Privacy Policy
Last Updated: 18 September, 2025
This Privacy Policy describes how the Wavenex Event Check‑In App (the “App”) operates for authorized event staff at Hong Kong–hosted events. The App is intentionally minimal and designed so that it does not collect or store attendee personal data. Its core functions are limited to staff authentication, loading an event configuration after scanning a setup QR code, and validating attendee check-in QR codes. Where limited staff credential information (e.g., username) may constitute “personal data” under Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”), it is handled strictly for authentication, security, and operational integrity.
The App does not collect attendee names, contact details, identification numbers, images, location data, analytics information, advertising identifiers, or media recordings. It does not embed third‑party analytics or advertising SDKs. The only information deliberately handled is the staff username and password (used transiently for session authentication) and the event configuration retrieved after scanning the event’s initialization QR code. That configuration (such as event ID and rule parameters) is kept in volatile memory and used solely to validate check‑in QR codes; it is not preserved once the session ends. The device camera is accessed exclusively to scan QR codes. No images or video frames are stored or transmitted; only the decoded token or code string is processed momentarily for validation.
Check‑in validation occurs in memory against the loaded event rules. If a backend validation service is involved, the App transmits only the minimal cryptographic token or code needed to confirm authenticity. It does not reconstruct or enrich personal data from that token. The App itself does not keep audit trails of individual scans. Any server‑side security or access logs (for example, recording a login timestamp, username, and success/failure status) are maintained by or on behalf of the event organizer under separate internal policies and retained no longer than necessary for their stated security or audit purpose.
Security measures include the use of industry‑standard encrypted transport (e.g., HTTPS/TLS) for any network communication, least‑privilege access controls, and a design philosophy of data minimization. Staff users are responsible for protecting their credentials and securing their devices. No intentional cross‑border transfer of staff credential data occurs at present; if infrastructure outside Hong Kong is later introduced, appropriate contractual or organizational safeguards consistent with PDPO expectations will be implemented before any such transfer.
PDPO Data Protection Principles (DPPs) are observed insofar as staff credential or log data qualifies as personal data. Collection is fair and limited to authentication and system protection (DPP1). Data is retained only as long as necessary for those purposes (DPP2). Use is confined to access control, operational integrity, and security auditing, never for marketing or profiling (DPP3). Reasonable technical and organizational safeguards are applied (DPP4). Openness is maintained through this Policy and further details will be provided on request (DPP5). Staff may exercise rights of access and correction regarding any personal data held in backend systems (DPP6). The App is designed so that attendee personal data is not processed by it directly; any attendee data handling (if it occurs at all) resides in separate backend systems governed by the organizer’s own policies.
Authorized staff may submit a Data Access Request or Data Correction Request concerning their credential or log data by emailing the designated contact, providing sufficient details (such as username and approximate login dates) to locate records. The organizer will respond within a reasonable period and may levy a permissible administrative fee for access requests in accordance with the PDPO.
Staff must use the App only for legitimate event operational purposes, refrain from attempting to input or derive personal data beyond the minimal authentication process, and promptly report any suspected compromise of credentials. We may update this Privacy Policy to reflect technical, operational, or legal changes; the “Last Updated” date will be revised accordingly, and continued use after any update signifies acceptance.
Questions, PDPO inquiries, or access/correction requests should be directed to:
Wavenex Limited
Email: info@wavenex.com.hk
Address: 10/F, Kin Sang Commercial Centre, 49 King Yip Street, Kwun Tong, HK