Tofu2 limited (“Tofu2”, “we”, “our” or “us”), a company incorporated in Hong Kong with company number 3229346, with email info@gotofu.com and registered address at Unit C, 8/F, King Palace Plaza, No.55 King Yip Street, Kwun Tong, Kowloon, Hong Kong, recognise our responsibilities to protect the privacy, confidentiality, and security of the personal information we hold. We are equally committed to ensure compliance by all our employees and agents with these obligations.
This Privacy Policy Statement explains our collection, holding, and use of personal information about our customers, vendors, employees and various other individuals (“you” or “your”) when you interact with us and our websites, services, content, and any related software, mobile applications, and other applications (collectively, “Services”). It also sets out your rights concerning your information and who you can contact for more information or queries. We may refer to information that can be used to identify you as your “personal information”. We may also sometimes collectively refer to handling, collecting, protecting, and storing your personal information as “processing” of such personal information.
When you access or use our Services, you acknowledge that you have read this Privacy Notice Statement and understand its contents. Your use of our Services is subject to this Privacy Notice Statement.
You may be asked to provide personally-identifiable information such as name, date of birth, gender, images or videos of you, telephone number, fax number, email address, residential address, payment account details.
The categories of personal information that we collect or obtain from you typically includes, but is not limited to:
You request a demo of Bearer
We call you
You use Bearer
You receive emails from us
You chat with us for customer support
You opt-in to marketing messages
Full name, date of birth, marital status, education level
Email address, telephone number, postal address
Government issued ID, profile picture
Job title, hire date, employment history, academic backgrounds, sick time, package
Preferences for particular products, Services, messages in our platform, video interview, any permissions, consents or preferences given by you
Bank account details, transaction information
“Sensitive Data” such as information revealing racial or ethnic origin, religion, political or philosophical beliefs, health condition, disabilities, or sexual orientation. We only collect such Sensitive Data where required by law or having a legitimate ground to do so, for example to enter into an employment relationship or to proceed with visa application.
Information about your computer phone, tablet, or other device you use to access our Services
IP address, login and logout data, browser time and settings
Device location, time zone, depending on our device settings; and
See the section on “Use of Cookies” in this Privacy Policy Statement
Not all this information will be collected at all times as this will be dependent on the nature of our interaction with you. We will only collect the information necessary for us to fulfil the relevant purposes outlined in this Privacy Policy Statement.
In some cases, we will also collect personal information about you indirectly from third parties such as:
third parties who engage our Services; and
third party service providers that help us to operate.
We may collect, use and retain your personal information for the following purposes or in connection with such purposes:
to process your application for our Services;
to provide Services or supporting to our Services (e.g., respond to enquiries and investigate complaints)
to manage your account under our Services;
to enhance our products and Services that are available to you;
to analyse or research your consumer behaviours, enabling us to better understand our customers so that we can provide products and Services that have been customised based on your user experiences (e.g., personalised incentives and discounts);
to carry out market and customer analysis using data analytic tools in order to generate customer insights, segmentations, statistical reports and/or marketing insights which we may use ourselves or share with any subsidiaries, holding companies, joint ventures and associated companies of Tofu2 for their own use to determine whether you may be interested in new products or Services, or to customise the content and types of offers, products, Services, incentives and discounts that we present to you. These reports and/or insights are in aggregated form or will be anonymised, secured, and will not contain information that identifies you;
to evaluate and improve our business operations and management (including IT resources and infrastructure management, business continuity and risk management, audit, training, statistical analysis for business or security purposes, and any other supporting administrative services and similar purposes);
with your consent, to use your personal information to send you marketing communications (please refer to the “Direct Marketing” section below for further details);
to enable us or our affiliates to provide website, Services or other electronic verification of your identity;
to meet any requirements to disclose under any applicable regulation or law (e.g., for fraud and crime prevention);
to protect our rights and those of our customers and clients; and
to achieve any other purpose directly relating to any of the above purposes.
You can block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use Bearer but certain services (like Intercom) will not work effectively.
to enable us to match your capabilities with our work requirements, and to assign you to appropriate projects, tasks and teams;
to provide benefits to you, such as salary, bonuses, incentives, pensions, insurance, health and wellness programs, and training and development opportunities;
to contact you for work-related matters, such as performance reviews, feedback, appraisals, promotions, transfers, disciplinary actions, and termination;
to manage your attendance, leave, absences, and working hours;
to monitor and evaluate your work performance, productivity, quality, and compliance with our policies and standards;
to ensure your health and safety at work, and to prevent and address any accidents, injuries, or incidents;
to maintain and update your personnel records, and to provide you with access to our internal systems and resources;
to facilitate your participation in our internal communications, events, surveys, and initiatives;
to comply with legal and regulatory obligations, such as tax, social security, labor, and immigration laws;
to meet any requirements to disclose under any applicable regulation or law (e.g., for fraud and crime prevention);
to protect our rights, property, and interests, and to prevent and detect fraud, theft, misconduct, or unauthorized use of our assets and information.
We may collect, use and retain employees’ family members’ personal information for the following purposes or in connection with such purposes:
to provide benefits to your family members, such as health insurance, life insurance, or emergency contact information;
to verify your relationship with your family members, and to obtain their consent, where required, for the provision of benefits or the use of their personal information;
to comply with legal and regulatory obligations, such as tax, social security, or immigration laws; and
to contact your family members in case of an emergency, or to inform them of significant changes in your employment status or situation.
And please remember:
We safeguard personal information voluntarily provided by you, collected by us, or any affiliates of Tofu2 or our partners, or captured automatically. We typically collect or obtain information because you volunteer it to us, or because other users provide the information to us, or because we observe or infer that information about you from the way you interact with us or others.
The personal information collected depends on the nature of your interaction with us and we will only collect the types of personal information that are relevant and necessary for the purpose of your interaction with us. All information we collect about you may be combined with other information we hold about you. Personal information will be used to provide products, Services, or marketing promotions to you. Please note that if you refuse or are unable to provide your personal information as required, we may not be able to provide you with products, Services or process your application if it requires your personal information.
Cookies are small text files that are stored on your browser or device by websites, applications, online media, and advertisements when you visit a website.
Our website or Services may use cookies to distinguish you from other users. This helps us provide you with a good experience when browsing and allows us to improve our website for enhancing user experience. Examples of collected data in cookies include session details to enable you to use essential functions on our website like maintaining login details, using Google Analytics to recognize repeat visitors to our websites in order to enable us to better understand how our users browse to and through our websites, the time they spend and how often they visit our websites, relying on which we can improve our websites. Font size cookies are used to provide proper appearance of characters when you browse our websites. IP address of the computer used to visit the website may be recorded. You may choose to accept or reject cookies in your web browser settings. If you reject the cookies, you will not be able to use some of the functions on our website.
We do not knowingly collect any personal information from persons under the age of 18. Our Services are only intended for people over the age of 18. If you are under the age of 18, please do not give us any personal information.
We maintain your personal information in compliance with legal, regulatory or internal policy requirements, to ensure personal information is not kept longer than is necessary for the fulfilment of the purpose for which the information is collected or is used for or as permitted by the applicable laws and regulations. The information will either be irreversibly anonymised or securely disposed of when it is no longer needed.
We use a range of physical, electronic, and organizational measures to ensure that we keep your personal information secure, accurate, and up to date. These measures include but not limited to:
education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal information;
organizational and technical controls to restrict access to personal information on a need-to-know basis;
technological security measures, including firewalls, encryption, and anti-virus software; and
physical security measures, such as staff security passes to access our premises.
We will not disclose your personal information to any third parties for direct marketing purposes without your consent.
We will take all steps reasonably appropriate to ensure that your personal information is treated securely and in accordance with this Privacy Policy Statement. We employ generally accepted industry standards to protect your Personal Information and we continuously strive to protect your information and privacy as much as we can. Unfortunately, there are always risks associated with the transmission of information over the internet (including by e-mail). While we take proactive steps to manage these risks and work with business partners who share our view on the importance of protecting your information, we cannot guarantee the security of information transmitted to us or by us.
If we conduct monitoring such as using CCTV, we will notify you of such monitoring. Such notice may take the form that is reasonably calculated to reach you who may be affected by such monitoring.
Some browsers have a “do not track” feature that lets you tell websites you do not want to have your online activities tracked. Because these features are not yet uniform, we do not currently respond to “do not track” signals.
You have various rights concerning your personal information. In particular, you have a right to:
object to Tofu2 processing your personal information;
request access to your personal information;
request an update of the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete; and
withdraw consent to our processing of your personal information (to the extent such processing is based on consent).
If you have any questions about this Privacy Policy Statement or wish to exercise your rights, please contact our Data Protection Officer at privacy@gotofu.com or write to the following address:
Tofu2 Limited
Unit C, 8/F, King Palace Plaza
No.55 King Yip Street
Kwun Tong, Kowloon
Hong Kong.
You may also use the above contact details if you wish to make a complaint to us relating to your privacy.
We strive to respond to your questions or complaints within 40 days of receiving the communication. We have the right to charge a reasonable fee for processing a data access request. We will clearly inform you what fee, if any, will be charged as soon as possible and in any event not later than 40 days after receiving your request.
If you are dissatisfied with the way we handle your personal information and you wish to report a complaint about it, you also have the right to refer the matter to the Privacy Commissioner for Personal Data in Hong Kong and other authorities.
This Privacy Policy Statement was last updated in November 2023.
It may be subject to amendments. Any future changes or additions to the processing of personal information as described in this Privacy Policy Statement affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.
If your personal information is covered by the General Data Protection Regulation (“GDPR") (that is, if you are an individual within the European Economic Area), you have the following rights with respect to your personal information:
The right to request access to the personal information that we have about you;
The right to rectify or correct any personal information that is inaccurate or incomplete;
The right to request a copy of your personal information in electronic format so that you can transmit the information to third parties, or to request that we directly transfer your personal information to one or more third parties;
The right to object to the processing of your personal information for marketing and other purposes;
The right to erasure of your personal information when it is no longer needed for the purposes for which you provided it, as well as the right to restriction of processing of your personal information to certain limited purposes where erasure is not possible.
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. In general, we collect and process your personal information on one or more of the following bases:
Your consent. For example, situations where we have obtained your consent to process your personal information for certain activities (such as the use of cookies for online tracking and analysis). You are free to withdraw your consent at any time by contacting privacy@gotofu.com. If you withdraw your consent, it will not affect the lawfulness of any processing based on your consent before you withdrew it;
To comply with a contractual obligation. We will advise you upon collection whether the provision of your personal information is mandatory and of the possible consequences if you do not provide us with your information.
For compliance with our legal obligations where laws or regulations require the processing of your personal information (for example, health and safety, taxation and anti-money laundering laws) or where we need your personal information to protect your vital interests or those of another person.
Our legitimate interests which include the provision of relevant Services, and/or the carrying out of marketing activities, provided always that our legitimate interests are not outweighed by any prejudice or harm to your rights and freedoms.
To exercise any of these rights, please contact us using the information provided above in the “contact us” section.
Please note that erasure or restriction of processing is only possible if and to the extent that the processing of personal information is based on your consent or our legitimate interests. If personal information processing is based on consent, note that you have the right to withdraw your consent at any time, but that the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. In the event of an erasure request, we may retain a copy of your personal information for our record-keeping purposes and to avoid entering your personal information in our systems after your request.
In the event that you believe or have the impression that our personal information processing does not comply with the GDPR, you are entitled to lodge a complaint with the responsible supervisory authority.
Under the laws of the states of California, Colorado, Connecticut, Utah and Virginia ("Applicable States"), you may have rights to ask us to:
provide access to certain information we hold about you, in some cases in a portable format, if technically feasible;
update or correct your information;
delete certain information we hold about you; and
opt in to or opt out of use of certain sensitive information we hold about you.
Authorized agents: You may also have the right to designate an authorized agent to help you exercise these rights. To ensure the security of your account, we will generally ask you to verify your, or your authorized agent’s, request using the contact information you have already provided.
Exercising your rights: If you would like to exercise any of these rights, or appeal a decision made relating to your rights, please contact us at privacy@gotofu.com.
No sale of personal information. We do not sell any personal information to anyone.
No discrimination. We will not discriminate against any exercising their rights under the privacy laws of California or other Applicable States.
California. Below are the additional disclosures required by the California Consumer Privacy Act and the California Privacy Rights Act (together, the "CCPA"), effective as of January 1, 2023.
Categories of personal information collected. The personal information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the CCPA, depending on how you engage with us:
Identifiers, such as your name, email, address, phone numbers, or IP address;
personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number;
characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;
commercial information, such as purchase activity;
Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
geolocation information, such as the location of your device or computer determined from your IP address or mobile device’s GPS depending on your device settings;
audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
professional or employment-related information, for example information you may provide about your business; and
inference data, such as information about your preferences.
Categories of personal information disclosed for a business purpose. The personal information that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the CCPA, depending on how you engage with us:
Identifiers, such as your name, email, address, phone numbers, or IP address;
personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as a credit card number;
characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;
commercial information, such as purchase activity;
Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
geolocation information, such as the location of your device or computer, for example if you enable location services to enhance your experience through applications we offer;
audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
professional or employment-related information, for example information you may provide about your business;
inference data, such as information about your preferences.
Sensitive personal information. The categories of information that Tofu2 collects and discloses for a business purpose include "sensitive personal information" as defined under the CCPA. Tofu2 does not use or disclose sensitive personal information for any purpose not expressly permitted by the CCPA.
