Privacy

1. General Information

This Privacy Policy is established by Customer Experience Group Limited, a company incorporated under the laws of Hong Kong, having its registered address at Room 1403, 14th Floor, Fu Fai Commercial Centre, 27 Hillier Street, Sheung Wan, Hong Kong, registered with the Hong Kong Trade and Companies Registry under the number 37809954, (hereinafter referred to as “Company,” “we,” “us,” or “our”). This Policy governs the processing of your personal data in connection with your use of the Website or our services, in accordance with applicable data protection legislation, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”). For the purposes of this Policy, any non-defined capitalized term shall have the meaning set forth in the GDPR.

This Privacy Policy discloses the privacy practices for www.cxg.com (hereinafter the “Website”). This Policy applies to information collected via the Website, including subscription pages or other websites or apps. Additionally, information submitted in response to an email request for information or through employment application processes will be treated in accordance with this Privacy Policy.

This Privacy Policy may, in CXG’s discretion, be amended from time to time. Such amendments shall be communicated via the website. This Website may contain links to external sites that are not governed by this Privacy Policy. CXG does not take responsibility for the privacy practices of any third-party sites to which we link. We encourage you to review the privacy policies of any such sites before you submit information there.

By using the website or our services, you acknowledge that you have read this Privacy Policy carefully and that you fully agree with its terms. By ticking the appropriate relevant consent box, you declare that you understand the purpose for which your personal data is processed, and you agree that your continued use will be understood as continued consent. You can withdraw your consent at any time by completing the Data Subject Request Form.

2. Information We Collect
CXG collects your personal data to achieve the purposes set out in the following section (“Why We Process Data?”). We only collect data, which is adequate, relevant, and limited to what is strictly necessary for the purposes of processing.

Identification Data: This includes your first and last name, username, title, and other similar identifiers (e.g., marital status, gender, date of birth). This data is typically required for registration purposes or to personalize your interaction with us.
Contact Data: This includes your billing address, delivery address, email address, and phone numbers, which are necessary for us to communicate with you and provide services (e.g., processing an order or responding to inquiries).
Usage Data: Data on how you interact with our website and services, such as browsing patterns, page views, and click-throughs. This will help us improve our service delivery and website functionality.
Technical Data: This includes your IP address, browser type and version, time zone settings, device information, and other technological identifiers that help ensure the smooth operation of our website.

3. How we Collect Data:

Direct Interactions: When you fill out forms on our website, communicate with us via email, or engage with our services, we collect the data you provide directly. In addition, during initial visits conducted for recruitment suitability assessments through our mystery shopping services, we may collect business-related information and/or personal information such as your name, professional role, and interaction quality. This allows us to evaluate suitability for recruitment opportunities.
Automated Technologies: We also collect data through automated means, such as cookies, which help us understand your preferences and website behavior. You may opt out of cookies through your browser settings. More details are available in our Cookie Policy.

We do not collect any Special Categories of Personal Data (details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data), nor do we collect any information about criminal convictions and offenses.

4. Why We Process Data
The purposes and uses of your personal information will depend on how you use the website and the personal information you provide. We process your personal information for multiple purposes:

Recruitment and Talent Assessment: Establish contact with suitable and potential recruits and initiate the recruitment or assessment process/report. This includes collecting basic Personal Data, resumes, application forms, and any additional information you provide during the recruitment process, which may be used to assess your suitability for employment with our Clients or CXG. The Data processed for this purpose is collected with explicit consent and used solely for recruitment-related activities.
Marketing: We may process your personal data to keep you informed about our products, services, events, or publications that may be of interest to you. This may include sending newsletters, event invitations, or promotional material. You can opt-out of receiving marketing communications at any time by using the unsubscribe link included in our communications or by contacting us directly.
Website and User Experience Optimization: We analyze data related to your interactions with our website to improve our content, functionality, and overall user experience. This includes understanding user preferences, optimizing our design, and ensuring the website works effectively across various devices and platforms.
Service Improvement and Customer Support: Your personal data may be used to improve the delivery of our services, including responding to customer inquiries, processing transactions, and ensuring that user requests are handled efficiently. This will help us improve our overall service quality and customer satisfaction.
Database Development: We may process your personal data to promote our Measurement Service and develop a database of potential evaluators. This allows us to establish initial contact with individuals interested in participating in evaluation activities and keep them informed about relevant opportunities.
Legal Compliance and Security: We may process personal data to comply with legal obligations, such as anti-fraud measures, tax regulations, and social legislation. Additionally, we may use your personal data to ensure the security of our systems and prevent unauthorized access to or misuse of our services.

5. Legal Basis for Processing
In compliance with GDPR, we ensure that all Data Processing activities are carried out on a lawful basis. The key legal bases for processing your Personal Data are:

Consent: For specific purposes, such as collecting your Data via contact forms, subscribing to newsletters, or marketing activities, we rely on your explicit consent. You have the right to withdraw you consent at any time, which will not affect the lawfulness of the processing carried out before the withdrawal
Legitimate Interest:

Data Collected during the initial phase of the recruitment process, under the purpose of suitability of candidates (to evaluate and recommend potential recruits to clients and improve our recruitment services) are based on Legitimate Interest and those subject to this process were initially notified under Article 13/14 GDPR.

Data collected through cookies is processed based on CXG’s legitimate interest in maintaining the website’s functionality, ensuring its security and accuracy, and enhancing user experience through statistical analysis

Contractual Necessity: In cases where we need to process your Personal Data to fulfill a contract with you, your data will be processed based on contractual necessity.
Legal Obligation: In certain circumstances, we are required to process your data to comply with applicable laws, such as those related to tax or anti-fraud measures

6. How We Might Share Your Information
We will not sell, share, rent, or make available your personal information with any third party outside of our organization, other than as necessary to fulfill your request. The Third Parties with whom we may share your data with, include:

CXG Affiliates and Subsidiaries: Personal Data may be shared within the CXG group to facilitate global operations, recruitment, or marketing activities
CXG Clients: With your Consent, we may share your Personal Data with clients in the context of potential recruitment, where you are being assessed as a candidate.
Service Providers: We work with trusted third-party service providers who assist us in providing our services, such as data hosting, IT support, marketing, payment processing, and email distribution. These third-parties act as processors on our behalf and are contractually bound to maintain the confidentiality and security of your data.
Business Partners: Personal Data may be shared with business partners for co-organized events or publications, who will process the data per their privacy policies. We assure you that exercising your rights will not be subject to any impediments or complications due to data sharing.
Legal Obligations and Authorities: We may disclose your Personal Data to government bodies, law enforcement, or regulatory authorities when required by law or necessary to protect our legal rights.
International Data Transfers: In the event of data transfers outside the European Economic Area (EEA), we ensure that appropriate safeguards (Standard Contractual Clauses or Adequacy decisions) are in place to protect your Personal Data following GDPR requirements, if derogatory measures apply, we will notify you.

7. Data Retention
We will only retain your personal data for a duration reasonably necessary to fulfill the purposes for which we collected it, including satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation regarding our relationship with you.

Our retention periods are determined based on:

The nature of the personal data
The purpose for which it is being processed
Legal or regulatory requirements

Once the retention period has expired or the data is no longer required, we will securely delete or anonymize it.

Specific retention periods include:

Recruitment Data: Personal data collected during the recruitment process will be retained for a maximum period of 12 to 18 months, after which it will be securely deleted unless a legitimate reason exists for retaining it longer, such as for legal defense in potential disputes.

Inactive accounts will be deleted after 12 months of inactivity. However, if we determine that a candidate’s profile shows a strong fit for future roles, their data may be retained for the full 18-month period. This retention policy enables us to consider qualified candidates for multiple recruitment opportunities, ensuring their profiles remain available for relevant openings during the retention period, subject to ongoing relevance and consent where required.

We regularly review our data retention policies to ensure compliance with data minimization principles and GDPR requirements.

8. Your Rights as a Data Subject
According to the applicable data protection legislation, including, but not limited to, GDPR, you as a Data Subject have the following rights:

Right of Access: You have the right to request access to your Personal Data that we process, including information on how and why we are processing it.
Right to Rectification/Correction: If any personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent, and there are no overriding legitimate grounds for processing. However, you must remember that a request for deletion will be evaluated against legal or regulatory obligations or administrative or judicial orders that may contradict such deletion.
Right to Restrict Processing: In certain circumstances, such as when you contest the accuracy of your data, the processing is illegitimate, or the data are no longer needed for the purposes listed but you need them to defend yourself in judicial proceedings, you may request that we restrict the processing of your personal data.
Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and you may also ask us to transfer it to another data controller.
Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes at any time.
Right to Withdraw Consent: If the processing of your personal data is based on your consent, you can withdraw it at any time, and we will stop processing your data for that specific purpose.

To exercise these rights, please submit a request via the Data Subject Request Form or contact us at privacy@cxg.com . We will respond within one month of receiving your request, with an extension of two additional months for complex requests or multiple requests made by the same Data Subject as per Article 12(3) GDPR.

9. Security of Your Personal Information
We take the security of your personal data seriously and have implemented a range of technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction. These measures include:

Encryption: Where applicable, we encrypt sensitive data to ensure it remains confidential and secure during transmission.
Access Controls: We limit access to your personal data to authorized personnel who need it to perform their duties.
Regular Security Audits: Our systems and processes are regularly reviewed and updated to address emerging threats and vulnerabilities.

Despite our best efforts, please be aware that no method of transmitting data over the internet or storing electronic data is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or technological advancements. When changes are made, we will update the “Last Updated” date at the top of this policy and post the revised version on our website.

You are encouraged to review this policy periodically to stay informed about how we are protecting your personal data. Substantive changes to the policy will be communicated to you through our website or via email, where applicable.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we process your personal data, please feel free to contact us at privacy@cxg.com or community@cxg.com.

For further information on your rights under data protection laws or to submit a formal complaint, you can also reach out to the relevant data protection authority in your country.

12. More Information

For more information on personal data protection, you can find useful resources below:

GDPR Full Text

European Data Protection Board

China: Personal Information Protection Law (PIPL)

Hong Kong: Personal Data (Privacy) Ordinance

UAE: Data Protection Law, DIFC Law No 5 of 2020

UAE: Dubai Data Law No. 26 of 2015

South Korea: Personal Information Protection Act

Taiwan: Personal Data Protection Act

Singapore: Personal Data Protection Act

Russia: Federal Law 152-FZ on Personal Data

Russia: Amendment to Personal Data Law

Japan: Act on the Protection of Personal Information

UK: Data Protection Act 2018

Australia: Privacy Act

Tunisia: Personal Data Protection Law

US: New York Privacy Act

US: California Consumer Privacy Act (CCPA)

South Africa: Protection of Personal Information Act

Kuwait: Data Privacy Protection Regulation

KSA: Personal Data Protection Interim Regulations

Bahrain: Personal Data Protection Law

India: Digital Personal Data Protection Act 2023

Lebanon: Law No. 81 on Electronic Transactions and Personal Data

Qatar: Law No. 13 of 2016 on Data Privacy

Switzerland: Swiss Federal Act on Data Protection (FADP)

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Privacy

Subscribe to receive latest insights