PRIVACY POLICY

1. COLLECTION OF INFORMATION
   1. For the purposes outlined in Clause 2, we may collect and process the following information about you:
      1. Information you or your Organization give us – information that your or your Organization provide us (which may include your name, address, email address, telephone number, portrait, credit card information, payment, family information, geolocation, and other personal description) by system usage or filling in forms or by corresponding with us (by phone, email or otherwise), for example:
         1. when you register for an account with us on the App
         2. when you report any problem to us;
         3. when you use certain features on the App;
         4. when you request any support from us; or
         5. when you complete any survey or questionnaire we send you.
      2. Information we collect about you – information automatically collected when you visit or use the App, for example:
         1. technical information, including the Internet protocol (IP) address used to connect your computer or mobile device to the Internet and your log-in information, browser type and version, time zone setting, geo-location, browser plug-in types and versions, operating system and platform;
         2. details of any transactions, purchases and payments your Organization or you made on our App; and
         3. information about your visit, including the full Uniform Resource Locators (URLs), clickstream to, through and from our site (including date and time), information you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any access right granted by you on our mobile applications in both iOS and Android platform.

• Information we receive from third parties – We work with third parties and we may receive information about you from them, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, or credit reference agencies. We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

1. Another individual at your Organization who may provide us with your personal information, which may include Personal Data and special categories of Personal Data, to the extent you consent to providing it and sharing it, for the purposes of obtaining services and assessing our goals related to encouraging diversity within our vendors; and 
2. Third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information;

1. We only retain personal data for so long as it is necessary. Data may be archived as long as the purpose for which the data was used still exists.

2. USES MADE OF THE INFORMATION
   1. We use information held about you for the following purposes:
      1. to provide and promote our websites and services;
      2. to provide you with information about our products;

• to manage your registration for contests or promotions;

1. to communicate with you;
2. to maintain the security of the services;
3. to improve performance of the services;

• to review compliance with applicable usage terms (including capacity requirements);
• to identify future opportunities for development of the services;

1. to complete transactions with you when you purchase our products or services;
2. to administer surveys and conduct research;
3. to display personalised advertisements to you and to send to you marketing communications about us, our products and our services; and

• to comply with our legal obligations under applicable laws and to cooperate with public and government authorities as required.
• purposes directly related or incidental to the above.

1. We intend to use your personal data in direct marketing (i.e., offering or advertising products or services by sending the relevant information directly to you). We require your consent specifically for this purpose and you may opt out any time. For the purpose of this clause:
   1. the personal data that may be used in direct marketing are those that you
   2. provide to us or we collect from you under Clause 1.1 above;

• the type of services or products that may be offered or advertised will be

1. the relevant information may be sent to you by email, SMS, direct phone, social media or other popular communication channel.
2. you may opt out any time by emailing us. We will cease to send you marketing information without charge.

3. DISCLOSURE OF YOUR INFORMATION
   1. We will keep your personal data we hold confidential but you agree we may provide information to:
      1. any member of our group, which means our subsidiaries, our ultimate holding
      2. company and its subsidiaries, as defined in Schedule 1 of the Securities and Futures Ordinance (Cap. 571) of the Law of Hong Kong;

• personnel, agents, advisers, auditors, contractors, financial institutions, and service providers in connection with our operations or services (for example

1. staff engaged in the fulfilment of your order, the processing of your payment and the provision of support services);
2. our overseas offices, affiliates, business partners and counterparts (on a need-to-know basis only);
3. persons under a duty of confidentiality to us;

• persons to whom we are required to make disclosure under applicable laws and regulations; or
• actual or proposed transferees of our operations (or a substantial part thereof)

4. COOKIES
   1. Our Site uses cookies to distinguish you from other users of the Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve our Site.
   2. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree to the use of cookies. Cookies contain information that is transferred to your computer’s hard drive.
   3. We use persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our Site or a partner site that uses our services. Session cookies only last for as long as the session (usually the current visit to a website or a browser session).
   4. We use the following cookies:
      1. Strictly necessary cookies – These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
      2. Analytical/performance cookies – They allow us to recognise and count the number of visitors and to see how visitors move around our Site and App when they are using it. This helps us to improve the way our Site and App works, for example, by ensuring that users are finding what they are looking for easily.

• Functionality cookies – These are used to recognise you when you return to our Site. This enables us to personalise our content for you, greet you by your name and remember your preferences (for example, your choice of language or region).

1. Targeting cookies – These cookies record your visit to our Site, the pages you have visited and the links you have followed. We will use this information to make our Site and the information displayed on it more relevant to your interests.

1. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you do so, you may not be able to access all or parts of our Site.
2. We may use third-party web services on our Site. The service providers that administer these services use technologies such as cookies (which are likely to be analytical/performance cookies or targeting cookies), web server logs and web beacons to help us analyse how visitors use our Site and make the information displayed on it more relevant to your interests. The information collected through these means (including IP addresses) is disclosed to these service providers. These analytics services may use the data collected to contextualise and personalise the marketing materials of their own advertising network.

5. THIRD-PARTY WEB SERVICES
   1. We may use third-party web services on our Site. The service providers that

administer these services use technologies such as cookies (which are likely to be analytical/performance cookies or targeting cookies), web server logs and web beacons to help us analyse how visitors use our Site and make the information displayed on it more relevant to your interests. The information collected through these means (including IP addresses) is disclosed to these service providers. These analytics services may use the data collected to contextualise and personalise the marketing materials of their own advertising network.

6. THIRD-PARTY SITES
   1. Our services and our communication with you may from time to time contain links to third-party websites over which we have no control. If you follow a link to any of these websites, please note that they have their own practices and policies. We encourage you to read the privacy policies or statements of these websites understand your rights. We accept no responsibility or liability for any practices of third-party websites.

7. SECURITY
   1. All information you provide to us is stored on our secure servers.
   2. Information can potentially be handled, stored and managed by your Organization in their managed servers with our App installed that MRC has cannot guarantee the security of your data managed by your Organization within or outside of the App.
   3. Any internet data transmission will be encrypted using TLS/SSL technology.
   4. Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Site and App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
   5. We restrict access to personal information to our employees, service providers and contractors on a strictly need-to-know basis and ensure that those persons are subject to contractual confidentiality obligations.
   6. Our app has provided capabilities for your Organization to configure the password security policy, application accessibility, network traffic control that the MRC does not have full control due to contractual terms & conditions from your Organization.
   7. We review our information collection, storage, and processing practices from time to time to guard against unauthorised access, processing or use.
   8. Please note, however, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.

8. DATA TRANSFER
   3. The data that we collect from you may be transferred to, and stored at, a destination outside Hong Kong. It may also be processed by persons referred to in Clause 3. above who operate outside Hong Kong.
   4. By submitting your personal data you agree to this transfer, storing or processing of data outside Hong Kong. We will take all steps reasonably necessary to ensure that your data is treated securely in accordance with this privacy policy.
   5. Organization has a contractual terms & condition with MRC that they have specific company requirement on how the data is managed, stored and transferred which may be different from Clause 8.

9. INTERNATIONAL TRANSFER OF PERSONAL DATA
   1. Your Personal Data may be collected, transferred to and stored by us in Hong Kong and by our affiliates and third-parties disclosed in Section 6, above, that are based in other countries.
   2. Therefore, your Personal Data may be processed outside your jurisdiction, including in countries and jurisdictions that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulators or legislators. Where required by applicable law, we will only share, transfer or store your Personal Data outside of your jurisdiction with your prior consent.

10. DATA RETENTION
    1. We may retain your Personal Data for a period of time consistent with the original purpose of collection or as long as required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
    2. After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.
    3. Organization can have an individual data retention policy and requirement that MRC needs to comply which the retention period and deletion of data may be different.

11. YOUR RIGHTS
    1. Information that is collected through our Site, you have the right to:
       1. check whether we hold personal data about you;
       2. access any personal data we hold about you; and

• require us to correct any inaccuracy or error in any personal data we hold about you.

1. Information that is collected through our App, your Organization holds the data ownership and right about personal, you can check the data accuracy, type of personal data and or information related to the data with the personnel in charge in your Organization.
2. Any request under Clause 9.1 may be subject to a small administrative fee to meet our cost in processing your request.

12. CHILDREN
    1. Our Site and Apps are not directed at children. We do not knowingly collect Personal Data from children under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, unless (a) we have obtained consent from a parent or guardian, (b) such collection is subject to a separate agreement with us or (c) the visit by a child is unsolicited or incidental. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in Section 13 below and we will take steps to delete their Personal Data from our systems.

13. CHANGES TO OUR PRIVACY POLICY
    1. We may amend this policy from time to time by posting the updated policy on our Site. By continuing to use after the changes come into effect means that you agree to be bound by the revised policy.

14. LANGUAGES
    1. In case of discrepancies between the English and Chinese language versions of this policy, the version shall prevail.

15. CONTACT US
    1. If you have any questions, comments or requests regarding personal data, please address them to: info@mrcintl.group
    2. Last updated: 1^st December, 2022