Subscription Packages
AI Machine Translation Video Conference e-Signature
Contact Us
eBRAM Website

Personal Information Collection Statement (“PICS”)

This PICS applies to collection, use, processing, and handling of personal data of Users by eBRAM International Online Dispute Resolution Centre Limited (“eBRAM”) on or through the LawTech Services (under Hong Kong’s Personal Data (Privacy) Ordinance (“PDPO”) and other data protection laws as and where applicable, if any) for eBRAM’s operation of the LawTech Services and provision of the Services set out in the Terms and Conditions of Use of eBRAM LawTech Services (“T&C”).


Unless otherwise specifically defined herein, the meaning of the relevant defined or capitalized words and phrases in this PICS shall adopt the same meaning as set out in the T&C. For the avoidance of doubt, references to “personal data”, “data users”, “data subjects” and “data processors” in this PICS shall adopt the same legal meaning as defined in the PDPO. By default, eBRAM’s handling of personal data is in accordance with the requirements of the PDPO, but where any other data protection laws of other jurisdictions (e.g., the EU General Data Protection Regulations (“GDPR”) and the Personal Information Protection Law (“PIPL”) of the People’s Republic of China), if any, applies to the Personal Data of any particular User (if any and where applicable), we will follow the relevant requirements under those other foreign laws as and where applicable.


We may from time to time update this PICS and will notify Users by (i) posting the revised version of this PICS on the relevant websites of the LawTech Services and (ii) sending notification of the revised version of this PICS to Users via email. Users are responsible for reviewing this PICS regularly, and users will be asked to opt-in to indicate acceptance of the revised PICS at the next login to the LawTech Services. Your continued access and use of the LawTech Services after any such posting shall constitute your agreement and acceptance of such revised PICS.


  1. Personal Data
    • 1.1 1.1. This PICS applies to any and all personal data that Users provide or otherwise make available to eBRAM (whether on or through the LawTech Services and/or otherwise via email, direct contact, or other medium for or in the course of eBRAM’s provision of the Services), and such personal data may include, but are not limited to, as the case may be depending on the applicable context:
      • 1.1.1 the name, email address, password, and other credentials for accessing and using the User Account in the LawTech Services, bank account or credit card information used for payments; and/or
      • 1.1.2 the name, contact details, and any other personal data of the persons as the relevant data subjects; and/or
      • 1.1.3 any other personal data of the Users and/or any third parties (if any) that may be contained in any materials, articles, and documentary evidence that the Users may disclose or submit on or through the LawTech Services to eBRAM and/or eBRAM’s provision of the Services; and/or
      • 1.1.4 logs and recordings of telephone calls made to and from eBRAM’s service hotlines and/or inquiries telephone numbers, through which Personal Data may be disclosed or provided during the call and recorded in those logs and recordings,
      • collectively, the foregoing are defined in this PICS as “Personal Data”.
    • 1.2 In relation to the operation of, and/or Users’ access and interactions on, the LawTech Services, our servers may also collect other non-personally identifiable data relating to Users’ online session by automated means (such as but not limited to browser characteristics, operating system, IP address, domain name, language preferences, device characteristics, URLs, information on browsing activities taken, and dates and times of browsing activity). Insofar as any or all of these data and information cannot personally identify you (“Non Personal Data”), they do not constitute “personal data” for the purpose of the PDPO, and nothing in this PICS shall limit or restrict our handling of any Non-Personal Data. Without prejudice to the generality of the foregoing, we will use Non-Personal Data to provide aggregated, anonymous, statistical information so that eBRAM may better meet the expectations and demands of Users to its LawTech Services and take necessary actions in respect of any illegal or unlawful contents on any parts of the LawTech Services visited through eBRAM’s servers. For the avoidance of doubt, however, if any or all of these data and information becomes personally identifiable to any particular User (whether via the Users’ activities recorded after Account log-in, or otherwise mixed in the matrix of data held by eBRAM together with other data that constitute Personal Data as referred above), or if any of these data and information (e.g. IP address) are considered as “personal data” regulated under any applicable foreign personal data protection laws (e.g. GDPR and PIPL) that is applicable to any particular User concerned (if any), such matrix of data as a whole, or such specific data and information in the case of that particular User (if any), will be treated as, and handled by eBRAM as, Personal Data in accordance with the provisions of this PICS.
    • 1.3 By submitting or otherwise making available any Personal Data to eBRAM (whether on or through the LawTech Services or otherwise), you hereby represent, warrant, and confirm that you are either the owner or controller of those Personal Data or you have already obtained all relevant consents/authorizations from the relevant third parties (if any) for your use and provision of those Personal Data to us in the context of the LawTech Services including Artificial Intelligence (AI) Machine Translation, Video Conferencing (VC), e-Signature Service, and any new service offerings in the future, for the collection, use, transfer and handling by us (and our relevant Data Transferees as further specified below) in accordance with the provisions of this PICS. If you intend to provide any Personal Data relating to any other third parties to us, unless such provision falls within the scope of any exemptions (if any) under any applicable laws, please provide a copy of this PICS to that third party to enable him/her to understand how we handle Personal Data and obtain his/her consent/authorization prior to your disclosure and provision of his/her Personal Data to us. If any third parties’ Personal Data are involved but you have not obtained those third parties’ consent/authorization, unless your use and provision are exempted (if any) under applicable laws, you should not provide or disclose any of those third party’s Personal Data to eBRAM (whether on or through the LawTech Services or otherwise). You are deemed by your provision of those Personal Data to have secured and obtained all such third party’s consent/authorization (where applicable), and we are not responsible for any non-compliance on your part.
  2. Purposes of Collection and Use of Personal Data
    • 2.1 We may need to collect and use Personal Data for the relevant purposes as further set out in Clauses 2.4 and 2.5 below. If you do not supply the relevant, up-to-date, and accurate Personal Data that is marked mandatory/necessary/required for the relevant purposes concerned, we may not be able to provide you with our relevant Services and/or the features or functionalities of certain parts or aspects of the LawTech Services (whether in whole or in part) may accordingly be affected or not available to you. For example, if you do not give us accurate and updated contact information when you submit inquiries to us, we will not be able to respond or follow up with you.
    • 2.2 Otherwise, where it is optional for you to provide Personal Data, it is entirely voluntary for you to decide whether or not to provide those optional/non-mandatory Personal Data to us.
    • 2.3 All Personal Data (whether mandatory or optional for you to provide) collected or otherwise obtained by eBRAM for or in connection with the LawTech Services and/or eBRAM’s Services will be handled in accordance with the provisions of this PICS.
    • 2.4 The objective of LawTech Services is to provide secure, accessible, and cost-effective services to enhance the efficiency of legal and business communities (as further specified in the T&C). To facilitate such objective for the LawTech Services, we may collect and use Personal Data for one or more of the following purposes (if and where applicable) from time to time:
      • 2.4.1 facilitate the provision, operation, management, and administration of the LawTech Services and the Users’ Accounts thereunder;
      • 2.4.2 process and manage User registration for the LawTech Services, and the Users’ relevant filings and submissions in relation to registration;
      • 2.4.3 conduct identification and verification of identity, and the relevant due diligence checks;
      • 2.4.4 investigate, handle and respond to any enquiries or complaints made by you, made against you or involving you in any manner;
      • 2.4.5 analyzing, verifying, enforcing contractual rights, and/or checking Users’ credit, payment, and/or status in relation to the provision of eBRAM’s LawTech Services to the relevant Users;
      • 2.4.6 keeping relevant Users informed of the status of the LawTech Services supplied or made available by eBRAM;
      • 2.4.7 communicate with you regarding any of the foregoing matters;
      • 2.4.8 conduct survey, research, and analysis to facilitate the provision and operation of the LawTech Services and/or the relevant Services provided by eBRAM;
      • 2.4.9 maintaining and developing eBRAM’s business systems and infrastructure for or in relation to the LawTech Services, including but not limited to testing, upgrading, and technical support and maintenance of these systems (including but not limited to the LawTech Services);
      • 2.4.10 facilitate the protection and/or enforcement of the relevant rights and interests of eBRAM (as the operator and service provider of the LawTech Services) and/or you (as a User);
      • 2.4.11 comply with any obligations or requirements for using or disclosing Personal Data that are imposed on eBRAM under any applicable laws, court order, or otherwise imposed by any government body, agency, regulatory authority, law enforcement agency, court, or judicial body; and/or
      • 2.4.12 any purpose(s) directly related to any of the above purposes.
    • 2.5 We will collect your identification information as part of your Personal Data, but we will only use such data in the context for the LawTech Services for the limited purposes of:
      • 2.5.1 avoiding abuse of process (e.g., with frivolous or sham claims) and wastage of eBRAM’s manpower and resources by members of the public;
      • 2.5.2 prevention and detection of fraud, impersonation, dishonesty, or other crime or unlawful or improper acts, conduct or malpractice;
      • 2.5.3 conducting identification and verification of the identity of the Users and reasonable due diligence checks on the Users;
      • 2.5.4 facilitate the protection and/or enforcement of the relevant rights and interests of eBRAM (as the operator and service provider of the LawTech Services) and/or you as the User;
      • 2.5.5 comply with any obligations or requirements for using or disclosing Personal Data that are imposed on eBRAM under any applicable laws, court order, or otherwise imposed by any government body, agency, regulatory authority, law enforcement agency, court, or judicial body; and/or
      • 2.5.6 any purpose(s) directly related to any of the above purposes.
      • Save for the aforesaid limited purposes or unless otherwise exempted under applicable laws, eBRAM will not use your identification information for any other purposes without obtaining your prior expressed permission.
    • 2.6 Subject to any specific requirements (if any) under any applicable laws, we will retain Personal Data for such period/duration that is not longer than is necessary for the fulfillment of the relevant purposes (or any directly related purposes) for which the Personal Data is to be used.
    • 2.7 Save for the aforesaid list of purposes under this Section 2, we will not use Personal Data for any other new purposes without getting the relevant data subjects’ expressed prescribed consent in accordance with the requirements of the PDPO (and/or any other applicable data protection laws, if any and where applicable).
  3. Disclosure and Transfer of Personal Data
    • 3.1 We will keep your Personal Data confidential, but may disclose or transfer (in or outside of Hong Kong) Personal Data, as relevant and where needed, to one or more of the following classes of persons from time to time (collectively, “Data Transferees”) for the purposes set out in Section 2 above:
      • 3.1.1 any person who owes a duty of confidentiality to us, including but not limited to eBRAM’s professional advisers, including its accountants, auditors, lawyers, and other professional advisers, in relation to our operation and/or protection and enforcement of our rights and interests;
      • 3.1.2 any holding company, parent, subsidiary, affiliated company, or associated company (if any) of eBRAM which are involved in the provision and operation of the LawTech Services (or any parts thereof);
      • 3.1.3 strictly on a need-to-know basis and subject always to any applicable contractual and/or non-contractual means (including but not limited on data protection and confidentiality) that eBRAM has implemented and imposed upon the following parties: eBRAM’s dealers, agents, contractors, sub-contractors, vendors and/or suppliers (including their employees, directors, officers, and agents) who provide services/support to us for or in connection with our operation and provision of the LawTech Services;
      • 3.1.4 government and regulatory bodies, authorities, law enforcement agencies, courts, judicial bodies and/or other organizations in Hong Kong or elsewhere, as required or authorized by or under applicable laws for the purposes of enforcing the LawTech Services;
      • 3.1.5 any person to whom we are under obligation or requirement to disclose under any court order;
      • 3.1.6 any financial institutions, charge or credit card issuing companies, credit providers, credit information or reference bureau and/or collection or security agencies that are necessary to establish and process the Users’ payment for eBRAM’s provision of the Services and/or registration, access and use of the LawTech Services, and provide services to eBRAM in case of any failure in any such payment transactions (if any);
      • 3.1.7 any authorized representatives and/or legal advisors of the Users, when requested by the relevant Users to do so; and/or
      • 3.1.8 any proposed or actual assignee or transferee of all or any part of the eBRAM’s operation or business.
      • 3.1.9 to improve user experience by integrating the Hong Kong Legal Cloud Portal with the eBRAM LawTech Service Portal, the following data elements will be transferred to the LawTech Service Portal from the Hong Kong Legal Cloud Portal: User ID, email address, First Name, and Last Name.
      • 3.1.10 using the services provided in the LawTech Service Portal is voluntary. Data elements listed in Clause 3.1.9 will only be transferred from the Hong Kong Legal Cloud Portal upon the user's willful click on the LawTech Services button, upon which, fresh consent from the user will be obtained for processing their data.
    • 3.2 When eBRAM entrusts the handling of Personal Information to a third party for the provision of the services of the LawTech Services, an agreement will be established with the entrusted party on the purpose of the data handling, the method of data handling, categories of personal information, and protection measures of Personal Information. Users will be required to provide consent for third-party data transfer for the usage of the services provided in the LawTech Services.
      • 3.2.1 For reasons indicated in this PICS, your Personal Information may be shared with third parties for the provisions of the services in the LawTech Services.
      • The following table depicts the local transferees of your Personal Information for the service provisions in the LawTech Services. This list may be updated from time to time.
      • Name Contact Information Purpose and Method of Processing Type of information
        Microsoft Azure https://azure.microsoft.com Infrastructure Basic information and Personal Information
        Stripe info@stripe.com Process credit card payment transactions for LawTech Services Billing information and payment information
        SendGrid https://sendgrid.com Send One-time password (OTP) and eSignature Services Email address, OTP, and document link for eSignature Services
  4. Direct marketing
    • 4.1 eBRAM does not use Personal Data and/or provide Personal Data to third parties for direct marketing. If in the future eBRAM intends to conduct any such direct marketing activities, eBRAM may only do so provided that all the applicable requirements of the direct marketing regime of the PDPO (and the direct marketing requirements of any other data protection laws and regulations such as the GDPR and PIPL, if any, as and where applicable) are fully complied with prior to any such intended use and/or provision (if any). You will at all times have the right to opt-out and object to the use of your Personal Data and/or provision of your Personal Data to any third parties for direct marketing purposes.
  5. Data Security
    • 5.1 We will take all reasonably practicable steps to maintain and ensure the security of Personal Data in accordance with the requirements of the PDPO. Amongst others, the physical records of Personal Data will be stored in secured places at our premises with restricted access controls. The electronic records (including back-ups) of Personal Data will be stored in our servers located in secured data rooms and data centers and protected by adequate IT and cybersecurity measures (including but not limited to controls on access and permission levels, log-in account and passwords, encryption, and other relevant security measures). Only our authorized personnel (who have been trained to handle Personal Data properly and bound by duty of confidentiality) will have access to these records and servers on a “need-to-know” and “need-to-use” basis.
    • 5.2 Taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of processing, and the risks of varying likelihood and severity for the rights and freedoms of natural persons, eBRAM (and its data processors, if any) will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to any or all of the following as appropriate: (a) the pseudonymisation and encryption of Personal Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services; (c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
    • 5.3 No data transmission over the internet or any other public network can be guaranteed to be completely secure. You are responsible for taking reasonably practicable means and precautions to safeguard the security of your computer and device against misappropriation or unauthorized use and access, and to safeguard the security and protection of Personal Data, your Account information, and Password.
  6. Use of Cookies
    • 6.1 When you browse the LawTech Services, cookies will be stored in your computers, mobile phones, or other devices for internal navigation and programming only. We may use cookies to track information about your access and use of the LawTech Services to facilitate a better browsing experience for your access and use of the LawTech Services across multiple pages within or across one or more sessions.
    • 6.2 Cookies are text files that LawTech Services sends to your relevant devices to uniquely identify your browser or to store browser information or settings. Some cookies make it easier for you to navigate the LawTech Services by keeping a record of your browser settings and preferences, whilst other cookies are used to enable a faster log-in process. This information may include but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across the LawTech Services.
    • 6.3 You can edit your browser settings to disable cookies, and also provide the expressed decision/choice of your cookies setting on our cookies preference box, for your access and/or use of the LawTech Services. However, if you disable cookies, you may not be able to access all parts of the LawTech Services, and some parts of the functionality and features of the LawTech Services may be affected.
    • 6.4 The following table indicates the types of cookies collected and the purpose of collection.
      Provider Name Purpose Type Duration
      Strictly Necessary Cookies
      eBRAM PHPSESSID Maintain session First party Until end of session
      XSRF-TOKEN Protect against CSRF attacks First party Until end of session
      ebram-lawtech.jwt_token Validate user login First party 1 day
      ebram-lawtech.jwt_token.sig Validate user login First party 1 day
  7. Third Party Linked Sites
    • 7.1 As stated in the T&C, the LawTech Services may contain linked sites that may be provided by third parties or other service providers (“Linked Sites”). This PICS is not applicable to your access and/or use of any Linked Sites and your transactions and interactions with the information, contents, products, and/or services that may be provided by any of those third parties in any of those Linked Sites, which shall be entirely at your own risks. For information about those third parties’ data privacy policies and practices, you may refer to those third parties privacy policy/personal data collection statements at the Linked Sites.
    • 7.2 eBRAM is not responsible or liable for the contents, information, products, or services provided by any third party, and/or for your access, use, transactions, and interactions with those third parties (whether on or via the Linked Sites or otherwise), and/or the collection and use of your Personal Data by any third parties, and/or the data privacy policies and practices of any of those third parties. Any dealings and disputes between you and any or all of those third parties shall be handled and resolved separately between you and those third parties.
  8. Indemnity
    • 8.1 You agree to indemnify in full and on demand, defend and hold harmless eBRAM, its directors, officers, affiliates, associated or related entities, agents, representatives, partners, staff, and employees (collectively, “eBRAM Indemnified Parties”) from and against any and all claims, proceedings, damages, losses, injuries, liabilities, demands, actions, costs and/or expenses (including legal fees) arising from, or that may be incurred or suffered (whether directly or indirectly) by us and/or any of the relevant eBRAM Indemnified Parties, from or in relation to your breach of the relevant representations and/or warranties in this PICS (including those regarding your obtaining of the relevant third parties’ consent or authorization for your use and provision of those third parties’ Personal Data to eBRAM under the relevant eBRAM Rules).
    • 8.2 No settlement that in eBRAM’s opinion may adversely affect the rights or obligations of any or all of the eBRAM Indemnified Parties shall be made without eBRAM’s prior written approval.
    • 8.3 For the avoidance of doubt, Section 8 is for the benefit of the eBRAM Indemnified Parties, each of which relies on the benefit and protection conferred, and we hereby accept such benefits on behalf of each and all of the eBRAM Indemnified Parties.
  9. Data Subject Rights Requests
    • 9.1 You, as the data subject, have the right to request access to and/or correction of your Personal Data in accordance with the PDPO or any other applicable data protection regulations. We will process any such requests in accordance with the requirements of the PDPO or any other applicable data protection regulations. Data subject requests are provided free of charge unless the requests are repetitive, excessive, or unfounded where a reasonable charge may be imposed, and you will be informed in advance of such charge if applicable.
    • 9.2 To the extent permitted under the data protection laws of other jurisdictions that apply to you, in addition to the data access and data correction rights referred above in Clause 9.1, subject to certain conditions, you have the right to have your Personal Data erased, to obtain restriction of the processing of your Personal Data, to data portability, to object to the processing of your Personal Data based on certain grounds, the right to withdraw previously given consent for the processing of your Personal Data, and the right at all times to object to the use of your Personal Data for direct marketing purposes. In the case of automated individual decision-making, you have the right to obtain human intervention, give your point of view, receive an explanation for the automated decision, and challenge that decision. You also have the right to lodge a complaint with a supervisory authority.
    • 9.3 For any inquiries on our data protection practices in this PICS and/or any data subject rights requests, please send your inquiries/requests by post (marked “Attention: the LawTech Services – data subject rights requests” to Data Protection Officer (Email: dpo@ebram.org, Address: Room 403, 4/F, West Wing, Justice Place, 11 Ice House Street, Central, Hong Kong).
    • The English version of this PICS shall prevail whenever there is a discrepancy or inconsistency between the English and the other language versions.
    • By clicking on the AGREE button, I acknowledge that I have read and fully understand the above document namely, Personal Information Collection Statement for eBRAM LawTech Services and I confirm my agreement to all the terms contained therein.