We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please feel free to contact us any time.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4.2 Data usage associated with Hummingbirds Analytics Account
Personal data associated with your account includes credentials, name and contact data, payment data, device and usage data, your contacts, information about your activities, and your interests and favourites. Signing into your account enables personalization, consistent experiences across products and devices, allows you to make payments using payment instruments stored in your account, and enables other features.
The data associated with your account, and how that data is used, depends on how you use the account. Please refer to the table in the above Clause 4.1 for further details on the lawful basis and basis of legitimate interest on how we use your data.
4.2.1 Creating your Hummingbird Analytics account.
When you create an account, you will be asked to provide certain personal data and we will assign a unique ID number to identify your account and associated information. While our Product(s) involves payment, it requires a real name, you can sign in to.
4.2.2 Signing in to Hummingbird Analytics
When you sign in to your account, we create a record of your sign-in, which includes the date and time, information about the product you signed in to, your sign-in name, the unique number assigned to your account, a unique identifier assigned to your device, your IP address, and your operating system and browser version.
Signing in to your account enables improved personalization, provides seamless and consistent experiences across devices, permits you to access and use cloud data storage, allows you to make payments using payment instruments stored in your account, and enables other enhanced features and settings. When you sign in to your account, you will stay signed in until you sign out.
4.2.3 Signing in to third-party products or websites.
4.3 More on the purposes of processing
4.3.1 Provide our Product
We use data to operate our Product(s) and provide you with rich, interactive experiences. Additionally, we use data to contact you. For example, we may contact you by phone or email or other means to inform you when a subscription is ending or discuss your licensing account. We also communicate with you to secure our products, for example by letting you know when product updates are available.
4.3.2 Product improvement
We use data to continually improve our Product(s), including adding new features or capabilities. For example, we use error reports to improve security features and usage data to determine what new features to prioritize.
Our Product(s) and/or Website(s) include personalized features, such as recommendations that enhance your productivity and enjoyment. These features use automated processes to tailor your product experiences based on the data we have about you, such as inferences we make about you and your use of the Product(s), activities, interests, and location. We also provide controls to disable personalized features.
4.3.4 Product activation
We use data—such as subscription identifiers—to activate products that require activation.
4.3.5 Product development
We use data to develop new products. For example, we use data, often de-identified, to better understand our customers’ computing and productivity needs which can shape the development of new products.
4.3.6 Customer support
We use data to troubleshoot and diagnose problems, provide other customer care and support services.
4.3.7 Help secure and troubleshoot
We use data to help secure and troubleshoot our Product(s) and/or Website(s). This includes using data to protect the security and safety of our Product(s) and/or Website(s) and customers, detecting malware and malicious activities, troubleshooting performance and compatibility issues to help customers get the most out of their experiences, and notifying customers of updates to our Product(s) and/or Website(s). This may include using automated systems to detect security and safety issues.
We use data to protect the safety of our Product(s) and/or Website(s) and our customers. Our security features and products can disrupt the operation of malicious software and notify users if malicious software is found on their devices. For example, some of our products systematically scan content in an automated manner to identify suspected spam, viruses, abusive actions, or URLs that have been flagged as fraud, phishing, or malware links; and we reserve the right to block delivery of a communication or remove content if it violates our terms.
We use data we collect to develop product updates and security patches. Updates and patches are intended to maximize your experience with our Product(s), help you protect the privacy and security of your data, provide new features, and ensure your device is ready to process such updates.
4.3.10 Promotional communications
We use data we collect to deliver promotional communications. You can sign up for email subscriptions and choose whether you wish to receive promotional communications from Explora Consulting and Hummingbird Analytics by email, SMS, physical mail, and telephone. For information about managing your contact data, email subscriptions, and promotional communications, see the How to access and control your personal data section of this privacy statement.
4.3.11 Relevant offers
Explora Consulting uses data to provide you with relevant and valuable information regarding our Product(s). We analyze data from a variety of sources to predict the information that will be most relevant to you and deliver such information to you in a variety of ways.
We use data we collect through our interactions with you, through providing services, and on third-party web properties, for advertising in our Product(s) and on third-party properties. We may use automated processes to help make advertising more relevant to you. For more information about how your data is used for advertising, see the Advertising section of this privacy statement.
4.3.13 Transacting commerce
We use data to carry out your transactions with us. For example, we process payment information to provide customers with the product and/or service they subscribed or purchased from the website(s).
4.3.14 Reporting and business operations
We use data to analyze our operations and perform business intelligence. This enables us to make informed decisions and report on the performance of our business.
4.3.15 Protecting rights and property
We use data to detect and prevent fraud, resolve disputes, enforce agreements, and protect our property. For example, we use data to confirm the validity of software licenses to reduce piracy. We may use automated processes to detect and prevent activities that violate our rights and the rights of others, such as fraud.
4.3.16 Legal compliance
We process data to comply with law. For example, we process contact information and credentials to help customers exercise their data protection rights.
With appropriate technical and organizational measures to safeguard individuals’ rights and freedoms, we use data to conduct research, including for public interest and scientific purposes.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the following parties for the purposes set out in the table above:-
External Third Parties as set out in the Definitions Section below; and
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
5.1 International Transfers
We will share your personal data within our company in Hong Kong, but we may also transfer your data to other jurisdictions.
Please understand that we will generally ensure a similar degree of protection to your personal data as it is afforded in the EEA by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
We may use specific contracts or contract clauses approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please do not hesitate to contact us anytime if you want further information on the specific mechanism used by us when transferring your personal data.
5.2 Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
5.3 Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Other criteria used to determine the retention periods may include:
Whether Users anticipate that we retain such data until their affirmative removal
In such cases, we would aim to maintain the data until you actively delete it. Note that there may be other reasons why the data has to be deleted sooner, for example if you exceed limits on how much data can be stored in your account.
If there is an automated control enabling the customer’s access and deletion of the personal data at any time
If there is not, a shortened data retention time will generally be adopted.
Is the personal data of a sensitive type
If so, a shortened retention time would generally be adopted.
Has the user provided consent for a longer retention period
If so, we will retain data in accordance with your consent.
Is our product subject to a legal, contractual, or similar obligation to retain or delete the data
Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data retained for the purposes of litigation. Conversely, if we are required by law to remove unlawful content, we will do so.
In some circumstances, you can ask us to delete your data: see “Your Legal Rights within the EEA” or “Your Legal Rights within Hong Kong” below for further information.
In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
6.1 We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your Identity Data, Contact Data, Technical Data, Usage Data and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing emails and newsletters from us if you have requested information from us or purchased products or services from us, or if you provided us with your details in our events or registered for a promotion and, in each case, you have expressly consented to receiving such marketing emails and newsletters.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
6.2 Opting Out
You can ask us or third parties to stop sending you marketing messages at any time by:-
by contacting us anytime at or with respect to the Product(s); and
by following the opt-out links on any newsletter or marketing message sent to you.
Where you opt-out of receiving these marketing messages or newsletters, this will not apply to personal data provided to us as a result of a product or service purchase, product or service experience or other transactions (which we will continue to process in order to perform a contract with you or as a result of our regulatory or legal obligations).
6.3 Your communications preferences
In addition to the above, you can also make choices in respect of your communications preferences by signing in with your account, updating your contact information, managing your contact preferences, opt out of email subscriptions, and choose whether to share your contact information with Explora Consulting partners. These choices do not apply to mandatory service communications that are part of the Product(s), programs, activities, or to surveys or other informational communications that have their own unsubscribe method.
6.4 Browser-based controls
When you use a browser, you can control your personal data using certain features. For example:
6.4.1 Cookie controls
You can control the data stored by cookies and withdraw consent to cookies by using the browser-based cookie controls described in the Cookies section of this privacy statement.
6.4.2 Tracking protection
You can control the data third-party sites can collect about you using tracking protection some browsers. This feature will block third-party content, including cookies, from any site that is listed in a tracking protection list you add.
7. YOUR LEGAL RIGHTS WITHIN THE EEA
7.1 List of Rights if you are staying with the EEA
If you are currently staying within the EEA, under certain circumstances, you may have rights under data protection laws in relation to your personal data. These rights include:-
Right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us, as any personal data must remain accurate, kept up-to-date, corrected or deleted when inaccurate. Accuracy also depends on the data provided by the client: Explora will not alter or delete the provided data.
Right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Platform Users cannot alter or remove the data loaded to the platform: clients may access the data loaded to the platform either through their own IT department or Explora, given that they take our service of data loading.
If you wish to exercise any of the rights set out above, please contact us at or with respect to the Product(s).
8. YOUR LEGAL RIGHTS IN HONG KONG
If you are currently staying in Hong Kong, you are entitled, in accordance with the Personal Data (Privacy) Ordinance (Cap. 486, the laws of Hong Kong) (the “Ordinance”), to check whether we hold data about you and to have access to those data. If any of these data are incorrect or inaccurate, you have the right to correct or update them. Requests for access to or to correct personal data should be addressed to our Data Privacy Manager at or with respect to the Product(s). In accordance with the Ordinance, we are entitled to charge a reasonable fee for processing any data access or correction requests.
9. HOW TO ACCESS AND CONTROL YOUR PERSONAL DATA
9.1 You can access and control your personal data that Explora Consulting has obtained with our Product(s) and/or Website(s). In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law.
9.2 If your organization, such as your employer, provides you with access to and is administering your use of our Product(s) and/or Website(s), please contact your organization to learn more about how to access and control your personal data.
9.3 You can access and control your personal data that Explora Consulting has obtained, and exercise your data protection rights, using various tools we provide on our Product(s) and/or Website(s), for instance, you may access to your account if you wish to access, edit, or remove the profile information and payment information in your account, change your password, add security information or close your account by visiting the Website.
9.4 Not all personal data processed by Explora Consulting can be accessed or controlled via the tools above. If you want to access or control personal data processed by Explora Consulting that is not available via the tools above, you can always contact us at or with respect to the Product(s) and/or Website(s). We try to respond to all legitimate requests made by you within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9.6 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
10. OTHER IMPORTANT PRIVACY INFORMATION
10.1 Security of personal data
Explora Consulting is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data (such as a credit card number or password) over the internet, we protect it through the use of encryption. Explora Consulting complies with applicable data protection laws, including applicable security breach notification laws.
10.2 Where we store and process personal data
Personal data collected by Explora Consulting may be stored and processed in your region and in any other country where Explora Consulting or its affiliates, subsidiaries, or service providers operate facilities. Typically, the primary storage location is in the customer’s region, often with a backup to a data centre in another region. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.
“External Third Parties” shall mean (a) service providers based in Hong Kong who provide IT and system administration services; (b) professional advisors including lawyers, bankers, auditors and insurers based in Hong Kong who provide consultancy, banking, legal, insurance and accounting services; and (c) the Inland Revenue Department, regulators and other authorities based in Hong Kong who require reporting of processing activities in certain n circumstances.
“Legitimate Interests” shall mean the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
“Legal Obligations” shall mean processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
“Performance of Contract” shall mean processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.