The Company shall fully comply with the obligations and requirements of the Ordinance. The Company's representatives, officers, management, staff shall, at all times, respect the confidentiality of and endeavor to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Company. The Company shall endeavor to ensure all collection, storage, transmission and other handling or usage of personal data by the Company shall be done in accordance with the requirements of the Ordinance. Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, the Company may provide and/or correct that data in accordance with the time and manner stipulated within the Ordinance.
The Company collects and uses your personal data for the following purposes:
The Company will destroy any personal data it may hold in accordance with its internal policy. Generally speaking, the Company's policies cover the following principles:
All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
Personal data may also be disclosed to any person or persons pursuant to any statutory or contractual obligations or as required by court of law, provided such person or persons are able to prove the required right / authority to access such information. In addition, personal data may be disclosed under any of the circumstances described in Part VIII of the Ordinance in which the concerned personal data are exempt from the provisions of Data Protection Principle 3 of the Ordinance.
At time your personal data may be transferred between our group companies in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done in compliance with the prevailing requirements of the Ordinance.
Physical records containing personal data are securely stored in locked areas and/or containers when not in use. All physical computer data are safeguarded by storing in locked cabinets. Computer data are stored within computer systems which are protected within server room with access control system. Storage media will also be placed in cabinets or server rooms. Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a "need to know" basis that is commensurate an individual's Company responsibilities and their training. Where the Company holds, uses and/or transmits the customers' personal data it will be adequately protected from accidental and/or unauthorized disclosure, change and/or destruction.
Under the Personal Data (Privacy) Ordinance, individuals have the right to:
An individual may exercise his or her right of access by:
The Company will, upon satisfying itself of the authenticity and validity of the access request, make every endeavor to comply with and respond to the request within the period set by the Ordinance (i.e. within 40 days after receiving the request). An individual may exercise their right of correction by writing to the Company's Wholesale Business Department at the address listed below, specifying the data obtained through the Data Access Request mentioned above which needs to be corrected. Satisfactory proof and/or explanation of the inaccuracy is essential before the Company would consider correcting the specified data. Upon satisfying itself of the authenticity and validity of the correction request, the Company will comply with and respond to the request as required by the Ordinance.
All enquiries regarding the Company's compliance with its obligation under the Ordinance should be in writing to:
Wholesale Business Department
Suite 905, 9/F, Ocean Centre,
5 Canton Road, Tsim Sha Tsui,
Kowloon, Hong Kong