PRIVACY POLICY

1. Introduction

Minisport HK Limited ("Minisport", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong ("PDPO"), as amended.

This Policy applies to all users of our websites, mobile applications, WhatsApp channel, and related services (collectively, the "Services").

By using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our Services and contact us to request deletion of your data.

2. What Personal Data We Collect

We only collect personal data that is necessary to provide our Services.

a. Identity and Contact Information

• Parent or guardian name
• Child's name
• Child's date of birth or age
• Email address
• Telephone number (including WhatsApp number)

b. Account and Profile Information

• Username or account identifiers
• Profile picture (if provided)
• Programme preferences and class history

c. Programme-Related Information

• Your child's physical ability or developmental stage (where voluntarily provided by you to assist with appropriate class placement)
• Preferred class venues, times, and districts
• Attendance records and makeup token history
• Notes provided by coaches regarding your child's progress or participation

d. Payment and Transaction Information

• Payment records and transaction history
• Invoice details
• Refund or credit records

e. Communications Data

• Messages sent to us via WhatsApp, email, or other channels
• Records of customer service interactions, including those handled by AI-assisted systems

f. Media Content

• Photos or videos of sessions or activities (where applicable and with your prior consent)

g. Technical and Usage Data

• IP address
• Browser and device information
• Cookies and usage data
• General location data (e.g. country or region derived from IP address)

3. How We Collect Personal Data

a. Direct Interactions

• When you register for programmes
• When you contact us via WhatsApp, email, telephone, or online forms
• When you submit forms or make purchases
• When you communicate with our customer service team or AI-assisted support system

b. Automated Technologies

• Through cookies and similar technologies on our website and application
• Through server logs and analytics tools
• Through automated responses and workflows in our customer relationship management (CRM) system

c. Third-Party Services

• Payment processors
• Social media platforms (if you interact with us through them, including Meta platforms)
• WhatsApp and the WhatsApp Business API (operated by Meta Platforms)
• Our CRM platform (GoHighLevel) used to manage contacts and communications

4. Purposes of Data Collection

a. Service Delivery

• Managing registrations and programme participation
• Delivering our programmes and services
• Communicating with parents and guardians regarding bookings, schedules, and class updates
• Assigning children to appropriate age and ability groups

b. Administrative Communication

• Sending service-related updates, booking confirmations, and reminders
• Responding to enquiries via all channels including WhatsApp
• Providing customer support, including through AI-assisted tools

c. Service Improvement

• Analysing usage trends and customer feedback
• Improving our website, application, and service delivery
• Monitoring the quality and accuracy of AI-assisted communications

d. Legal and Safety Purposes

• Complying with applicable laws and regulations
• Protecting the safety of participants, guardians, and staff
• Maintaining records as required by law

e. Direct Marketing (With Consent Only)

With your consent, we may send programme updates, new offerings, promotions, and event information. You may opt out at any time (see Section 11).

4A. AI-Assisted Customer Service and Automated Processing

a. Use of AI Tools

Minisport uses artificial intelligence (AI) language model technology, provided by Anthropic PBC (the developer of "Claude"), to assist in handling customer service enquiries received via WhatsApp and other messaging channels.

When you send a message to Minisport via WhatsApp:

• Your message content may be processed by an AI system to generate a response
• The AI system operates under instructions set by Minisport to ensure responses are accurate, appropriate, and consistent with our policies
• Minisport staff review AI-generated communications and retain oversight of all customer interactions

b. Automated Workflows

We use automated workflows within our CRM system (GoHighLevel) to manage communications, trigger follow-up messages, and route enquiries. You may receive automated messages from us as part of these workflows. These are sent on behalf of Minisport and are subject to this Privacy Policy.

c. No Fully Automated Decisions with Legal Effect

We do not make decisions that have a legal or similarly significant effect on you solely by automated means without human oversight. AI tools are used to assist our team, not to replace human judgment on matters affecting your rights or your child's participation.

d. Message Content and Confidentiality

Message content processed through AI systems is used solely for the purpose of generating customer service responses. Anthropic's data processing practices are governed by their own privacy policy and data processing agreements, which Minisport has reviewed for adequacy under PDPO requirements.

5. Sharing of Personal Data

We do not sell personal data.

a. Service Providers

Third parties who assist us in providing our Services, including payment processing, IT hosting and infrastructure, customer relationship management (GoHighLevel), customer support and communications, and AI-assisted enquiry handling (Anthropic PBC — see Section 4A). These providers are bound by confidentiality obligations and data processing agreements and are only permitted to use your data for the specific purposes for which it was shared.

b. Messaging Platform Providers

When you communicate with us via WhatsApp, your message data passes through Meta Platforms' infrastructure (WhatsApp Business API). Meta's processing of data transmitted via WhatsApp is subject to Meta's own privacy policy. We encourage you to review Meta's privacy practices.

c. Legal Authorities

Where required by law or court order, or where necessary to protect the rights, safety, or property of Minisport, our clients, or the public.

d. Business Transfers

In connection with any merger, acquisition, sale of assets, or restructuring of Minisport, personal data may be transferred to a successor entity, subject to equivalent data protection obligations.

5A. Third-Party Data Processors

The following third-party processors may handle your personal data as part of our Services:

Processor	Location	Purpose
Anthropic PBC	United States	AI language model processing of customer enquiries (Claude)
Meta Platforms (WhatsApp)	United States	Messaging infrastructure for WhatsApp Business communications
GoHighLevel	United States	CRM, contact management, and automated communication workflows
Payment Processors	Various	Secure processing of class fees and transactions

6. Cross-Border Data Transfers

Your personal data may be transferred outside Hong Kong, including to the United States, where our AI service provider (Anthropic PBC), messaging platform provider (Meta Platforms), and CRM provider (GoHighLevel) are based.

Where such transfers occur, we take reasonable steps to ensure your personal data receives appropriate protection, including through:

• Data processing agreements with each provider
• Review of each provider's security certifications and privacy commitments
• Industry-standard security measures consistent with PDPO requirements

If you have questions about the safeguards in place for cross-border transfers, please contact us (see Section 14).

7. Data Retention

We retain personal data only for as long as necessary to provide our Services, meet legal and regulatory requirements, and resolve disputes and enforce our agreements.

In general, we retain contact and account data for the duration of your relationship with us and for a reasonable period thereafter. Payment records are retained for a minimum of seven years in accordance with Hong Kong tax and accounting requirements.

Data will be securely deleted or anonymised when no longer required.

8. Data Security

We use reasonable technical and organisational measures to protect personal data, including:

• Access controls restricting personal data to authorised personnel and service providers on a need-to-know basis
• Secure systems and encrypted storage where appropriate
• Regular review of third-party processor security standards
• API key management and secure credential storage for integrated systems
• Staff awareness of data protection obligations

However, no system can be completely secure. In the event of a data breach that is likely to result in a risk to your rights and interests, we will notify you and the Office of the Privacy Commissioner for Personal Data (PCPD) in accordance with our obligations under the PDPO.

9. Children's Privacy

Our Services are designed for and involve children. We take the privacy of children's data seriously and apply heightened care accordingly.

• We collect personal data relating to children only with the consent of a parent or guardian
• Account holders must be adults (parents or guardians) — children do not hold accounts directly
• Children's data, including developmental and physical ability information shared by parents, is used solely for the purpose of safe and appropriate class placement and service delivery
• We do not use children's personal data for profiling, marketing, or any purpose beyond direct programme delivery
• Access to children's data is restricted to authorised Minisport staff and service providers with a legitimate operational need

If you believe personal data relating to a child has been collected without proper parental or guardian consent, please contact us immediately (see Section 14).

10. Your Rights

Under the Personal Data (Privacy) Ordinance (PDPO), you have the right to:

• Access your personal data held by us
• Request correction of inaccurate or incomplete data
• Withdraw consent for direct marketing communications
• Request deletion of your data, subject to legal limitations (e.g. retention required by law)
• Be informed of the purposes for which your data is used

Data Access Requests (DAR)

To make a Data Access or Correction Request, please contact us in writing (see Section 14). We will respond within 40 days as required under the PDPO. We may charge a reasonable administrative fee where permitted by law.

11. Direct Marketing Opt-Out

You may opt out of marketing communications at any time by:

• Clicking the unsubscribe link in marketing emails
• Replying "STOP" to marketing WhatsApp or SMS messages
• Contacting us directly (see Section 14)

Administrative messages related to your active enrolments (e.g. booking confirmations, class reminders, policy updates) are necessary for service delivery and cannot be opted out of while your account is active.

12. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and application to ensure functionality, analyse usage patterns, and support marketing and analytics tools. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website.

13. Third-Party Links

Our Services may contain links to third-party websites or platforms (including social media). We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies independently.

14. Contact Us

If you have questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us:

Data Protection Contact
Email: support@minisport.hk

1111, 19/F, the Hive
18 Tang Lung Street
Causeway Bay
Hong Kong

For Data Access Requests, please mark your correspondence "Data Access Request — FAO Privacy".

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we use.

Material changes (such as new uses of personal data or new third-party processors) will be communicated to existing clients by email or WhatsApp notification prior to taking effect.

Minor updates will be posted on our website with a revised "Last Updated" date. Continued use of our Services following notification of updates constitutes acceptance of the revised Policy.