Privacy Policy

Urmet+ Privacy Policy
Effective Date: 12 March 2026

1. Introduction

Urmet Jes Ltd ("we", "us", or "our") is committed to protecting the privacy and security of personal data collected through our services. This Privacy Policy describes and governs how Urmet Jes Ltd, the developer, operator, and owner of URMET+ solutions, and authorized system integrators of URMET+ (collectively the "Services") may collect, use, and disclose your personal data.

This Privacy Policy supplements our Terms of Service and explains how we handle information collected and received during your use of our official website and subdomains (the "Website"), the URMET+ mobile application (the "App"), and any related platforms, including without limitation access technologies, facilities management technologies, and security technologies. We process personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") and other applicable data protection laws in Hong Kong.

This Policy applies to you if you use our Services either directly (for example, as an apartment resident) or indirectly (for example, as an apartment visitor), and applies to your personal data in our possession or under our control. By accessing or using our Services, you acknowledge and consent to the practices described in this Privacy Policy. If you do not agree with any part of this policy, whether in whole or in part, you should discontinue use of the Services immediately. You are strongly encouraged to read this Privacy Policy carefully and check back periodically as we update it from time to time. Each time you use the Services, you signify your agreement to the latest version of this Privacy Policy that is in force.

2. Definitions

• Personal Data: Any data relating directly or indirectly to a living individual, from which the identity of that individual can be reasonably ascertained, and which is in a form in which access to or processing of the data is practicable.
• Data Subject: An individual to whom personal data relates.
• PDPO: The Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.
• DPPs: The six Data Protection Principles under the PDPO.

3. Purpose of Collection and Use of Information

We collect, use, and process information, including Personal Data, to provide, improve, and develop our Services, to create and maintain a trusted and safe environment, and to comply with our legal and contractual obligations. Using the information we collect, we are able to deliver the Services and honour our Terms of Service. We process personal data only when it is necessary for specified purposes and in compliance with the PDPO, ensuring that individuals are informed about the purpose of data collection and that our policies regarding personal data handling are transparent and accessible.

3.1 Information We Receive from Your Use of Our Services

We provide a variety of features and functions in our Services. Depending on which Services you elect to use, one or more of the following information may be collected:

Account Information. When you sign up for an account, we may require personal data such as your name, email address, phone number, and address. We will use this information to verify and authenticate your identity and generally maintain your account with us. We may also use this information to send you messages related to our Services, including notifications, alerts, and support communications. These messages may be delivered by push notification, email, and/or SMS. You cannot opt out of receiving these non-promotional service updates unless you deactivate your account.

Proof of Residency. We may collect copies of documents for proof of residency or affiliation for the purpose of establishing your apartment residency status. These documents may include tenancy agreements, lease agreements, property deeds, or other required documentation.

Guest Contact. When you elect to use our Services to invite your guests, or when you register yourself as a visitor at the residence, you may provide us with contact information including without limitation full name, mobile number, and email address of your guest and yourself, respectively.

Face Image. You may elect to use facial recognition access systems provided by URMET+ and provide us with an image which contains your facial information. The image will be used to create a Face ID that contains the facial features extracted from the image. We may also collect facial images through our facial recognition terminal for the purpose of identity verification, access control, and security enhancement.

Vehicle Number. When you elect to use automated access control systems provided by URMET+, you may provide us with your vehicle registration number. The vehicle number will be used for automatic vehicle access purposes.

Uploaded Files. You may elect to upload files (e.g., forms, feedback submissions) when you elect to use our Services.

Access Record. We may process CCTV footage for the purpose of ensuring the safety and security of the premises, residents, guests, staff, contractors, and physical assets. The collected CCTV footage is primarily used for security monitoring purposes to identify and respond to potential security incidents, including theft, vandalism, trespassing, and other unlawful activities.

Payment Information. Some of our Services require payment. We may directly or use thirdparty service providers to collect information necessary to complete the transaction. Such information may include payment details processed via secure third-party gateways.

Communication. If you contact us for inquiries or support requests, we will collect information such as your name, contact details, as well as any other content that you provide. We also may create event logs to diagnose system issues and capture information relating to any support services.

Intercom. We may collect personal data through the intercom system for the purpose of facilitating communication, access control, and security enhancement. The personal data collected may include audio and visual recordings captured during intercom interactions.

Geo-location. When you use certain features of our Services, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device's GPS if enabled by you to offer you an improved user experience.

Usage Information. We collect information about your interactions with the Services, such as usage logs, device information, IP addresses, and cookie data to understand user behavior, improve functionality, and personalize experiences.

3.2 Information We Receive from Third Parties

We may receive personal data about you from a third-party source, including without limitation the Apartment or Residence Management Entities, property managers, managing agents, security personnel, and authorized contractors from time to time when we provide the Services. For example, a managing agent may input information regarding a user into our system to facilitate access control and property management operations. We exercise appropriate due diligence to check and ensure that the third-party source can validly give consent to the collection, use, and disclosure of the individual's personal data, or the individual has consented, or deemed to have consented, to the disclosure of his or her personal data by the third-party source.

3.3 Information We Receive About Other Individuals

We may receive information about other individuals from you, for example, when residents enter information about a visitor into our system to invite and record visitor information, or when you submit personal data on behalf of a resident to URMET+. If the information you provided includes personal data of other individuals, you agree to obtain explicit or deemed consent, whenever required under the applicable law, from these individuals to collect and disclose his or her personal data to us prior to the submission of such personal data. By consenting to this Privacy Policy, you confirm that explicit or deemed consent has been obtained from the relevant individuals.

4. Information We Disclose

We may disclose your personal data in the following ways:

Disclosure to Residence Management Entities. We may disclose your personal data with the Incorporated Owners of the residence, property managers, security personnel, and authorized contractors in the operations of residence management for operational purposes.

Disclosure to Service Providers. We may disclose your personal data with our partners and third-party vendors who assist us in delivering our Services on our behalf, such as payment processors, hosting providers, and IT support. These parties are bound by confidentiality and data protection obligations and will only have access to your personal data to the extent necessary to perform their functions.

Disclosure to Law Enforcement Agencies. We may disclose your personal data if required to do so by law, court order, or if we believe that such action is necessary to prevent fraud or crime, to protect our Services or the rights, property, or personal safety of any person.

Disclosure for Legal Compliance. We may disclose your personal data to enforce our Terms of Service, investigate violations, or protect our rights.

Disclosure of Anonymous Data. We may disclose and aggregate anonymized, nonidentifiable statistics about users of our Services to prospective partners or advertisers for analytical or business development purposes. These data and statistics will not include information which can be used to identify you.

We do not use personal data for direct marketing unless explicit consent is obtained in accordance with PDPO requirements, and we do not disclose personal data to unrelated third parties for direct marketing without prior consent.

5. Protection of Information

The security of your information is important to us. We implement reasonable security measures to protect personal data against unauthorized access, loss, misuse, destruction, or alteration of information under our control. We follow generally accepted industry standards to protect the information transmitted to us over the Internet, both during transmission and once we receive it. Some of the safeguards we use to protect your information include:

• Encryption of data in transit using TLS/SSL encryption and at rest using Advanced Encryption Standard (AES-256).
• Firewalls and access controls on servers to protect against unauthorized access.
• Role-based access limited to authorized personnel on a need-to-know basis within the organization.
• Regular system monitoring and vulnerability assessments.
• Secure authentication protocols, including encrypted passwords.

All personal data collected from you is stored on secure infrastructure. While your data primarily resides in Hong Kong, we may utilize authorized personnel or service providers located overseas for purposes of system administration, maintenance, and support. We have taken steps to ensure that your personal data continues to be protected to a standard comparable to the protection under the PDPO and the DPPs, including implementing robust security measures and complying with data protection principles that are substantially similar to those in the PDPO.

We also make reasonable efforts to retain personal data only for so long as the information is necessary to fulfill the purposes for which it was collected, in compliance with the requirements of the PDPO. Our retention periods are determined based on the purpose of collection for each category of data. Personal data associated with a registered user account is retained for as long as the account remains active or as otherwise necessary to provide our services, manage the account, and fulfill our legal obligations. Personal data collected from one-time visitors for the purpose of granting temporary premises access is retained for a limited period for security and verification purposes, after which it is securely erased or deidentified from our systems on a regular basis, unless a security incident or other legal requirement necessitates a longer retention period.

Despite our best efforts, however, security cannot be absolutely guaranteed against all threats. Therefore, while we strive to use commercially acceptable means to protect your information, no method of transmission over the internet is completely secure. Users are responsible for safeguarding their login credentials and logging out after use.

6. Your Rights

Under the PDPO, data subjects have the right to access, remove, and update your personal data within our Services. You may exercise these rights through the relevant setting page of your account, with the assistance of the residence management, or by contacting our Data Protection Officer.

Where you provide personal data about yourself to us, you are responsible for providing accurate, not misleading, complete, and up-to-date information about yourself and any other person whose personal data you provide us, and to update this personal data as and when it becomes inaccurate, misleading, incomplete, or out-of-date.

You may contact our Data Protection Officer at plus@urmet.com.hk if you wish to:
a) Request access to your personal data held by us;
b) Request correction of inaccurate or outdated data;
c) Withdraw consent for processing (where applicable); or
d) Object to certain uses of data, subject to legal limitations.

Please allow us a reasonable time to respond to any legitimate request and effect any change. In any case, we will respond within 40 days. We may ask to verify your identity and for more information about your request. Where we are legally permitted to do so, we may refuse your request and may give you reasons for doing so. A reasonable fee may be charged for access requests in accordance with the PDPO, but no fee will be imposed for correction requests.

7. Third Party Websites and Resources

Our Services may contain links to third-party websites. When you click on such links, you will leave our Services and go to another website and other entities may collect personal data from you. We have no control over the content and privacy practices of such websites. You are advised to review the privacy policies of these websites operated by third parties and understand how your information may be used by those third parties before providing personal data.

8. Changes to This Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time to reflect changes in our practices, technology, or legal requirements. If we change the Privacy Policy, we will post the revised version on the Website and on the App and change the "Effective Date" listed. We encourage you to check here periodically for the most up-to-date version of our Privacy Policy. Your continued use of our Services constitutes your acceptance of the updated Privacy Policy.

9. Contact Information

If you have any questions, feedback, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection Officer:

Name: Cheung Sing Sen Spencer
Title: Data Protection Officer
Email: plus@urmet.com.hk
Phone: +852 25153831 / 92885769
Address: Units 11-14, 7/F, Phase 1, Chai Wan Industrial City, 60 Wing Tai Road, Chai Wan, Hong Kong.

We will review and respond to all legitimate requests within a reasonable timeframe and in accordance with the PDPO.