Privacy Statement
ReFly Privacy Policy: Your Data, Your Control.
Introduction: We are committed to responsible data handling and ensuring your data’s safety when you engage with our services and explore our website.
Consent for Cookies: On your first visit to our website, we kindly request your consent to use cookies, following the terms outlined in this notice.
Privacy Controls: Our website comes equipped with privacy controls, putting you in charge of how your personal data is managed. You have the power to customize your preferences, including opting to receive or limit direct marketing communications and controlling the volume of data collected through cookies.
Key Questions Addressed This notice provides comprehensive responses to fundamental questions:
- How we use your data.
- When and why we might share your data with third parties.
- How long we keep your data.
- Insights into our marketing practices.
- Your rights concerning your personal data.
- Our approach to cookies.
- Other essential considerations you should be aware of.
Contact Us For questions or to exercise your rights as outlined in this notice, please use the contact information provided in the Contacts section.
Reach Our Data Protection Officer To get in touch with our data protection officer, simply send an email to privacy@refly.com.
1. Our Use of Your Personal Data
1.1. This section offers the following insights:
- The categories of personal data we process.
- The source and specific categories of personal data if not obtained directly from you.
- The purposes for processing your personal data.
- The legal bases for processing.
1.2. We process usage data, which includes your IP address, geographical location, browser type and version, operating system, referral source, duration of visit, page views, website navigation paths, and information regarding the timing, frequency, and pattern of your service use. This data is collected through cookies and similar technologies. We process it to better understand how you utilize our website and services. The legal basis for this is our legitimate interest, specifically, the monitoring and enhancement of our website and services.
1.3. Your account data, such as your name, email address, phone number, date of birth, and other details provided during registration, is processed directly from you. This information is used for operating our website, providing services, ensuring security, and communicating with you. The legal basis is the contract between you and us and our legitimate interest in monitoring and enhancing our website and services.
1.4. We process service provision data, including contact details, payment information, and data related to services (e.g., flight details, required claim documentation, service-related communication). This data is processed to deliver services and maintain accurate transaction records. The legal basis is the contract between you and us and our legitimate interests in managing our website and business properly.
1.5. Messaging data you provide for subscribing to our email messages and newsletters is processed to send relevant messages and newsletters. The legal basis is your consent. If we’ve previously provided services to you and you don’t object, we may also process this data based on our legitimate interest in maintaining and enhancing customer relations.
1.6. Correspondence data, including communication content and associated metadata, is processed for communication purposes and record-keeping. The legal basis is our legitimate interests in administering our website and business properly, ensuring consistent and high-quality consultation practices, and resolving disputes between you and our staff.
1.7. We may process any personal data necessary for establishing, exercising, or defending legal claims, whether in court proceedings or out-of-court procedures. The legal basis is our legitimate interest in protecting and asserting our legal rights, your legal rights, and the rights of others.
1.8. Your personal data may be processed for the purposes of obtaining or maintaining insurance coverage, risk management, or obtaining professional advice. The legal basis is our legitimate interest in adequately safeguarding our business against risks.
1.9. In addition to the specified purposes, we may process your personal data when necessary to comply with a legal obligation, protect your vital interests, or those of another natural person.
2. Sharing Data with Other
2.1. We may share your personal data with any company within our corporate group, including our subsidiaries, our ultimate holding company, and all its subsidiaries. This sharing is conducted as reasonably necessary for the purposes outlined in this notice.
2.2. Your personal data may be disclosed to our insurers and professional advisers as required to secure or maintain insurance coverage, manage risks, obtain professional guidance, or establish, exercise, or defend legal claims. This can encompass court proceedings, administrative procedures, or out-of-court matters.
2.3. To facilitate payment processing, fund transfers, and address payment-related inquiries or complaints, we may share your personal data with our payment service providers. We share service provision data with these providers to the extent needed.
2.4. For specific services, we may disclose your personal data to other service providers, such as website hosting service providers, courier service providers, server providers, maintenance providers, and email service providers. We take measures to ensure that these subcontractors implement suitable organizational and technical safeguards for the security and privacy of your personal data.
2.5. In addition to the aforementioned data disclosures, we may share your personal data when it’s necessary to comply with a legal obligation we’re subject to, or to protect your vital interests or the vital interests of another natural person.
3. For How Long we Store Your Data
3.1.1. We ensure that your personal data processed for any purpose is not retained for longer than necessary for that specific purpose. Generally, this means that your data will not be kept beyond the following periods:
- Access data: Up to 3 (three) years after your last account update or up to 10 (ten) years after the termination of service provision, whichever is later.
- Service provision data: Up to 10 (ten) years after the termination of service provision.
- Messaging data: Up to 2 (two) years after providing consent, or, if messaging data is sent to current clients for the purpose of maintaining and enhancing customer relations, up to 2 (two) years after the termination of the respective services.
- Communication data: Up to 2 (two) months after the conclusion of the communication.
3.1.2. In certain cases, it may not be feasible to specify in advance the exact duration for which your personal data will be retained. For example, usage data will be retained for as long as necessary to serve the relevant processing purposes.
3.1.3. Despite the other provisions in this section, we may retain your personal data when such retention is required to comply with a legal obligation to which we are subject or to protect your vital interests or the vital interests of another natural person.
4. Refly Marketing Communication
4.1 At ReFly, we want to keep you informed about our latest updates and services through email and/or SMS. If you’re a current client and haven’t expressed any objections, we may also share information about our other offerings that could be of interest to you.
Should you wish to discontinue receiving our marketing messages, you have the option to do so:
- Click the appropriate link within any of our marketing messages.
- Reach out to us using the contact details provided in the Contacts section.
Once you’ve taken these actions, we’ll update your profile to ensure you no longer receive our marketing messages.
It’s important to note that as our business comprises a network of closely connected services, it might take a few days for all systems to reflect your preferences. During this time, you may still receive marketing messages while we process your request.
Opting out of marketing messages will not affect the receipt of messages directly related to our service provisions.
5. Your rights
ReFly – Your Data Rights
At ReFly, we believe in your data rights and your privacy. We want to ensure you’re aware of your rights under data protection laws. Here’s a summary of your principal rights:
**5.1. Right to Access Data**
You can request confirmation if we process your personal data and, if so, access to that data along with relevant details. The initial copy is free, but additional copies may have a reasonable fee.
**5.2. Right to Rectification**
You have the right to correct any inaccuracies in your personal data or to complete any incomplete information about you.
**5.3. Right to Erasure (Right to be Forgotten)**
In certain circumstances, you can request the deletion of your personal data, for example, if the data is no longer necessary or has been processed unlawfully.
**5.4. Right to Restrict Processing**
You have the right to limit the processing of your data in specific situations. We may continue to store your data but only process it under certain conditions.
**5.5. Right to Object**
You can object to the processing of your data, particularly if we process it for public interest tasks or legitimate interests. We’ll cease processing unless we have compelling legitimate grounds.
**5.6. Right to Data Portability**
In cases where the legal basis for processing your data is consent or for contract performance, you can receive your data in a structured, machine-readable format.
**7. Right to Complain**
If you believe our data processing violates data protection laws, you can file a complaint with a data protection authority.
**5.8. Right to Withdraw Consent**
If our processing is based on consent, you can withdraw it at any time without affecting prior processing.
**5.9. How to Exercise Your Rights**
For any of the rights mentioned above or if you have any inquiries, please contact us using the provided contact details.
Remember, we may process data under legitimate interests or legal obligations, but we respect your data rights.
6. Cookies and our Cookies
At ReFly, we want to make sure you have a clear understanding of how cookies are used on our website, and how they impact your browsing experience. We’ve divided this into two sections to keep it straightforward.
6.1. About Cookies
Cookies Defined: Cookies are small text files that contain an identifier. They’re sent from a web server to your browser and stored by it. The identifier is then sent back to the server every time your browser requests a page.
Data and Cookies: While cookies usually don’t contain personal identification information, the data we store about you may be linked to information stored and obtained from these cookies.
6.2. Our Cookie Categories
We use three main types of cookies on our website, each serving a specific purpose:
Required Cookies: These are essential for the proper functioning of our website. They ensure the security of our customers and their data, the delivery of high-quality services, and the seamless account setup process.
Functional Cookies: These enhance your experience on our website. They help us analyze how the system is used, allowing us to improve service delivery accordingly.
Advertising Cookies: We use these to monitor user online behavior and optimize our marketing campaigns based on this information.
We hope this breakdown provides you with a clear understanding of our cookie usage here at ReFly in Hong Kong. If you have any questions or need more information, please don’t hesitate to contact us. Your online privacy is important to us.
7. How to Manage Cookies
Most web browsers offer options for refusing and deleting cookies. The methods may differ from one browser to another and from version to version. You can find the most current information on blocking and deleting cookies through the relevant browser’s website. For example, please visit Chrome, Firefox, Internet Explorer, or Safari websites for details.
Please note that blocking all cookies can affect the usability of many websites, including ours.
8. Security of processing
You can customize your cookie preferences for our website anytime when you load the website.
9. Third-Party Websites
Our website may contain links to partner sites, information sources, and related-party websites. It’s important to be aware that these third-party websites have their own privacy policies. We assume no responsibility for these external privacy policies. We recommend familiarizing yourself with the privacy policies of such websites before providing any personal data.
10. Children's Personal Data
If we come across personal data of individuals under the age of 16 in our databases without parental consent, we will promptly delete that information.
11. Updating Your Data
If there are corrections or updates needed for your personal information in our records, please let us know. We’re here to assist you with that.
12. Changes to This Notice
Any alterations to this notice will be posted on our website, and in the case of significant changes, we may notify you through email. We believe in transparency and keeping you informed.