permissible under applicable laws and regulations, transfer your Data to organisations or parties outside of the Company but which have a shareholding or contractual relationship with the Company (which may be within or outside of Malaysia) (collectively, "Organisations"). Transfer of Data to these Organisations is strictly limited to the purpose of enabling us to provide our Services to you, but is not applicable to any Organisations which are not owned by the Company or of which its company policies are not controlled by the Company as well as any persons employed or managed by the Company.
In some circumstances as mentioned above, we may need to ask for your consent to use your Data where required by law to do so.
These Organisations provide support services to our businesses and operations including without limitation to the followings:
- customer enquiries;
- mailing operations;
- billing and debt-recovery functions;
- information technology services;
- installation, maintenance and repair services;
- marketing, advertising and telemarketing services;
- market research;
- customer usage and behavioural analysis;
- process management;
- surveys; and
- website usage analysis, etc.
We take the required steps to ensure that these Organisations are bound by the appropriate confidentiality and privacy obligations in relation to the protection of your Data and that they use your Data for the sole purpose of carrying out the services for which they have been engaged, and not for their own or other purposes (including direct marketing).
In addition, we may transfer your Data:
- to your authorised representatives and/or your legal advisers when requested by you to do so;
- for the purposes of providing administrative, payment processing and/or verification, ticketing system operation, membership card services, discount/privilege offers, website management, system development and maintenance, legal and/or operational support to the following parties:
- telecommunications network operators;
- our affiliates, overseas offices, assignees, transferees and representatives;
- our professional advisers, including our accountants, auditors, lawyers and insurer; and
- our business partners;
- to banks and various business partners for reward redemption purposes and benefits applicable to members of our membership programs, including without limitation for the purpose of registering members for membership program related events;
- to government and regulatory authorities and other organisations, as required or authorised by law; and/or
- to any proposed or actual participant, assignee or transferee of all or any part of the relevant member of our operations or business.
Direct Promotions and Marketing
Marketing may be carried out in a variety of ways (such as in the form of a letter, bill insert/message, email, digital SMS, MMS, instant message, app push notification, by telephone, social media or advertisements on websites or other means).
We will honour each individual's request to not use his/her Data for the purposes of direct marketing. If you do not wish to receive promotional and marketing communications and/or services from the Company's website, you may opt-out from receiving the same by following the unsubscribe process or directions provided in the communication. You may resume receiving the communications and materials (if you have previously opted-out of receiving such material and/or communications from the relevant Services) by making a written request to our Data Protection Officer together with your registered name and service account number, registered telephone number or login name (as applicable).
Transfer of Data outside Malaysia
At times it may be necessary and/or prudent for us to transfer your Data to places outside of Malaysia, for instance, for the prevention, detection or investigation of crime or for storage, processing and other purposes for which the Data were collected. In the event that we do transfer your Data outside of Malaysia, we will do so in compliance with the prevailing requirements of the Act and any other relevant applicable laws and regulations.
The safety of your Data is important to us
- We will not retain your Data longer than is necessary for the fulfilment of the purposes described above.
- Controls on password complexity, retries or resets are implemented to prevent passwords from being compromised.
- Advanced encryption technology is used to protect the safety of personal data (including names, email addresses, telephone numbers, credit card information and purchase records) during transmission through our website or mobile app. We use all reasonable endeavours through our Secure Socket Layer (SSL) system to protect your Data from loss, unauthorized interception or access by third parties.
- Standalone server(s) with properly configured firewall are used to store the Data.
- Only the Company’s personnel that have been trained with the strict privacy guidelines and procedures are authorized to access or process the Data.
- The security system in place is reviewed regularly.
When we transfer your Data to third party Organisations, we ensure that they have adequate, if not the same level of, security measures (described above), in place to keep your Data safe in compliance with the Act and any other applicable laws and regulations in relation to data protection. Some of the entities or persons we share your Data with may process your Data overseas. You may contact us for more information about the safeguards in place to ensure that your Data is adequately protected in these circumstances.
Retention of your Data
We will retain your Data in accordance with our internal policies. Our policies are in compliance with the Ordinance and the GDPR where applicable, and cover the following principles:
(a) The membership information you provided for registration, with personal identifiable data and/or any copies thereof will be deleted and/or destroyed within 6 years after receipt. Credit card information will be destroyed within 6 months after payment process. If you desire to delete your personal data from our members’ and/or contact databases after the expiration of membership, please let us know;
(b) Other data will only be retained for as long as is necessary to fulfil the original or directly related purposes for which it was collected, unless the data is also retained to satisfy any applicable legal, regulatory or contractual obligations; and
(c) The Data is purged from our electronic, manual and other filing systems based on the above criteria and our internal procedures.
Your right to access, correct and delete Data
We take all reasonable precautions to ensure that the Data we collect, use and transfer is accurate, complete and up-to-date. However, the accuracy of that Data depends to a large extent on the Data you provide. You have a right to request access to, and correction of, your Data and we recommend that you:
(a) Notify us if there are any errors in your Data; and
(b) Update us with any changes to your Data.
If you wish to access or amend any of your Data we hold, or request that we delete any of your information that is no longer necessary for the provision of our Services, you may contact us in the manner as set forth under the "Contact Us" section.This service is free of charge.
You may exercise your right of access and correction by writing to our Data Protection Officer at the details stated in the “Contact us” section below. This service is free of charge.
In respect of your right to access and/or correct the Data, we reserve our rights to refuse your request to access and/or make any correction to your personal data for reasons permitted under the law. In such instance, we will notify you of the reasons.
You may decline to share Data with us and/or withdraw any consent which you may have provided, in which case, we may not be able to provide you with some of the Services.
At any time, you may object to us holding or processing your Data, on legitimate grounds, save and except as otherwise permitted by the applicable law.
Unless specifically required or requested by us, please do not send or publish any sensitive personal data (e.g. contents in relations to race, political views, religious or other beliefs, health record, criminal record or chamber membership, etc.) to us or through our websites or mobile applications. If we specifically require or request your provision of sensitive personal data, we must obtain your prior express consent.
Emperor Cinemas Limited
20/F, Emperor Group Centre, 288 Hennessy Road, Wanchai, Hong Kong
Attention: Data Protection Officer
or via email to firstname.lastname@example.org
To raise an issue regarding our handling of your Data, please contact us in order for us to assist in resolving your issue.