BookMay Business
Privacy Policy
This Privacy Policy explains how KitVa Limited handles personal data for BookMay Business, the merchant app and related business booking services.
1. Scope and Hong Kong privacy law
BookMay Business helps merchants manage shop profiles, services, staff, availability, bookings, manual bookings, customer chats, review replies, QR store access, and related operations.
KitVa Limited is based in Hong Kong. We aim to handle personal data consistently with the Personal Data (Privacy) Ordinance, Cap. 486, including the Data Protection Principles on collection purpose, accuracy and retention, use, security, openness, and data access and correction.
2. Platform roles
BookMay Business is used by business owners, managers, staff, and other authorized merchant users. Customers using BookMay may share booking details, notes, messages, reviews, and contact information with a business so the business can provide the booked service.
Businesses are independent service providers. A business may also be responsible for its own customer records, staff records, marketing practices, retention decisions, and legal obligations outside the BookMay platform.
3. Information we collect or process
Business account data may include owner, manager, and staff names, email addresses, phone numbers, authentication records, role permissions, language, region, notification settings, and support requests.
Shop and service data may include shop name, category, description, address, coordinates, phone number, store code, access code, public or private visibility, logo, cover images, gallery images, services, staff, opening hours, day offs, capacity, booking approval settings, and cancellation cutoffs.
Business verification and enforcement data may include business registration information, licence or permit information, proof of address, proof of phone, email, domain, or store-code control, owner or manager authorization, trade mark or brand authorization, public records, support evidence, and identity or contact details of authorized representatives where required.
Booking and customer data may include customer name, contact details, selected service, staff preference, start and end time, booking status, customer notes, business notes, rejection reason, deposit or payment status, party size, custom form responses, price snapshots, and booking history.
Communications and content may include inbox messages, chat conversations, unread counts, review ratings, review comments, review images, business replies, uploaded images, and other content submitted through the app.
Technical and payment data may include device, app, network, security, diagnostic, usage, log, purchase, subscription, invoice, payment-provider, and entitlement information where relevant.
4. App permissions and device features
- Camera access may be used to scan or manage BookMay QR store codes.
- Photo library or camera access may be used for shop logos, cover images, staff images, work galleries, and review-related content.
- Location may help set or confirm a shop address, coordinates, distance, or region-aware discovery.
- Notifications may be used for booking requests, confirmations, reminders, customer messages, review activity, account notices, and service updates.
- Calendar features, if enabled, may help add or manage booking events on a device.
5. How we use information
- Create, authenticate, secure, and maintain merchant accounts and role permissions.
- Display business listings, services, staff, availability, prices, images, and shop access details in BookMay.
- Process booking requests, confirmations, cancellations, completions, manual bookings, reminders, and status updates.
- Enable customer-business chat, inbox management, review replies, QR access, private shop unlocks, and support.
- Operate payments, subscriptions, invoices, refunds, entitlements, fraud prevention, abuse detection, and service reliability where applicable.
- Verify business ownership or authority, investigate impersonation, fake listings, malicious bookings, payment abuse, infringement, and misuse of customer data, and notify affected parties where appropriate.
- Comply with legal obligations, enforce terms, protect rights, investigate misuse, and improve BookMay Business.
6. Merchant handling of customer data
Businesses and their staff must use customer personal data received through BookMay Business only for genuine booking, service, support, record-keeping, legal, or other lawful business purposes. Businesses must not misuse customer data, disclose it without authority, export it unnecessarily, or use it for direct marketing unless they have a lawful basis and any required consent.
Business owners are responsible for managing staff access, removing access when staff no longer need it, and applying appropriate internal safeguards to customer booking and communication records.
7. Sharing of information
We do not sell personal data.
- Customers and businesses may see information needed for a booking, chat, review, or business listing.
- Authorized business users may see shop, staff, booking, customer, message, and review information according to their role permissions.
- Service providers may process data for hosting, authentication, database, storage, analytics, diagnostics, email, payments, app-store operations, and platform support.
- Where legally permitted or required, we may share relevant records with affected customers, the real business owner, payment providers, app stores, insurers, professional advisers, regulators, law enforcement, or courts to investigate or respond to impersonation, fraud, malicious bookings, infringement, disputes, or safety issues.
- Information may be disclosed where required by law, court order, regulator, law enforcement request, or where needed to protect rights, safety, security, and service integrity.
8. Storage, retention, and transfers
BookMay Business stores service data in cloud infrastructure and may process data outside Hong Kong through service providers. We use reasonable safeguards appropriate to the nature of the data and service.
We retain information for as long as reasonably needed to provide the services, maintain booking and business records, resolve disputes, enforce terms, comply with law, support security, and manage legitimate business needs. Some booking, message, verification, payment, abuse, investigation, and account records may need to be retained after account closure, suspension, deletion request, or listing removal where reasonably required for fraud prevention, dispute handling, legal claims, law enforcement, or legitimate business reasons.
9. Your choices and rights
- You can update certain business profile, notification, language, region, staff, service, and booking settings in the app where available.
- You can control iOS permissions such as Camera, Photos, Location, Notifications, and Calendar in device settings.
- Under Hong Kong privacy law, you may request access to and correction of personal data we hold about you, subject to lawful limitations.
- For deletion, account, or data requests, contact us using the details below. We may need to verify your identity and may retain records where legally or operationally necessary.
10. Security
We use reasonable administrative, technical, and organizational measures to protect personal data. No app, network, device, staff account, or storage system can be guaranteed to be completely secure.
11. Children and sensitive information
BookMay Business is intended for business use, not for children. Businesses should avoid requesting sensitive personal data from customers through BookMay unless it is necessary for the booked service, lawful, clearly explained, and handled with appropriate safeguards.
12. Changes to this policy
We may update this Privacy Policy to reflect product, legal, operational, or security changes. The effective date will be updated when changes are published.
13. Contact
For privacy questions or data requests, contact kitvalimited@gmail.com.