Personal Information Collection Statement

We, Blackbird Tridente Company Limited take the privacy and protection of your personal information seriously. We collect personal information from you that is necessary or helpful for us to either provide you with the product or service you have requested or to comply with statutory or contractual requirements.

In this PIC statement, we may refer to information about you as your "personal data" or "personal information". We may also sometimes collectively refer to handling, collecting, protecting, and storing your personal information as "processing" such personal information.

The governing version of this PIC statement is the English version and shall prevail when there are inconsistencies between the English version and the Chinese version.

Personal Information Collected

We also usually collect or obtain personal information from you because we observe or infer that information about you from the way you interact with us or others.

The personal information that we collect or obtain typically includes, but is not limited to:

1. your personal details (i.e. salutation title, given and surname name, hashed password);
2. your contact details (i.e. email address, mobile number);
3. your membership number, account status, and activities relating to the account;
4. your preferences for particular products, services, or your hobbies and leisure activities as informed by the above data collected;
5. personal information whenever we communicate with you (e.g. email content, contact information, etc.); and
6. the details you may provide when you complete our voluntary surveys and questionnaires in relation to the purposes noted below that we may send you from time to time (e.g. your demographic information and feedback).

Not all this data will be collected at all times as this will be dependent on the nature of our interaction with you. We will only collect the data necessary for us to fulfil the purposes outlined in this PIC statement.

In some cases, we will also collect personal information about you indirectly from third parties such as third-party service providers that help us to operate our Membership.

Purpose and Use of Collected Personal Information

We may collect, use and retain your personal information for the following purposes or in connection with such purposes:

1. to process your application (e.g. setting up a membership account, etc.);
2. to provide customer services (e.g. respond to enquiries, investigate complaints, etc.);
3. to manage your membership account (e.g. provision of earned reward points, deduct spent or expired reward points, etc.);
4. to enhance our products and services that are available to you through our Membership;
5. to analyse or research your consumer behaviours, enabling us to better understand our customers so that we can provide products and services that have been customised based on your user experiences (e.g. personalised incentives and discounts, etc.);
6. to carry out market and customer analysis using data analytic tools to generate customer insights, segmentations, statistical reports and/or marketing insights which we may use ourselves or share with any subsidiaries of Blackbird Automotive Group for their own use to determine whether you may be interested in new products or services, or to customise the content and types of offers, products, services, incentives and discounts that we present to you. These reports and/or insights are in aggregated form or will be anonymised, secured, and will not contain information that identifies you;
7. to evaluate and improve our business operations and management (including IT resources and infrastructure management, business continuity and risk management, audit, training, statistical analysis for business or security purposes, and any other supporting administrative services and similar purposes);
8. with your consent, we may also use your personal information to send you marketing communications (refer to the "Direct Marketing" section below for further details);
9. to enable us or our affiliates of such personal information to provide electronic services verification of your identity; and
10. to meet any requirements to disclose under any applicable regulation or law (e.g. fraud and crime prevention, etc.).

Some of the purposes above are necessary to allow us to provide products and services, in alignment with your requests, to you and to enable us to comply with applicable laws and regulations.

Cookies and Silently Collected Data Cookies are small text files that are stored on your browser or device by websites, applications, online media, and advertisements when you visit it.

Disclosure and Sharing of Personal Information

To protect your privacy, all personal information held by us will be kept confidential. However, in connection with one or more of the purposes outlined in the "Purpose and Use of Collected Personal Data" section above, there may be circumstances where we share data (which may include your personal data) with third parties who may or may not be located overseas.

To protect your privacy, we are committed to only sharing data with third parties which has either been aggregated and anonymised or which otherwise does not contain your name or contact details. By agreeing to this PIC statement, you agree to allow us to share your personal data for the outlined purposes and use of collected data. We are committed to protecting your personal data and will take reasonable steps to safeguard it in accordance with our Privacy Policy, this PIC statement and all applicable laws.

We may disclose and share details about you within or outside Hong Kong to:

1. Our direct and indirect subsidiaries and holding companies;
2. Third parties that provide services to us (e.g. market research companies, printing, mailing, public relationship service providers, IT systems providers, hosting providers, payroll providers, recruitment, background check providers, IT support providers, customer service providers, debt collection service providers, online platforms for downloading our mobile software applications, etc.) all of which are under a duty of confidentiality to us;
3. professional advisors that provide services to us (e.g. lawyers, accountants, financial advisors, insurers); and
4. government and regulatory authorities as required by laws and regulations.

We do not sell or trade your personal information with any third parties.

Personal information will only be used, disclosed, or transferred for the purposes (or for any directly related purposes) for which it was collected or where it is allowed under the Personal Data (Privacy) Ordinance.

Direct Marketing

In addition to the purposes set out above, we intend to use your personal information in direct marketing, but we may not use your personal information to do so unless we have received your consent.

We would like to:

• send you direct marketing communications about our products and services in connection with the latest news, events, updates, promotions offers, products, services and rewards in relation to retail, reward or loyalty programme, corporate social responsibilities;
• send you direct marketing communications relating to the latest news, events, updates, promotions, offers, products, services and rewards offered by our business partners which relate to automobiles worldwide.

We will not disclose your personal information to any third parties (other than those listed in this PICS) for direct marketing purposes without your consent.

If you do not agree to such use of your personal information in direct marketing, please indicate your objection in the acknowledgment form that may be provided to you.

If you do not want to continue receiving any marketing materials from us, you can click on the unsubscribe function in the relevant direct marketing communication or e-mail marketing@blackbird-tridente.com

Security of Personal Information

We use a range of physical, electronic, and managerial measures to ensure that we keep your personal information secure, accurate, and up-to-date. These measures include:

• education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal information;
• administrative and technical controls to restrict access to personal information on a need-to-know basis;
• technological security measures, including firewalls, encryption, and anti-virus software; and
• physical security measures, such as staff security passes to access our premises.

Whilst there are always risks associated with the transmission of data over the internet (including by e-mail), we take proactive steps to manage these risks and work with business partners who share our view on the importance of protecting your data.

Retention of Collected Personal Information

We will hold your personal information on our systems for no longer than is necessary and in any event no longer than 7 years after cessation of your membership to fulfil the purposes for which it was collected or to comply with legal, regulatory or internal policy requirements. The information will either be irreversibly anonymised or securely disposed when it is no longer needed.

Your Rights and Correction

You have various rights concerning your personal information. In particular, you have a right to:

1. object to our processing your personal information;
2. request access to your personal information from time to time;
3. request an update of the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete; and
4. withdraw consent to our processing of your personal information (to the extent such processing is based on consent).

Contact Us

If you have any questions about our Privacy Policy, this PIC statement, or would like to exercise your rights as noted above, please contact our Data Protection Officer at privacy@blackbird-tridente.com or write to the following address:

You may also use the above contact details if you wish to make a complaint to us relating to your privacy.

We strive to respond to your questions or complaints within 40 days of receiving the communication. In accordance with the terms of the Personal Data (Privacy) Ordinance, we have the right to charge a reasonable fee for processing a data access request. We will clearly inform you what fee, if any, will be charged as soon as possible and in any event not later than 40 days after receiving your request.

If you are dissatisfied with the way we handle your personal information and you wish to report a complaint about it, you also have the right to refer the matter to the Privacy Commissioner for Personal Data in Hong Kong.

Version

This PIC statement may be subject to amendments. Any future changes or additions to the processing of personal information as described in this PIC statement affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.

2021-09-10