Alliance Mobile Apps - Privacy Policy

I.  General Provisions. 1

1.  Applicability of This Privacy Policy. 1

2.  Data User Pursuant to Data Protection Law.. 2

3.  General Information on Data Processing. 2

4.  Rights of Data Subjects. 2

5.  Transfer of Data to Third Parties, External Processing. 2

6.  Amendments to This Privacy Policy. 3

II.  Applications: Processing of Your Personal Data. 3

7.  General Information on the Processing of Your Data upon Download, Registration, Login and Use of the Applications . 3

8.  Type of Personal Data Processed. 3

9.  Purpose and Duration of the Processing of Your Data. 4

10. Use of Third-Party Tools to Optimise Our Applications. 4

a)  Interactive Maps. 4

b)  Use of Google Firebase for Sending Messages. 5

c)  Use of Twilio and SendGrid Products for Sending Messages. 5

III.   Use of Cookies and Similar Technologies. 6

IV.   Webview: Processing of Your Personal Data

 

*****************************************************************


I.  General Provisions

1.  Applicability of This Privacy Policy 

The Mobile Apps of Alliance (hereinafter each, an “Application”, collectively referred to as the "Applications") are operated and made available by Alliance Construction Materials Limited or by a subsidiary or an affiliate of Alliance Construction Materials Limited (each individually referred to as “Alliance Company"). By means of the Applications, respective Alliance Company can enable their business customers ("Customers") to view their orders from the respective Alliance Company, track shipments and manage documents such as invoices or delivery notes. This Privacy Policy applies to the use of the Applications by the Customers. Below, we provide information on how we process data of the users of the Applications.

2.  Data User Pursuant to Data Protection Law

The data user responsible for processing your data within the scope of the use of the Applications is the Alliance Company from which you receive access to the Applications or from whose customer you receive access (in the following: “we”). 

Please also note that when you download the Applications directly from Google Play or the Apple App Store, your data are processed in a way for which we are not the data user under data protection law. Rather, the operators of the respective app stores are responsible for this processing. Further information is available under https://policies.google.com/privacy (for Google Play) and under https://www.apple.com/legal/privacy/en-ww/ (for the Apple App Store).


3.  General Information on Data Processing

We collect and process your personal data that we either receive from third parties or that you make available to us, e.g. via an input form in our Applications or otherwise, e.g. by e-mail. The provision of your personal data is voluntary; however if you fail to provide us with your personal data, you may not be able to access the Applications. Moreover, we collect and process the data that accumulate when you use our Applications. The processing of your data takes place in compliance with applicable data protection law. "Personal data" means any data (a) relating directly or indirectly to a living individual; (b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and (c) in a form in which access to or processing of the data is practicable. In the following, we explain in detail which data we collect and how. Moreover, we explain which rights you have and for how long your data are stored.

4.  Rights of Data Subjects

As a data subject, you may approach the Compliance Officer at enquiry@concrete.hk in order to exercise your rights. You have the following rights: 
•    The right to access your personal data as well as to receive a copy of your data; and
•    the right to correction of your personal data.


5.  Transfer of Data to Third Parties, External Processing

We transfer your personal data to authorities/public bodies where this is required under overriding legal regulations.

The processing within the scope of a transfer to criminal prosecution authorities and other authorities as well as to third parties who have suffered harm or attorneys at law only takes place in exceptional cases, i.e. if there are clear indications of unlawful or abusive use of the Applications and the disclosure or transfer of your data is required for the investigation or legal prosecution of such use, i.e. if we are subject to a legal obligation to forward data to criminal prosecution authorities.

We also transfer your personal data to group-internal and external processors to the extent necessary for the purposes of the processing set out in this Privacy Policy, and such external professional service providers provide us services including analytics and processing, administrative, management, computer and information technology, cloud services, payment processing, data processing, marketing and research, logistics, accounting, customer service, data hosting, logistics distribution, delivery and fulfilment, installation, fraud detection, telecommunications, computer, marketing, financing, legal, and other professional services. In the case of processors, we conclude contractual agreements with the service providers in order to ensure that the personal data are processed in accordance with the requirements of applicable data protection law. 

The processing of your data in the context of a transfer to processors takes place for the purpose of ensuring efficient and secure operation of the Applications including their maintenance and in order to be able to provide technical support to you in case you encounter problems, in order to ensure efficient and secure operation of the Applications, to guarantee professional maintenance of these and to be able to provide support. 

Furthermore, your personal data is transferred to other data users in compliance with applicable data protection law, e.g. to the respective Customer that you as a user specify during the registration process, so that the admissibility and scope of your access to the data of the respective Customer that you have specified can be checked and approved.


6.  Amendments to This Privacy Policy

We always keep this Privacy Policy up to date. For this reason, we reserve the right to modify it from time to time and to add amendments with respect to the processing of your data. We will inform you of any amendments. Where your consent is required for the processing, we will of course obtain such consent in advance.

 

II.  Applications: Processing of Your Personal Data

7.  General Information on the Processing of Your Data upon Download, Registration, Login and Use of the Applications 

During the download of the Applications as well as during the registration, login and use of the Applications, we provide a secure environment. 
Your user data are stored in a hashed format, i.e. a key is generated from them that enables the allocation of the user data, but does not allow them to be read out or makes this very difficult. The communication with our servers is encrypted according to the state of the art; thus, the data you enter for the registration and login are always sent to our servers in encrypted form.


8.  Type of Personal Data Processed 

For the download of the Applications and the registration, login and use of the Applications, we process the following personal data:
•    Communication data (e.g. content of messages) 
•    Corresponding / billing address
•    Contact details (e.g. name, e-mail address, mobile phone number)
•    Account details
•    Contract data, order information
•    Login credentials (e.g. password)
•    Log files (e.g. last login)
•    Authorisation management data (e.g. push notification authorisation)
•    Usage data (also see section Error! Reference source not found.)
•    Location data (also see 10 a))

•    Device identifiers
In the context of the registration and use of the Application, the data are collected directly from you or your device or entered by our sales team or our back-end customer systems within the scope of an existing contractual relationship.

For the download, registration, login and use of the Application , additional personal data (e.g. certain usage data) may be collected, which you can determine in your individual settings on the mobile device. 


9.  Purpose and Duration of the Processing of Your Data

We process the data provided by you or by a third party when you download the Application and when you register, log in and use the Applications:
•    for the purpose of enabling you to use the Applications;
•    to set up a user account for you; when registering for a user account, we may contact you for security reasons by telephone on the telephone number you provided before we create your user account;
•    to verify the authorisation upon login and when using the user account;
•    to process your requests to reset the password and 
•    to process your call-off of delivery quotas; 
•    to establish a secure environment for the use of the Applications and to protect your data, third-party data and confidential information of us;
•    to contact you for the purpose of sending you technical or legal information, updates, security notifications or other messages (also by SMS), e.g. regarding the management of the user account or that are necessary in the context of the registration, the log-in or the technical usage options or functionalities of the Application;
•    to be able to show you content that is relevant to you.

We also process data that accumulate when you use our Applications, such as your location. You will always be asked to allow the access to your location, and you can withdraw this consent with effect for the future whenever you wish by disabling the access in the settings of your mobile device or in the browsers you use. In this connection, please also read 10 a) of this Privacy Policy.

The so-called usage data that accumulate in connection with your use can provide information on how you use the Application, e.g. when and for how long you were logged in or used the Applications, which pages or functions you used when and for how long, etc. 

The data processing takes place in the applications as well as in upstream and downstream systems of the person responsible (e.g. SAP, CRM system of the person responsible).

Your personal data will only be processed for purposes other than those described above in case a legal regulation permits these or you have granted your consent to the changed purpose of the data processing. In the case of further processing for purposes other than those for which the data had originally been collected, we will inform you about these other purposes prior to the further processing and provide you with all other relevant information.

We will erase the data as soon as they are no longer needed for the above-mentioned purposes unless we are under the obligation to store them longer due to retention and documentation obligations under tax and commercial law (for example pursuant to the Hong Kong Companies Ordinance or further processing is required due to ongoing legal disputes or you have consented to longer storage).


10.  Use of Third-Party Tools to Optimise Our Applications
a)  Interactive Maps

The iOS version of our Applications  uses map material of Apple Inc., One Apple Park Way, Cupertino, California, CA 95014, USA. The Applications uses the native map function of your mobile device (Apple Maps) in order to visually display geographical information. You need to actively enable the function, which is initially disabled when you install and use the app.
The processed data especially include your IP address(es) and location data. These can only be collected with your consent. You can grant the consent within the Applications  and in the settings of your mobile device. As soon as you log out, the location function will be disabled. The next time you log in, you need to activate the function again in case you wish the location to be identified. The location data are only processed by Apple, not by us.

By using the map services, you also enter a usage relationship directly with Apple. The use of Apple Maps by you as an end user is subject to the current Terms of Use for Apple Maps (https://www.apple.com/legal/internet-services/maps/terms-en.html) and the Apple Privacy Policy (https://www.apple.com/privacy/). 

The Android version of our Applications uses the native map function of your mobile device (Google Maps) in order to visually display geographical information. You need to actively enable the function, which is initially disabled when you install and use the app. 

The processed data especially include your IP address(es) and location data. These can only be collected by these services with your consent. You can grant the consent within the Applications. As soon as you log out, the location function will be disabled. The next time you log in, you need to activate the function again in case you wish the location to be identified. The location data are only processed by Google, not by us.

Google Maps is offered by Google Ireland Limited, a company incorporated and operated under Irish law (registration number: 368047), headquartered in Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). 

By using the map services, you also enter a usage relationship directly with Google. The use of Google Maps by you as an end user is subject to the current Terms of Use for Google Maps/Google Earth (https://maps.google.com/help/terms_maps.html) and the Google Privacy Policy (https://policies.google.com/privacy?hl=en).

b)  Use of Google Firebase for Sending Messages

The Application  makes use of the Firebase services of Google (see above), some of which process personal data.

Firebase Cloud Messaging serves the transmission of push messages or so-called in-app messages (messages that are only displayed within the respective app). For this purpose, the device is assigned a pseudonymised push reference that serves as the destination for the push messages or in-app messages. Push messages can always be disabled and re-enabled in the device settings. We receive information from Google about the number of persons who have been sent a message and have opened it. We cannot trace this information to individual users.

Further information on data protection and the security of Firebase is available here: https://firebase.google.com/support/privacy/

The general Privacy Policy of Google can be accessed here: https://policies.google.com/privacy?hl=en

c)  Use of Twilio and SendGrid Products for Sending Messages

We use the services of Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA and its subsidiary SendGrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA (collectively referred to as "Twilio") and of Esendex, Commify UK Limited, 20 Wollaton Street, Nottingham, NG1 5FW, United Kingdom ("Esendex") for sending text messages (SMS). The transfer is necessary in order to set up your access to our Applications.

 

III.    Use of Cookies and Similar Technologies

In our browser-based Applications Hub and Webview, we use various cookies, some of which are necessary and some of which you can select or deselect.

Your selection is also stored in our Application, but not in a cookie. Apart from this, the above information and the following information shall apply accordingly.

Statistics cookies and tracking are used for the purpose of analysing and evaluating your use of our Applications, enabling us to optimise our Applications on this basis. To the extent that we use third-party tools for this purpose, the information in section I 5 of this Privacy Policy shall apply.


IV.    Webview: Processing of Your Personal Data

When using the Webview function, you receive a link from an authorised user, by means of which you can view certain documents released for you. For this, the Alliance Company itself does not collect any data from you. The link will take you to a website of the Alliance Company. This website uses cookies as described in section III.