This policy statement provides information on the obligations and policies of Inter-Pacific Holding Limited (the “Company”), under the Hong Kong SAR Personal Data (Privacy) Ordinance – Cap.486 (the “Ordinance”).
This policy specifically addresses the Company‘s obligations in respect of the data privacy laws of the Hong Kong SAR which is one of the most developed data protection regimes worldwide.
The Company believes the principles embedded in the Ordinance offer no less protection in personal data privacy than those in other jurisdictions. As such, the Company undertakes to apply, where practicable, those principles and the processes set out herein to its operations globally.
Where the Company’s operations are subject to privacy legislation other than that of Hong Kong SAR, then this policy shall be applied so far as practicable and consistent with such local legislation
Throughout this policy, the meaning of the term “personal data” is as defined in the Ordinance.
COMPANY CORPORATE POLICY
The Company shall fully comply with the obligations and requirements of the Ordinance. The Company‘s officers, management, and members of staff shall, at all times, respect the confidentiality of and endeavour to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Company.
The Company shall endeavour to ensure all collection, storage, transmission and other handling or usage of personal data by the Company shall be done in accordance with the obligations and requirements of the Ordinance. Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, then the Company shall provide and/or correct that data in accordance with the time and manner stipulated within the Ordinance.
STATEMENT OF PRACTICES
TYPES OF PERSONAL DATA COLLECTED
INFORMATION YOU PROVIDE
For the purpose of carrying on the Company’s businesses, including sales, provision, registration and administration of the Company’s products and services (including relevant online services), you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:
(a) your name;
(b) correspondence address, and/or billing address;
(c) account details, including account numbers, service numbers, or user accounts;
(d) payment details, including credit card and banking information;
(e) contact details, including contact name and telephone number or email address; or
(f) information for the verification of identity, including identification type and identification number.
In some instances, you may also be requested to provide certain data that may be used to further improve the Company’s products and services and/or better tailor the type of information presented to you. In most cases, this type of data is optional although, where the requested service is a personalized service, or provision of a product is dependent on your providing all requested data, failure to provide the requested data may prevent the Company from providing the service to you. This type of data includes, but is not limited to:
(a) your age;
(c) salary range and employment details;
(d) education and profession;
(e) hobbies and leisure activities;
(f) other related products and services subscribed to; and
(g) family and household demographics.
INFORMATION COLLECTED AUTOMATICALLY
The Company’s web servers may also collect data relating to your online session, the use of which is to provide aggregated, anonymous, statistical information on the server‘s usage so that the Company may better meet the demands and expectations of visitors to its sites. This type of data may include, but is not limited to:
(a) the browser type and version;
(b) operating system;
(c) the IP address and/or domain name;
(d) data about your device’s location.
Some of the Company‘s web sites may place a “cookie” on your device; for example to provide personalized services and/or maintain your identity across multiple pages within or across one or more sessions. This information may include but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across the Company’s websites.
INFORMATION FROM OTHER SOURCES
- Data brokers from which we purchase demographic data to supplement the data we collect.
- Social networks when you reference our Service or grant permission to the Company to access your data on one or more of these services.
- Financing providers with which we offer financing for purchases, and financial services providers used for processing payments.
- Partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
- Advertising and marketing partners.
- Publicly available sources such as open government databases or other data in the public domain.
USE OF PERSONAL DATA
Your personal data may be used for:
(a) verifying your identity;
(b) provision of goods and services to you;
(c) matching (as defined in the Ordinance) your personal data with other data collected for other purposes and from other sources including third parties in relation to the provision of goods and services to you;
(d) marketing and advertising of any goods and/or services to you by the Company, related companies, agents, contractors and third-party suppliers;
(e) business planning and improving goods and/or services for supply to you, by the Company, related companies, agents, contractors and third-party suppliers;
(f) processing of any benefits in connection with the supply of goods and services to you;
(g) analysing, verifying and/or checking of your credit, payment and/or status in relation to supply of goods and services to you;
(h) processing of any payment instructions, direct debit facilities and/or credit facilities in relation to the supply of goods and services to you;
(i) enabling the daily operation of your account and/or the collection of amounts outstanding in your account with the Company including the use of debt collection agents;
(j) enabling the Company to comply with any obligations to interconnect, with other industry practices, or with obligations to third parties or government agencies in relation to the supply of goods and services to you;
(k) keeping you informed about goods and services supplied to you and other goods and services made available by the Company;
(l) prevention or detection of crime;
(m) disclosure as permitted or required by law; and
(n) any other purposes as may be agreed to between you and the Company, including the purposes set out in any application or terms and conditions for the supply of specific goods and services.
ACCURACY OF PERSONAL DATA
Where possible, the Company will validate data provided using generally accepted practices and guidelines. This includes the use of checksum verification on some numeric fields such as account numbers or credit card numbers. In some instances, the data provided will be validated against preexisting data held by the Company. In some cases, as per the requirements of the Ordinance, the Company is required to see original documentation before the personal data may be used, such as with Personal Identifiers and/or proof of address.
The Company fully complies with the “Rights of Access and Correction” obligations of the Ordinance. Please refer to the section titled “Access and Correction of Personal Data” below for details on how you can obtain and correct any personal data relating to you that the Company may hold.
RETENTION OF PERSONAL DATA
The Company will destroy any personal data it may hold in accordance with its internal policy. Generally speaking, the Company’s policies cover the following principles:
(a) personal data will only be retained for as long as is necessary to fulfil the original or directly related purpose for which it was collected unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and
(b) personal data are purged from the Company’s electronic, manual, and other filing systems in accordance with specific schedules based on the above criteria and the Company‘s internal procedures.
DISCLOSURE OF PERSONAL DATA
All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
(a) any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with the Company;
(b) any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose or a directly related purpose for which the data was provided;
(c) any other person or company who is under a duty of confidentiality to the Company and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information;
(d) the Company’s dealers, agents (such as couriers), contractors, suppliers, co-branding partners and other telecommunication, information service providers and content providers; its professional advisers, including its accountants, auditors and lawyers;
(e) government and regulatory authorities and law enforcement agencies and other organizations, as required or authorized by law; and
(f) any financial institutions, charge or credit card issuing companies, credit information or reference bureaux, or collection agencies, necessary to establish and support the payment of any services being requested.
Personal data may also be disclosed to any person or persons pursuant to any statutory or contractual obligations or as required by court of law, provided such person or persons are able to prove the required right/authority to access such information. In addition, personal data may be disclosed under any of the circumstances described in Part VIII of the Ordinance in which the concerned personal data are exempt from the provisions of Data Protection Principle 3 of the Ordinance.
TRANSFER OF PERSONAL DATA OUTSIDE OF HONG KONG
At times it may be necessary and/or prudent for the Company to transfer certain personal data to places outside of the Hong Kong SAR in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done in compliance with the requirements of the Ordinance.
SECURITY OF PERSONAL DATA
Physical records containing personal data are securely stored in locked areas and/or containers when not in use. Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas.
Access to records and data without appropriate management authorization are strictly prohibited.
Authorizations are granted only on a “need to know” basis that is commensurate with an individual’s Company responsibilities and their training.
Where the Company holds, uses and/or transmits the Customers’ personal data it will be adequately protected from accidental and/or unauthorized disclosure, change and/or destruction.
ACCESS AND CORRECTION OF PERSONAL DATA
Under the terms of the Ordinance, individuals have the right to:
(a) ascertain whether the Company holds any personal data relating to them and if so, obtain copies of such data (“right of access”);
(b) require the Company to correct personal data in its possession which is inaccurate for the purpose for which it is being used by means of a data access request (right of correction); and
(c) ascertain the Company‘s policies and practices in relation to personal data, which are
those policies and practices set out in their entirety herein.
ADDITIONAL DISCLOSURES FOR DATA SUBJECTS IN EUROPE
EU data protection law makes a distinction between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). The Company, located at Room 801, Decca Industrial Centre, 21 Cheung Lee Street, Chai Wan, Hong Kong, is the controller with respect to information you provide through the Service.
EU data protection law requires a “lawful basis” for processing personal data. Our lawful bases include where (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers or partners; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or another party, and your interests and fundamental rights and freedoms do not override those interests.
DATA SUBJECT RIGHTS
If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you through the Service. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the Service. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do base on the consent you have provided to us.
To exercise any of these rights, contact us as set forth in the section entitled “Contact Us” above and specify which right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfil the purposes for which it was collected and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
If you have any issues with our compliance, you have the right to lodge a complaint with a European supervisory authority.
In accordance with the requirements of the Ordinance, the Company will honour a customer’s request not to use his or her personal data for the purposes of direct marketing. Should you wish not to receive direct marketing material from the Company, please write to us. Any such request should clearly state details of the personal data in respect of which the request is being made.
YOUR ACCEPTANCE OF THESE TERMS
By using this Site, you signify your acceptance of this policy and terms and conditions. If you do not agree to this Policy, please do not use our Site. Your continued use of the Site following the posting of changes to this Policy will be deemed your acceptance of those changes.