PRIVACY POLICY

WKphone

Last Updated: December 10, 2025

1. Introduction

WKphone ("we," "us," or "our") is committed to protecting your privacy and maintaining the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at https://www.wkphone.com/ (the "Site"), use our web portal, and interact with our services, including through forms, registration pages, and SMS communications.

This policy is designed to comply with, and inform you of your rights under, applicable data protection laws worldwide, including:

  • Hong Kong: Personal Data (Privacy) Ordinance (PDPO)
  • European Union: General Data Protection Regulation (GDPR)
  • United Kingdom: UK GDPR and Data Protection Act 2018 (as amended by the Data (Use and Access) Act 2025)
  • United States: California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA)
  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Australia: Privacy Act 1988 and Australian Privacy Principles (APPs)
  • Singapore: Personal Data Protection Act (PDPA)
  • Brazil: Lei Geral de Proteção de Dados (LGPD)

By using the Site or our services, you acknowledge that you have read and understood this policy. If you do not agree with our practices, please do not use our services.

2. Data Controller and Contact Information

The data controller for your personal information is:

WKphone

Registered Address:FLAT/RMA12FZI300 300LOCKHART RD WAN CHAIHONG KONG

General Inquiries: contact@wkphone.com

Data Protection Officer: dpo@wkphone.com

Phone:+86 8457 3969

For questions about this Privacy Policy, data protection compliance, or to exercise your privacy rights, please contact us using the information above.

3. Information We Collect

We collect information that you provide directly to us and information about your use of the Site.

A. Information You Provide Directly

CategorySpecific Data TypesLegal Basis for Processing
IdentifiersName, username, account IDGDPR/UK GDPR: Contract performance, Consent
CCPA/CPRA: Service delivery
PDPO: Consent, Contract
PIPEDA: Consent
LGPD: Contract performance
Contact InformationMobile phone number, email address, mailing addressGDPR/UK GDPR: Contract performance, Consent, Legitimate interest
CCPA/CPRA: Service delivery
PDPO: Consent
APPs: Consent, Contract
PDPA: Consent
Professional InformationCompany name, job title, business contact detailsGDPR/UK GDPR: Legitimate interest, Consent
CCPA/CPRA: Business purposes
PDPO: Consent
PIPEDA: Consent
Communication RecordsMessages sent through contact forms, support tickets, email correspondenceGDPR/UK GDPR: Contract performance, Legitimate interest
CCPA/CPRA: Service delivery
LGPD: Legitimate interest
Account CredentialsPassword (encrypted), security questionsGDPR/UK GDPR: Contract performance
CCPA/CPRA: Security
PDPA: Legitimate interest

B. Information Collected Automatically

When you access the Site, we and our third-party partners may automatically collect certain information via cookies and similar tracking technologies:

CategorySpecific Data TypesLegal Basis
Device InformationIP address, browser type and version, operating system, device identifiers, screen resolutionGDPR/UK GDPR: Legitimate interest, Consent (for non-essential cookies)
CCPA/CPRA: Business operations
PDPO: Consent
Usage DataPages visited, time spent on pages, referring URLs, clickstream data, search queries on the SiteGDPR/UK GDPR: Legitimate interest
CCPA/CPRA: Analytics
Location DataApproximate geographic location based on IP addressGDPR/UK GDPR: Legitimate interest, Consent
CCPA/CPRA: Service delivery

C. Information from Third Parties

We may receive information about you from:

  • Business partners providing joint services
  • Data brokers for business contact verification (B2B only)
  • Social media platforms if you interact with our social media presence
  • Publicly available sources for business verification purposes

4. How We Use Your Information

We use the information we collect for the following purposes:

Purpose of ProcessingCategories of InformationLegal BasisRetention Period
Account Management: Create and manage your account, authenticate your identity, process registrationsIdentifiers, Contact Information, Account CredentialsContract performance, ConsentActive account period + 2 years after account closure or last activity
Service Delivery: Provide, maintain, and improve our products and services, process transactionsAll categoriesContract performance, Legitimate interestDuration of service + 7 years for transaction records (tax/financial compliance)
Authentication & Security: Send authentication codes, security alerts, password reset instructions via SMS or emailContact InformationContract performance, Legal obligation, Legitimate interestAuthentication codes: 90 days
Security logs: 2 years
Customer Support: Respond to inquiries, troubleshoot issues, provide technical assistanceIdentifiers, Contact Information, Communication RecordsContract performance, Legitimate interestSupport tickets: 3 years after resolution
Marketing Communications: Send promotional messages, product updates, newsletters (with your consent)Contact Information, Professional InformationConsent (primary basis)
Legitimate interest (existing customers, subject to opt-out)		Marketing consent: 2 years from last interaction, or until withdrawn
Marketing suppression list: Indefinitely
Analytics & Improvement: Analyze Site usage, understand user behavior, improve functionality and user experienceUsage Data, Device InformationLegitimate interest, Consent (for cookie-based analytics)Analytics data: 26 months (Google Analytics retention)
Security & Fraud Prevention: Detect, prevent, and investigate fraud, unauthorized access, security incidentsAll categoriesLegitimate interest, Legal obligationSecurity incident logs: 5 years
Legal Compliance: Comply with applicable laws, regulations, legal processes, and government requestsAll categoriesLegal obligation, Legitimate interestAs required by applicable law (typically 5-10 years)
Business Operations: Conduct data analytics, auditing, reporting, business planningAggregated/anonymized dataLegitimate interestAnonymized data: Indefinite (no longer personal data)

Automated Decision-Making and Profiling

Current Practice: We do not currently engage in automated decision-making (including profiling) that produces legal effects or similarly significantly affects you.

Future Changes: If we implement automated decision-making in the future, we will:

  • Update this Privacy Policy with details about the logic involved
  • Inform you of the significance and envisaged consequences
  • Provide information about your right to human intervention and to contest the decision
  • Obtain your explicit consent where required by law

Australia APPs Compliance: If we implement automated decision-making affecting Australian residents (effective December 2026), we will disclose this in our privacy policy and provide mechanisms to request human review.

4A. SMS Communications

We may send you SMS (text) messages for service-related and marketing purposes. By providing your mobile phone number, you consent to receive SMS communications as described below.

Types of SMS Messages

A. Service/Transactional Messages (No opt-in required):
  • Authentication codes and security verification
  • Transaction confirmations and receipts
  • Account status notifications
  • Service updates and important announcements
  • Fraud alerts and security warnings

Legal Basis: Contract performance, Legal obligation, Legitimate interest

B. Marketing Messages (Requires explicit opt-in consent):
  • Promotional offers and discounts
  • Product updates and new features
  • Marketing campaigns and surveys

Legal Basis: Consent

Marketing SMS Consent Terms

By opting in to marketing SMS, you agree that:

  • Frequency: You may receive up to 4-8 marketing messages per month. Message frequency may vary.
  • Costs: Message and data rates may apply as charged by your mobile carrier. We do not charge for messages, but your carrier's standard rates apply.
  • Opt-Out: You can opt out at any time by replying STOP to any marketing message. You will receive a confirmation message. After opting out, you will no longer receive marketing messages, but may still receive service-related messages.
  • Help: Reply HELP to any message for assistance, or contact us at contact@wkphone.com.
  • No Purchase Condition: Consent to receive marketing SMS is not a condition of purchasing any goods or services.
  • Supported Carriers: All major carriers supported

SMS Compliance

We comply with SMS marketing regulations including:

  • United States: Telephone Consumer Protection Act (TCPA), CAN-SPAM Act
  • European Union/UK: GDPR, ePrivacy Directive
  • Canada: Canada's Anti-Spam Legislation (CASL)
  • Australia: Spam Act 2003
  • Singapore: Spam Control Act

Consent Requirements:

  • Express written consent for marketing SMS (US TCPA, EU GDPR)
  • Clear disclosure of message frequency, costs, and opt-out mechanism
  • Record retention of consent for compliance purposes (retained for 4 years after consent withdrawal)

Your SMS Rights:

  • Withdraw consent at any time (reply STOP)
  • Access records of your consent
  • Request deletion of your phone number from our marketing lists

5. How We Share Your Information

We do not and will not sell your personal information for monetary or other valuable consideration.

A. Service Providers (Data Processors)

We share personal information with trusted third-party service providers who perform functions on our behalf. These providers are contractually obligated to:

  • Process data only on our instructions
  • Implement appropriate security measures
  • Maintain confidentiality
  • Comply with applicable data protection laws

Categories of Service Providers:

Service CategoryPurposeData SharedLocationRole
Cloud InfrastructureHosting, data storage, server managementAll collected dataUnited States (AWS), EU (Google Cloud)Data Processor
SMS Delivery ServicesDeliver authentication codes and marketing SMSPhone numbers, message contentUnited States, EUData Processor
Email ServicesDeliver transactional and marketing emailsEmail addresses, message contentUnited StatesData Processor
Analytics ProvidersWebsite analytics, user behavior analysisDevice information, usage data, IP addresses (anonymized where possible)United States (Google Analytics), other regionsData Processor/Joint Controller
Payment ProcessorsProcess transactions (if applicable)Payment information, transaction detailsUnited States, EUData Processor
Customer Support ToolsHelp desk, ticketing systemsContact information, support correspondenceUnited StatesData Processor
Security ServicesFraud detection, security monitoringIP addresses, device information, usage patternsUnited States, EUData Processor

Data Processing Agreements (DPAs): All data processors are bound by written agreements incorporating Standard Contractual Clauses (where required) and ensuring GDPR/UK GDPR-equivalent protections.

B. Business Transfers

In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred as a business asset. We will:

  • Provide notice before your information is transferred
  • Ensure the new entity honors this Privacy Policy (or notify you of changes)
  • Obtain consent where required by applicable law

C. Legal Requirements and Protection

We may disclose your information when required or permitted by law:

  • To comply with legal obligations, court orders, subpoenas, or government requests
  • To enforce our Terms of Service or other agreements
  • To protect our rights, property, or safety, or that of our users or the public
  • To detect, prevent, or investigate fraud, security incidents, or illegal activities
  • In connection with legal claims, litigation, or regulatory proceedings

Legal Basis: Legal obligation, Legitimate interest (protection of rights)

D. With Your Consent

We may share your information with third parties when you explicitly consent, such as:

  • Sharing information with business partners for joint offerings
  • Participating in co-marketing campaigns
  • Integrating with third-party services you authorize

E. Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you. Such data is not considered personal information and is not subject to this Privacy Policy.

6. International Data Transfers

As a Hong Kong-based company serving customers worldwide, your personal information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

Countries/Regions Where Data May Be Transferred

Your data may be transferred to and processed in:

  • Hong Kong (primary data center location)
  • United States (cloud services, analytics providers)
  • European Union (cloud services, European customers)
  • Singapore (regional data center)
  • [Add other specific regions as applicable]

Transfer Safeguards

We ensure appropriate safeguards are in place for international transfers:

Transfer RouteSafeguard Mechanism
Hong Kong to EU/EEAEuropean Commission-approved Standard Contractual Clauses (SCCs) (2021 version)
Hong Kong to UKUK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs
Hong Kong to United StatesStandard Contractual Clauses + supplementary measures; EU-US Data Privacy Framework (for certified organizations)
Hong Kong to BrazilBrazilian Standard Contractual Clauses (as per ANPD Resolution CD/ANPD No. 19/2024, effective August 2025)
Hong Kong to SingaporeSingapore-Hong Kong data transfer arrangements
Hong Kong to CanadaStandard Contractual Clauses + PIPEDA compliance
Hong Kong to AustraliaStandard contractual terms + APP compliance
Within adequate jurisdictionsAdequacy decisions (where applicable)

Additional Transfer Protections

For transfers to countries without adequate data protection laws, we implement supplementary measures:

  • Encryption in transit and at rest
  • Pseudonymization and anonymization where feasible
  • Access controls and authentication
  • Regular security audits and assessments
  • Contractual commitments from recipients
  • Technical measures to prevent government access (where legally permissible)

Accessing Transfer Documentation

You may request copies of the safeguards we use for international transfers by contacting us at: dpo@wkphone.com

We will provide:

  • Copies of Standard Contractual Clauses
  • Information about adequacy decisions relied upon
  • Details of supplementary measures implemented

7. Data Security and Retention

A. Security Measures

We implement reasonable and appropriate technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

Technical Safeguards:
  • Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent)
  • Secure authentication mechanisms (multi-factor authentication where available)
  • Regular security vulnerability assessments and penetration testing
  • Intrusion detection and prevention systems
  • Secure backup and disaster recovery procedures
Administrative Safeguards:
  • Access controls limiting data access to authorized personnel on a need-to-know basis
  • Employee training on data protection and security practices
  • Confidentiality agreements with employees and contractors
  • Incident response and breach notification procedures
  • Regular privacy and security audits
Physical Safeguards:
  • Secure data centers with restricted physical access
  • Environmental controls (temperature, humidity, fire suppression)
  • Video surveillance and access logging

Limitation: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

B. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Specific Retention Periods:
Data CategoryRetention PeriodLegal/Business Justification
Account Information (name, email, phone)Active account period + 2 years after account closure or last activityCustomer relationship management, re-engagement, fraud prevention
Account Credentials (hashed passwords)Active account period + 90 days after account deletionSecurity verification, account recovery window
Transaction Records7 years from transaction dateTax compliance, financial auditing, legal requirements (Hong Kong Inland Revenue Ordinance, SOX, etc.)
Marketing Consent Records2 years from last interaction, or until consent withdrawn, then 4 years (consent proof)GDPR consent documentation, TCPA compliance (4 years), marketing effectiveness
Marketing Suppression List (opt-outs)IndefinitelyGDPR legitimate interest, respect user preferences, prevent re-contact
Authentication Codes/Logs90 daysSecurity auditing, fraud investigation
Customer Support Records3 years after ticket resolutionCustomer service improvement, dispute resolution, quality assurance
Security/Access Logs2 yearsSecurity monitoring, incident investigation, compliance auditing
Legal Claims/Litigation HoldDuration of applicable statute of limitations + 1 year (typically 5-7 years)Legal defense, compliance with legal obligations
Website Analytics Data26 months (Google Analytics default)Usage analysis, Site improvement
CCTV/Security Footage (if applicable)30-90 days (unless incident recorded)Security, theft prevention
Anonymized/Aggregated DataIndefiniteNo longer personal data; business analytics, research
Retention Review Process:
  • We conduct periodic reviews (at least annually) to identify and delete data that is no longer necessary
  • Automated deletion processes for time-bound data (e.g., authentication codes)
  • Manual review for complex retention scenarios (e.g., legal holds)
Secure Deletion:

When data is deleted, we:

  • Overwrite data using secure deletion methods
  • Remove data from active databases and backups within a reasonable timeframe
  • Anonymize data where deletion is not technically feasible
  • Maintain deletion logs for compliance purposes

8. Data Breach Notification

We maintain an incident response plan to detect, respond to, and recover from data security incidents.

In the Event of a Data Breach

If we experience a data breach that affects your personal information, we will:

A. Internal Response:
  • Contain and investigate the breach promptly
  • Assess the risk to affected individuals
  • Implement remedial measures to prevent future incidents
  • Document the breach and response actions
B. Notification to Supervisory Authorities:

We will notify applicable data protection authorities without undue delay:

JurisdictionAuthorityNotification TimeframeThreshold
EU/EEARelevant Data Protection AuthorityWithin 72 hours of becoming awareLikely risk to rights and freedoms
UKInformation Commissioner's Office (ICO)Within 72 hours of becoming awareLikely risk to rights and freedoms
Hong KongOffice of the Privacy Commissioner for Personal Data (PCPD)As soon as practicableReal risk of harm
California (US)California Attorney GeneralWithout unreasonable delay500+ California residents affected
CanadaOffice of the Privacy Commissioner of CanadaAs soon as feasibleReal risk of significant harm
AustraliaOffice of the Australian Information Commissioner (OAIC)As soon as practicableLikely to result in serious harm
SingaporePersonal Data Protection CommissionWithin 72 hours (certain breaches)Significant harm or 500+ individuals
BrazilAgência Nacional de Proteção de Dados (ANPD)Within 72 hoursRelevant risk or damage
C. Notification to Affected Individuals:

We will notify affected individuals without undue delay when required by law:

Notification Contents:
  • Nature of the personal data breach
  • Categories and approximate number of individuals affected
  • Categories and approximate number of records affected
  • Likely consequences of the breach
  • Measures we have taken or propose to take to address the breach
  • Contact point for further information (Data Protection Officer)
  • Recommendations for individuals to mitigate potential adverse effects (e.g., password reset, credit monitoring)
Notification Methods:
  • Direct email to affected individuals
  • Prominent notice on our website (if individual contact is not possible)
  • Additional means as required by specific jurisdictions

High-Risk Breaches: For breaches likely to result in a high risk to your rights and freedoms, we will notify you immediately and may offer additional protective measures (e.g., credit monitoring services, identity theft protection).

Your Rights Following a Breach

If you are affected by a data breach, you have the right to:

  • Receive clear and comprehensive information about the breach
  • Lodge a complaint with the relevant supervisory authority
  • Seek compensation for damages (where applicable under law)

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate, analyze, and improve the Site. This section explains our cookie practices and your choices.

What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help websites remember your preferences, authenticate users, and analyze site usage.

Cookie Categories

We use the following categories of cookies:

A. Strictly Necessary Cookies (No consent required)

Purpose: Enable core site functionality that cannot be provided without them.

Examples:

  • Session management and authentication
  • Security and fraud prevention
  • Load balancing and performance optimization
  • Remembering items in your shopping cart (if applicable)

Legal Basis: Legitimate interest (essential for service delivery)

Duration: Session or up to 12 months

Can be disabled? No (Site may not function properly)

B. Functional Cookies (Consent required in EU/UK)

Purpose: Remember your preferences and provide enhanced features.

Examples:

  • Language and region preferences
  • Accessibility settings
  • User interface customization
  • "Remember me" functionality

Legal Basis: Consent (GDPR/UK GDPR), Legitimate interest (other jurisdictions)

Duration: Up to 12 months

Can be disabled? Yes (via cookie settings)

C. Analytics and Performance Cookies (Consent required in EU/UK)

Purpose: Understand how visitors use the Site, identify popular content, and improve user experience.

Examples:

  • Google Analytics: Tracks page views, session duration, bounce rate, traffic sources
  • Heatmap and session recording tools (if applicable)
  • A/B testing and optimization tools

Third-Party Cookies:

Legal Basis: Consent (GDPR/UK GDPR, ePrivacy Directive)

Duration: Up to 26 months

Can be disabled? Yes (via cookie settings or browser settings)

IP Anonymization: We enable IP anonymization in Google Analytics for EU/UK visitors.

D. Marketing and Advertising Cookies (Consent required)

Purpose: Deliver targeted advertisements, track ad performance, and prevent ad repetition.

Examples:

  • Retargeting/remarketing pixels
  • Social media advertising cookies (Facebook Pixel, LinkedIn Insight Tag, etc.)
  • Ad network cookies

Third-Party Cookies:

Legal Basis: Consent

Duration: Up to 12 months

Can be disabled? Yes (via cookie settings)

Cookie Consent Management

EU/UK/Brazil Visitors:

We will obtain your explicit consent before placing non-essential cookies on your device. You can:

  • Accept all cookies
  • Reject all non-essential cookies
  • Customize your cookie preferences

Cookie Preference Center: You can access the cookie preference center at any time through the link in the footer of our website.

How to Manage Cookies

You can manage cookies through your browser settings:

  • Chrome: Settings > Privacy and security > Site settings > Cookies and site data
  • Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy
  • Edge: Settings > Privacy, search, and services > Cookies and site permissions

Note: Disabling cookies may affect the functionality of our Site. Some features may not work properly without certain cookies.

10. Your Rights and Choices

Depending on your jurisdiction, you have various rights regarding your personal information. This section explains your rights and how to exercise them.

Rights by Jurisdiction

RightGDPR/UK GDPRCCPA/CPRAPDPO (HK)PIPEDA (Canada)APPs (Australia)PDPA (Singapore)LGPD (Brazil)
Access/Know
Correction
Deletion/ErasureLimited
Data Portability
Object to ProcessingLimited
Restrict ProcessingLimited
Opt-Out of Sale/SharingN/A
Limit Sensitive Data UseN/A
Withdraw Consent
Lodge Complaint

Detailed Rights Descriptions

A. Right to Know/Access

Request a copy of the personal information we hold about you, including:

  • Categories of personal information collected
  • Sources of information
  • Purposes of processing
  • Categories of third parties with whom we share information
  • Specific pieces of information collected

How to Exercise: Submit a request to dpo@wkphone.com

B. Right to Correction/Rectification

Request correction of inaccurate or incomplete personal information.

How to Exercise:

  • Update your account information directly in your account settings (if applicable)
  • Contact us at dpo@wkphone.com with the correct information
C. Right to Deletion/Erasure ("Right to be Forgotten")

Request deletion of your personal information under certain conditions:

  • Information no longer necessary for the purposes collected
  • You withdraw consent (where consent is the legal basis)
  • You object to processing based on legitimate interests
  • Information was processed unlawfully
  • Legal obligation requires deletion

Exceptions: We may retain information where necessary for:

  • Compliance with legal obligations
  • Establishment, exercise, or defense of legal claims
  • Fulfillment of contractual obligations
  • Other lawful purposes under applicable law

How to Exercise: Submit a deletion request to dpo@wkphone.com

D. Right to Data Portability

Receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller (where technically feasible).

Scope: Applies to data you provided to us based on consent or contract performance.

How to Exercise: Request data export via dpo@wkphone.com

E. Right to Object to Processing

Object to processing of your personal information based on legitimate interests, including:

  • Direct marketing (absolute right)
  • Profiling for marketing purposes
  • Processing for research or statistical purposes
  • Other processing based on legitimate interests (we will cease unless we demonstrate compelling legitimate grounds)

How to Exercise:

  • Marketing opt-out: Click "Unsubscribe" in emails or reply STOP to SMS messages
  • Other objections: Contact dpo@wkphone.com
F. Right to Restrict Processing (GDPR/UK GDPR)

Request restriction of processing under certain circumstances:

  • You contest the accuracy of data (during verification period)
  • Processing is unlawful but you oppose deletion
  • We no longer need the data but you need it for legal claims
  • You object to processing (pending verification of legitimate grounds)

How to Exercise: Contact dpo@wkphone.com

G. Right to Opt-Out of Sale/Sharing (CCPA/CPRA)

Our Practice: We do not sell your personal information for monetary consideration. We do not share your personal information for cross-context behavioral advertising.

If our practices change: We will update this policy and provide a "Do Not Sell or Share My Personal Information" link on our homepage.

Global Privacy Control (GPC): We recognize GPC signals from California, Colorado, Connecticut, and other applicable jurisdictions.

H. Right to Limit Use of Sensitive Personal Information (CPRA)

Our Practice: We do not collect sensitive personal information as defined by CPRA (e.g., Social Security numbers, precise geolocation, racial/ethnic origin, religious beliefs, genetic data).

If our practices change: We will provide an opt-out mechanism for use of sensitive data beyond necessary purposes.

I. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

How to Exercise:

  • Marketing consent: Click "Unsubscribe" or reply STOP
  • Cookie consent: Use our Cookie Preference Center
  • Other consent: Contact dpo@wkphone.com
J. Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection supervisory authority (see Section 13 for contact details).

Exercising Your Rights

How to Submit a Request:

  1. Email: dpo@wkphone.com
  2. Mail: dpo@wkphone.com
  3. Phone: +86 8457 3969

Information to Include:

11. Children's Privacy

We are committed to protecting the privacy of children.

Age Restrictions

General Policy: Our Site and services are not intended for, and we do not knowingly collect personal information from, individuals under the age of 16 without appropriate consent.

Jurisdiction-Specific Ages:

JurisdictionMinimum AgeRequirements
EU/EEA (GDPR)13-16 (varies by member state)Parental consent required for children under the applicable age
UK (UK GDPR)13Parental consent required
United States (COPPA)13Verifiable parental consent required
California (CCPA)13Opt-in consent required for minors 13-15; parental consent for under 13
Hong KongNo specific ageGenerally, parental consent for minors
Australia18 (generally)Parental consent may be required for minors
Brazil (LGPD)18 (generally)Parental consent required, best interest of child must be considered

Parental Consent

If we learn that we have collected personal information from a child without appropriate parental consent, we will:

  • Delete the information as soon as possible
  • Not use or disclose the information
  • Take reasonable steps to notify the parent/guardian (where feasible)

Parental Rights

Parents/guardians have the right to:

  • Review personal information collected from their child
  • Request deletion of their child's personal information
  • Refuse further collection or use of their child's information

To exercise parental rights: Contact us at dpo@wkphone.com with proof of parental authority.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal, regulatory requirements, or for other operational reasons.

Notification of Changes

Material Changes: For significant changes that affect your rights or how we process your data, we will notify you by:

  • Email notification to registered users (at least 30 days before changes take effect for CCPA compliance)
  • Prominent notice on our website
  • Pop-up notification on the Site (for certain changes)
  • In-app notification if applicable

Non-Material Changes: For minor clarifications or administrative updates, we will update the "Last Updated" date at the top of this policy.

Your Continued Use

Your continued use of our Site or services after changes become effective constitutes acceptance of the revised Privacy Policy. If you do not agree with changes, you should discontinue use and may request deletion of your account and data.

Version History

You may request previous versions of this Privacy Policy by contacting dpo@wkphone.com.

13. Contact Us and Supervisory Authorities

Contact Information

For questions about this Privacy Policy, to exercise your privacy rights, or for data protection inquiries:

WKphone

Address: FLAT/RM A12/FZ300 300 LOCKHART RD WAN CHAI HONG KONG

General Inquiries: contact@wkphone.com

Data Protection Officer: dpo@wkphone.com

Phone: +86 8457 3969

Third-Party Links and Services

Our Site may contain links to third-party websites and services that are not owned or controlled by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

We encourage you to review the privacy policies of any third-party websites or services before providing them with any personal information.

Your access to and use of third-party websites and services are solely at your own risk.

Supervisory Authorities

You have the right to lodge a complaint with your local data protection supervisory authority. Below are the relevant authorities for key jurisdictions:

Hong Kong

Office of the Privacy Commissioner for Personal Data (PCPD)

Address: 12/F, Sunlight Tower, 248 Queen's Road East, Wanchai, Hong Kong

Phone: +852 2827 2827

Email: communications@pcpd.org.hk

Website: www.pcpd.org.hk

European Union

Find your national Data Protection Authority: http://edpb.europa.eu/about-edpb/board/members_en

Examples:

  • Ireland (for companies with EU headquarters in Ireland): Data Protection Commission - www.dataprotection.ie
  • Germany: Bundesanstalt für den Datenschutz und die Informationsfreiheit - www.bfdi.bund.de
  • France: Commission Nationale de l'Informatique et des Libertés (CNIL) - www.cnil.fr
United Kingdom

Information Commissioner's Office (ICO)

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Phone: +44 1625 545 745

Website: www.ico.org.uk

United States - California

California Privacy Protection Agency (CPPA)

Website: cppa.ca.gov

Email: regulations@cppa.ca.gov

California Attorney General

Website: oag.ca.gov/privacy

Canada

Office of the Privacy Commissioner of Canada

Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3

Phone: 1-800-282-1376

Email: info@priv.gc.ca

Website: www.priv.gc.ca

Australia

Office of the Australian Information Commissioner (OAIC)

Address: GPO Box 5218, Sydney NSW 2001

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Website: www.oaic.gov.au

Singapore

Personal Data Protection Commission (PDPC)

Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438

Email: info@pdpc.gov.sg

Website: www.pdpc.gov.sg

Brazil

Autoridade Nacional de Proteção de Dados (ANPD)

Website: www.gov.br/anpd

Email: comunicacao@anpd.gov.br

14. Additional Provisions

A. Accessibility

We are committed to making this Privacy Policy accessible to all individuals. If you require this policy in an alternative format (e.g., large print, audio, Braille, different language), please contact us at contact@wkphone.com and we will provide it within a reasonable timeframe.

B. Privacy by Design and Default

We implement privacy by design principles:

  • Data minimization: We collect only data necessary for specified purposes
  • Purpose limitation: We process data only for stated, legitimate purposes
  • Accuracy: We maintain accurate and up-to-date data
  • Storage limitation: We retain data only as long as necessary
  • Security: We implement appropriate technical and organizational measures
  • Accountability: We document our privacy practices and compliance measures

C. Cross-Border Business Operations

As a Hong Kong-based company with global operations, we comply with:

  • Hong Kong's extraterritorial application provisions under PDPO
  • GDPR's territorial scope (Article 3) for offering goods/services to EU residents
  • CCPA's applicability to businesses conducting business in California
  • Similar provisions in other jurisdictions where we serve customers

D. No Waiver

Our failure to enforce any provision of this Privacy Policy does not constitute a waiver of that provision or any other provision.

E. Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

F. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of Hong Kong SAR, without regard to conflict of law principles. However, data protection rights are governed by the applicable data protection laws of your jurisdiction.

For disputes relating to privacy matters, we encourage contacting us directly first. If unresolved, you may:

  • Lodge a complaint with your local supervisory authority
  • Pursue legal remedies under applicable data protection laws
  • Seek arbitration or mediation (where applicable)

15. "Do Not Sell or Share My Personal Information" (CCPA/CPRA)

Our Commitment: We do not sell your personal information for monetary or other valuable consideration, and we do not share your personal information for cross-context behavioral advertising.

If You Are a California Resident:

  • You have the right to opt-out of the sale or sharing of your personal information (if we were to engage in such practices).
  • You have the right to opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

How to Exercise This Right:

  • Email: dpo@wkphone.com with subject line "Do Not Sell My Information"

Global Privacy Control (GPC): We honor GPC signals from browsers for California residents and residents of other jurisdictions that recognize GPC.

No Discrimination: We will not discriminate against you for exercising this right.

16. Definitions

For purposes of this Privacy Policy:

  • "Personal Information" / "Personal Data": Information that identifies, relates to, describes, or could reasonably be linked with you or your household.
  • "Processing": Any operation performed on personal data, including collection, use, storage, disclosure, transfer, or deletion.
  • "Controller" / "Business": The entity that determines the purposes and means of processing personal data (WKphone).
  • "Processor" / "Service Provider": An entity that processes personal data on behalf of the controller.
  • "Data Subject" / "Consumer": The individual to whom personal data relates (you).
  • "Consent": Freely given, specific, informed, and unambiguous indication of your wishes by a statement or clear affirmative action.
  • "Sensitive Personal Information": Special categories of data requiring enhanced protection (e.g., health data, biometric data, precise geolocation, racial/ethnic origin under CPRA).

END OF PRIVACY POLICY

© 2025 WKphone. All rights reserved.