Privacy Policy Statement

Last Updated: 24 September 2024

General

Tofu2 limited (“Tofu2”, “we”, “our” or “us”), a company incorporated in Hong Kong with company number 3229346, with email info@gotofu.com and registered address at Unit C, 8/F, King Palace Plaza, No.55 King Yip Street, Kwun Tong, Kowloon, Hong Kong, recognise our responsibilities to protect the privacy, confidentiality, and security of the personal information we hold. We are equally committed to ensure compliance by all our employees and agents with these obligations.

This Privacy Policy Statement explains our collection, holding, and use of personal information about our customers, vendors, employees and various other individuals (“you” or “your”) when you interact with us and our websites, services, content, and any related software, mobile applications, and other applications (collectively, “Services”). It also sets out your rights concerning your information and who you can contact for more information or queries. We may refer to information that can be used to identify you as your “personal information”. We may also sometimes collectively refer to handling, collecting, protecting, and storing your personal information as “processing” of such personal information.

When you access or use our Services, you acknowledge that you have read this Privacy Notice Statement and understand its contents. Your use of our Services is subject to this Privacy Notice Statement.

Statement of Practices

Types of Information We Collect from You

You may be asked to provide personally-identifiable information such as name, date of birth, gender, images or videos of you, telephone number, fax number, email address, residential address, payment account details.

The categories of personal information that we collect or obtain from you typically includes, but is not limited to:

DATA YOU GIVE
DATA 
WE COLLECT
ACTION

You request a demo of Bearer

We call you

You use Bearer

You receive emails from us

You chat with us for customer support

You opt-in to marketing messages

Full name, date of birth, marital status, education level

Personal Details

Email address, telephone number, postal address

Contact Details

Government issued ID, profile picture

Identifier

Job title, hire date, employment history, academic backgrounds, sick time, package

Employment

Preferences for particular products, Services, messages in our platform, video interview, any permissions, consents or preferences given by you

Online Profile and Communications

Bank account details, transaction information

Financial

“Sensitive Data” such as information revealing racial or ethnic origin, religion, political or philosophical beliefs, health condition, disabilities, or sexual orientation. We only collect such Sensitive Data where required by law or having a legitimate ground to do so, for example to enter into an employment relationship or to proceed with visa application.

Special Categories

Types of Information We Collect automatically via technology 

Information about your computer phone, tablet, or other device you use to access our Services

Device Data

IP address, login and logout data, browser time and settings

Technical & Usage

Device location, time zone, depending on our device settings; and

Location Data

See the section on “Use of Cookies” in this Privacy Policy Statement

Cookies

Not all this information will be collected at all times as this will be dependent on the nature of our interaction with you. We will only collect the information necessary for us to fulfil the relevant purposes outlined in this Privacy Policy Statement.

Types of Information We Collect from Third Parties

In some cases, we will also collect personal information about you indirectly from third parties such as:

  • third parties who engage our Services; and

  • third party service providers that help us to operate.

Purpose and Use of Collected Personal Information 

We may collect, use and retain your personal information for the following purposes or in connection with such purposes:

  • to process your application for our Services;

  • to provide Services or supporting to our Services (e.g., respond to enquiries and investigate complaints)

  • to manage your account under our Services;

  • to enhance our products and Services that are available to you;

  • to analyse or research your consumer behaviours, enabling us to better understand our customers so that we can provide products and Services that have been customised based on your user experiences (e.g., personalised incentives and discounts); 

  • to carry out market and customer analysis using data analytic tools in order to generate customer insights, segmentations, statistical reports and/or marketing insights which we may use ourselves or share with any subsidiaries, holding companies, joint ventures and associated companies of Tofu2 for their own use to determine whether you may be interested in new products or Services, or to customise the content and types of offers, products, Services, incentives and discounts that we present to you. These reports and/or insights are in aggregated form or will be anonymised, secured, and will not contain information that identifies you;

  • to evaluate and improve our business operations and management (including IT resources and infrastructure management, business continuity and risk management, audit, training, statistical analysis for business or security purposes, and any other supporting administrative services and similar purposes);

  • with your consent, to use your personal information to send you marketing communications (please refer to the “Direct Marketing” section below for further details);

  • to enable us or our affiliates to provide website, Services or other electronic verification of your identity;

  • to meet any requirements to disclose under any applicable regulation or law (e.g., for fraud and crime prevention); 

  • to protect our rights and those of our customers and clients; and

  • to achieve any other purpose directly relating to any of the above purposes. 

You can block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use Bearer but certain services (like Intercom) will not work effectively.

  • to enable us to match your capabilities with our work requirements, and to assign you to appropriate projects, tasks and teams;

  • to provide benefits to you, such as salary, bonuses, incentives, pensions, insurance, health and wellness programs, and training and development opportunities; 

  • to contact you for work-related matters, such as performance reviews, feedback, appraisals, promotions, transfers, disciplinary actions, and termination;

  • to manage your attendance, leave, absences, and working hours;

  • to monitor and evaluate your work performance, productivity, quality, and compliance with our policies and standards;

  • to ensure your health and safety at work, and to prevent and address any accidents, injuries, or incidents;

  • to maintain and update your personnel records, and to provide you with access to our internal systems and resources;

  • to facilitate your participation in our internal communications, events, surveys, and initiatives;

  • to comply with legal and regulatory obligations, such as tax, social security, labor, and immigration laws;

  • to meet any requirements to disclose under any applicable regulation or law (e.g., for fraud and crime prevention); 

  • to protect our rights, property, and interests, and to prevent and detect fraud, theft, misconduct, or unauthorized use of our assets and information.

We may collect, use and retain employees’ family members’ personal information for the following purposes or in connection with such purposes:

  • to provide benefits to your family members, such as health insurance, life insurance, or emergency contact information;

  • to verify your relationship with your family members, and to obtain their consent, where required, for the provision of benefits or the use of their personal information;

  • to comply with legal and regulatory obligations, such as tax, social security, or immigration laws; and

  • to contact your family members in case of an emergency, or to inform them of significant changes in your employment status or situation.

Collection of Personal Information

And please remember:

We safeguard personal information voluntarily provided by you, collected by us, or any affiliates of Tofu2 or our partners, or captured automatically. We typically collect or obtain information because you volunteer it to us, or because other users provide the information to us, or because we observe or infer that information about you from the way you interact with us or others.

The personal information collected depends on the nature of your interaction with us  and we will only collect the types of personal information that are relevant and necessary for the purpose of your interaction with us. All information we collect about you may be combined with other information we hold about you. Personal information will be used to provide products, Services, or marketing promotions to you. Please note that if you refuse or are unable to provide your personal information as required, we may not be able to provide you with products, Services or process your application if it requires your personal information.

Use of Cookies

Cookies are small text files that are stored on your browser or device by websites, applications, online media, and advertisements when you visit a website. 

Our website or Services may use cookies to distinguish you from other users. This helps us provide you with a good experience when browsing and allows us to improve our website for enhancing user experience. Examples of collected data in cookies include session details to enable you to use essential functions on our website like maintaining login details, using Google Analytics to recognize repeat visitors to our websites in order to enable us to better understand how our users browse to and through our websites, the time they spend and how often they visit our websites, relying on which we can improve our websites. Font size cookies are used to provide proper appearance of characters when you browse our websites. IP address of the computer used to visit the website may be recorded. You may choose to accept or reject cookies in your web browser settings. If you reject the cookies, you will not be able to use some of the functions on our website.

Minors under the age of 18

We do not knowingly collect any personal information from persons under the age of 18. Our Services are only intended for people over the age of 18. If you are under the age of 18, please do not give us any personal information. 

Retention of Personal Information

We maintain your personal information in compliance with legal, regulatory or internal policy requirements, to ensure personal information is not kept longer than is necessary for the fulfilment of the purpose for which the information is collected or is used for or as permitted by the applicable laws and regulations. The information will either be irreversibly anonymised or securely disposed of when it is no longer needed.

Sharing Information 

We do not sell or trade your personal information to any third parties. We may share your personal information with third parties as described in this section:

  • Our direct and indirect subsidiaries, holding companies, associated companies and affiliates;

  • Third-party agents, partners, and service providers who are only permitted to use your information as we allow which may include contacting you on your behalf, and are required under law or contract to keep your personal information confidential. Information is shared to help us provide the Services;

  • Government agencies and taxing authorities, as required to provide the Services;

  • Insurance carriers and other third parties, as needed to carry out the Services;

  • Banking and financial institutions;

  • Certain parties as necessary to respond in good faith to legal process where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Services;

  • Legal and financial advisors and auditors;

  • The following third-parties under the circumstances described below:

    • we may share business or personal information with credit bureaus, and we may share information with certain companies, banks and organizations for purposes such as fraud prevention or determining eligibility for the Services;

    • [if you participate in a referral program, the referral email and referral link sent to any referred leads may include your first name;]

    • if there is a sale of Tofu2 (including, without limitation, a merger, stock acquisition, sale of assets or reorganization), or in the event that Tofu2 liquidates or dissolves, we may sell, transfer or otherwise share some or all of our assets, which could include your information, to the buyer;

    • we may share anonymized personal information with third parties, including third parties which provide AI analytic services, to perform analytics;

    • from time to time, we may share reports with the public that contain anonymized, aggregate, de-identified information and statistics; and

    • we may share your information with certain other third parties with whom you expressly authorize us to share your information.

Personal information will only be used, disclosed, or transferred for the purposes or any directly related purposes for which it was collected or where it is allowed by applicable law.

Direct Marketing

In addition to the purposes set out above, we intend to use your personal information (including name, address, contact numbers and email address) in direct marketing, but we will not use your personal information to do so unless we have received your express consent.

We would like to:

  • send you direct marketing communications about our products and Services in connection with the latest news, events, updates, promotions, offers, products and Services about Tofu2’s product and Service; and

  • send you direct marketing communications relating to the latest news, events, updates, promotions, offers, products and services offered by our business partners and affiliates.

We will not disclose your personal information to any third parties for direct marketing purposes without your consent.

We respect your choice about how we use your personal information for direct marketing. If you do not want us to do so, please tell us when we seek your consent. You will have an opportunity to opt out, such as by ticking a box, filling out a form, or using another means.

If you do not wish to continue receiving any direct marketing materials from us, suitable opt-out mechanisms will be provided. You may also e-mail privacy@gotofu.com stating your wishes or click on the unsubscribe function in the relevant direct marketing communication.

Security 

We use a range of physical, electronic, and organizational measures to ensure that we keep your personal information secure, accurate, and up to date. These measures include but not limited to:

  • education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal information;

  • organizational and technical controls to restrict access to personal information on a need-to-know basis;

  • technological security measures, including firewalls, encryption, and anti-virus software; and

  • physical security measures, such as staff security passes to access our premises.

We will not disclose your personal information to any third parties for direct marketing purposes without your consent.

We will take all steps reasonably appropriate to ensure that your personal information is treated securely and in accordance with this Privacy Policy Statement. We employ generally accepted industry standards to protect your Personal Information and we continuously strive to protect your information and privacy as much as we can. Unfortunately, there are always risks associated with the transmission of information over the internet (including by e-mail).  While we take proactive steps to manage these risks and work with business partners who share our view on the importance of protecting your information, we cannot guarantee the security of information transmitted to us or by us.

Monitoring

If we conduct monitoring such as using CCTV, we will notify you of such monitoring. Such notice may take the form that is reasonably calculated to reach you who may be affected by such monitoring.

Do not track

Some browsers have a “do not track” feature that lets you tell websites you do not want to have your online activities tracked. Because these features are not yet uniform, we do not currently respond to “do not track” signals. 

Your Rights and Correction

You have various rights concerning your personal information. In particular, you have a right to: 

  • object to Tofu2 processing your personal information; 

  • request access to your personal information;

  • request an update of the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete; and

  • withdraw consent to our processing of your personal information (to the extent such processing is based on consent).

Contact Us

If you have any questions about this Privacy Policy Statement or wish to exercise your rights, please contact our Data Protection Officer at privacy@gotofu.com or write to the following address:

  • Tofu2 Limited
    Unit C, 8/F, King Palace Plaza
    No.55 King Yip Street
    Kwun Tong, Kowloon
    Hong Kong.

You may also use the above contact details if you wish to make a complaint to us relating to your privacy. 

We strive to respond to your questions or complaints within 40 days of receiving the communication. We have the right to charge a reasonable fee for processing a data access request. We will clearly inform you what fee, if any, will be charged as soon as possible and in any event not later than 40 days after receiving your request.

If you are dissatisfied with the way we handle your personal information and you wish to report a complaint about it, you also have the right to refer the matter to the Privacy Commissioner for Personal Data in Hong Kong and other authorities.

Version

This Privacy Policy Statement was last updated in September 2024.

It may be subject to amendments. Any future changes or additions to the processing of personal information as described in this Privacy Policy Statement affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you. 

Your Rights If Your Personal Information is Covered by the GDPR

If your personal information is covered by the General Data Protection Regulation (“GDPR") (that is, if you are an individual within the European Economic Area), you have the following rights with respect to your personal information:

  • The right to request access to the personal information that we have about you;

  • The right to rectify or correct any personal information that is inaccurate or incomplete;

  • The right to request a copy of your personal information in electronic format so that you can transmit the information to third parties, or to request that we directly transfer your personal information to one or more third parties;

  • The right to object to the processing of your personal information for marketing and other purposes;

  • The right to erasure of your personal information when it is no longer needed for the purposes for which you provided it, as well as the right to restriction of processing of your personal information to certain limited purposes where erasure is not possible.

Your Rights If You are a Resident of California or Certain US States

Under the laws of the states of California, Colorado, Connecticut, Utah and Virginia ("Applicable States"), you may have rights to ask us to:

  • provide access to certain information we hold about you, in some cases in a portable format, if technically feasible;

  • update or correct your information;

  • delete certain information we hold about you; and 

  • opt in to or opt out of use of certain sensitive information we hold about you.

Authorized agents: You may also have the right to designate an authorized agent to help you exercise these rights. To ensure the security of your account, we will generally ask you to verify your, or your authorized agent’s, request using the contact information you have already provided.

Exercising your rights: If you would like to exercise any of these rights, or appeal a decision made relating to your rights, please contact us at privacy@gotofu.com.

No sale of personal information. We do not sell any personal information to anyone.

No discrimination. We will not discriminate against any exercising their rights under the privacy laws of California or other Applicable States.

California. Below are the additional disclosures required by the California Consumer Privacy Act and the California Privacy Rights Act (together, the "CCPA"), effective as of January 1, 2023.

Categories of personal information collected. The personal information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the CCPA, depending on how you engage with us:

  • Identifiers, such as your name, email, address, phone numbers, or IP address;

  • personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number;

  • characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;

  • commercial information, such as purchase activity;

  • Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;

  • geolocation information, such as the location of your device or computer determined from your IP address or mobile device’s GPS depending on your device settings;

  • audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;

  • professional or employment-related information, for example information you may provide about your business; and

  • inference data, such as information about your preferences.

Categories of personal information disclosed for a business purpose. The personal information that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the CCPA, depending on how you engage with us:

  • Identifiers, such as your name, email, address, phone numbers, or IP address;

  • personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number;

  • characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;

  • commercial information, such as purchase activity;

  • Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;

  • geolocation information, such as the location of your device or computer, for example if you enable location services to enhance your experience through applications we offer;

  • audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;

  • professional or employment-related information, for example information you may provide about your business;

  • inference data, such as information about your preferences.

Sensitive personal information. The categories of information that Tofu2 collects and discloses for a business purpose include "sensitive personal information" as defined under the CCPA. Tofu2 does not use or disclose sensitive personal information for any purpose not expressly permitted by the CCPA.