Sunbeam Children’s Foundation Privacy Policy

This is the Privacy Policy (“Privacy Policy”) of Sunbeam Children’s Foundation Limited and its affiliates (hereafter referred to as ‘Sunbeam Children’s Foundation’, our ‘group’, ‘we“, ‘us’ or ‘our’). Sunbeam Children’s Foundation respects individuals’ personal data privacy rights and is committed to complying with applicable data protection laws, including, where relevant, the data protection principles under the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (“PDPO”), and the Personal Information Protection Law of the People’s Republic of China (“PIPL”).

Our privacy principles are:

●     Sunbeam Children’s Foundation only collects personal data which we believe to be relevant and required to conduct our operations and/or provide our services.

●     Sunbeam Children’s Foundation will use your personal data only for the purpose for which the data is collected or for a directly related purpose, unless we obtain consent from you to use for a new purpose.

●     Sunbeam Children’s Foundation endeavours to keep your personal data accurate and up-to-date.

●     Sunbeam Children’s Foundation will not transfer or disclose your personal data to any third party entity that is not a party as detailed or contemplated in this Privacy Policy without your consent unless it is required by law or it was previously notified to you.

●     Sunbeam Children’s Foundation endeavours to and has implemented various measures to safeguard and secure the personal data we collect.

Please read the following Privacy Policy to understand how Sunbeam Children’s Foundation processes your personal data collected through various means, including its website, donation collection or other relevant forms, events and subscriptions and other collection channels. By providing your personal data to us and continuing to use our website, attending or participating in our events and/or receiving our subscriptions and/or receiving our services, you consent to this Privacy Policy and the collection, use, access, transfer, storage and processing of your personal data as described in this Privacy Policy.

1.  Kinds of Personal Data Collected and Held

1.1 We collect and hold the following broad categories of personal data (“Data”) depending on our engagement with you in various ways, including online, on paper and in person:

a) Personal information: including salutation, name, e-mail address, telephone number, mailing address, gender, marital status, date of birth, photographs and/or videos of you participating, engaging, supporting or benefiting from/in our activities, and other information that can be used to identify you;

b) Contact information: including telephone number, residential address, office address, mailing address and email address (and emergency contact or referee details where relevant);

c) Personnel records: including your job particulars, volunteer timesheets and disciplinary matters;

d) Donation records: including related personal information, financial information and donation history; 

e) Consultant and contractor records: including contact details and personnel records of any individual employed or engaged by service providers in the fields of information technology, marketing and other areas providing necessary services required by Sunbeam Children’s Foundation; 

f) Records collected on webservers or digital media: including email address, browsing preferences and IP address (whereas they constitute personal data under specific circumstances that the address can be used to identify an individual) collected for newsletter subscription, online enquiries or otherwise;

g) Other records: including enquiries, responses to our surveys or interviews, meeting notes and other operational and administrative records that contain personal data, and other information as may be set out in the relevant form or collection channel.

1.2 In certain situations, we may ask you to provide the Data of other individuals to us, e.g. emergency contacts or information of your family members or next of kin. By providing us with such Data, you warrant and represent and undertake to us that you have obtained and will maintain those individuals’ valid and sufficient authorisation and/or consent to the use, disclosure and transfer of their Data under applicable laws for the purposes we have collected such Data for. We shall not be responsible for any claim whatsoever from any party in the absence or insufficiency of such consent and you indemnify us in respect of any such claim.

1.3 At the time of collection of the Data it may be indicated whether any Data is obligatory or voluntary. If you fail to supply Data that is marked as obligatory, you agree we may not be able to engage with you for the intended purposes or provide the relevant services, fully or at all.

1.4 If you attend any of our events or attend any of our premises in which we operate, you agree that we may take photographs, video and/or audio recordings for our operations (such as our reports) or for promotional, marketing purposes (including on social media) that may involve you. We will endeavour to let you know when we intend to take photographs, video and/or audio recordings. If you prefer that we do not use or publish photographs, video footage or audio recordings that include you for the purposes mentioned in this Privacy Policy or if you have any questions in relation to this matter, please contact us at info@sunbeam.org.

1.5 There may be instances in which the Data that you voluntarily provide to us or that we collect is considered sensitive personal information under applicable data protection laws. We only process sensitive personal information if and to the extent permitted (including, where required, only after obtaining your separate consent) or required by applicable laws. We will seek to protect such information rigorously using the security measures further described below and hence, your sensitive personal information should not be processed in a way that will result in negative implications to your personal rights, e.g. harm to your reputation, physical or mental health, personal or property security.

2.  Purposes for which the Data are Collected and Used

2.1 We may use the Data for the following purposes (or any directly related purpose):

a) Personal information: for communication, administration of our operations, including volunteering and fundraising and donation activities, including verification of identity, or any other purposes which volunteer, working partner or donor has been notified of (including via this Privacy Policy) and, where required, consented to;

b) Contact information: for communicating with you by email, mail, phone or other means in respect of your interaction with us;

c) Personnel records: for recruitment and human resource management purposes, relating to such matters as  volunteers’ performance/ recruitment;

d) Donation records: for processing and handling donations received and for identifying future donor opportunities, including issuing receipts;

e) Consultant and contractor records: engaging, monitoring, managing and appraising relationships with consultants and contractors who are and/or engage or employ individuals to provide services to Sunbeam Children’s Foundation;

f) Records collected on webservers or digital media: for sending newsletters to subscribers registered through our website, events and other communication channels and providing marketing and educational materials and replies to enquiries; and

g) Other records: for various purposes varying according to the nature of the records, including for administration and operation of Sunbeam Children’s Foundation, handling enquiries from members of the public and carrying out daily business.

h) General:

  1. for communicating with you;

  2. for our daily operation and administration, such as purposes directly related to the fundraising, and operation functions;

  3. for preparing statistics or carrying out research;

  4. subject to your consent, for direct marketing (see below paragraph on direct marketing);

  5. for identification and verification;

  6. for the necessity of the conclusion or performance of a contract in which you are a party;

  7. for enforcing our legal rights;

  8. for complying with legal or regulatory obligations including for reporting instances of crime;

  9. for handling your enquiries or requests; and

  10. for any other purposes to which you may from time to time agree.

2.2 We will not sell or rent the Data provided to us, or knowingly or intentionally use or share the Data in ways unrelated to the purposes aforementioned without your consent.

3.  Disclosure and Transfer of Data

3.1 We may disclose and transfer the Data you provide to the following parties (whether local or overseas) in connection with the purposes set out above (or any directly related purpose):

a) within our group;

b) our volunteers, donors, professional advisers (including lawyers and auditors), contractors or subcontractors;

c) third party service providers who provide administrative, financial, data processing, telecommunications, computer, payment, marketing and research or other services in connection with the operation and maintenance of our charity, or any persons under a duty of confidentiality to us;

d) any person to whom we are under an obligation to make disclosure under the requirements of law or a court order of any jurisdiction or to any government or law enforcement authorities or administrative organs as requested, subject to applicable laws;

e) any person to whom we believe in good faith that disclosure is otherwise necessary or advisable including and without limitation to protect our rights or in circumstances which we consider to be related to any of the purposes for which the Data are collected; and

f) to any person when we have reason to believe that disclosing the Data to such person is necessary to identify, contact or bring or defend legal action against someone, e.g. anyone who may be infringing our rights, or when anyone else could be harmed by such activities.

3.2 The Data you provide to us may also be sourced from or transferred to other jurisdictions outside your place of residence for the purposes mentioned above. We will endeavour to ensure that Data sourced or transferred outside your place of residence is protected to standards equivalent to those under the applicable data protection laws.

4.  Data Security and Retention

4.1 Subject to any legal and regulatory requirements, the Data you provide to us will be kept by us in the appropriate form only for as long as is necessary to fulfill the purposes mentioned above, after which it will be destroyed.

4.2 In order to ensure the correct use and to maintain the accuracy of Data collected from you, as well as prevent unauthorised or accidental access, processing, erasure or other use of the Data, we have implemented various measures to safeguard and secure the Data we collect. For example, we have restricted access to our donorbase, used secure cloud-based systems, as well as a certified payment gateway for processing all online donations. However, we cannot guarantee that data transmissions over the internet or other media is completely secure at all times and without interruption.

5.  Credit Card Information

5.1 When making an online donation by credit card, your credit card information is held by a third party service provider to us, Stripe, a multinational payment processing facility, solely for the purpose of processing the payment. This information is not held by Sunbeam Children’s Foundation at any time. Stripe processes customers’ payment details transmitted for real-time transaction authorisation using Secure Socket Layer (SSL) technology or other technology as prescribed by Stripe. We may choose to use another third party payment processing facility service provider in the future which offers equivalent secure payment processing facility to Stripe, and will update our Privacy Policy if we do so. We are not liable for any loss, interruption of server, security of data transmitted or other delays or inability to process your credit card information that occur in the course of processing your payment.

6.  Our Commitment to Children’s Privacy

6.1 Protecting the privacy of children is our primary concern. For details, you may request a copy of our Child Protection Policy and relevant framework.

6.2 If you are under the age of 18, you should obtain consent from your parent or guardian before providing us with your Data where possible.

7.  Direct Marketing

7.1 We intend to use your Data for sending you marketing and promotional materials through the post, email, digital media, telephone, text/SMS messaging and other means, in relation to activities in Hong Kong or overseas such as:

a) Volunteering opportunities: promotions, workshops and events hosted or organised by Sunbeam Children’s Foundation;

b) Donation opportunities: solicitations for donations or contributions in support of Sunbeam Children’s Foundation and/or its operations, campaigns and/or events; and

c) Others: other activities, events, businesses or promotions as may be carried out by Sunbeam Children’s Foundation and notified to you (as set out in the relevant form or collection channel) from time to time,

collectively the “Marketing Activities”.

We will only use your Data for the purposes of Marketing Activities if you have consented to such use at the point of collection.

7.2 You always have control over the type of information you would like to receive from us. You can indicate your consent to our use of your Data for all or all purposes of the Marketing Activities, and you can withdraw your consent at any time by sending an email to us at info@sunbeam.org or as indicated in the relevant materials.

8.  Cookies and Other Tracking Mechanisms

8.1 We may collect information about your computer or device, including where available your IP address, device ID, MAC address, operating system and browser type. This is statistical data which does not reveal your identity. Similarly, cookies may be left on the hard drive of your computer, mobile phone or other devices.

8.2 We use cookies and other tracking mechanisms mentioned above for system administration, to track information about your use of our websites and to improve your browsing and user experience. You may choose to accept or refuse cookies by adjusting the settings of your web browser. However, if you select to refuse cookies, you may not be able to fully access certain functions.

8.3 We may feature embedded links, “share” buttons or widgets on our websites to enable you to connect to third party sites, including social media sites. These third party sites may set cookies which can identify you as an individual when you are logged in to their services. We do not control these cookies or how these sites collect and handle your Data. You should read the relevant third-party sites for their privacy policies before submitting any Data to these sites. We have no control over and are not responsible or liable for the contents of third party sites or third party posts on our social media accounts.

9.  How to Exercise Your Rights or Contact Us

9.1 Subject to applicable data protection laws, you may be entitled to access or correct any Data related to you held by us, to restrict or object to certain processing of your Data, to copy or port your Data, to rectify errors in it and delete your Data, and to request us to explain the personal information processing rules. If you are not satisfied with our response, you are entitled to lodge a complaint to the relevant competent supervisory authority or, where applicable, file a lawsuit with a competent court in accordance with applicable laws.

9.2 If you wish to exercise any applicable individual rights, have any questions, comments or suggestions regarding this Privacy Policy, please contact us at info@sunbeam.org. Subject to applicable law, we reserve the right to charge a reasonable fee for complying with your data access request.

10.  Access to Privacy Policy

10.1    You may access and obtain a copy of our Privacy Policy, as amended from time to time, on our website at https://www.sunbeam.org/en/privacy-policy/ so that you are always informed of the way we collect and use your Data.

10.2    This Privacy Policy is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Privacy Policy, the English version shall prevail.

11.  Update to Privacy Policy

11.1    We may amend or update this Privacy Policy from time to time without prior notice. Subject to applicable laws, your continued use of our websites, our services or receipt of our publications/subscriptions and communications will mean you accept our updated Privacy Policy. You are advised to visit our website regularly for the latest applicable version of this Privacy Policy.

11.2    For major changes, we may notify you via email, pop-up window or other ways required by applicable data protection laws and explain the details of the changes to the Policy and may seek your consent again where required under applicable laws.

 

Last updated: 1 June 2023