Effective Date: [•] April 2025

Version: 4

BNET-TECH COMPANY LIMITED 必靈科技有限公司 (“BNET”, “our”, “we” or “us”) (BR No. 65943027) is committed to protecting your privacy and ensuring that all personal data provided to us is handled in accordance with the applicable data protection laws, including the provisions of the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”), its Data Protection Principles, and this privacy policy (“Policy”).

***Please read this Policy carefully before furnishing us any information about you or any other person***

This Policy describes the personal data which will be collected or processed when you interact with us, use our Products and Services, or visit our website and Apps. It explains how your personal data is collected, used, processed, stored, shared and protected, the choices you have relating to your personal data, and how you can contact us.

If we have provided a separate privacy notice in relation to any of our Products and Services, those terms will serve to supplement this Policy. Our website and Apps may include links to third-party products and services, websites, plug-ins, social networks or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. This Policy does not cover, and we are not responsible for, the privacy, information or other practices of any third parties. We encourage you to read the privacy notice of every website you visit.

In this Policy:

“Apps” means the applications developed to supplement the delivery of our Products and Services, including but not limited to the STICKu App, ElderlyGo App, and STICKu Carer App;

“personal data” means any information relating to you directly or indirectly, from which it is practicable to ascertain your identity directly or indirectly;

“process” or “processing” means any operation performed on personal data, whether by automated means or not, including without limitation, collecting, recording, structuring, amending, augmenting, deleting, rearranging, retrieving, using, disclosing or disseminating such personal data;

“Products and Services” means the products and services (including the Apps) we provide from time to time, including but not limited to our multi-functional walking stick (“STICKu”) and our AI fall detection LiDAR system (“FADELiSY”), excluding third-party products and services; and

“third-party products and services” mean offerings that are developed or supplied by third parties, not by BNET, but are available on BNET’s website.

Navigating this Policy

You can click on the links below to jump to the relevant section:

1. WHO is responsible for processing your personal data?
2. WHY and HOW do we use your personal data?
3. WHAT personal data do we collect and WHEN?
4. TOOLS to manage what personal data we collect
5. SHARING your personal data
6. PROTECTION and MANAGEMENT of your personal data
7. DIRECT MARKETING
8. CHANGES to our Policy
9. QUESTIONS, complaints and feedback

WHO is responsible for processing your personal data?

BNET is responsible for processing your personal data.

WHY and HOW do we use your personal data?

We use your personal data in the following ways:

To create your user account

We require your personal data, such as your preferred name and contact information, to admit you as a new registered user. You will only be able to enjoy our Products and Services once we have received the necessary information and, if applicable, all verification processes are successfully completed. If you are unable or unwilling to provide such information to us, you may not be able to use all or part of our Products and Services. We also store your information such as your name, email address, and password to facilitate account sign-in.

To send alerts

For certain Products and Services, we may send alerts or warning notifications through our Apps (such as a “fall down alert”) to your nominated caretakers and emergency contacts (or any other contacts you have provided us). By providing the personal data (such as names and contact details) of your nominated caretakers and emergency contacts, we assume you have provided them a copy of this Policy and they have consented to be notified in the specified circumstances.

To record your location and movement

When using our Apps, we may record the location and movement of the (mobile) device on which the Apps are installed. Data such as the location, speed, direction, and time and date of recording will be shown on the Apps. If you have location services enabled on your device, we may collect and use your mobile location to support certain features and functionalities of the Apps and to provide you with location-based services. For instance, if an emergency situation arises, our Apps will send notifications to your nominated emergency contacts containing your name and location.

If you have enabled persistent background location services for our Apps (which can be done by adjusting your operating device settings and toggling on background sharing), we will obtain your device’s location in the following circumstances, even if you are not actively using the Apps. For example:

1. The ElderlyGo App will detect nearby STICKu, and information about your mobile location will be collected if it is near such nearby devices for contact-tracing purposes; and

2. When we receive a missing elderly report from any verified emergency contact of a STICKu user, information about your mobile location will be collected through the STICKu App if you are near to that missing STICKu user.

We use various technologies to determine your mobile location, including but not limited to Bluetooth scanning.

If you have enabled persistent background location services for our Apps and are sharing your background location with us, we may obtain your device’s location (for example in emergency situations) even if you are not actively using the Apps. You may opt-out at any time by adjusting your device’s settings and toggling off background sharing.

To support and enhance our Products and Services

We process the personal data you provide to enhance our Products and Services. We may collect and use information about how you use our Products and Services to improve the user experience, diagnose technical and service issues, and manage the Apps.

To support customer service and share updates about our Products and Services

We plan to enhance our Products and Services from time to time by adding innovative features and strengthening existing functions. In accordance with applicable data protection laws, we will also share with you any updates through the Apps.

To protect our or others’ rights, property or safety

We take steps to protect our Products and Services. If necessary, we may also process data on your Apps to prevent, detect, or investigate fraud, abuse, illegal use, violations of our Terms of Use, and to comply with court orders, governmental requests or applicable laws, regulations and guidelines.

For general research and analysis purposes

As a social enterprise dedicated to enhancing the safety and mobility of the elderly and the disabled, we may use the personal data collected to understand their activities, habits, preferences and behaviour. We will anonymise the data to the extent feasible, and such information will enable us to continuously improve our Products and Services, as well as our collaboration with other stakeholders (e.g. government, non-governmental organisations, charitable organisations, hospitals, clinics and elderly homes) to improve the lives of the elderly and the disabled.

Additionally, we may publish in our marketing materials the number of our users and their demographics in an anonymised or aggregated form. Such information may be shared to potential sponsors or funders to allow them to understand our model and consider providing financial support.

WHAT personal data do we collect and WHEN?

The personal data we may collect includes without limitation:

1. name;
2. personal details (such as gender and date of birth);
3. contact details (such as email address, telephone number, and address);
4. your company name (if applicable);
5. data collected from our Apps (if applicable) (such as activity time, duration, distance, location, walking steps, statistic data, device IDs, network access, storage information, battery information, cookies, and IP addresses);
6. other data collected from our Products and Services (if applicable) (such as sensor data, movement data from your device’s accelerometer, and physiological data measured by vital-sign instruments (e.g. blood pressure, blood oxygen));
7. login and account information (such as screen name, password and unique user ID, and personal preferences); and
8. contact details of your nominated emergency contacts (such as name, email address, and contact number).

When interacting with the Apps, certain data is automatically collected from your device. Such data includes without limitation:

1. device IDs, network access, storage information, battery information; and
2. cookies and IP addresses.

TOOLS to manage what personal data we collect

When you use our Products and Services, we will provide the necessary notice and obtain your consent in accordance with the applicable data protection laws. For example, we may send you push notifications. In such circumstances, we may obtain your consent through our Apps or through any other standard permission settings available on your device.

You can typically control the data collected and shared by adjusting your device’s settings (such as managing location sharing). We encourage you to familiarise yourself with the tools available on your devices to make the most of these settings.

SHARING your personal data

We may share your personal data with other parties to the extent necessary in accordance with this Policy. We may potentially share your personal data with:

1. your nominated emergency contacts in your emergency contact list;
2. your caretakers;
3. our employees and volunteers who need the information to discharge their duties;
4. third-party service providers (such as cloud service providers, SMS vendors, payment gateway providers, data storage providers, and data analysis providers (including but not limited to external medical teams who may be engaged to analyse your personal data to improve our services));
5. other third-party service providers for services ancillary to ours (including but not limited to external manned security service providers);
6. medical service providers and healthcare professionals (including ambulance service providers, emergency medical technicians, and paramedics);
7. any person or entity to whom BNET is under an obligation to make disclosure under applicable laws, regulations or guidelines issued by government, regulatory or other authorities; and
8. any person you have authorised to interact with us on your behalf.

Your personal data may be stored and processed in locations outside of Hong Kong (including but not limited to Singapore), where we have affiliates, facilities, or have engaged service providers. By using the Apps, you understand that your information may be transferred to countries outside of your country of residence. Any such transfer will comply with the data transfer requirements under applicable data protection laws.

We will never sell your personal data to any third party.

PROTECTION and MANAGEMENT of your personal data

Retention of your personal data

Your personal data will only be kept for as long as required or permitted for the purposes (or other permitted linked purpose) for which it is collected, used and/or disclosed, or for any legal or business purposes in accordance with applicable data protection laws. For the avoidance of doubt, we will retain your personal data during the period you use our Products and Services.

Storage and security of your personal data

The personal data that we collect will generally be held on our behalf by third party data storage provider(s). We establish administrative and technical measures to ensure that such personal data is protected. Occasionally, we also keep hard copy records of personal data in physical storage facilities. We use a range of physical and technical processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time to address new and emerging security threats of which we become aware.

Access, correction and deletion personal data

You provide your personal data to us on a voluntary basis, except where specified as mandatory to access or activate certain services. Your personal data will not be kept longer than necessary for the fulfillment of the purposes specified in this Policy.

You have rights under the applicable data protection laws regarding the way we process your personal data. Subject to various exceptions and in accordance with the applicable data protection laws, you may request access to your personal data held by us, request correction to any inaccuracies of your personal data held by us, and request us to cease using your personal data at any time without charge. A reasonable charge may be imposed to cover the administrative cost of preparing an electronic copy of your personal data. You may submit a data access request and/or a data correction request by contacting our Chief Technology Officer via e-mail (info@bnet-tech.com) or phone (+852 3916 7407). Our address is stated in the feedback form.

There may be instances where we are unable to provide the information you request, for example, where it would otherwise infringe any laws, interfere with the privacy of others, or result in a breach of confidentiality. In these cases, we will let you know why we cannot comply with your requests.

Uninstalling the Apps will not automatically delete any information already uploaded to our central storage. If you wish for any of your personal data uploaded to our central storage to be deleted, you can expressly ask us to delete your information using the feedback form on our website.

DIRECT MARKETING

In accordance with the applicable data protection laws, we may from time to time use your contact details to send you marketing materials about, without limitation, our events, programmes, research, volunteer opportunities, news update, and impact reports relating to our Products and Services. We will not use your personal data for direct marketing unless we have received your consent.

You may opt out of receiving marketing communications at any time, with no charge, by submitting the feedback form on our website with your full name and contact details, and we will process your request as soon as practicable.

CHANGES to our Policy

We reserve the right to update, revise, modify or amend this Policy from time to time as we deem necessary. We may not actively notify you of the updates, therefore, we ask you to review this Policy frequently. Changes and clarifications will take effect immediately upon their posting on the website and our Apps. If needed and in accordance with applicable data protection laws, we will also notify you through our App(s).

QUESTIONS, complaints and feedback

We aim to implement high standards in order to protect your privacy. However, if you are concerned about the way in which we are processing your personal data, please contact us using the feedback form on our website.

Should you have any enquiries or feedback about this Policy, feel free to contact us using the feedback form on our website.

***