Personal Information Collection Statement ("PICS")

1.1 This PICS applies to any and all Personal Data that Users provide or otherwise make available to Makebell (whether on or through our website and/or otherwise via email, direct contact, or other medium for or in the course of Makebell's provision of the Services), and such Personal Data may include, but are not limited to, as the case may be depending on the applicable context:

1.2 In relation to the operation of, and/or Users' access and interactions on, our website, our servers may also collect other non-personally identifiable data relating to Users' by automated means (such as but not limited to browser characteristics, operating system, IP address, domain name, language preferences, device characteristics, URLs, information on browsing activities taken, and dates and times of browsing activity). Insofar as any or all of these data and information cannot personally identify you ("Non Personal Data"), they do not constitute "Personal Data" for the purpose of the PDPO, and nothing in this PICS shall limit or restrict our handling of any Non-Personal Data. Without prejudice to the generality of the foregoing, we may use Non-Personal Data to provide aggregated, anonymous, statistical information so that Makebell may better meet the expectations and demands of Users and take necessary actions in respect of any illegal or unlawful contents on any parts of our website visited through Makebell's servers. For the avoidance of doubt, however, if any or all of these data and information becomes personally identifiable to any particular User (whether via the Users' activities recorded after Account log-in, or otherwise mixed in the matrix of data held by Makebell together with other data that constitute Personal Data as referred above), or if any of these data and information (e.g. IP address) are considered as "Personal Data" regulated under any applicable foreign Personal Data protection laws (e.g. GDPR and PIPL) that is applicable to any particular User concerned (if any), such matrix of data as a whole, or such specific data and information in the case of that particular User (if any), will be treated as, and handled by Makebell as, Personal Data in accordance with the provisions of this PICS.

1.3 By submitting or otherwise making available any Personal Data to Makebell (whether on or through our website or otherwise), you hereby represent, warrant, and confirm that you are either the owner or controller of those Personal Data or you have already obtained all relevant consents/authorizations from the relevant third parties (if any) for your use and provision of those Personal Data to us in the context of our Services for the collection, use, transfer and handling by us in accordance with the provisions of this PICS. If you intend to provide any Personal Data relating to any other third parties to us, unless such provision falls within the scope of any exemptions (if any) under any applicable laws, please provide a copy of this PICS to that third party to enable him/her to understand how we handle Personal Data and obtain his/her consent/authorization prior to your disclosure and provision of his/her Personal Data to us. If any third parties' Personal Data is involved but you have not obtained those third parties' consent/authorization, unless your use and provision are exempted (if any) under applicable laws, you should not provide or disclose any of those third party's Personal Data to Makebell (whether on or through our website or otherwise). You are deemed by your provision of those Personal Data to have secured and obtained all such third parties' consent/authorization (where applicable), and we are not responsible for any noncompliance on your part.

2.1 We may need to collect and use Personal Data for the relevant purposes as further set out in Clause 2.4 below. If you do not supply the relevant, up-to-date, and accurate Personal Data that is marked mandatory/necessary/required for the relevant purposes concerned, we may not be able to provide you with our relevant Services and/or the features or functionalities of certain parts or aspects of our Services (whether in whole or in part) may accordingly be affected or not available to you. For example, if you do not give us accurate and updated contact information when you submit inquiries to us, we will not be able to respond or follow up with you.

2.2 Otherwise, where it is optional for you to provide Personal Data, it is entirely voluntary for you to decide whether or not to provide those optional/non-mandatory Personal Data to us.

2.3 All Personal Data (whether mandatory or optional for you to provide) collected or otherwise obtained by Makebell for or in connection with our Website and/or Makebell's Services will be handled in accordance with the provisions of this PICS.

2.4 The objective of service offered by Makebell is to provide Services to aid in the work of our clients. To facilitate such objective, we may collect and use Personal Data for one or more of the following purposes (if and where applicable) from time to time:

2.5 Subject to any specific requirements (if any) under any applicable laws, we will retain Personal Data for such period/duration that is not longer than is necessary for the fulfilment of the relevant purposes (or any directly related purposes) for which the Personal Data is to be used.

2.6 Save for the aforesaid list of purposes under this Section 2, we will not use Personal Data for any other new purposes without getting the relevant data subjects expressed prescribed consent in accordance with the requirements of the PDPO (and/or any other applicable data protection laws, if any and where applicable).

3.1. We will keep your Personal Data confidential, but may disclose or transfer (within or outside of Hong Kong) Personal Data, as relevant and where needed.

3.2 When Makebell entrusts the handling of Personal Data to a third party for the provision of the Services of our website, an agreement will be established with the entrusted party on the purpose of the data handling, the method of data handling, categories of Personal Data, and protection measures of Personal Data.

4.1. Makebell does not use Personal Data and/or provide Personal Data to third parties for direct marketing. If in the future Makebell intends to conduct any such direct marketing activities, Makebell may only do so provided that all the applicable requirements of the direct marketing regime of the PDPO (and the direct marketing requirements of any other data protection laws and regulations such as the GDPR and PIPL, if any, as and where applicable) are fully complied with prior to any such intended use and/or provision (if any). You will at all times have the right to opt-out and object to the use of your Personal Data and/or provision of your Personal Data to any third parties for direct marketing purposes.

5.1. We will take all reasonably practicable steps to maintain and ensure the security of Personal Data in accordance with the requirements of the PDPO. The electronic records (including back-ups) of Personal Data will be stored in cloud storage which the data centre is physically located within Hong Kong or can be migrated to other cloud storage which the data centre is outside of Hong Kong in case of any special arrangement adopted. Only our authorized personnel (who have been trained to handle Personal Data properly and are bound by the duty of confidentiality) will have access to these records and servers on a "need-to-know" and "need-to-use" basis.

5.2. Taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of the processing, and the risks of varying likelihood and severity for the rights and freedoms of natural persons, Makebell (and its data processors, if any) will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to any or all of the following as appropriate: (a) the pseudonymisation and encryption of Personal Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services; (c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

5.3. No data transmission over the Internet or any other public network can be guaranteed to be completely secure. You are responsible for taking reasonably practicable means and precautions to safeguard the security of your computer and device against misappropriation or unauthorized use and access, and to safeguard the security and protection of Personal Data, your Account information, and your Password.

6.1. You agree to indemnify in full and on demand, defend and hold harmless Makebell, its directors, officers, affiliates, associated or related entities, agents, representatives, partners, staff, and employees (collectively, "Makebell Indemnified Parties") from and against any and all claims, proceedings, damages, losses, injuries, liabilities, demands, actions, costs and/or expenses (including legal fees) arising from, or that may be incurred or suffered (whether directly or indirectly) by us and/or any of the relevant Makebell Indemnified Parties, from or in relation to your breach of the relevant representations and/or warranties in this PICS (including those regarding your obtaining of the relevant third parties' consent or authorization for your use and provision of those third parties Personal Data to Makebell under the relevant Makebell Rules).

6.2. No settlement that in Makebell's opinion may adversely affect the rights or obligations of any or all of the Makebell Indemnified Parties shall be made without Makebell's prior written approval.

6.3. For the avoidance of doubt, Section 6 is for the benefit of the Makebell Indemnified Parties, each of which relies on the benefit and protection conferred, and we hereby accept such benefits on behalf of each and all of the Makebell Indemnified Parties.

7.1. You, as the data subject, have the right to request access to and/or correction of your Personal Data in accordance with the PDPO or any other applicable data protection regulations. We will process any such requests in accordance with the requirements of the PDPO or any other applicable data protection regulations. Data subject requests are provided free of charge unless the requests are repetitive, excessive, or unfounded where a reasonable charge may be imposed, and you will be informed in advance of such charge if applicable.

7.2. To the extent permitted under the data protection laws of other jurisdictions that apply to you, in addition to the data access and data correction rights referred above in Clause 7.1, subject to certain conditions, you have the right to have your Personal Data erased, to obtain restriction of the processing of your Personal Data, to data portability, to object to the processing of your Personal Data based on certain grounds, the right to withdraw previously given consent for the processing of your Personal Data, and the right at all times to object to the use of your Personal Data for direct marketing purposes.

7.3. For any inquiries on our data protection practices in this PICS and/or any data subject rights requests, please send your inquiries/requests by post (marked "Attention: Makebell data subject rights requests" to Data Protection Officer (Email: info@makebell.com).

The English version of this PICS shall prevail whenever there is a discrepancy or inconsistency between the English and the other language versions.