Privacy Policy

MY AI ACADEMY 私隱政策聲明

生效日期： 2025年7月5日
最後修訂日期： 2025年7月5日

1. 我們對您私隱的鄭重承諾

歡迎使用 MY AI ACADEMY。MY AI ACADEMY 是一個由 WISE LIFE TECHNOLOGY LIMITED（下稱「我們」、「本公司」或「我們的」）營運的品牌。我們鄭重承諾，將致力保護您的個人資料私隱。本私隱政策旨在詳盡闡述，當您使用我們的官方網站 myaiacademy.ai（下稱「本網站」）以及我們提供的相關服務（統稱為「本服務」）時，我們如何收集、持有、處理、使用、分享及保護您的個人資料。

本政策的制訂旨在恪守國際數據保障法律的嚴格標準，包括歐盟的《通用數據保障條例》(GDPR)，以及香港特別行政區法例第486章《個人資料（私隱）條例》(PDPO)。

若您對本政策存有任何疑問，或欲行使您在本政策下所享有的私隱權利，請隨時透過電郵 info@myaiacademy.ai 與我們的資料保障主任聯絡。

2. 關鍵術語定義

為確保本政策內容清晰無誤，茲定義以下關鍵術語：

個人資料： 指任何與一名已識別或可識別的在世個人（「資料當事人」）直接或間接相關的資訊。
處理： 指對個人資料執行的任何單一或一系列操作，不論是否以自動化方式進行，例如收集、記錄、組織、建構、儲存、修改、檢索、查閱、使用、披露、傳播、分發或以其他方式提供、排列或組合、限制、清除或銷毀。
資料控制者 (Data Controller) (根據 GDPR)： 指單獨或與他人共同決定個人資料處理目的與方式的自然人或法人。就本服務而言，WISE LIFE TECHNOLOGY LIMITED 是您的個人資料的資料控制者。
資料使用者 (Data User) (根據 PDPO)： 指獨自或聯同其他人或與其他人共同控制個人資料的收集、持有、處理或使用的人。就本服務而言，WISE LIFE TECHNOLOGY LIMITED 是您的個人資料的資料使用者。
資料處理者 (Data Processor)： 指代表資料控制者處理個人資料的自然人或法人。

3. 我們對保障資料原則的恪守

我們在營運中嚴格遵守 GDPR 及 PDPO 的核心原則。

根據 GDPR，我們恪守以下原則：

合法、公平與透明原則： 確保所有個人資料的處理均合法、公平，並對資料當事人保持高度透明。
目的限制原則： 僅為特定、明確且合法的目的收集個人資料，且不會以與該等目的不相符的方式作進一步處理。
資料最小化原則： 確保所收集的個人資料是足夠、相關，且僅限於為達致處理目的所必需的範圍。
準確性原則： 確保個人資料準確無誤，並在必要時作出更新。
儲存限制原則： 個人資料的儲存時間不會長於為達致其處理目的所必需的期間。
完整性與保密性原則： 透過適當的技術或組織措施，確保個人資料得到妥善處理，以保障其安全，免於未經授權或非法的處理，以及意外的遺失、銷毀或損壞。

根據 PDPO，我們恪守以下六項保障資料原則 (DPPs)：

第一原則 (收集目的及方式)： 個人資料的收集必須為合法目的，並與本公司的職能或活動直接相關。所收集的資料對該目的是必要但非超乎適度。
第二原則 (資料的準確性及保留期間)： 採取所有切實可行的步驟，以確保個人資料的準確性，其保留時間不應超過達致原來目的實際所需。
第三原則 (資料的使用)： 個人資料不得用於原收集目的以外的新目的，除非事先獲得資料當事人明確且自願的同意。
第四原則 (資料的保安)： 採取所有切實可行的步驟，以保障個人資料免於未經授權或意外的查閱、處理、清除、遺失或其他形式的使用。
第五原則 (資訊的公開性)： 公開說明我們持有的個人資料種類，以及我們處理個人資料的政策及實務。
第六原則 (查閱及改正資料)： 資料當事人有權查閱及改正其個人資料。

4. 我們所收集的資訊類別

由您直接提供給我們的個人資料：

聯絡資料： 當您註冊本服務、聯絡客戶支援或訂閱我們的電子通訊時，我們可能會收集您的名字、姓氏、電郵地址及電話號碼。

我們自動收集的資訊：

日誌及使用數據： 當您存取本網站時，我們的伺服器會自動記錄技術資訊，包括但不限於您的網際網路協定 (IP) 地址、瀏覽器類型與版本、操作系統、轉介來源網址(referring URLs)、瀏覽頁面及存取時間。
Cookies 及相關追蹤技術： 我們使用 Cookies、網站信標 (web beacons) 及像素 (pixels) 等技術來收集有關您瀏覽行為的資訊，以用於網站分析、功能優化及個人化廣告投放。

5. 我們使用您資訊的方式、目的及法律依據

我們僅在具有合法基礎的情況下，為以下明確目的處理您的個人資料。

為提供及管理您的帳戶與服務

所用資料： 姓名、電郵地址、電話號碼。
法律依據 (GDPR)： 為履行我們與您訂立的合約所必需。

為處理交易及付款

所用資料： 姓名、電郵地址（請注意：我們不會存取或儲存您完整的信用卡或銀行帳戶資料）。
法律依據 (GDPR)： 為履行我們與您訂立的合約所必需。

為發送市場推廣及促銷資訊

所用資料： 姓名、電郵地址。
法律依據 (GDPR)： 事先獲取您的明確同意。您有權隨時透過電郵中的「取消訂閱」連結撤回同意。

為回覆您的查詢及提供客戶支援

所用資料： 姓名、電郵地址、電話號碼。
法律依據 (GDPR)： 基於我們提供卓越客戶服務的合法權益。

為投放目標式廣告（例如再營銷）

所用資料： 電郵地址（以雜湊 (hashed) 形式）、Cookie 數據、IP 地址。
法律依據 (GDPR)： 基於您對 Cookies 的同意，以及我們推廣業務的合法權益。

為分析網站流量及改善服務質素

所用資料： 日誌及使用數據、Cookie 數據、IP 地址。
法律依據 (GDPR)： 基於我們提升網站功能及用戶體驗的合法權益。

為維持系統安全及預防欺詐活動

所用資料： IP 地址、日誌及使用數據。
法律依據 (GDPR)： 基於我們保護平台、用戶及自身資產安全的合法權益。

6. 資料安全保障措施

我們已實施並維持一系列適當且嚴謹的技術及組織層面的安全措施，旨在保護我們所處理的個人資料，免受未經授權的存取、披露、竄改及銷毀。這些措施包括數據加密、存取權限控制及安全的伺服器架構。然而，我們必須提醒您，沒有任何透過互聯網的傳輸方式或電子儲存方法是百分之百安全的。儘管我們致力採用商業上可接受的最高標準來保護您的個人資料，但無法保證其絕對安全。

7. 與第三方分享您的資訊

我們絕不出售您的個人資料。但在特定情況下，我們可能需要與受信任的第三方服務供應商（即資料處理者）分享您的資訊，以協助我們營運及提供服務。我們已與所有此類供應商簽訂具法律約束力的資料處理協議，確保他們僅能根據我們的指示處理您的資料，並提供不低於本政策所訂標準的保護。

網站分析服務 (例如 Google Analytics)： 用以分析網站流量、用戶行為模式，從而優化服務。
電郵營銷平台 (例如 MailChimp)： 用以管理訂閱者名單及發送電子通訊與市場推廣資訊。
廣告及再營銷夥伴 (例如 Google Ads, Facebook Ads)： 在您離開本網站後，於其他平台向您展示可能感興趣的本公司廣告。
支付處理機構 (例如 PayPal, Stripe, Alipay, WeChat Pay, 銀行轉帳)： 用以安全地處理您的付款。您的完整財務資料將直接提交予支付處理機構，其對您資料的使用受其自身的私隱政策約束。
網絡安全服務 (例如 Google reCAPTCHA)： 用以保護本網站免受自動化程式及垃圾訊息的攻擊。

8. 個人資料的保留期限

我們僅在為達致收集個人資料的原有目的（包括為滿足任何法律、會計或報告規定）所必需的期間內，保留您的個人資料。當我們不再有持續的合法業務需求去處理您的個人資料時，我們將會安全地將其刪除或作匿名化處理，使其無法再與您關聯。

9. 跨國資料傳輸

您的個人資料可能會被傳輸至您所居住國家以外的地區進行處理及儲存，而這些地區的資料保障法律可能與您所在地的法律有所不同。若您位於歐洲經濟區 (EEA)，而您的資料需被轉移至 EEA 以外的地區（例如香港或美國），我們將確保此類轉移的合法性，途徑包括依賴歐盟委員會的「充分性決定」(Adequacy Decisions)，或採用經歐盟委員會核准的「標準合約條款」(Standard Contractual Clauses, SCCs)。若您位於香港，而您的資料需被轉移至海外，我們將採取所有切實可行的步驟，確保您的資料受到與在香港《個人資料（私隱）條例》下所獲致的保障水平相當的保護。

10. 您所享有的資料保障權利

根據您所在的司法管轄區，您對您的個人資料享有多項權利。

對於歐洲經濟區 (EEA) 的居民 (根據 GDPR)：

查閱權： 您有權要求獲取我們所持有關於您的個人資料副本。
更正權： 您有權要求我們更正任何不準確或不完整的個人資料。
刪除權（「被遺忘權」）： 在特定條件下，您有權要求我們刪除您的個人資料。
限制處理權： 在特定情況下，您有權要求我們暫停處理您的個人資料。
資料可攜權： 您有權要求以結構化、通用及機器可讀的格式接收您的個人資料，並將其轉移給另一位控制者。
反對權： 您有權反對我們基於合法權益或為直接促銷目的而處理您的個人資料。
撤回同意權： 若資料處理是基於您的同意，您有權隨時撤回該同意。

對於香港居民 (根據 PDPO)：

查閱資料權： 您有權要求查閱我們所持有的您的個人資料。
改正資料權： 您有權要求改正不準確的個人資料。

如何行使您的權利：

如欲行使上述任何權利，請透過電郵 info@myaiacademy.ai 聯絡我們的資料保障團隊。根據法例規定，我們將在收到您請求後的一個月內作出回應。在處理您的請求前，我們可能需要採取合理步驟以核實您的身份。

向監管機構投訴的權利：

您有權就我們處理您個人資料的方式，向相關的資料保障監管機構提出投訴。在香港，該機構為香港個人資料私隱專員公署 (PCPD)，其官方網站為：https://www.pcpd.org.hk。

11. 兒童私隱

我們的服務並非為未滿18歲的人士而設。我們不會在知情的情況下，收集任何未成年人士的個人資料。倘若我們發現無意中收集了此類資料，我們將立即採取措施，從我們的記錄中將其刪除。

12. 本私隱政策的修訂

我們或會因應法律、技術或業務營運上的發展與變更，不時修訂本私隱政策。當我們作出修訂時，將會採取適當措施通知您。所有修訂將於本頁發布，並在本政策頂部更新「最後修訂日期」。

13. 聯絡我們

如果您對本私隱政策或我們處理您個人資料的實務有任何疑問、意見或請求，歡迎隨時與我們聯絡：

法律實體名稱： WISE LIFE TECHNOLOGY LIMITED
品牌名稱： MY AI ACADEMY
聯絡電郵： info@myaiacademy.ai
官方網站： myaiacademy.ai

Privacy Policy Statement for MY AI ACADEMY

Effective Date: July 5, 2025
Last Revised: July 5, 2025

1. Our Solemn Commitment to Your Privacy

Welcome to MY AI ACADEMY. MY AI ACADEMY is a brand operated by WISE LIFE TECHNOLOGY LIMITED ("we," "us," "our," or "the Company"). We are solemnly committed to protecting the privacy of your personal information. This Privacy Policy is intended to comprehensively explain how we collect, hold, process, use, share, and protect your personal data when you use our official website, MYAIACADEMY.AI (the "Website"), and our associated services (collectively, the "Services").

This policy is drafted to adhere to the stringent standards of international data protection laws, including the European Union's General Data Protection Regulation (GDPR) and the Hong Kong SAR's Personal Data (Privacy) Ordinance (Cap. 486) (PDPO).

Should you have any questions regarding this policy or wish to exercise your privacy rights hereunder, please do not hesitate to contact our Data Protection Officer at info@myaiacademy.ai.

2. Definitions of Key Terms

For the avoidance of doubt, the key terms used in this policy are defined as follows:

Personal Data: Any information relating directly or indirectly to an identified or identifiable living individual (the "data subject").
Processing: Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Controller (under GDPR): The natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of our Services, WISE LIFE TECHNOLOGY LIMITED is the Data Controller of your personal data.
Data User (under PDPO): A person who, either alone or jointly or in common with other persons, controls the collection, holding, processing or use of personal data. For the purposes of our Services, WISE LIFE TECHNOLOGY LIMITED is the Data User of your personal data.
Data Processor: A natural or legal person who processes personal data on behalf of the Data Controller.

3. Our Adherence to Data Protection Principles

In our operations, we strictly adhere to the core principles of both the GDPR and the PDPO.

Under GDPR, we adhere to the following principles:

Lawfulness, Fairness, and Transparency: Processing personal data lawfully, fairly, and in a transparent manner in relation to the data subject.
Purpose Limitation: Collecting personal data for specified, explicit, and legitimate purposes and not further processing it in a manner that is incompatible with those purposes.
Data Minimisation: Ensuring personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
Accuracy: Ensuring personal data is accurate and, where necessary, kept up to date.
Storage Limitation: Keeping personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
Integrity and Confidentiality: Processing personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Under PDPO, we adhere to the Six Data Protection Principles (DPPs):

Principle 1 (Purpose and Manner of Collection): Personal data shall be collected for a lawful purpose directly related to a function or activity of the Company, and the data collected shall be necessary for but not excessive in relation to that purpose.
Principle 2 (Accuracy and Duration of Retention): All reasonably practicable steps shall be taken to ensure that personal data is accurate and is not kept longer than is necessary for the fulfillment of the purpose for which the data is used.
Principle 3 (Use of Personal Data): Personal data shall not be used for a new purpose other than the original purpose of collection, unless with the express and voluntary consent of the data subject.
Principle 4 (Data Security): All reasonably practicable steps shall be taken to ensure that personal data is protected against unauthorized or accidental access, processing, erasure, loss, or other use.
Principle 5 (Openness and Transparency): To be open about the kinds of personal data held and the main purposes for which personal data is used, as well as our data policies and practices.
Principle 6 (Access and Correction): A data subject shall be entitled to ascertain whether the Company holds personal data of which he is the subject and to request correction of that data.

4. Categories of Information We Collect

Personal Information You Directly Provide to Us:

Contact Data: We may collect your first name, last name, email address, and phone number when you register for our Services, contact customer support, or subscribe to our electronic newsletter.

Information We Collect Automatically:

Log and Usage Data: When you access the Website, our servers automatically record technical information, including but not limited to your Internet Protocol (IP) address, browser type and version, operating system, referring URLs, pages viewed, and access times.
Cookies and Related Tracking Technologies: We utilize cookies, web beacons, and pixels to collect information about your browsing activities for the purposes of website analytics, functional optimization, and personalized advertising.

5. How and Why We Use Your Information (Purposes and Legal Bases)

We process your personal data only for specified purposes and where we have a lawful basis to do so.

To Provide and Manage Your Account and Our Services

Data Used: Name, Email Address, Phone Number.
Legal Basis (GDPR): Necessary for the performance of a contract to which you are a party.

To Process Transactions and Payments

Data Used: Name, Email Address (Note: We do not access or store your full credit card or bank account details).
Legal Basis (GDPR): Necessary for the performance of a contract to which you are a party.

To Send Marketing and Promotional Communications

Data Used: Name, Email Address.
Legal Basis (GDPR): Based on your explicit prior consent. You have the right to withdraw this consent at any time via the "unsubscribe" link in our emails.

To Respond to Your Inquiries and Provide Customer Support

Data Used: Name, Email Address, Phone Number.
Legal Basis (GDPR): Based on our legitimate interests in providing excellent customer service.

To Deliver Targeted Advertising (e.g., Remarketing)

Data Used: Email Address (in hashed form), Cookie Data, IP Address.
Legal Basis (GDPR): Based on your consent for cookies and our legitimate interests in promoting our business.

To Analyze Website Traffic and Improve Service Quality

Data Used: Log and Usage Data, Cookie Data, IP Address.
Legal Basis (GDPR): Based on our legitimate interests in enhancing website functionality and user experience.

To Maintain System Security and Prevent Fraudulent Activity

Data Used: IP Address, Log and Usage Data.
Legal Basis (GDPR): Based on our legitimate interests in protecting our platform, users, and corporate assets.

6. Data Security Measures

We have implemented and maintain a series of appropriate and robust technical and organizational security measures designed to protect the personal data we process from unauthorized access, disclosure, alteration, and destruction. These measures include data encryption, access controls, and secure server architecture. However, we must advise you that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use the highest commercially acceptable standards to protect your personal data, we cannot guarantee its absolute security.

7. Sharing Your Information with Third Parties

We do not sell your personal data. However, under specific circumstances, we may need to share your information with trusted third-party service providers (i.e., Data Processors) to assist us in operating our business and providing the Services. We have legally binding data processing agreements in place with all such providers to ensure they only process your data according to our instructions and provide a level of protection no less stringent than that set out in this policy.

Website Analytics Services (e.g., Google Analytics): To analyze website traffic and user behavior patterns to optimize our services.
Email Marketing Platforms (e.g., MailChimp): To manage subscriber lists and distribute newsletters and marketing communications.
Advertising and Remarketing Partners (e.g., Google Ads, Facebook Ads): To display advertisements for our business that may be of interest to you on other platforms after you have left our Website.
Payment Processors (e.g., PayPal, Stripe, Alipay, WeChat Pay, Bank Transfer): To securely process your payments. Your full financial details are provided directly to the payment processor, whose use of your information is governed by their own privacy policy.
Cybersecurity Services (e.g., Google reCAPTCHA): To protect our Website from automated programs and spam.

8. Data Retention Period

We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was originally collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. When we no longer have an ongoing legitimate business need to process your personal data, we will securely delete or anonymize it so that it can no longer be associated with you.

9. Cross-Border Data Transfers

Your personal data may be transferred to, and processed and stored in, countries outside of your country of residence, where data protection laws may differ from those in your jurisdiction. If you are located in the European Economic Area (EEA), and your data is to be transferred outside the EEA (e.g., to Hong Kong or the United States), we will ensure the lawfulness of such a transfer by relying on the European Commission's Adequacy Decisions or by implementing the Standard Contractual Clauses (SCCs) approved by the European Commission. If you are located in Hong Kong, and your data is to be transferred overseas, we will take all reasonably practicable steps to ensure that your data is protected to a standard comparable to the protection afforded under the PDPO.

10. Your Data Protection Rights

Depending on your jurisdiction, you have a number of rights in relation to your personal data.

For Residents of the European Economic Area (EEA) under GDPR:

The Right to Access: You have the right to request a copy of the personal data we hold about you.
The Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
The Right to Erasure ('Right to be Forgotten'): You have the right to request the deletion of your personal data under certain conditions.
The Right to Restrict Processing: You have the right to request that we suspend the processing of your personal data in certain circumstances.
The Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
The Right to Object: You have the right to object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
The Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.

For Residents of Hong Kong under PDPO:

The Right of Access: You have the right to request access to the personal data we hold about you.
The Right of Correction: You have the right to request the correction of inaccurate personal data.

How to Exercise Your Rights:

To exercise any of the rights set out above, please contact our Data Protection team at info@myaiacademy.ai. In accordance with the law, we will respond to your request within one month of receipt. Before processing your request, we may need to take reasonable steps to verify your identity.

The Right to Lodge a Complaint with a Supervisory Authority:

You have the right to lodge a complaint regarding our processing of your personal data with the relevant data protection supervisory authority. In Hong Kong, this is the Office of the Privacy Commissioner for Personal Data (PCPD), whose official website is: https://www.pcpd.org.hk.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it from our records.

12. Revisions to This Privacy Policy

We may amend this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we make revisions, we will take appropriate measures to inform you. All amendments will be posted on this page, and we will update the "Last Revised" date at the top of this policy.

13. Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to contact us:

Legal Entity Name: WISE LIFE TECHNOLOGY LIMITED
Brand Name: MY AI ACADEMY
Contact Email: info@myaiacademy.ai
Official Website: https://myaiacademy.ai