Privacy Policy


Last Updated: October 15, 2025

Company: HK Midun Technology Limited (“MiiiSys”, “we”, “us”, “our”) Jurisdiction: Hong Kong SAR

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our websites, use our online products, dashboards, or interact with us (collectively, the “Services”). If you do not agree with this Policy, please do not use the Services. We may update this Policy from time to time; we will post the revised version here with an updated “Effective Date”.


1) Who we are & our role

We typically act as a data controller when we decide how and why personal data is processed (e.g., accounts, billing, security, analytics, support). When we process data strictly under a client’s instructions, we act as a data processor/service provider.

2) Personal data we collect

Depending on how you interact with us, we may collect:

Identification & contact data: name, business role, email, phone. Account & organization data: company name, domain, settings, user access/roles. Transactional & operational data: case/record IDs, timestamps, amounts, metadata needed to operate features you enable Technical & usage data: IP address, device/browser info, operating system, pages viewed, feature usage, logs, diagnostic and crash data, cookie/SDK/APP identifiers. Communications: emails, support tickets, chat messages, feedback. Integration data (optional): data from systems you connect (e.g., payment, CRM, fulfillment) as needed to deliver the Services.

We do not collect or store full PAN, CVV, or magnetic stripe data. Our system is designed to only process tokenized or masked payment data. In the unlikely event that sensitive payment data is received in error, we immediately delete or anonymize it to protect confidentiality.


3) How we use personal data (purposes & legal bases)

Provide and maintain the Services: account setup, feature delivery, availability, troubleshooting, support. Legal basis: contract performance and/or legitimate interests. Security & abuse prevention: authentication, access control, monitoring, incident response. Legal basis: legitimate interests and/or legal obligations. Improve and develop: analytics, research, testing, and product quality. Legal basis: legitimate interests. Communications: operational messages; marketing where permitted (you may opt out). Legal basis: contract/consent/legitimate interests. Compliance: legal, regulatory, and audit requirements; enforcing agreements. Legal basis: legal obligations/legitimate interests.

We process data only where we have a lawful basis under applicable data protection laws.


4) Cookies and similar technologies

We use:

Necessary cookies for security and session management. Functional/performance cookies to improve features and measure usage.

You can control cookies in your browser settings; blocking necessary cookies may limit functionality. We currently do not respond to browser 'Do Not Track' signals; however, where required by law, we respect users’ cookie consent preferences.


5) How we share personal data

Vendors/Processors: hosting, storage/backup, analytics, email and ticketing, security, and customer support—bound by contracts and confidentiality. Business partners/clients: where necessary to provide Services you’ve requested or authorized. Legal/Compliance: to comply with law, protect rights, safety, or respond to lawful requests. Corporate transactions: in mergers, acquisitions, financing, or asset transfers, under protections consistent with this Policy.

6) International transfers

We may process personal data in locations outside your jurisdiction, including but not limited to Singapore, the EU and the U.S., and other regions where we or our service providers operate. Where such transfers occur, we ensure appropriate safeguards, such as the Standard Contractual Clauses (SCC) approved by relevant regulators, or other equivalent legal mechanisms.


7) Data retention

We retain personal data only for as long as necessary to fulfill the purposes described above, to comply with applicable laws, to resolve disputes, or to enforce our agreements. After that, data will be securely deleted or anonymized. In general, transaction and dispute-related records are retained for up to five (5) years, while technical and usage data may be retained for up to twelve (12) months, unless a longer retention period is required by law or legitimate business needs.


8) Data deletion You may request deletion of your personal data by emailing privacy@miiisys.com. We will respond within 30 days (extendable where permitted by law). For merchants uninstalling our app, account-level identifiers and associated personal data are deleted or irreversibly anonymized within 30 days, except where retention is required for fraud prevention, accounting, disputes, or legal obligations. Data on backups will be purged within 90 days through our standard rotation. Where data is processed by subprocessors, we instruct them to delete it accordingly.


9) Security

We apply industry-standard technical and organizational measures (access controls, least privilege, encryption in transit/at rest where appropriate, monitoring, vulnerability management). No method is 100% secure; if a breach occurs, we will notify affected parties and regulators as required by law.


10) Your rights

Depending on your location, you may have rights to access, correct, delete, restrict or object to processing, data portability, and withdraw consent (where applicable). You also may have the right to lodge a complaint with your local data protection authority.

To exercise rights, contact privacy@miiisys.com. We may request information to verify your identity.


11) Children’s privacy

Our Services are not directed to individuals under 16 (or the applicable minimum age). We do not knowingly collect data from children. If you believe a child has provided data to us, contact us to request deletion.


12) Third-party links

Our Services may link to third-party sites or services. Their privacy practices are governed by their own policies. Please review those policies before sharing personal data.


1) Changes to this Policy

We may revise this Policy from time to time. The updated version becomes effective on the date posted. Material changes will be highlighted via reasonable notice. Continued use of the Services after the Effective Date constitutes acceptance.


13) Contact us

For general inquiries, please contact us at privacy@miiisys.com.  



support@miiisys.com
Product
Qualifications
Explore
Policies