Touchcard (“we” or “us”) treats personal data provided to us with respect and integrity. We are committed to safeguarding the privacy of our website, as data protection is of a particularly high priority for the management of our company. The use of our website is not possible without any indication of personal data.
- Australian Privacy Principles contained in the Privacy Act 1988
- General Data Protection Regulation (GDPR), applicable in Europe
- Privacy Act U.S.C. 552a (Privacy Act of USA)
- Privacy Acts in Latin America
- Any other country-specific data protection regulations applicable.
By means of this data protection declaration, our company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
Touchcard creates postcard marketing software for Ecommerce retailers.
As controller and processor, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions may, in principle, have security gaps occasionally, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you will not receive direct marketing communications and will limit the publication of your information.
In your relationship with us through the website, controller, for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Iterator Ltd (“Touchcard”)
Room 9, 4th Floor, Beverley Commercial Centre, 87-105 Chatham Road
Tsim Sha Tsui, Kowloon, Hong Kong SAR
Our data protection declaration should be legible and understandable for the general public, as well as for our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
1a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
1f) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
1i) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Upon purchasing from us, we ask you to provide us with yourpayment data, which will be used for secure processing of your order.
In addition, we may ask for a valid e-mail address, which will be included in our emailing list, for information regarding news & updates, as well as marketing promotions.
In this Section we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from our customers, the source and specific categories of that data;
(c) the purposes for which we may process personal data;
(d) the legal bases of the processing.
We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analyzing the use of the website and services.
We may process your account data (“account data“). The account data may include your name and email address. The account data may be processed for the purposes of providing our services, updates, promitions, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process your personal data that are provided in the course of the use of our services (“service data“). The service data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data“). The enquiry data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process information relating to our customer relationships, including customer contact information (“customer relationship data“). The customer relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you or your employer. The customer relationship data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our services (“transaction data“). The transaction data may include your contact details, and the transaction details. The transaction data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
We may process information contained in or relating to any communication that you send to us (“correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
“Automatically Collected” Information: The Touchcard website collect a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be:
(1) the ISP,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system reaches our website (so-called referrers),
(4) the sub-websites,
(5) the date and time of access to the website,
(6) an Internet Protocol address (IP address),
(7) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, Touchcard does not draw any conclusions about the data subject. Rather, this information is needed to:
(1) deliver the content of our website correctly;
(2) optimize the content of our website as well as its advertisement;
(3) ensure the long-term viability of our information technology systems and website technology;
(4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack;
In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please do not supply any other person’s personal data to us, unless we prompt you to do so.
Obviously, the access to our website is free; however, we inform you that for the use of the website via mobile device the charges and the standard tariffs provided in the service contract that you have stipulated with them will still be applied by the telephone operators.
Privacy of minors
We do not collect or consciously request information from customers under the age of 18, nor do we consciously allow such customers to register with our services, except with parental consent. Our services and their contents are not intended for children under the age of 18.
If we learn that we have collected personal information from a child under the age of 18 without parental consent, we will delete this information as soon as possible.
If you believe we have any information about a child under the age of 18, please contact us.
3. Use and Disclosure of personal data to others
We will use the received data to help you easily obtain assistance on your problems, after the acquisition of an application; to provide you with personalized content and information, including online listings or other forms of direct marketing; to offer, improve, test and monitor the effectiveness of our services; to develop and test new products and functions; to monitor metrics such as total visitor numbers, traffic and demographic models; to diagnose or solve technological problems; to automatically update the website on your device.
We, or other subjects that will be authorized by us, may use your personal data for promotional, advertising and / or marketing purposes. We may disclose personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.[We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We do not rent or sell your information to third parties outside of Touchcard without your consent, unless otherwise provided on the basis of statutory provisions.
We may share your information, as well as information from tools such as cookies or similar, with third party organizations that help us provide you with the services, but only as far as is reasonably necessary.
We can also share this information with our advertising partners, so that we can offer you, among other things, targeted advertising that may be of interest to you.
We can access your information as well as store and share it in response to a request when the law requires us to do so. In addition, we may access your information, as well as store and share it, if we believe in good faith that this is necessary to: detect, prevent and manage fraud and other illegal activities; protect ourselves, you and other people, even in the context of any investigations; prevent events that could cause imminent physical damage or death.
4. Cookies and Tracking Technologies
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which internet pages, servers or apps can be assigned to the specific app or server in which the cookie was stored.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the app, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time, if the data subject deactivates the setting of cookies in the app, not all functions of our website may be entirely usable.
We use automatically collected information and other information collected during the Services through cookies and similar technologies to: (i) personalize our Service, such as remembering a Customer’s or Visitor’s information or login details so that the Customer or Visitor will not have to re-enter it during a visit or on subsequent accessing; (ii) provide customized content and information; (iii) monitor and analyze the effectiveness of website and third-party activities; and (iv) monitor site usage metrics such as the number of visitors.
5. Data Quality
We will take reasonable steps to ensure that personal information we have about you is accurate, complete and up to date when we use it. Generally, we rely on you to assist us in keeping your personal information accurate and up to date.
6. Data Security
We have taken reasonable steps to keep your personal information secure at all times and in accordance with our Information Security Policies. For example, electronic access is limited to authorized personnel.
We also take steps to reasonably protect your personal information from misuse and loss, unauthorized access, modification or disclosure and maintained in an accurate, complete and up-to-date manner.
We will be honest and open with you about the type of personal information that we collect about you and the actual use of any such information. We will let you know at the time we collect your personal information, or soon after, how we will treat it.
If you require any details of the personal information held by us about you, then please contact us by e-mail.
8. Access, Correction and Deletion
We respect your privacy rights and provide you with reasonable access to the information we have collected about you and obtain a more in-depth explanation about how the information is used.
If you wish to access or amend any other personal information we hold about you, or to request that we delete any information about you that we have obtained through procuring our website, you may contact us as set forth below in ‘How to Contact Us’. Unless personal information is required to be retained by us for administrative or legal reasons Touchcard will meet such requests at the earliest possible opportunity.
If you would like access to detailed personal information and such information is not immediately or easily accessible by us, we may charge an administrative fee for our costs in retrieving and supplying the information to you.
9. Opting out from Communications
If you receive emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the ‘How to Contact Us’ section.
Please be aware that if you opt-out of receiving emails from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Please note that you may still receive administrative messages from us regarding our Services.
10. Transfer of Data
11. Data Controller and Data Processor
In accordance with the regulations provided by the:
Privacy Act U.S.C. 552a (Privacy Act of USA),
Privacy Acts in Latin America
the Privacy Act of 1988 of Australia
the General Data Protection Regulation, aka GDPR for European Union
the data controller and data processor for Touchcard is the developer of the website.
Data Processor is also any third party that receives collected personal data from us.
13. Sensitive Information
We do not believe in intrusive collection of your personal details and will not collect information that is considered highly personal or highly sensitive about you without your prior consent.
14. Data Retention and Data Deletion
We only retain the personal information collected from a Customer for as long as the Customer’s email address is active on our mailing list, or otherwise for a limited period of time as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law.
In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the 10-year criteria, after your relationship with us ends.
Notwithstanding the other provisions of this Article, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: [the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed]. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us.
14. Complaints Resolution
We are committed to providing our clients with a fair and responsive system for handling and resolving complaints concerning the handling of their personal information. You have a right to complain and to have your complaint handled efficiently if you are concerned about our handling of your personal information. We believe that in receiving your complaint, we are provided with a valuable opportunity to improve the services we deliver to you and maintain your confidence in our services.
If at any time you wish to lodge a complaint in respect of the handling, use or disclosure of your personal information by us, you may do so by contacting us directly.
We aim to investigate and advise you of the outcome of the complaint promptly.
If you are not satisfied with our handling of your complaint, you may contact the Data Protection Officer at:
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of significant changes to this policy by email or through the private messaging system within our service system.
16. How to Contact Us
Iterator Limited (“Touchcard”)
Room 9, 4th Floor
Beverley Commercial Centre
87-105 Chatham Road
Tsim Sha Tsui, Kowloon