DrGo Privacy Statement

This DrGo Privacy Statement sets out how we, eSmartHealth Limited ("eSH"), collect, use, manage and protect the personal data or information ("Data") that we may collect from or about you. It applies to all individuals whose Data may be handled by us in relation to DrGo.

Protecting your privacy
We are committed to processing your Data in accordance with the required standards. This includes protecting your privacy and ensuring the security of your Data in compliance with, in particular and where applicable, the requirements of the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) (the "Ordinance").

Before using and providing your Data for the purposes as set out in this Privacy Statement, we may be required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use your Data in the manner as specified.
Your Data
We may collect, use and hold a range of different Data about you. For the purposes of carrying on our business of providing the DrGo platform which facilitates the provision of medical and healthcare services by medical practitioners to eligible users (including the verification of your identity, the registration, activation and management of your account with us, and billing and charging (collectively, "Service(s)")) and complying with laws, rules, guidelines, regulations and/or requests issued by applicable government authorities, courts, law enforcement or other authorities or regulatory bodies, you may be requested to provide Data such as, but not limited to:

(a) the name, date of birth and other details documented on your identification document (e.g. Hong Kong Identity Card and Passport);
(b) contact details, including name, address, phone number, mobile telephone number and email address;
(c) health information, including medical concerns, self-reported symptoms, existing medications, allergies and diagnosis;
(d) messages exchanges between you and the DrGo customer service staff;
(e) insurance information;
(f) credit card information; and
(g) any other Data as may be required by DrGo and/or its respective contractors, sub-contractors, agents, representatives, business partners or representatives, service providers, healthcare providers, healthcare professionals (including medical practitioners / doctors, nurses, pharmacists and other medical staff) from time to time and which is necessary for the provision of the Services and/or for your access to medical consultation and prescription services provided by healthcare providers and/or healthcare professionals (collectively, the "Medical Consultation Services") through DrGo platform.

Data supplied by you may be held by eSH, and may be accessible by its employees and authorised third parties specified below (consistent with the situations or for the purposes set out in this Privacy Statement) or as otherwise indicated by prior notice to you or, where required, by obtaining your consent
How we collect Data
We collect Data in a number of ways, including from:

(a) you directly, for example, when you provide Data by submitting your Data through our websites, DrGo app, or over any customer service hotlines or DrGo chat sessions; or when you contact us with a query or request;
(b) third parties such as related entities, healthcare providers, healthcare professionals, business partners, or other customers, or your representatives with appropriate consent from you if required;
(c) your visits on our websites, or mobile apps (see "Privacy Data" section below); and/or
(d) your participation in surveys or marketing promotions organised by us or on our behalf.
Privacy Data
To better serve your needs and preferences, our web servers may collect Data relating to your website, device or app activity. We may also collect aggregated, anonymous, statistical data on the server's usage so that we may better cater to the behaviour of users of our websites and mobile and TV apps. This type of Data may include, but is not limited to:

(a) browser type, version and user agent;
(b) operating system;
(c) IP (Internet Protocol) address and/or domain name;
(d) connection data, statistics on page views and/or referral URLs;
(e) device ID, location and phone contacts;
(f) cookies and/or browser, app or web server log data; and
(g) device and software characteristics and/or configuration.

DrGo website may use cookies or similar tracking tools on your machine or device in order for us to, for example, personalise your user experience and/or maintain your identity across multiple webpages and/or Internet sessions. This Data may include, but is not limited to, relevant login and authentication details as well as Data relating to your activities and the preference configurations on your device and across our website and mobile app. Our website may be initially set up to accept cookies. You can opt-out of or delete historical cookies by changing the settings on your web browsers; however, if you do so, you may find that certain features on our website and/or our app do not work properly.
How we use your Data
We may collect, retain and use your Data for the following purposes (with your consent, if required):

(a) to verify your identity;
(b) to process your registration with DrGo;
(c) to carry out matching procedures, as defined under the Ordinance;
(d) to verify your eligibility to our offers of Services, games and/or promotions or other events;
(e) to provide Services and/or loyalty programs;
(f) to provide you with rewards, promotional benefits, updates, offers and invitation to events;
(g) to promote and market our Services to you;
(h) to perform research or analyses so that we may improve and optimise the Services;
(i) to conduct surveys and marketing, promotional, behavioural scoring for business operations and/or planning purposes;
(j) to carry out market and product analyses in order to generate statistical reports (containing aggregated data that does not relate to any identified or identifiable individual);
(k) to maintain and develop our business systems and infrastructure, including testing and upgrading of these systems;
(l) to maintain, enhance and develop our products and service offerings;
(m) to comply with applicable laws in or outside Hong Kong as may be required by applicable government authorities, courts, law enforcement, or regulatory or investigation bodies, in relation to the supply of Services and/or loyalty programs to you, including to assist in the prevention, detection of crime or possible criminal activities;
(n) to distribute our publications and research materials as well as those of our business partners and counterparties; and
(o) to enable you to access Medical Consultation Services and to enable healthcare providers and healthcare professionals to provide Medical Consultation Services.
How we disclose your Data
In order to provide the Services that you have requested, we may, to the extent permissible under applicable laws and regulations, disclose your Data to organisations or parties outside of eSH (which may be within or outside of Hong Kong) (collectively, "Organisations"). Your Data is disclosed to these Organisations for the strict purpose of enabling us to supply our Services to you.
These Organisations provide support services to our businesses and operations, which may include, without limitation:
(a) Medical Consultation Services;
(b) courier, delivery and logistic services;
(c) marketing, advertising and telemarketing services;
(d) billing services;
(e) debt recovery services;
(f) information technology services;
(g) market research;
(h) marketing, advertising and telemarketing services;
(i) customer usage and behavioural analysis;
(j) process management;
(k) surveys;
(l) website usage analysis; and
(m) cloud storage services.

We take the required steps to ensure that these Organisations are bound by appropriate confidentiality and privacy obligations in relation to the protection of your Data and that they use your Data for the sole purpose of carrying out the services for which they have been engaged, and not for their own or other purposes (including direct marketing).
In addition, we may disclose your Data:
(a) to your authorised representatives and/or your legal advisers when requested by you to do so;
(b) for the purposes of providing administrative, payment, collection, business, legal and/or operational support, to the following parties:
(i) to financial institutions, charge or credit card issuing companies, credit providers, credit bureau, collection agencies or security agencies;
(ii) telecommunications network operators;
(iii) our affiliates, overseas offices, assignees, transferees and representatives;
(iv) our professional advisers, including our accountants, auditors, lawyers and insurers;
(c) to banks, insurance companies, insurance brokers, underwriters, billing agents and various business partners in connection with the Services and benefits applicable to registered users of DrGo;
(d) to government and regulatory authorities and other organisations, as required or authorised by law;
(e) to organisations who manage our business and corporate strategies, including those involved in a transfer or sale of all or part of our assets or business (including accounts and trade receivables) and those involved in managing our corporate risk and funding functions (e.g. securitisation);
(f) to any proposed or actual participant, assignee or transferee of all or any part of the relevant member of our operations or business; and/or
(g) to charities or non-profit organisations.
Direct Marketing (if applicable)
Subject to obtaining your consent, we intend to, in compliance with applicable laws, rules, and regulations, use your Data (your name, contact particulars, service usage, subscription details, location data and other customer profiling data), for the purpose of direct marketing, including sending to you notices and/or updates about gifts, discounts, privileged offers, benefits and promotions related to Services as well as other products and/or services relating to TV, telecommunications, over-the-top (OTT) services, content services, mobile voice, SMS and data communications, IDD / roaming, Internet connectivity, cloud services, electronic / mobile payment, entertainment, secretarial services, personal assistant services and information services (such as weather, finance and news information), device accessories, mobile applications and software, computer peripheral, accessories and software (including notebooks, handsets, mobile devices and accessories, keyboards, security installations and mobile applications), reward, loyalty and privilege programs, lifestyle, networking events, travelling, banking, alcohol and tobacco, sports, music, gaming, transportation, household products, food and beverages, finance, insurance, wealth management services and products, pensions, investments, brokering, financial advisory, loan and credit and other financial services and products, betting, education, health and wellness, beauty products and services, fashion and accessories, electronics, social networking, technology, ecommerce, logistics, retail, home and décor, media and high-end consumer products and services. Marketing may be carried out in a variety of ways (such as in the form of a letter, bill insert / message, email, digital SMS, MMS, instant message, app push notification, targeted TV message, broadcast message on eye device, by telephone, social media or advertisements on websites or other means).

Before using your Data for the direct marketing purposes as set out in this Privacy Statement, where we are required by law to obtain your consent, and in such cases, only after having obtained such consent, may we use your Data for any direct marketing purpose.

We will honour each individual's request to not use his/her Data for the purposes of direct marketing. You may opt-out from receiving direct marketing material and/or communications from the relevant Service. At the same time, you may resume receiving the same (if you have previously opted-out of receiving such material and/or communications from the relevant Service) by making a written request to our Privacy Compliance Officer together with your registered name, registered telephone number or email address (as applicable).
Transfer of Data outside Hong Kong
At times it may be necessary and/or prudent for us to transfer your Data to places outside of Hong Kong, for instance, for the prevention, detection or investigation of crime or for storage, processing and other purposes for which the Data were collected. In the event that we do transfer your Data outside of Hong Kong, we will do so in compliance with the prevailing requirements of the Ordinance.
The safety of your Data is important to us
All required efforts are made to ensure that any Data held by us is stored in a secure and safe place and is accessible only by our authorised employees or other Organisations referred to in this Privacy Statement.

When we pass your Data to third party Organisations for them to process, we seek to ensure that they have appropriate security measures in place to keep your Data safe and to comply with applicable principles in relation to data protection. Some of the people we share your Data with may process it overseas. You can contact us for more information about the safeguards we use to ensure that your Data is adequately protected in these circumstances.
Retention of your Data
We will retain your Data in accordance with our internal policies. Our policies are in compliance with the Ordinance, and cover the following principles:

(a) Data will only be retained for as long as is necessary to fulfil the original or directly related purposes for which it was collected, unless the Data is also retained to satisfy any applicable legal, regulatory or contractual obligations; and
(b) Data are purged from our electronic, manual and other filing systems based on the above criteria and our internal procedures.
Your right to access and correct Data
We take all reasonable precautions to ensure that the Data we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of that Data depends to a large extent on the Data you provide. You have a right to request access to, and correction of, your Data and we recommend that you:

(a) let us know if there are any errors in your Data; and
(b) keep us up-to-date with changes to your Data.
If you wish to access or amend any of your Data we hold, you may contact us in the manner as set forth under the “How to Contact Us” section.
You may also exercise your right of access and correction by logging on to DrGo app where you will be able to view and correct some of the Data held by us about you.
You may decline to share Data with us, in which case, we may not be able to provide you with some of our Services.
How to contact us
For all issues and enquiries regarding our compliance with our obligations under the Ordinance, and any request for access to and correction of your Data, please write to eSH’s Privacy Compliance Officer by letter to GPO Box 9896, Hong Kong or by email to privacy@pccw.com.

To raise an issue regarding our handling of your Data, please contact us in order that we can attempt to resolve your issue.

This Privacy Statement may be amended from time to time and all handling of Data will be governed by the most recent version of this Privacy Statement. If there is any inconsistency between the English and Chinese versions of the Privacy Statement, the English version will prevail.