Fill 1Fill 1Fill 1Page 1



This Privacy Policy sets out the approach which Brightstar (as defined in the Glossary below) (or “we” or “our” or “us”) and its associated companies will take in relation to the treatment of your personal data. It includes information on how Brightstar collects, uses, discloses and keeps secure, your personal data. It also covers how Brightstar makes the personal data it holds available to you for access, and correction by you in the event that such information is inaccurate or incomplete.

Brightstar may collect the following types of personal data: the customer’s name, email address, mail address, user name and password and any faxes or mail sent to us and the IMEI numbers of any mobile device used in any Transaction with Brightstar, and other information that clients (or you) may provide in their course of communication with Brightstar. Please note that if you do not provide the mandatory personal data as indicated by Brightstar, then Brightstar will not be able to process your application, and you will not be able to use Brightstar’s services.

Personal data can sometimes include identification information to comply with relevant second hand trading legislation and your rights or title to sell goods to Brightstar in addition to financial information pertaining to the financial processing of a transaction.

We may also use 'cookies' which will collect information about you such as your IP address and how you have used our website - this is discussed further below (see 1.6 below).

This policy has been drafted having regard to Brightstar's obligations under Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486) as updated from time to time (the “PDPO”).

Contacting Brightstar

If you require further information regarding Brightstar's Privacy Policy or how we collect, use or disclose your personal data, you can contact our Privacy Officer on:

  • Phone: +852 2980 8049
  • Email:
  • Website:
  • Address: Unit A & B, 16/F Gemstar Tower 23 Man Lok Street, Hong Kong, Kowloon
  • Attention: Brightstar Privacy Officer

Note that terms that are capitalised (the first letter of each word is a capital) are defined in the Glossary at the end of this Policy.

The information collected by us by using a cookie is sometimes called “clickstream”. We use this information to understand how our users navigate our websites (collectively or individually the “Site”), and to determine common traffic patterns, including what website the user came from. We may use this information to make website navigation and product recommendations, and to help redesign our Site in order to make your experience on our Site more efficient and enjoyable.

We may also use this information to better personalize the content, banner ads, and promotions that you and other users will see on the Site.

You also have choices with respect to cookies. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject all cookies you will be unable to use those services or engage in activities that require the placement of cookies. Certain aspects of the Site may not function properly if you set your browser to reject all cookies.

  1. The Purposes For Which We Collect, Use And Disclose Your Personal Data
    1. Brightstar will only collect personal data (see glossary for the full definition) where the information is necessary for Brightstar to perform one or more of the functions, Purposes or activities set out in this Privacy Policy or in the particular consent we may ask you to give when your personal data is collected. In this context, "collect" and "collected" means gather, acquire or obtain personal data. In some instances, we may collect or be provided with, your personal data from or through a third party. This Privacy Policy will still apply to your personal data as a minimum but in some instances, your personal data will be governed by the consent you gave to that third party and the third party's privacy policy depending on whether or not we are obligated to treat your personal data in accordance with the third party's privacy policy or not (see below). In any case, our collection, use or disclosure of your personal data by us will be in compliance with the PDPO.
    2. Brightstar will/may collect, use, disclose and/or process your personal data for one or more of the following purposes:
      1. administering, processing and/or dealing with any Transactions between you and Brightstar and/or any of its associated companies. This includes but is not limited to identity verification during device collection and/or return where personal data such as your name, address, contact number, email, IMEI, may be processed by us;
      2. administering, facilitating, processing and/or dealing in any matters relating to your use of the the Site, or any Transactions or activities carried out by you on or through the Site;
      3. monitoring, processing and/or tracking your use of the Site in order to provide you with a seamless experience, facilitating or administering your use of the Site, and/or to assist us in improving your experience in using the Site;
      4. carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
      5. contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your use of the Site or any Transactions you have with us. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;
      6. carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations applicable to us (whether Hong Kong or foreign), the requirements or guidelines of governmental authorities which we determine are applicable to us (whether Hong Kong or foreign), and/or our risk management procedures that may be required by law (whether Hong Kong or foreign) or that may have been put in place by us;
      7. to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflict of interests; or dealing with and/or investigating complaints;
      8. creating reports with respect to our Transactions with you, and/or producing statistics and research of such Transactions for internal and/or statutory reporting and/or record-keeping requirements;
      9. complying with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or our associated companies, including meeting the requirements to make disclosure under the requirements of any law binding on us or our associated companies, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Hong Kong or elsewhere), with which we or our associated companies are expected to comply;
      10. complying with or as required by any request or direction of any governmental authority (whether Hong Kong or foreign) which we are expected to comply with; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (including but not limited to the Monetary Authority of Hong Kong, the Hong Kong Police Force). For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their request or direction;
      11. conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our products or services, and/or to enhance any continued interaction between yourself and us connected to or in relation to the Site;
      12. storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Hong Kong;
      13. facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of Brightstar and/or its associated companies;
      14. for direct marketing, if you have separately indicated that you consent to such purpose. If so, we may/will send you by email, postal mail or other modes of communication marketing and promotional information and materials relating to telecommunications related products and/or services (including telecommunications related products and/or services of third party merchants whom Brightstar or its associated companies may collaborate or tie up with) that Brightstar or its associated companies may be selling, marketing or promoting, whether such auction and/or telecommunications related products or services exist now or are created in the future. In the case of the sending of marketing and promotional information and materials to you by voice call, SMS/MMS or fax to your Hong Kong telephone number, we will not do so unless we have complied with the requirements of the PDPO in relation to use of the latter modes of communication to send you such marketing information or materials or where you have expressly consented to such mode of communication,
      (the purposes set out above shall be collectively referred to as the “Purposes”).
    3. Brightstar may/will need to disclose your personal data to third parties, whether located within or outside Hong Kong, for one or more of the above Purposes, as such third parties, would be processing your personal data for one or more of the above Purposes. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to disclose your personal data to such third parties (whether located within or outside Hong Kong) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your personal data for one or more of the above Purposes. Without limiting the generality of the foregoing or of paragraph 1.2, such third parties include:
      1. our associated or affiliated organisations or associated companies (including, but not limited to, Brightstar Logistics Pty Ltd in Australia and Brightstar Distribution Sdn Bhd in Malaysia which provide information technology support, data centre, and related services;
      2. any of our agents, contractors or third party service providers that process or will be processing your personal data on our behalf including but not limited to those which provide administrative or other related services to us such as mailing houses, telecommunication companies, information technology companies and data centres; and
      3. third parties to whom disclosure by Brightstar is for one or more of the Purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purposes.
      4. third party providers of telecommunications products and/or services, which such third parties may use your personal data for direct marketing purposes as set out in the Purposes (subject to your consent).
    4. Your consent pursuant to this Policy is additional to and does not supercede any other consents that you had provided to Brightstar with regard to processing of your personal data.
    5. Brightstar will not use personal data without taking reasonable steps to ensure that the information is accurate, complete and up to date.
    6. When you come to a Brightstar website, our server attaches a small text file to your hard drive — a cookie. A “cookie” assigns you a unique identifier so that we can recognise you each time you re-enter the website, so we can recall where you’ve previously been on our site, and which keeps track of the pages you view on the website. Cookies help us deliver a better website experience to our users.
    7. As mentioned above, we also use service providers to help us maximise the quality and efficiency of our services and our business operations. This means individuals and organisations outside of Brightstar, such as mail houses, information technology service providers, website hosts and back-up service providers, will sometimes have access to personal data held by Brightstar and may use it on behalf of Brightstar. We ensure that our contracts with our service providers require them to adhere to strict privacy guidelines and to only process your personal data for one or more of the Purposes we have authorised.
  2. Request to Withdraw Consent
    1. You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control (including, but not limited to, in relation to our use of your personal data to send you direct marketing) at any time by submitting your request to our Privacy Officer at the contact details set out at the start of this Privacy Policy.
    2. We will process your request within a reasonable time from such a request for withdrawal of consent being made.
    3. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us (except where such withdrawal of consent is in relation to receiving direct marketing).
  3. Data security
    1. Brightstar will review, on an ongoing basis, its collection and storage practices to ascertain how improvements to security and protection of personal data can be achieved.
    2. Your personal data is protected when it comes into our possession regardless of whether it is in electronic or hard copy format, in accordance with the PDPO and industry accepted security standards which are implemented and updated in accordance with the manufacturer's or licensor's recommendations. This includes physical security at our premises and storage electronically on a server which is situated in protected and controlled facilities. Certain information you provide such as financial information, bank account or credit card information, is encrypted via SSL and remains securely encrypted while in Brightstar’s possession, until the moment when it is used to make payment and is then re-encrypted and held securely until it is no longer required for internal or regulatory purposes when it will be destroyed.
    3. You should note that, except in the case of personal data entered via SSL, personal data you transmit across public internet or other facilities may not be secure and Brightstar will not be responsible for or liable for any loss you suffer during transmission. Once the personal data you have transmitted to us has passed through our firewall or otherwise into our control, it is then our responsibility to ensure that it is treated in the manner required under this Privacy Policy. If we transfer your personal data to another entity, we will only do so in accordance with this Privacy Policy and in a manner that is secure as between Brightstar and that other entity.
    4. Brightstar will, to the extent technically practicable, destroy or de-identify personal data once the purposes for which that personal data was collected is/are no longer relevant and retention is no longer necessary for legal or business purposes, unless the law requires otherwise.
    5. Brightstar will only allow our employees and contractors access to your personal data in order to perform their duties and obligations and we will take all reasonable steps to ensure that those employees and contractors handle your personal data in a manner that is consistent with this Privacy Policy and Brightstar's legal responsibilities in relation to privacy.
    6. You should note that whilst our website may link to other websites, those other websites are not under our control and we are not responsible for the conduct of the operator of those websites including how they handle and protect your personal data. Before accessing those websites, we recommend you review the terms and conditions of or access to such websites including the relevant privacy policy or provisions.
  4. Complaints or questions
    1. Individuals wishing to make an inquiry or complaint regarding privacy should do so by contacting the Brightstar Privacy Officer, whose contact details appear at the beginning of this document. If you make a complaint or if we become aware of any concern or problems concerning our privacy practices, we will contact you about the issue, investigate the issue, and take all reasonable steps to work with you to resolve that issue.
    2. Brightstar websites will contain a prominently displayed privacy statement and will include a copy of this Brightstar Privacy Policy.
  5. Access and correction
    1. You have the right to access and correct records containing your personal data in accordance with the PDPO. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. Any request for such personal data should be through the Brightstar Privacy Officer whose contact details are set out at the beginning of this Privacy Policy.
    2. A reasonable fee may be charged for providing access however we will advise you of the likely cost in advance and will aim to supply the information within 30 days or such timeline prescribed by the PDPO. Note that the PDPO exempts certain types of personal data from being subject to your access request.
    3. If your personal data is inaccurate, out of date, incomplete, irrelevant or misleading, you may contact us by e-mail and we will correct our records containing your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPO exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request.
  6. Client Information
    1. Brightstar may from time to time have lawful access to personal data belonging to customers of one of its clients.
    2. Notwithstanding anything else in this policy, Brightstar shall deal with such personal data in accordance with the privacy policy of the relevant client (“Client Privacy Policy”) and to the extent that there is any inconsistency between the Client Privacy Policy and this policy the Client Privacy Policy shall prevail.
    3. Brightstar acknowledges that to the extent that Brightstar is aware that any Client Privacy Policy is inconsistent with the PDPO that it will seek to address such inconsistency with the client immediately and if such inconsistency is not addressed in a timely manner Brightstar shall cease to have access to the relevant personal data for that particular client.
  7. Transferring information overseas
    1. Brightstar will take reasonable steps to limit the amount of personal data it sends to unrelated parties overseas but may need to disclose your personal data outside of Hong Kong to our associated companies and to third party service providers as noted in 1.3 above.
    2. If personal data must be sent by Brightstar outside of Hong Kong, Brightstar will require the overseas organisation receiving the information to provide a binding obligation that it will handle that information in accordance with the PDPO and this Privacy Policy, including as part of a services contract.
    1. As part of our efforts to ensure that we properly manage, protect and process your personal data, we will/may be reviewing our policies, procedures and processes from time to time.
    2. We reserve the right to amend the terms of this Privacy Policy at our absolute discretion. Any amended Privacy Policy will be posted on our website and can be viewed at
    3. You are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
  9. General
    1. Nothing in this Privacy Policy shall limit your rights under the PDPO. This Privacy Policy shall be governed by, and construed in accordance with, the laws of the Hong Kong Special Administrative Region, and the parties hereto irrevocably submit to the non-exclusive jurisdiction of the Hong Kong courts.
    2. This Privacy Policy may be provided in both English and Chinese. In the event of any inconsistency between the English version and the Chinese version of this Privacy Policy, the English version shall prevail.
  10. Glossary

Associated company has the meaning ascribed to it in Section 2 of the Companies Ordinance, Chapter 622 of Hong Kong (and “associated companies” shall be construed accordingly), i.e. in relation to a body corporate: (a) a subsidiary of the body corporate; (b) a holding company of the body corporate; or (c) a subsidiary of such a holding company.

Brightstar means Brightstar Asia Limited

Personal Data ” or “personal data ” means any data (a) relating directly or indirectly to a living individual; (b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and (c) in a form in which access to or processing of the data is practicable.

Transactions means Brightstar’s buyback and trade-in program for mobile or electronic devices including Samsung products, and/or any other transactions that Brightstar may permit on the Site whether now or in the future.