Privacy policy
PRIVACY POLICY – VOUCH-LAB
Operated by Marketwintime Limited
Company Registration No.: 78877451
Registered Office: N0.5, 17/F, Strand 50, 50 Bonham Strand, Sheung Wan, Hong Kong
Last updated: 2025
This Privacy Policy describes how Vouch-Lab, operated by Marketwintime Limited (“we”, “us”, “our”), collects, uses, stores, and protects personal data relating to individuals and businesses (“User”, “you”, “your”) when accessing or using the website www.vouch-lab.com (the “Site”) and our Services.
By using the Site, you consent to the practices described in this Privacy Policy.
Clause 1 – Definitions
For the purpose of this Privacy Policy:
1.1 “Personal Data” means any information that directly or indirectly identifies an individual, such as name, email address, billing information, or IP address.
1.2 “Processing” means any operation performed on Personal Data, whether automated or not, such as collection, storage, use, transfer, or deletion.
1.3 “User” refers to any natural person (individual consumer) or legal person (company, agency, organisation) accessing the Site or purchasing Services.
1.4 “Services” refers to the voucher-based marketing, design, analytics, and related growth solutions made available through the Site.
1.5 “Controller” means the entity determining the purposes and means of data processing – here, Marketwintime Limited.
1.6 “Processor” means any third party engaged by us to process data on our behalf, such as hosting providers, payment gateways, or email service platforms.
Clause 2 – Scope and Applicability
2.1 Applicability
This Privacy Policy applies to all Users of the Site, regardless of whether they are browsing, requesting information, creating an account, purchasing vouchers, or receiving deliverables.
2.2 Geographic reach
Given the international nature of our Services, this Policy is designed to comply with applicable data protection laws in Hong Kong, as well as international frameworks such as the UK GDPR, the EU GDPR, and other comparable regulations where relevant.
2.3 Contractual integration
This Privacy Policy forms part of the binding Terms & Conditions and Supplementary Terms and applies concurrently with them.
2.4 Exclusions
This Policy does not govern third-party websites or platforms linked on the Site. Such third parties operate under their own privacy policies, and we disclaim liability for their practices.
Clause 3 – Categories of Data Collected
We may collect the following categories of Personal Data:
3.1 Identity Data – full name, company name, professional role, username, and password (for accounts).
3.2 Contact Data – email address, telephone number, postal address, country of residence.
3.3 Transaction Data – voucher purchases, payment details (processed via third-party payment providers), invoicing records.
3.4 Technical Data – IP address, browser type/version, device identifiers, cookies, and similar tracking technologies.
3.5 Usage Data – activity on the Site (pages visited, forms submitted, time spent), interaction with communications, preferences.
3.6 Marketing Data – opt-in preferences for newsletters, promotional campaigns, surveys, or retargeting.
3.7 Client Project Data – information voluntarily provided by the User in connection with the execution of Services (e.g., campaign briefs, creative assets, analytics access).
Clause 4 – Methods of Data Collection
We collect data using the following methods:
4.1 Direct interactions – data you provide when creating an account, purchasing vouchers, completing forms, or contacting us.
4.2 Automated technologies – data collected automatically via cookies, tracking pixels, server logs, and analytics tools.
4.3 Third-party integrations – data collected through payment processors, CRM platforms, communication tools, and marketing automation providers.
4.4 Service execution – data provided voluntarily for the performance of Services (e.g., access to social media accounts, analytics dashboards, website back-end credentials).
4.5 Publicly available sources – where relevant, we may enrich your information with data available from business directories, professional networks, or public databases.
Clause 5 – Purposes of Processing
We process Personal Data for the following purposes:
5.1 Service provision – to deliver purchased vouchers, execute marketing deliverables, and ensure contract performance.
5.2 Account management – to maintain User accounts, authentication, and secure access.
5.3 Communication – to respond to enquiries, provide customer support, and send service-related notifications.
5.4 Marketing and promotions – to send newsletters, special offers, or personalised recommendations, subject to User consent where required.
5.5 Analytics and improvements – to monitor Site performance, improve usability, and enhance our catalogue of Services.
5.6 Legal compliance – to meet obligations under applicable laws, including invoicing, fraud prevention, and anti-money laundering where relevant.
5.7 Dispute resolution – to investigate, respond to, and manage legal claims or complaints involving Users.
Clause 6 – Legal Bases for Processing
We process Personal Data on the following legal grounds, depending on the nature of the processing activity:
6.1 Performance of a contract – when processing is necessary to provide the Services purchased (e.g., voucher fulfilment, campaign delivery).
6.2 Consent – where you voluntarily provide consent (e.g., for newsletters, promotional emails, optional cookies). Consent may be withdrawn at any time without affecting the lawfulness of prior processing.
6.3 Legitimate interests – where processing is necessary for our business operations and does not override your fundamental rights (e.g., security monitoring, fraud prevention, improving Site usability).
6.4 Legal obligations – where processing is required to comply with statutory or regulatory obligations (e.g., accounting, anti-fraud, AML compliance where applicable).
6.5 Vital interests – in rare circumstances, we may process Personal Data to protect vital interests of the User or another person (e.g., security incidents).
Clause 7 – Data Retention Periods
7.1 General principle
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention is required by law.
7.2 Retention by category
- Account data: kept as long as the User maintains an active account, and up to 3 years after closure.
- Transaction and invoicing data: retained for a minimum of 7 years to comply with accounting and legal requirements.
- Marketing data: kept until the User withdraws consent or unsubscribes from communications.
- Client project data: retained for 2 years after the completion of Services, unless otherwise agreed in writing.
- Technical and analytics data: stored for up to 24 months, then anonymised or deleted.
7.3 Archiving and deletion
At the end of retention periods, data will be securely deleted, anonymised, or archived in compliance with applicable laws.
Clause 8 – Data Sharing with Third Parties
8.1 Service providers
We may share Personal Data with trusted service providers strictly for the purpose of delivering our Services, such as:
- Hosting providers and cloud storage platforms;
- Payment processors and financial institutions;
- Email marketing and CRM platforms;
- Freelancers or subcontractors engaged for specific deliverables.
8.2 Legal disclosures
We may disclose Personal Data to competent authorities if required by law, regulation, or court order.
8.3 Business transfers
In the event of a merger, acquisition, or transfer of assets, Personal Data may be transferred as part of the transaction, subject to confidentiality safeguards.
8.4 No unauthorised resale
We do not sell, rent, or trade Personal Data to third parties for commercial gain.
Clause 9 – International Data Transfers
9.1 Cross-border operations
As we operate internationally, Personal Data may be transferred and processed outside your country of residence, including transfers from the EU/UK to Hong Kong or other jurisdictions.
9.2 Safeguards
Where data is transferred outside regions with equivalent data protection laws (e.g., GDPR zones), we implement safeguards such as:
- Standard contractual clauses approved by the European Commission or UK ICO;
- Binding corporate rules;
- Data processing agreements with third-party providers.
9.3 User acknowledgment
By using our Services, Users acknowledge and accept that their data may be subject to international transfers, with appropriate safeguards in place.
Clause 10 – Data Security
10.1 Technical and organisational measures
We implement robust security measures to protect Personal Data, including:
- Encryption of sensitive data during transmission and storage;
- Firewalls, intrusion detection systems, and access controls;
- Regular security audits and monitoring.
10.2 Access control
Personal Data is only accessible to authorised staff, contractors, or service providers who require such access for legitimate business purposes and are bound by confidentiality obligations.
10.3 User responsibility
Users are responsible for maintaining the confidentiality of their login credentials and for ensuring that their own systems are adequately protected against cyber threats.
10.4 Incident response
In case of a data breach likely to result in a high risk to Users’ rights and freedoms, we will notify the affected Users and competent authorities in accordance with applicable law.
Clause 11 – User Rights
11.1 Right of access
Users have the right to request confirmation of whether their Personal Data is being processed and to obtain a copy of such data.
11.2 Right to rectification
Users may request correction of inaccurate or incomplete data concerning them.
11.3 Right to erasure (“right to be forgotten”)
Users may request deletion of their Personal Data where processing is no longer necessary, consent has been withdrawn, or where the data was unlawfully processed.
11.4 Right to restriction of processing
Users may request that processing be restricted in certain circumstances, such as during the verification of contested data.
11.5 Right to data portability
Where processing is based on consent or contract, Users have the right to receive their Personal Data in a structured, machine-readable format and to transmit it to another controller.
11.6 Right to object
Users may object at any time to processing carried out on the basis of legitimate interests or for direct marketing purposes.
11.7 Exercising rights
Requests to exercise these rights must be made in writing to the contact details provided in Clause 15. We will respond within the statutory timeframe.
Clause 12 – Cookies and Tracking Technologies
12.1 Use of cookies
The Site uses cookies and similar technologies to ensure functionality, measure performance, and personalise User experience.
12.2 Types of cookies
- Strictly necessary cookies – essential for the operation of the Site;
- Performance cookies – used for analytics and traffic measurement;
- Marketing cookies – used to deliver relevant advertising and retargeting;
- Functional cookies – improve User experience by remembering preferences.
12.3 Consent
Except for strictly necessary cookies, all other cookies require User consent. Consent is obtained via the cookie banner on the Site and can be withdrawn at any time.
12.4 Third-party cookies
Third-party providers (e.g., Google Analytics, Meta Ads) may place cookies on the Site. Users are encouraged to review their respective privacy policies.
Clause 13 – Direct Marketing and Communications
13.1 Newsletters and promotions
Where Users have opted in, we may send newsletters, promotional offers, or product updates by email.
13.2 Right to unsubscribe
Users may unsubscribe at any time by using the “unsubscribe” link included in each communication or by contacting us directly.
13.3 Targeted marketing
With consent, we may use tracking data to personalise marketing content and improve campaign relevance.
13.4 Prohibited use
We do not send unsolicited commercial communications to Users who have not consented, in accordance with applicable anti-spam regulations.
Clause 14 – Modifications to this Privacy Policy
14.1 Right to update
We reserve the right to amend or update this Privacy Policy at any time, to reflect legal, technical, or business developments.
14.2 Notification
If material changes are made, we will notify Users via a notice on the Site or by email where feasible.
14.3 User responsibility
It is the User’s responsibility to regularly review this Privacy Policy to remain informed of updates.
14.4 Effective date
The latest version of the Policy is indicated by the “Last updated” date at the top of this document.
Clause 15 – Contact and Data Protection Officer
15.1 Contact details
Any questions, requests, or complaints regarding this Privacy Policy may be addressed to:
Marketwintime Limited
N0.5, 17/F, Strand 50, 50 Bonham Strand, Sheung Wan, Hong Kong
Email: ……………………….
Telephone: ………………….
15.2 Data Protection Officer (DPO)
Where required by law, we appoint a Data Protection Officer to oversee compliance with this Policy. Contact details of the DPO may be provided upon request.
15.3 Regulatory authority
Users residing in jurisdictions with supervisory authorities (e.g., Hong Kong PCPD, UK ICO, EU DPAs) have the right to lodge a complaint with the competent authority if they believe their rights have been infringed.