Privacy Statement

Last updated: March 2026

This Privacy Statement sets out how HKeTaxi (operated by Tiffdesign Limited) ("HKeTaxi", "we", "us" or "our") collects, uses, manages and protects the personal data ("Data") of users of the HKeTaxi Charging mobile application ("App"). This statement applies to all licensed electric taxi drivers and operators who register for or use our Services. The purpose of this Privacy Statement is to provide you with clear and transparent information about our data practices in accordance with the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) (the "Ordinance") and its 2021 Amendment.

Protecting Your Privacy

We are committed to processing your Data in accordance with the required standards, and to protecting your privacy and ensuring the security of your Data in compliance with the Ordinance. Where we are required by law to obtain your written or in-app consent before using your Data for a specified purpose, we will do so before proceeding.

Your Data

We collect only the Data that is necessary for the operation of the App and the provision of our Services (which include identity verification, account registration and management, electronic wallet top-up and management, and EV charging transaction processing, collectively "Services"). The Data we may collect includes, but is not limited to:

  1. your name, date of birth and details documented on your Hong Kong Identity Card or valid Hong Kong driving licence;
  2. contact details including name, address, mobile telephone number and/or email address;
  3. payment details including credit card, debit card and other electronic payment instrument data, processed in accordance with applicable payment security standards;
  4. account credentials including username, PIN and/or password;
  5. device-specific information such as hardware model, operating system version, unique device identifier, and mobile network configuration, for the purposes of app security and fraud prevention;
  6. biometric data (such as fingerprint or Face ID) solely where you choose to enable device-level biometric authentication provided by your device's operating system — we do not store raw biometric data on our servers; and
  7. App usage data such as charging transaction history, wallet balance, session logs, and your location when initiating a charging session at a designated charging station.

Provision of the above Data is necessary for us to provide the Services. If you decline to provide certain required Data, we may be unable to activate or continue your account or provide you with specific Services.

If you provide Data about another individual (for example, in connection with an authorised account representative), you confirm that you have obtained that individual's authorisation and informed them of our data handling practices as described in this Privacy Statement. You should also advise them that they may contact us using the details under the "How to Contact Us" section below.

Data supplied by you will be held by HKeTaxi and will be accessible only by authorised employees and authorised third-party service providers consistent with the purposes set out in this Privacy Statement.

How We Collect Data

We collect Data in a number of ways, including from:

  1. you directly, when you register for an account, complete an application form, contact our support team, submit Data through the App, or during the ordinary course of our business relationship with you;
  2. third parties such as payment processors, identity verification service providers, or charging infrastructure operators, with appropriate authorisation;
  3. our own records of how you use our Services, including transaction logs and App usage activity; and
  4. publicly available sources where permitted by law.

App Data and Device Permissions

To operate effectively, the App may request access to certain device functions and collect associated data. This may include, but is not limited to:

  1. device identifiers and operating system information;
  2. IP address and network connection status;
  3. location data (collected only when the App is in active use and a charging session is being initiated or managed);
  4. app interaction data, session logs and crash reports used to improve performance and security; and
  5. push notification tokens, where you grant permission, to deliver transaction confirmations and service alerts.

You may manage or revoke device permissions at any time through your device's operating system settings. Revoking certain permissions (such as location) may limit the functionality of the App.

How We Use Your Data

We may collect, retain and use your Data for the following purposes:

  1. to verify your identity and eligibility to use the Services, including confirming your valid Hong Kong driving licence;
  2. to register, activate and manage your account;
  3. to process electronic wallet top-ups, charging transactions, and related billing and payment operations;
  4. to detect, prevent and investigate fraud, security incidents and unauthorised access;
  5. to carry out matching procedures as defined under the Ordinance;
  6. to communicate with you regarding your account, transactions, service updates, and security alerts;
  7. to improve and optimise the App's performance, reliability and user experience;
  8. to comply with applicable laws, regulations, court orders, and requests from competent government authorities, law enforcement or regulatory bodies in Hong Kong; and
  9. to enforce our contractual rights and obligations.

Our Legal Basis for Using Your Data and How We Disclose It

We have a legitimate interest in properly administering the Services, and our use of your Data is necessary for the performance of Services you have requested. To the extent permissible under applicable laws and regulations, we may disclose your Data to third-party organisations ("Organisations") strictly for the purpose of enabling us to deliver the Services.

These Organisations may include:

  1. payment processing and electronic wallet service providers;
  2. EV charging station operators and infrastructure providers;
  3. identity verification and fraud prevention service providers;
  4. information technology, cloud hosting and data storage service providers;
  5. customer support service providers;
  6. billing and debt recovery service providers; and
  7. our professional advisers, including accountants, auditors, lawyers and insurers.

We take the required steps to ensure that these Organisations are bound by appropriate confidentiality and data protection obligations, and that they use your Data solely for the purpose for which they were engaged.

In Addition, We May Disclose Your Data:

  1. to your authorised representatives and/or legal advisers when requested by you to do so;
  2. to credit-reporting agencies, fraud-checking agencies, and financial institutions for payment processing and fraud prevention purposes;
  3. to government and regulatory authorities, law enforcement and courts, as required or authorised by applicable law;
  4. to any proposed or actual successor, assignee or acquirer of all or part of our business or assets; and
  5. to any other party with your prior written or in-app consent.

Direct Marketing

We will only use your Data for direct marketing purposes with your explicit prior consent, in compliance with the Personal Data (Privacy) (Amendment) Ordinance 2021. You will be asked to opt in to receive marketing communications separately from your agreement to use the Services. You may withdraw your consent to receive direct marketing at any time by making a written request to us at [email protected]. We will action your request promptly and at no charge to you.

Transfer of Data Outside Hong Kong

Where it is necessary to transfer your Data outside of Hong Kong (for example, for cloud storage or payment processing purposes), we will do so only in compliance with the Ordinance and only where appropriate safeguards are in place, such as contractual clauses that impose data protection obligations equivalent to those required under the Ordinance. You may contact us at [email protected] for further information about the safeguards applicable to any specific cross-border transfer.

The Security of Your Data

We implement technical and organisational security measures to protect your Data against unauthorised access, disclosure, alteration or destruction. Payment data is handled in accordance with applicable payment card industry security standards. Biometric authentication, where used, is processed entirely by your device's operating system and raw biometric data is never transmitted to or stored on our servers.

Third-party service providers who process Data on our behalf are required to maintain appropriate security measures and comply with applicable data protection principles.

Data Breach Response

In the event of a data security incident that is reasonably likely to affect your Data, we will: (a) take immediate steps to contain and investigate the incident; (b) notify affected users as soon as reasonably practicable; and (c) report the incident to the Office of the Privacy Commissioner for Personal Data ("PCPD") as required or appropriate. We will provide you with information about the nature of the incident, the Data affected, and steps you may take to protect yourself.

Retention of Your Data

We will retain your Data only for as long as is necessary to fulfil the original or directly related purposes for which it was collected, or as required by applicable legal, regulatory or contractual obligations. When Data is no longer required, it will be securely deleted or anonymised from our electronic and manual records in accordance with our internal data retention procedures.

Your Rights to Access, Correct and Delete Data

We take all reasonable precautions to ensure that the Data we hold is accurate, complete and up-to-date. You have the right to:

  1. request access to the personal Data we hold about you (a "Data Access Request");
  2. request correction of any inaccurate or incomplete Data; and
  3. object to our processing of your Data on legitimate grounds, subject to applicable legal exceptions.

You may submit a Data Access Request or correction request by contacting us at [email protected]. We will respond within 40 days of receiving your request, as required under the Ordinance. A reasonable fee may be charged for processing a Data Access Request.

You may also decline to share Data with us or withdraw any consents previously given. Please note that doing so may result in us being unable to provide certain Services to you.