top of page

W.A.V. Privacy Policy

This Privacy Policy (the “Policy”) explains how W.A.V. Watch Authenticity Verification Center (“W.A.V.”, “we”, “us”, or “our”) collects, uses, discloses, retains, protects, and transfers your personal data when you use our website (www.wav.tech), mobile application (“W.A.V. Mobile App”), and related services (collectively, the “Services”). For the purposes of Hong Kong law, W.A.V. is the “data user” (similar to a “data controller” in some jurisdictions).

We are committed to protecting your privacy in accordance with Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486) (the “PDPO”) and the Data Protection Principles (the “DPPs”). By using the Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services. We may update this Policy from time to time. We will post changes with an updated effective date, and where required, we will obtain your prescribed consent for any “new purpose” that is not directly related to the original purpose of collection.

1. Definitions

  • “Personal data” has the meaning given in the PDPO: any data relating directly or indirectly to a living individual from which it is practicable for the identity of the individual to be directly or indirectly ascertained, and in a form in which access to or processing of the data is practicable.

  • “Data subject” means an identified or identifiable individual to whom personal data relates.

  • “Data processor” means any person who processes personal data on our behalf and does not process the data for its own purposes.

2. What Personal Data We Collect
2.1 Data you provide to us

  • Account and profile: name, email, phone number, postal address, preferred language, and account credentials.

  • Service requests: watch details (brand, model, reference, serial where provided), photos/videos, service preferences, booking information, and communications relevant to assessments or repairs.

  • Transactions: payment-related information (processed by third-party payment processors; we do not store full payment card details).

  • Communications: inquiries and correspondence via our website forms, WhatsApp (+852-9842-4490), email (info@wav.tech), or other channels; recordings or transcripts may be retained where permitted and disclosed.

  • App-related: device identifiers, activation codes, subscription tier, settings, and crash diagnostics you choose to share.

2.2 Data collected automatically

  • Technical and usage data: IP address, device type, operating system, browser type, app version, pages/screens viewed, features used, timestamps, referral URLs, and general location derived from IP.

  • Cookies and similar technologies: we use cookies, SDKs, and pixels to support core functionality, remember your preferences, gather analytics, and improve the Services. See our Cookie Policy on www.wav.tech for details and choices.

2.3 Data from third parties

  • Payment processors for transaction verification and fraud prevention.

  • Cloud/hosting, analytics, and security vendors for service delivery and usage insights (e.g., aggregate or de-identified trends).

  • Identity verification or logistics partners where necessary for specific features (e.g., physical examination bookings, shipping).

We do not intentionally collect sensitive categories (e.g., health, biometric templates) unless strictly necessary for a stated purpose and permitted by law. We generally avoid collecting Hong Kong Identity Card numbers or copies unless required by law or essential for identity verification; where collected, we apply heightened safeguards.

3. How We Use Your Personal Data (Purpose and Use Limitation)
We collect and use personal data only for the purposes described below and for other purposes that are directly related to those purposes. We will not use personal data for a “new purpose” that is not directly related unless we have obtained your prescribed consent.

  • Provide and operate the Services: user registration, authentication, fraud prevention, watch authenticity assessments (including image-based and physical examinations), report generation, repairs, and bookings.

  • Customer support and communications: responding to inquiries, providing updates on services, and managing service-related notifications.

  • Service improvement and analytics: monitoring performance, diagnosing issues, enhancing features, improving assessment tools and AI-assisted workflows using aggregated or de-identified data wherever feasible.

  • Account and subscription management: activation codes, subscription status, renewals, and billing support.

  • Legal and compliance: compliance with applicable laws and lawful requests, enforcement of our terms, security incident prevention and response, and exercise or defense of legal claims.

  • Direct marketing: We will only use your name, contact details, and service preferences for our direct marketing (e.g., product updates, offers, events) if we have obtained your consent as required by the PDPO. You may opt out at any time without charge by following unsubscribe instructions or contacting us.

4. Lawful Basis Under Hong Kong Law

Under the PDPO, we follow purpose specification and use limitation principles rather than a closed list of “legal bases.” We collect and use personal data for the purposes notified at or before collection (or directly related purposes) and obtain prescribed consent where the PDPO requires it (for example, for direct marketing or for a new, unrelated purpose).
 

5. Cookies and Similar Technologies

  • Types: strictly necessary, functional, performance/analytics, and (where applicable) advertising cookies/pixels.

  • Choices: you can manage non-essential cookies via our Cookie Policy or your browser/app settings. Disabling certain cookies may impact functionality.

6. Disclosures of Personal Data
We do not sell your personal data. We may disclose personal data to:

  • Service providers and data processors: cloud hosting, data storage, analytics, security, payment processors, communications, logistics, and customer support providers, bound by contractual obligations to process data only on our instructions and to implement appropriate security measures.

  • Affiliates: within the Watch God Group (if applicable) for internal administration consistent with this Policy and the PDPO.

  • App stores and platform providers: to enable distribution, updates, and crash diagnostics under their privacy terms.

  • Professional advisors: auditors, legal counsel, and insurers for legitimate business and compliance purposes.

  • Legal and regulatory: to law enforcement, regulators, courts, or competent authorities where required by law or lawful request, or to protect our rights, users, or the public.

  • Business transfers: in connection with any merger, acquisition, restructuring, financing, or sale of assets, subject to confidentiality obligations and continued protection consistent with this Policy.

7. International Transfers
Some recipients (e.g., cloud providers) may be located outside Hong Kong. Section 33 of the PDPO (cross-border transfer) has not yet commenced; nonetheless, we adopt contractual or other means to ensure that any personal data transferred outside Hong Kong is protected to standards comparable to those in Hong Kong. These measures may include robust data processing agreements, access controls, encryption in transit and at rest, and vendor due diligence.
 

8. Data Security
We take all practicable steps to protect personal data against unauthorized or accidental access, processing, erasure, loss, or use, including administrative, technical, and physical safeguards (e.g., access controls, encryption, firewalls, audit logs, staff training, and vendor oversight). However, no system can be guaranteed 100% secure.
 

9. Data Breaches
While Hong Kong law does not currently mandate breach notification generally, we follow PCPD-recommended good practices. Where a data breach creates a real risk of harm, we will act promptly to contain and assess the incident and, where appropriate, notify affected individuals and/or the Office of the Privacy Commissioner for Personal Data (PCPD) and relevant parties as soon as reasonably practicable.
 

10. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy (including any directly related purposes) and to comply with legal, regulatory, tax, accounting, or reporting requirements. As guidance:

  • Account and service records: retained while your account is active and for a reasonable period thereafter.

  • Reports and service history: typically retained up to seven (7) years to support after-service inquiries, quality assurance, dispute resolution, and legal requirements.

  • Communications and inquiries: retained for a period appropriate to the inquiry lifecycle and applicable retention obligations.
    We securely delete or anonymize data when retention is no longer necessary for the stated purposes.

11. Your Rights
Subject to the PDPO, you have the following rights:

  • Data access request (DAR): to ascertain whether we hold personal data about you and to obtain a copy of such data.

  • Data correction request (DCR): to request correction of personal data that is inaccurate, incomplete, misleading, or not up to date.
    How to exercise your rights:

  • Submit your request to info@wav.tech and indicate “Data Access Request” or “Data Correction Request.”

  • We may request information to verify your identity and to locate the data requested.

  • We will respond within the time required by law (generally within 40 calendar days). If we are unable to comply within this period, we will inform you of the reasons and the expected timeframe.

  • We may charge a reasonable fee to process a DAR, limited to the necessary costs of compliance. We do not charge for processing a DCR.

  • Where a correction is made, we will, where practicable, provide the corrected data to third parties to whom the data was disclosed during the 12 months immediately preceding the correction, unless it is not practicable or would involve disproportionate effort.
    Other choices:

  • Direct marketing: you can withdraw consent at any time without charge.

  • Cookies and analytics: manage via our Cookie Policy or device/browser settings.

  • App permissions: you may revoke camera, photo library, storage, notifications, or location permissions through your device settings; this may affect functionality.

Note: The PDPO does not provide a general “right to erasure.” However, we will delete personal data that we no longer need for any purpose stated in this Policy, subject to legal obligations to retain certain records.

12. Children’s Privacy
Our Services are not directed to children under 16. We do not knowingly collect personal data from children under 16 without verifiable parental or guardian consent. If you believe a child under 16 has provided personal data to us without appropriate consent, please contact us and we will take steps to delete the data where appropriate.
 

13. Data Processors and Third Parties
We use contractual or other means to ensure our data processors:
 

  • process personal data only on our documented instructions;

  • take all practicable steps to protect personal data against unauthorized or accidental access, processing, erasure, loss, or use;

  • do not retain personal data longer than is necessary for the fulfillment of the purpose for which it is used.

14. Communications via Third-Party Channels
If you contact us via third-party channels (e.g., WhatsApp, app stores, social media), your interactions may also be governed by those third parties’ privacy policies and terms. Please avoid transmitting sensitive information via unencrypted or public channels.
 

15. Third-Party Links and Content
The Services may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing personal data. Where content is hosted by third parties (e.g., embedded media), those third parties may collect data in accordance with their own policies.
 

16. Automated Processing
We may use automated tools to assist with fraud detection, security monitoring, and preliminary image-based assessments. Such processing does not involve solely automated decisions that produce legal or similarly significant effects on you. Human review is available for material decisions affecting your service outcome.
 

17. Changes to This Policy
We may update this Policy to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will take reasonable steps to notify you (e.g., by posting on our website or in-app notice). Where we intend to use personal data for a new purpose not directly related to the original purpose of collection, we will obtain your prescribed consent as required by the PDPO before such use.
 

18. Jurisdiction and Governing Law
This Policy and any non-contractual obligations arising out of or in connection with it are governed by the laws of the Hong Kong Special Administrative Region. Any disputes arising in relation to this Policy are subject to the exclusive jurisdiction of the Hong Kong courts.
 

19. Contact Us
To make a request or query regarding this Policy or your personal data:

  • Email: info@wav.tech

  • Phone: +852-9842-4490
    Please include your name, contact details, and sufficient information to enable us to identify you and locate the relevant data.

20. Notes and Cross-Jurisdictional Resources

  • If you believe any materials hosted or displayed via our Services infringe your intellectual property rights, you may notify us with sufficient particulars to identify the content and substantiate your claim. We will review and act in accordance with applicable law and generally accepted online notice-and-takedown practices (the U.S. DMCA under Title 17 is a commonly referenced model for such procedures; this does not change that Hong Kong law governs this Policy) [1].

  • For users seeking authoritative repositories of statutory materials in other jurisdictions (for reference only and without changing that Hong Kong law governs): USA.gov provides gateways to U.S. laws and regulations; the Justice Laws Website provides access to Canadian federal statutes and regulations; provincial repositories such as British Columbia Laws provide local legislation [6][3][5][2].

 

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

bottom of page