HeyTap Privacy Notice

Last updated on: 23 August 2022

Thank you for choosing HeyTap.

HeyTap PTE LTD ("we", "us" or "our") is committed to protecting and respecting your personal information and privacy. We developed this Privacy Notice to explain how we collect, use, disclose, transmit and/or store your personal information when you sign up for or use an HeyTap ID. Before using our HeyTap products (or services), please read this Privacy Notice carefully to understand our privacy practices.

HeyTap PTE LTD is the Data Controller as defined in the General Data Protection Regulation (GDPR). This means that we can decide the purposes for which we collect and process your personal information and we are obliged to comply with the relevant GDPR terms.

This policy will help you understand the following:

• I. Definitions


• II. How We Collect and Use Your Personal Data


• III. How Long We Retain Your Personal Data


• IV. How We Disclose Your Personal Data


• V. How We Protect Your Personal Data


• VI. Your rights with regard to your personal data


• VII. How We Process Children's Personal Data


• VIII. Third-Party Service Providers and Their Services


• IX. How Your Personal Data Is Transferred Globally


• X. How This Privacy Notice Is Updated


• XI. Contact us

• I. Definitions

"Affiliated company" refers to a company that is related to us due to joint ownership or control.




"Third parties" refers to companies or persons who do not have a relationship arising out of joint ownership or control with us (i.e. non-affiliated company) or other non-related persons. Third parties can be financial or non-financial companies, or persons other than you and us.




"Personal data" refers to any information relating to an identified or identifiable natural person.




• II. How We Collect and Use Your Personal Data

We collect data for efficient operations and to provide you with the best product experience. Our channels for collecting personal data include: (1) you providing us with your data directly, (2) us recording certain data about how you interact with our products and/or (3) us obtaining certain data about you from third parties.




The data we collect depends on the environment in which you interact with us, the choices you make, including your privacy settings, and the products and features that you use.



• 1. Personal data that we collect


• (1) Information directly provided by you



The services we provide require you to provide certain personal data directly to us. For instance:




Registering a HeyTap ID requires you to create an account or to complete a personal profile where you would provide personal data such as your name, date of birth, mobile number, email address, username and password created, photos, emergency contact and their contact information, etc.




We may ask you to provide personal data and collect it under other circumstances. Such circumstances include participating in prize draws or competitions, participating in promotional or marketing activities organised by us or our business partners, completing questionnaires and participating in user forums or blogs hosted by us or our business partners. The information that you provide helps us design and improve the products, personalise your shopping experience and provide purchase suggestions. We may match your information with third-party data to better understand your needs.



• (2) Service Usage Information



In addition to the information you provide, we may also collect information about your use of our services through software on your device and other means. For example, we may collect:



• a. Device information – such as device name, device model, region and language settings, device identification number (IMEI number, etc.), device hardware information and status, usage habits, IP address, operating system version and settings of the device used to access the service.


• b. Log information – such as when and how long the service is used, search terms entered through the service and error log information of your device. The Android system is designed in such a way that your error or crash logs will include general information from the time when the error or crash occurs, which may sometimes include your personal data such as phone number, email address, Facebook account, etc. However, we have implemented security measures to ensure such information is only used for error log analysis and not for personal identification or other purposes.


• c. Location information – such as the GPS signal of the device or information about Wi-Fi access points.



We may also collect other information about your use of our services – such as the version of the application being used, the website visited and how you interact with the content provided through our services.




Please note that we may cooperate with third-party service providers to implement or improve our service functions above. These third parties may not use this information for any other purpose.



• (3) Obtaining Data from a Third Party



To the extent permitted by law, we may obtain data about you from public or commercial sources and may combine it with other information received about or relevant to you.



• 2. How We Use Your Personal Data


• (1) We may process your personal data for the purposes described in this Privacy Notice to perform our obligations to you under our user agreement and/or service contract:


• a. with your prior explicit consent which can be withdrawn at any time at your request;


• b. so that we can perform or carry out a contract with you in relation to our products and/or services;


• c. for compliance with a legal obligation to which we are subject;


• d. when necessary for the purposes of the legitimate interests pursued by us or a third party to whom it may be necessary to disclose information. Where we process your information based on such grounds, we will only do so where we have appropriately balanced such interests against your right to privacy.



Examples of how we may use your data include:



• Provide and improve services. The personal data that we collect will be used to provide you with our products and services, process your orders or fulfil the contract between you and us to ensure the functionality and safety of our products and services, to verify your identity and to prevent and investigate fraud or other improper use.


• Customer support. We use data to diagnose product issues and provide other customer care and support services. We also use this information to improve our products and analyse the efficiency of our business operations. However, we will not use this information to track your location.


• Commercial promotional activities. If you participate in prize draws, contests or similar promotional activities held by us, we will use the personal data you provide to manage such activities.


• (2) We will strictly abide by the terms of this Privacy Notice and any updates to it (which you will be notified of in advance). Your personal data will only be used for the purposes determined at the time.


• (3) When we want to use the information for other purposes not covered by this Privacy Notice, we will obtain your consent in advance. When we want to use information that was collected for a specific purpose for other purposes, we will obtain your consent in advance.


• (4) We do not take any decisions involving the use of algorithms or profiling that significantly affect you. If certain of our services require us to do so in the future, we will inform you in advance and you can exercise your legal rights as set out in section VII.9 of this Privacy Notice.



• III. How Long We Retain Your Personal Data

Our retention period for personal data is the minimum time necessary to realise the purpose of collection, unless a longer retention period is required by law. Beyond the above retention period, we will delete or anonymise your personal data.




• IV. How We Disclose Your Personal Data

1. At times we may make certain personal information available to affiliated companies and other third parties that work with us to provide products and services. Your information will not be shared with third parties for their own independent marketing or commercial purposes.



• (1) Affiliated companies: your personal data may be shared with our affiliated companies. We only share necessary personal data subject to the purposes stated in this Privacy Notice. If the affiliated companies wish to change the purpose of processing, they will ask for your authorisation and consent again.


• (2) Sharing with third parties: to realise the purposes stated in this Policy, some of our services will be provided by our authorised partners. We may share some personal data with our partners to provide better services and a better user experience. Third-party service providers are also used to provide you with customer service.



Where a merger, acquisition or bankruptcy liquidation takes place, if the transfer of personal data is involved, we will ask the new company or organisation which obtains your personal data to be subject to this Privacy Notice, otherwise we will ask such company or organisation to acquire your authorisation and consent again.




We will only share your personal data for lawful, legitimate, necessary, specific and clear purposes, and only personal data necessary for service provision will be shared. Our partners are not allowed to use the shared personal data for any other purposes.




We may also disclose your personal data if it is compulsorily required by laws, such as to comply with a subpoena or other legal proceedings, legal actions or government agencies, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a government request.




• V. How We Protect Your Personal Data

1. We have taken reasonable practical and technical measures to protect the collected information related to the service. However, please note that although we have taken reasonable measures to protect your information, no websites, Internet transmissions, computer systems or wireless connections are absolutely secure.




2. We have taken safeguarding measures in accordance with industry standards to protect the personal data you provided and prevent data from unauthorised access, public disclosure, use, modification, damage or loss. We take all reasonably practical measures to protect your personal data.  In particular:



• (1) We anonymise your personal data to mitigate the risk that other organisations or individuals may identify you on the basis of that personal information. We use SSL to encrypt many services. We periodically review practices regarding information collection, storage and possession (including physical security measures) to prevent various systems from unauthorised access.


• (2) We only allow our employees and personnel of authorised service companies who need the personal data to process it to access such personal data, and they are subject to strict contractual confidentiality obligations. If they fail to perform these obligations, they may be held liable or their relationship with us may be terminated.


• (3) The security of your information is extremely important to us. Therefore, we endeavour to ensure the security of your personal data and implement measures such as full security encryption during storage and transmission to prevent your information from unauthorised access, use or disclosure. At the same time, no one can access the content of some encrypted data except users themselves.


• (4) When we transmit and store sensitive personal data, we will use security measures such as encryption. We will use technical measures to process personal biometric information before storage. For instance, storing only a digital template of personal biometric information.



3. In the event of a personal data security incident, we will act in accordance with applicable laws.




• VI. Your rights with regard to your personal data

We will respect your legal rights to your personal data. Below are the rights that you have under law, and what we do to protect those rights. Please note that for the sake of security, we may ask you to verify your identity before processing your request.



• 1. The right to be informed: we are publishing this Privacy Notice to keep you informed as to what we do with your personal data. We strive to be transparent about how we use your data.


• 2. The right to access: if you wish to access your personal data, you can log in to your account and access the information you provided when registering the HeyTap ID through "Settings > HeyTap IDs". If you have any questions when exercising your right to access, please contact us at: https://brand.heytap.com/en/privacy-feedback.html.


• 3. The right to rectification: if you find that the personal data we process about you is inaccurate or incomplete, you are entitled to ask us to make rectifications. You can rectify your information via https://id.heytap.com/static/userdata_index.html or by contacting us at: https://brand.heytap.com/en/privacy-feedback.html.


• 4. The right to deletion: you can submit a request to us to delete personal data if we do not have a legal reason to continue to process and hold it. You can delete your information via https://id.heytap.com/static/userdata_index.html or by contacting us at: https://brand.heytap.com/en/privacy-feedback.html.


• 5. The right to restriction of processing: you have the right to ask us to restrict how we process your personal data. We will keep just enough or process the data necessary for us to make sure we respect your restriction request in the future. You can realise your right to restriction of processing via https://id.heytap.com/static/userdata_index.html or contacting us at: https://brand.heytap.com/en/privacy-feedback.html.


• 6. The right to data portability: To the extent permitted by laws and regulations, you have the right to obtain a copy of your personal data in a structured, commonly-used and machine-readable format. For example, if you decide to switch to a new provider, this enables you to move, copy, or transfer your personal data easily between our IT systems and theirs safely and securely, without affecting its usage. You can exercise your right to data portability via https://id.heytap.com/static/userdata_index.html or by contacting us at: https://brand.heytap.com/en/privacy-feedback.html.


• 7. The right to object: you have the right to object to us processing your data even if its use is for our legitimate interests, the exercise of official authority, direct marketing (including data aggregation) or processing for the purpose of statistics. You can object us processing your data via https://id.heytap.com/static/userdata_index.html or by contacting us at: https://brand.heytap.com/en/privacy-feedback.html.


• 8. The right to withdraw consent: if you have given us your consent to process your personal data but change your mind later, you have the right to withdraw your consent at any time and we must stop processing your data. You can withdraw your consent via the https://id.heytap.com/static/userdata_index.html or by contacting us at: https://brand.heytap.com/en/privacy-feedback.html.


• 9. The right to object to automated individual decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling. If these decisions significantly affect your lawful rights, you are entitled to ask for an explanation via https://id.heytap.com/static/userdata_index.html or by contacting us at: https://brand.heytap.com/en/privacy-feedback.html, which we will respond to and take appropriate measures to resolve, as necessary.


• 10. The right to lodge a complaint: you have the right to lodge a complaint about the way we handle or process your personal data with your national data protection authority.



We will respond and reply to your above requests as soon as possible, and generally no later than one month after receipt of your request. (If necessary and as permitted by law, we may extend it by an additional two months. We will inform you of the reason for the extension within the aforementioned one-month period, for example, if the request is complex or involves a large volume of data). If you are not satisfied with the response you receive, you can refer the complaint to the relevant regulatory authority in your jurisdiction.




• VII. How We Process Children's Personal Data

1. Our products, applications and services are mainly intended for adults. A child should not create his/her own user account. We treat anyone under 18 years old (or the equivalent minimum age for full legal capacity in relevant jurisdiction) as a child.




2. When we find that a child's personal data is collected, we will delete the relevant data as soon as possible.




• VIII. Third-Party Services Providers and Their Services

1. Our websites, applications and services may contain links to third-party websites, products and services. You can choose whether to access websites, products and services provided by third parties or not.




2. We have no control over third-party privacy and data protection policies and such third parties are not bound by this Privacy Notice. Before submitting personal data to third parties, please refer to the privacy notice of such third-parties.




• IX. How Your Personal Data Is Transferred Globally

• 1. In principle, the personal data collected and produced within the territory of the European Union is stored within the territory of the European Union. After acquiring your consent, your personal data (mobile phone number, email address, nickname and avatar) will be transferred to the People's Republic of China for the purpose of uniqueness verification in order to ensure the account can be used globally without duplication.


• 2. In the event that your personal data is transferred by us to countries located outside the European Economic Area (EEA), we will ensure that appropriate safeguards are taken, such as:


• (1) the recipient of the personal data is located within a country that benefits from a full "adequacy" decision of the European Commission;


• (2) the recipient has signed a contract based on "model contractual clauses" approved by the European Commission, obliging them to protect your personal data;


• (3) or in the absence of the above appropriate safeguards, we will ask you for your explicit consent for cross-border transmission of your personal data. In the meantime, security measures such as encryption or anonymisation will be adopted for the safety of your personal data.



For more information about the safeguards relating to personal data transfers outside of the EEA, please contact us at: https://brand.heytap.com/en/privacy-feedback.html.




• X. How This Privacy Notice Is Updated

We reserve the right to update or modify this Privacy Notice from time to time. We will send you notifications of update to this Privacy Notice in a form we deem appropriate. If you have provided us an email address, we will notify you of updates (and seek your consent on such updates if you are an Indonesian resident) via email before such updates take effect. If we do not have your email address, we will post a notice on our website or send push notifications to you through our devices about the aforesaid updates.




• XI. Contact us

If you have questions or concerns regarding our Privacy Notice or practices, please contact us at the following address:




HeyTap PTE LTD




Address: 9 Raffles Place, #26-01 Republic Plaza, Singapore 048619




Data Subject Rights Platform: https://brand.heytap.com/en/privacy-feedback.html




For users located in Europe, you may contact our EU representative OROPE Germany GmbH using the email or postal address below:




Email: privacy@heytap.com




Postal address: Graf-Adolf-Platz 15, 40213, Düsseldorf, Germany