|
Speed21
Business Network Limited
Personal Data (Privacy) Ordinance - Privacy Policy Statement
General
This policy statement provides information on the obligations and policies
of Speed21 Business Network Limited (the "Company") under the
Hong Kong SAR Personal Data (Privacy) Ordinance 1995 - Cap. 486 (the "Ordinance").
Our Corporate Policy
The Company shall fully comply with the obligations and requirements of
the Ordinance. The Company's officers, management, and members of staff
shall, at all times, respect the confidentiality of and keep safe any
and all personal data collected and/or stored and/or transmitted and/or
used for, or on behalf of, the Company.
All collection and/or storage and/or transmission and/or usage of personal
data by the Company shall be done in accordance with the obligations and
requirements of the Ordinance.
Where an individual legitimately requests access to and/or correction
of personal data relating to the individual, held by the Company, then
the Company shall provide and/or correct that data in accordance with
the times and manner stipulated within the Ordinance.
Statement of Practices
Types of Personal Data collected
For the purpose of registration and administration of the Company's telecommunications
products and services (including relevant online services), you may be
requested to provide personal data such as the following, without which
it may not be possible to satisfy your request:
¡P Your name;
¡P Service installation address, correspondence address, or billing address;
¡P Account details, including account numbers, service numbers, or user
accounts;
¡P Payment details, including credit card and banking information;
¡P Contact details, including contact name and telephone number or email
address; or
¡P Information for the verification of identity, including identification
type and identification number.
In some instances, you may also be requested to provide certain data that
may be used to better tailor the type of information presented to you.
In most cases, this type of data is optional although, where the requested
service is a highly personalised service, failure to provide the requested
data may prevent us from providing the service. This type of data includes,
but is not limited to:
¡P Your age;
¡P Gender;
¡P Salary range;
¡P Education and Profession; or
¡P Hobbies and leisure activities.
In support of our telecommunications and other services, information may
be automatically collected relating to those services so we may perform
accurate reporting and administration of your accounts such as call time,
duration, origin, and destination.
The Company's web servers may also collect data relating to your online
session, the use of which is to provide aggregated, anonymous, statistical
information on the server's usage so that we may better meet the demands
and expectations of visitors to our sites. This type of data includes:
¡P The browser type and version;
¡P Operating system; or
¡P The IP address and/or domain name.
Certain web sites may place a "cookie" on your machine in order
to provide personalised services and/or maintain your identity across
multiple pages within a single session.
Accuracy of Personal
Data
Where possible, we will validate data provided using generally accepted
practices and guidelines. This includes the use of check sum verification
on some numeric fields such as account numbers or credit card numbers.
In some instances, we are able to validate the data provided against pre-existing
data held by the Company. In some cases, as per the requirements of the
Ordinance, the Company is required to see original documentation before
we may use the personal data such as with Personal Identifiers and/or
proof of address.
Although we do not currently provide online access to and correction of
personal data held by the Company, we fully comply with the "Rights
of Access and Correction" obligations of the Ordinance. Please refer
to the section titled "Personal Data Access and Correction"
below for details on how you can obtain and correct any personal data
relating to you that we may hold.
Retention of Personal Data
The Company will destroy any personal data it may hold in accordance with
our internal retention policy. This policy is that:
a. personal data will only be retained for as long as is necessary to
fulfil the original or directly related purpose for which it was collected;
unless
b. the personal data is retained to satisfy any applicable statutory or
contractual obligations.
Disclosure of Personal Data
All personal data held by the Company will be kept confidential but the
Company may, where such disclosure is necessary to satisfy the purpose,
or a directly related purpose, for which the data was collected provide
such information to the following parties:-
a. any subsidiaries, holding companies, associated companies or affiliates
of or companies controlled by or under common control with the Company;
b. any other person or company who is under a duty of confidentiality
to the Company who has undertaken to keep such information confidential;
and
c. any financial institutions, charge or credit card issuing companies,
credit information or reference bureaux, or collection agencies necessary
to establish and support the payment of any services being requested.
Personal data may also be disclosed to any person or persons that have
a right under the Ordinance to gain access to such information provided
they are able to prove their authority to access such information. For
example, if the Company were served with a court order demanding certain
customer information then the Company would disclose the information to
the duly appointed officer of the court.
Security of Personal Data
Physical records containing personal data are securely stored in locked
containers when not in use.
Computer data are stored on computer systems and storage media located
within restricted areas.
Access to records and data without appropriate management authorisation
are strictly prohibited. Authorisations are granted only on a "need
to know" basis that is commensurate with an individual's responsibilities
and training.
The records of the Company are under the control of assigned information
officers who are responsible to ensure the transfer of or access to information
is legitimate and complies with the Ordinance.
Proper audit trails are produced to validate any data modification for
data integrity.
There is a violation logging process for investigation of any unauthorised
attempt to access information.
Encryption technology, such as SSL, is employed for the transmission of
sensitive data collected online.
Direct Marketing
In accordance with the requirements of the Ordinance, the Company will
honor an individual's request not to use his or her personal data for
the purposes of direct marketing. Should you wish not to receive direct
marketing material from the Company, please write to the Speed21 Privacy
Compliance Officer at the address listed below.
Any such request should clearly state details of the personal data in
respect of which the request is being made. Specifically, we request that
you include the corresponding Company assigned account numbers which are
printed on the Company's statements/invoices. Please also state clearly
the authority under which you are authorized to make such a request.
Unless otherwise instructed as per the above, the Company may use any
of the data collected in the normal course of its business for marketing
purposes.
Company Personal Data (Privacy) Ordinance Contact Details
All enquiries should be in writing to:
Chief Operating Officer
Speed21 Business Network Ltd
Unit 2206, 22/F., Stelux House, 698 Prince Edward Road East,
San Po Kong, Kowloon, Hong Kong
Hong Kong
Copyright 2001 Speed21
Business Network Limited.
|