The Company shall fully comply with the obligations and requirements of the Ordinance. The Company’s representatives, officers, management, staff shall, at all times, respect the confidentiality of and endeavor to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Company. The Company shall endeavor to ensure all collection, storage, transmission and other handling or usage of personal data by the Company shall be done in accordance with the requirements of the Ordinance. Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, the Company may provide and/or correct that data in accordance with the time and manner stipulated within the Ordinance.
Use of Personal Data
The Company collects and uses your personal data for the following purposes:
- to verify your identity;
- to establish and manage your account;
- to provide products and services you request;
- to provide customer support and respond to and communicate with you about your requests, questions and comments;
- to communicate about, and administer your participation in, special events, programs, surveys, and other offers or promotions;
- to match (as defined in the Ordinance) your personal data with other data collected for other purposes and from other sources including third parties in relation to the provision of goods, services to you;
- to support activities such as marketing and advertising of any goods, services to you by the Company, related companies, agents, contractors and third party suppliers upon your consent in accordance with the prevailing requirements in the Ordinance;
- to formulate business planning and improve goods, services supply to you, by the Company, related companies, agents, contractors and third party suppliers, which may be performed by various means including without limitation research, analyses and/or surveys;
- to analyze, verify, enforce contractual rights, and/or checking your credit, payment and/or status in relation to supply of goods and services to you;
- to enable the daily operation of your account and/or the collection of amounts outstanding in your account with the Company including the use of debt collection agents;
- to maintain and develop our business systems and infrastructure, including testing and upgrading of these systems;
- to keep you informed about goods and services supplied to you and other goods and services made available by the Company;
- to prevent, detect and investigate any crime; and/or
- to serve any other purposes as may be agreed to between you and the Company.
Retention of Personal Data
The Company will destroy any personal data it may hold in accordance with its internal policy. Generally speaking, the Company’s policies cover the following principles:
- Personal data will only be retained for as long as is necessary to fulfil the original or directly related purposes for which it was collected, unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and
- Personal / business data are safeguarded by either accounts authentication and passwords or access rights permission to avoid unauthorized access of personal data. For digital records or physical copies containing non-recurring / non-current personal data not required by audit requirement, the Company will purge / destroy them after use.
Disclosure of Personal Data
All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
- Any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with the Company;
- Any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose or a directly related purpose for which the data was provided;
- Any other person or company who is under a duty of confidentiality to the Company and has undertaken to keep such information confidential, provided such person or company has legitimate right to such information;
- The Company’s dealers, agents, contractors, suppliers, its professional advisers, including its accountants, auditors and lawyers;
- Government and regulatory authorities and law enforcement agencies and other organizations, as required or authorized by law;
- Any financial institutions, charge or credit card issuing companies, credit providers, credit information or reference bureau, or collection agencies, security agencies, necessary to establish and support the payment of any services being requested;
- Your authorized representatives or your legal advisers when requested by you to do so;
- Any proposed or actual participant, assignee or transferee of all or any part of the Company’s operation or business.
Personal data may also be disclosed to any person or persons pursuant to any statutory or contractual obligations or as required by court of law, provided such person or persons are able to prove the required right / authority to access such information. In addition, personal data may be disclosed under any of the circumstances described in Part VIII of the Ordinance in which the concerned personal data are exempt from the provisions of Data Protection Principle 3 of the Ordinance.
Transfer of Personal Data
At time your personal data may be transferred between our group companies in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done in compliance with the prevailing requirements of the Ordinance.
Security of Personal Data
Physical records containing personal data are securely stored in locked areas and/or containers when not in use. All physical computer data are safeguarded by storing in locked cabinets. Computer data are stored within computer systems which are protected within server room with access control system. Storage media will also be placed in cabinets or server rooms. Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a “need to know” basis that is commensurate an individual’s Company responsibilities and their training. Where the Company holds, uses and/or transmits the customers’ personal data it will be adequately protected from accidental and/or unauthorized disclosure, change and/or destruction.
Links to Third Party Websites
Access and Correction of Personal Data
Under the Personal Data (Privacy) Ordinance, individuals have the right to:
- ascertain whether the Company holds any personal data relating to them and, if so, obtain copies of such data (“right of access);
- require the Company to correct personal data in its possession which is inaccurate for the purpose for which it is being used by means of a data access request (“right of correction”); and
- ascertain the Company’s policies and practices in relation to personal data, which are those policies and practices set out in their entirety herein.
An individual may exercise his or her right of access by:
- completing the Data Access Request Form as prescribed by the Privacy Commissioner for Personal Data or the “Personal Data (Privacy) Ordinance – Data Access Request Form”;
- sending the completed form, along with appropriate proof of identity (a copy of the applicant’s Hong Kong Identity Card or Passport) and the fee of HKD 100 to the Company’s Wholesale Business Department at the address listed below;
- alternatively, if you do not wish to provide a copy of your proof of identity, you may present the completed form in person, along with appropriate identification, at the Company’s office.
The Company will, upon satisfying itself of the authenticity and validity of the access request, make every endeavor to comply with and respond to the request within the period set by the Ordinance (i.e. within 40 days after receiving the request). An individual may exercise their right of correction by writing to the Company’s Wholesale Business Department at the address listed below, specifying the data obtained through the Data Access Request mentioned above which needs to be corrected. Satisfactory proof and/or explanation of the inaccuracy is essential before the Company would consider correcting the specified data. Upon satisfying itself of the authenticity and validity of the correction request, the Company will comply with and respond to the request as required by the Ordinance.
Company’s Contact Details
All enquiries regarding the Company’s compliance with its obligation under the Ordinance should be in writing to:
Wholesale Business Department
Suite 905, 9/F, Ocean Centre,
5 Canton Road, Tsim Sha Tsui,
Kowloon, Hong Kong