Privacy Policy

Last Updated: July 22, 2025

Sky Rail Golf (Asia Power International Limited) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website (store.skyrailgolf.com) or related services. It is designed to comply with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong (PDPO) and other relevant data protection laws applicable to our operations. By using our Site or providing us with your personal information, you agree to the terms of this Privacy Policy.

1. Scope of this Policy

This Privacy Policy applies to the Sky Rail Golf online store and any other online interface (such as a mobile application or social media page) that links to this Policy. It covers personal data we collect from customers, users, or visitors, including when you:
• Visit or browse our website;
• Create an account on our Site;
• Purchase products or services (including digital goods or memberships);
• Subscribe to newsletters or marketing communications;
• Contact our customer support;
• Interact with us on social media or via third-party platforms.

It does not apply to third-party websites or services that we do not control, even if our Site contains links to them. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies separately.

2. Personal Data We Collect

We collect various types of personal data in order to effectively operate our e-commerce business and provide you with our products and services. The types of data we may collect include:
• Contact Information: such as your name, email address, telephone number, and postal address. For example, when you place an order, we collect your shipping address and email/phone to send order confirmations and delivery updates.
• Account Information: If you register an account, we might collect a username, password, and other profile details (like your birthday or preferences) that you choose to provide.
• Order and Transaction Information: Records of products you purchase, payment method details (see below), delivery address, and any returns or exchanges. Note: We do not store full payment card numbers or financial account details on our servers; those are handled by secure third-party payment processors. We may retain a transaction ID or token and the last four digits of your card for reference.
• Payment Information: We use third-party payment providers (e.g., credit card processors, PayPal) to handle transactions. While those providers will collect your payment card number, expiration date, and CVV, we generally receive only limited information such as a payment confirmation, your name on card, and billing address. If payments are made via bank transfer, we might receive confirmation of your bank details as needed to match your order.
• Digital Goods/Membership Data: If you purchase digital products or join a membership, we might collect data on your usage of those digital services. For example, for a digital training video product, our system may log that you have accessed the video (to know that delivery was successful). For memberships, we may track your login activity to ensure benefits are provided and to prevent account sharing abuse.
• Preferences and Feedback: Information you provide about your preferences, such as product wishlists, newsletter subscription choices, or responses to optional surveys or feedback requests. If you enter any contests or promotions we run, we will collect the information needed for participation (e.g., name, contact, entry details).
• Communications: Copies of your communications with us. For example, if you email customer support or engage in a live chat, we will keep a record of the correspondence. If you call us, we might log the call and any details you share during the call.
• Automatically Collected Data: When you visit our Site, we use cookies and similar technologies to automatically collect certain information about your device and usage:
• Device and Technical Information: IP address, browser type, device type (e.g., mobile or desktop), operating system, and platform.
• Usage Data: Pages or products you view, time zone setting, the dates/times of your visits, the route by which you navigate the site (e.g., which page referred you to us), and search queries you enter on the Site.
• Cookies and Tracking: We use cookies to remember your site preferences (like language or currency), keep you logged in to your account, and track your cart items. We also use analytics tools (like Google Analytics) which set their own cookies to collect aggregate site usage data. See Section 6 below for more on cookies.
• Location Data: We do not specifically track your real-time GPS location. However, your IP address may give us a general idea of your approximate location (e.g., city or country), which we may use to display regional content or currency. If you explicitly provide location information (for instance, selecting a country on our site or providing a postal address), we will use that for order fulfillment and analytics.
• Third-Party Data: We may receive personal data about you from third-party sources in some cases. For example, if you use a social media login (such as “Log in with Facebook/Google”) to create an account, we may receive basic profile information (like your name and email) from that provider, as permitted by them. Another example: if someone purchases a gift for you from our store, they might provide your name and address for delivery, and we collect that in processing the gift order.

We will only collect personal data that is necessary for the purposes identified in this Policy, and will do so in a fair and lawful manner. Where appropriate, we will indicate whether the provision of data is voluntary or obligatory. If you choose not to provide certain information (such as not providing an address), we may not be able to fulfill an order or provide a service to you.

3. Use of Personal Data

We use the personal data we collect for the following purposes:
• To Process Orders and Deliver Products/Services: This includes using your information to process payments, arrange shipping, send order confirmations and invoices, handle returns or exchanges, and provide customer support related to your purchase.
• Account Management: If you have an account, we use your data to maintain and secure your account, including verifying your identity during login if needed, and enabling you to manage your preferences and order history.
• Provide Digital Goods/Memberships: For digital content purchases or memberships, we use your data to grant you access to the purchased content or member areas, to monitor usage (to ensure you receive what you paid for and to guard against misuse), and to communicate any updates or changes to digital services.
• Communication:
• Service/Transactional: We will send you service-related communications, such as order confirmations, shipping notifications, important updates about your order or account, and responses to your inquiries. These are not promotional in nature, and you cannot opt out of receiving such essential communications.
• Marketing: If you have opted in to our mailing list or provided consent, we may send newsletters, promotions, or product updates. You can opt out of marketing emails at any time by clicking the unsubscribe link in the email or contacting us. We do not sell your personal data to any third parties for their own marketing.
• Personalization: We may use your data and site behavior to personalize your experience on our Site. For example, remembering your language or currency preference, showing you content or products that we think may interest you based on past browsing, or suggesting related items. This could involve automated profiling (e.g., using cookies to track what categories you browse and recommending similar items).
• Analytics and Improvements: We use aggregated usage data and analytics tools to understand how our website is used, which pages or products are most popular, how users navigate through the site, and where they may encounter errors. This helps us improve the Site’s design, features, and content. These analytics may be conducted by our service providers (like Google Analytics). The data is generally aggregated and not used to identify individuals, but see Section 6 (Cookies) for how analytics cookies work and your choices.
• Fraud Prevention and Security: We may process personal data (like IP, transaction details) to detect and prevent fraud, hacking, or other misuse of our Site and services. This could include verifying payment information, using CAPTCHA or other anti-bot measures, and monitoring login attempts. If we identify potential security threats or fraudulent behavior, we may use personal data to investigate and take appropriate action (such as blocking an IP, or contacting authorities if necessary).
• Legal Compliance: We may need to use and retain personal data to comply with legal obligations. For instance, maintaining proper records for tax and accounting purposes (e.g., keeping transaction records as required by law), handling consumer rights requests, or disclosures required by Hong Kong law or other applicable laws (such as responding to law enforcement requests). Under Hong Kong’s PDPO, if we use your personal data for a new purpose not originally disclosed, we will seek your prescribed consent unless an exemption applies.
• Rights Enforcement: To enforce our Terms & Conditions or other agreements, and to protect our rights, privacy, safety, or property, as well as those of our customers or others. For example, we may use personal data in handling any customer disputes or resolving chargebacks, or to pursue or defend against legal claims.

We ensure that the use of personal data is consistent with the purpose for which it was collected (or a directly related purpose). If we need to use your data for a purpose that is materially different from what was stated at collection, we will notify you and obtain consent if required by law.

4. Cookies and Similar Technologies

What Are Cookies: Cookies are small text files stored on your device (computer, smartphone, etc.) by your web browser. They allow websites to recognize your browser and remember certain information. We use cookies and similar technologies (such as web beacons or pixels) on our Site for a variety of functions:
• Essential Cookies: These are necessary for the functioning of the Site. For example, session cookies that keep you logged in as you navigate pages, or keep items in your cart while you shop. Without these, some parts of the Site would not work properly.
• Preference Cookies: These remember your preferences, such as language, currency, or region, so we can provide a tailored experience (for example, showing product availability and shipping options relevant to your location).
• Analytics Cookies: We use third-party analytics providers (like Google Analytics) which set cookies to collect information on Site usage. This information helps us understand user behavior on our Site (e.g., which pages are visited, how long on each page, how users came to our Site). The data collected is usually in aggregate form and does not directly identify you. Google Analytics may collect your IP address, but we have configured it to anonymize IP in many cases, and we only see aggregate reports.
• Advertising Cookies: Currently, we do not host third-party ads on our Site, but if in future we participate in advertising networks (for example, retargeting ads on social media or Google), cookies may be used to track your browsing on our site and others, to serve you relevant ads. If used, we will update this Policy. At present, any such targeted advertising we do would be via third-party platforms under their own terms (for example, showing you our product ads on Facebook if you visited our site — in such a case, Facebook’s cookies or tracking would be involved).
• Social Media Plugins: Our Site might include social media features or plugins (like a Facebook “like” button or Instagram feed). These features might set cookies or use other tracking technologies to collect data, especially if you are logged in to those platforms. Interaction with those features is governed by the privacy policy of the respective platform.

Your Choices: When you first visit our Site, you may see a notice about cookies. By continuing to use our Site, you agree to our use of cookies as described here. You can control and manage cookies in various ways:
• Browser Settings: Most web browsers allow you to refuse new cookies, delete existing cookies, or notify you when new cookies are set. Please refer to your browser’s help documentation for instructions on how to do this. Note that disabling certain cookies (especially essential ones) may affect the functionality of our Site. For example, if you disable all cookies, you may not be able to add items to your cart or proceed to checkout.
• Google Analytics Opt-Out: Google provides an opt-out mechanism for analytics (a browser add-on) if you do not want to be tracked by Google Analytics across all websites.
• Do Not Track: Our Site does not respond to “Do Not Track” signals from browsers, because there is no industry standard for DNT and not all third-party services honor it. We recommend using the other methods described if you wish to limit tracking.
• Advertising Choices: For third-party advertising networks (if any were in use), you can often opt-out of targeted ads by using tools provided by the Digital Advertising Alliance or Network Advertising Initiative in the US, or the EDAA in Europe. As of now, our direct use of advertising cookies is minimal.

5. Disclosure of Personal Data

We value your privacy and do not sell your personal data to third parties. However, we do share your data with certain parties in the following circumstances, as necessary for our operations or as required by law:
• Service Providers (Processors): We employ other companies and individuals to perform functions on our behalf. For example:
• Payment Processors: (e.g., Stripe, PayPal) to handle secure payment transactions. They receive the necessary financial details to process payments.
• Shipping and Logistics Partners: (e.g., courier companies, fulfillment centers) – we provide them with your name, address, phone, and in some cases email (for delivery notifications) to deliver your orders.
• IT and Hosting Providers: Our website might be hosted on third-party servers. Our email service, cloud storage or backup services, or customer relationship management tools may also have access to data in the course of providing their services.
• Analytics Services: As mentioned, we use Google Analytics and similar tools which involve sending pseudonymized usage data to those providers for aggregation.
• Marketing Tools: If we use an email newsletter service (like MailChimp or similar), your email and name would be stored there to send you our communications (only with your consent or opt-in).
These service providers are given access only to the information necessary for them to perform their functions, and they are contractually bound to keep your information confidential and use it only for our purposes, consistent with this Policy and applicable law.
• Third-Party Platforms: If you interact with our Site via or on a third-party platform (for example, ordering through an Instagram “shop” integration, or using Apple Pay, or logging in via Google), those third parties will process your data according to their own terms. We may receive data from them (as described earlier) and share necessary data back to facilitate the integration. For instance, if you use Google login, Google might know you logged into our site; or if you use Apple Pay, we confirm to Apple that payment succeeded.
• Business Transfers: If Asia Power International Limited (Sky Rail Golf) is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of business assets, or transition of service to another provider, your information may be disclosed in connection with such a transaction. In such cases, your data may be transferred to a successor or affiliate as part of that transaction. We would ensure that any such new owner or combined entity will either continue to honor this Privacy Policy or provide notice of any changes.
• Legal Compliance and Protection: We may disclose personal data as required by law or lawful requests by public authorities (e.g., in response to a court order, subpoena, or government investigation), including to meet national security or law enforcement requirements. We may also disclose information if we believe in good faith that such action is necessary to:
• Comply with the law or legal process;
• Protect and defend our rights, property, or safety, or that of our customers or others;
• Prevent or investigate possible wrongdoing (such as fraud or hacking);
• Enforce our Terms & Conditions or other agreements;
• Respond to emergencies (for example, if we believe someone’s safety is at risk).
• With Your Consent: Apart from the cases above, if we want to share your information for other purposes, we will obtain your consent. For example, if we wanted to feature your testimonial or share your story on our website or marketing material, we’d ask for your permission.
• Aggregated or De-identified Data: We may share data that has been aggregated or anonymized in such a way that it cannot be used to identify an individual. For example, we might publish trends about usage of our Site or general information like “X% of our customers are from Europe” – such information would not personally identify you and in that sense isn’t personal data.

We maintain records of disclosures as required by PDPO and ensure that any third party we share data with upholds a standard of data protection comparable to that of the PDPO, through contractual or other means, if the data is transferred out of Hong Kong (see Section 8 on international transfers).

6. Protection of Personal Data (Security)

We understand the importance of safeguarding your personal data. We implement reasonable administrative, technical, and physical measures to protect the personal data we hold against loss, unauthorized access, use, modification, or disclosure.
• Technical Measures: We use encryption protocols where appropriate. For example, our Site is secured via HTTPS, which means data transmitted between your browser and our Site (such as login credentials, or personal details in checkout) is encrypted in transit. We also ensure that payment transactions are handled over secure channels by PCI-DSS compliant providers. Passwords stored in our system are typically hashed and not stored in plain text. We maintain up-to-date security software and firewalls to protect our servers.
• Administrative Measures: Only authorized personnel of Asia Power International Limited or our trusted service providers (who are bound by confidentiality) have access to personal data as necessary. We provide training to our staff about the importance of privacy and security. We limit access to personal data on a need-to-know basis. We have procedures to handle any suspected data breach, which include containment, assessment, reporting, and remedial actions.
• Physical Measures: Personal data in paper form (if any) or on physical media is stored in secure locations. For instance, if we maintain any hardcopy records (like shipping documents or receipts), they are kept in our Hong Kong office or secure storage with restricted access. For data centers or server facilities, we rely on reputable hosting providers that employ physical security controls (like access badges, surveillance, etc.).

However, please note that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security. You also play a role in security: it is important that you protect your account credentials and not share them. If you believe your account has been compromised, please contact us immediately.

In the unlikely event of a data breach that is likely to result in a risk of harm (such as identity theft or fraud), we will notify affected individuals and authorities as required by law. The PDPO currently does not mandate breach notification in all cases, but as a good practice, we would inform the Privacy Commissioner and affected data subjects if a significant leak of personal data occurs.

7. Retention of Personal Data

We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required or permitted by law. In determining retention periods, we consider the following criteria:
• Operational Needs: e.g., we keep your account information while your account is active and for a reasonable period thereafter in case you decide to reactivate, or for ease of future purchases (unless you request deletion).
• Transaction Records: Hong Kong’s regulations (and generally accepted accounting principles) may require us to keep records of sales, invoices, and payments for a number of years (commonly 7 years for financial records, to comply with Inland Revenue Department requirements).
• Legal and Contractual Requirements: If a law or contract requires us to keep data for a certain period (e.g., warranty periods, or to comply with consumer protection laws or handle any disputes), we will keep the data for that period.
• Statute of Limitations: We may retain data for the period in which you might legally bring claims against us (and vice versa) as needed to defend our interests (for example, if you had a negative experience, we might keep correspondence relating to it for a few years in case of any legal matter).
• Marketing: If you have consented to receive marketing communications, we will retain your contact details for that purpose until you opt out. If you unsubscribe or opt-out, we may keep your contact info on a suppression list to ensure we honor your opt-out.

When we no longer have a legitimate need or obligation to retain your personal data, we will securely delete, anonymize, or destroy it. For example, we may delete dormant customer accounts that have had no activity for a long time (after giving notice), or we may anonymize order records after a number of years. Backup copies might remain for a short period, but are also subject to secure deletion in due course.

8. International Data Transfers

Sky Rail Golf operates from Hong Kong SAR. Many of our systems and servers are located in Hong Kong. However, by the nature of online services and global customers, personal data we collect may be transferred to, stored in, or processed in a country or territory outside of Hong Kong. For example:
• Our e-commerce platform or web host might use cloud servers in other regions (e.g., data centers in the US or EU).
• Our email service or other SaaS tools might be based overseas.
• If you are located outside Hong Kong, in order to fulfill your order, your data will naturally cross borders (for example, provided to a courier in your country).

Data Protection Outside Hong Kong: The privacy laws in those jurisdictions may not be the same as Hong Kong’s PDPO and may not provide the same level of protection. Hong Kong’s PDPO includes a provision (Section 33) that is not yet in force, which would restrict cross-border data transfers unless certain conditions are met. Regardless, we aim to ensure that personal data transferred outside Hong Kong is afforded a similar level of protection as under Hong Kong law. We do this by:
• Transferring data only to jurisdictions that we believe have adequate data protection laws (for example, countries with GDPR-level protection), or
• Using contractual safeguards with the recipient, such as data processing agreements with standard data protection clauses, or
• Relying on your consent or another applicable exception under the law for such transfers.

By using our Site or submitting your information, you consent to the transfer of your personal data overseas as described here. If we transfer data, say, to the United States or European Economic Area (EEA) for processing, we will take steps to ensure that your data is treated securely in accordance with this Privacy Policy.

If you are in a jurisdiction like the EU, we will also ensure compliance with any local requirements for international transfers (for example, using EU Standard Contractual Clauses, or transferring to organizations certified under a recognized framework).

9. Your Rights and Choices

As a data subject, you have certain rights regarding your personal data. We strive to honor these rights as provided under Hong Kong’s PDPO and, where applicable, other data protection laws (like GDPR if relevant due to offering services to EU individuals, etc.). Your principal rights include:
• Right of Access: You have the right to request access to personal data we hold about you. This includes the right to receive a copy of the information, and to be informed of how we have used and disclosed it (to the extent required by law). To make an access request, please contact us (see Section 11 for contact details). We may ask you to verify your identity and specify the information you want. Under PDPO, we will respond within 40 days of receiving a valid request (or give an explanation if we need more time). A small administrative fee to cover our costs may be charged as permitted by law (though currently we do not charge for reasonable requests).
• Right of Correction: If you believe that any personal data we hold about you is incorrect or incomplete, you have the right to request correction or updating. Upon verification and where appropriate, we will correct the data and notify any third parties to whom the data was disclosed (if required). For example, if you realize your contact number was recorded incorrectly, you can ask us to fix it. Most basic profile information can also be edited directly by you if you have an online account (e.g., you can log in and change your shipping address or name in your profile).
• Right to Erasure (Right to Delete): Hong Kong’s PDPO does not explicitly grant a broad right to erasure like the EU’s GDPR “right to be forgotten”. However, you may request us to delete personal data we hold about you if you feel it’s no longer necessary for the purpose collected or if you withdraw consent (where our processing was based on consent). We will evaluate such requests – we will erase personal data that is no longer needed for legitimate purposes, provided we are not required to retain it by law or it’s not otherwise protected from erasure. In practice, if you request account deletion, we can deactivate your account and remove personal identifiers from our records. Note that certain information (like transaction records) we might need to keep for legal/accounting reasons for a set time. We will inform you of what we can delete and what we must retain. PDPO’s Section 26 requires that we not keep data longer than necessary and to erase data no longer needed, so we abide by that and will act on justified erasure requests.
• Right to Object to Direct Marketing: We will not use your personal data for direct marketing without your consent. If at any time you have given consent but then prefer not to receive marketing materials from us, you can opt out. Simply click “unsubscribe” in any marketing email, or contact us requesting to stop marketing. We will honor such requests promptly. (In PDPO terms, if we were ever to use your contact info for new direct marketing purposes, we would notify and seek consent, but our policy is opt-in to begin with.)
• Right to Withdraw Consent: Where processing of your personal data is based on your consent (for example, sending you newsletters, or certain optional data you provided), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Object or Restrict Processing: Under certain circumstances (like GDPR applies), you might have the right to object to processing of your data or ask us to restrict processing. For example, if you believe data is inaccurate or processing is unlawful. In the Hong Kong context, these are not codified rights, but we are committed to address any concerns you raise.
• Right of Data Portability: Under GDPR (if applicable), one could request a copy of personal data in a structured, commonly used format to transfer to another service. While not a PDPO right, if you need a copy of the data you provided in a specific format, we will try to accommodate reasonable requests.
• No Fee in General: Exercising your rights is generally free of charge. However, PDPO allows charging a reasonable fee for repetitive or onerous requests. We currently do not intend to charge any fee unless a request is manifestly unfounded or excessive.

To exercise any of your rights, please contact us (see Section 11). We will require verification of your identity to ensure that personal data is not disclosed to the wrong person. If you are an account holder, we may ask you to send the email from the address associated with your account or verify information relating to your transactions.

We will do our best to respond to your request within a reasonable timeframe. If we refuse a request (for example, we cannot delete data that we must legally keep), we will explain the reasons, and you have the right to challenge our decision by reaching out to the Hong Kong Privacy Commissioner or relevant authority in your jurisdiction.

10. Children’s Privacy

Our Site and services are not directed to children under the age of 13. We do not knowingly collect personal data from individuals under 13 years old (or the equivalent minimum age in the relevant jurisdiction). If you are under 13, do not use or provide any information on this Site or on or through any of its features, or make purchases, or provide any information about yourself to us.

If we become aware that we have inadvertently collected personal data from a child under 13 without proper parental consent, we will take steps to delete it. If you are a parent or guardian and believe we might have any information from or about your child, please contact us immediately so that we can delete it.

For teenagers (e.g., between 13 and 18), we advise that they only use the Site with the involvement of a parent or guardian. Some countries have higher age thresholds (for example, EU may require parental consent for under 16 in some cases for data processing) – we will adhere to those requirements as applicable. Generally, we treat all users as having consented if they use the site and are above 18 or have guardian’s consent if between 13-18 (we rely on the representation in the Terms that the user is of legal age or using with consent).

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer / Privacy Compliance Team at:

Email: skyrail@asiapowerintl.com
Telephone: +852 9793 2527
Postal Address: Asia Power International Limited (Sky Rail Golf) – Privacy Inquiry, (Address in Hong Kong SAR)

(Please use email for the quickest response. If contacting by mail, please allow time for international delivery if you are outside Hong Kong.)

We will endeavor to respond to your inquiries or requests as soon as possible and no later than the timeframe required by law (if applicable). Your feedback is important to us; if you feel we have not addressed your concerns satisfactorily, you have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong, or with any relevant data protection authority in your country.

12. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. When we update the policy, we will revise the “Last Updated” date at the top. If changes are significant, we may provide a more prominent notice (such as on our homepage or via email notification). We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

By continuing to use our Site after any changes to this Privacy Policy become effective, you accept the revised Policy. If you do not agree to the changes, you should stop using the Site and contact us if you wish to have your data removed.

By using Sky Rail Golf’s website and services, you acknowledge that you have read and understood these Terms & Conditions, the Shipping & Refund Policy, and the Privacy Policy, and you agree to be bound by them. Thank you for shopping with Sky Rail Golf – we value your business and your rights as a customer.