GENERAL
This Privacy Policy Statement provides information on the obligations and policies of Asia Pacific Professional eCommerce Limited, its subsidiaries, affiliates, and associated companies (collectively, the “Company”, “we”, “us” or “our”) under the Hong Kong SAR Personal Data (Privacy) Ordinance – Cap.486 (the “Ordinance”). This Privacy Policy Statement specifically describes the Company’s obligations in respect of the data privacy laws of the Hong Kong SAR. Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements.
COMPANY POLICY
The Company shall fully comply with the obligations and requirements of the Ordinance. The Company’s representatives, officers, management, staff shall, at all times, respect the confidentiality of and endeavour to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Company. The Company shall endeavour to ensure all collection, storage, transmission and other handling or usage of personal data by the Company shall be done in accordance with the requirements of the Ordinance. Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, the Company may provide and/or correct that data in accordance with the time and manner stipulated within the Ordinance.
STATEMENT OF PRACTICES OF PERSONAL DATA COLLECTED FROM CUSTOMERS
For the purpose of carrying on the Company’s businesses, including (i) uses of the Company’s website and applications; (ii) shopping activities, including website browsing up to shipments; (iii) enquiries on products and relating shopping user journeys; (iv) promotion events; and (v) other related services, customer may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to carry out our businesses:
In addition, when you visit our websites, use our applications, or interact with our tools, widgets or plug-ins, the Company’s web servers may also collect data relating to your online session by automated means, the use of which is to provide aggregated, anonymous, statistical information so that the Company may better meet the demands and expectations of visitors to its sites, and take necessary actions in respect of any illegal or unlawful contents on any website visited through the Company’s web servers. The types of data may include, but are not limited to: the browser characteristics; operating system; IP address and/or domain name; language preferences; device characteristics; URLs; information on actions taken; and dates and times of activity.
A “cookie” is a text file that the Company’s websites send to your machine to uniquely identify your browser or to store information or settings in the browser. This information may include, but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across the Company’s web sites. You can disable cookies on your web browser, however if you do so you may not be able to access all parts of our web sites.
Telephone calls made to and from the Company’s service hotlines and/or inquiry telephone numbers will be recorded for the purposes of quality control, appraisal, as well as staff management and development. At all times, care is taken to protect such recordings from inadvertent and/or unauthorized access. Any personal data supplied by you will be retained by the Company and will be accessible by our employees and third parties (as applicable) for the purposes set out in this Privacy Policy Statement or as otherwise indicated by prior notice to you.
USE OF PERSONAL DATA
Your personal data may be used for:
ACCURACY OF PERSONAL DATA
Where possible, the Company will validate data provided using generally accepted practices and guidelines. This includes the use of check sum verification on some numeric fields such as account numbers or credit card numbers. In some instances, the data provided will be validated against preexisting data held by the Company. In some cases, as per the requirements of the Ordinance, the Company is required to see original documentation before the personal data may be used, such as with personal identifiers (as defined in the Ordinance) and/or proof of address. The Company fully complies with the “Rights of Access and Correction” obligations of the Ordinance. Please refer to the section titled “Access and Correction of Personal Data” below for details on how you can obtain and correct any personal data relating to you that the Company may hold. Please note that the accuracy of such personal data we collect, use and disclose depends to a large extent on the information you provide. You have a right to request correction of your personal data and we recommend that you let us know if there are any errors in your personal data and keep us up-to-date with changes to your personal data such as your name or address.
RETENTION OF PERSONAL DATA
The Company will destroy any personal data it may hold in accordance with its internal policy. Generally speaking, the Company’s policies cover the following principles:
DISCLOSURE OF PERSONAL DATA
All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
Personal data may also be disclosed to any person or persons pursuant to any statutory or contractual obligations or as required by court of law, provided such person or persons are able to prove the required right/authority to access such information. In addition, personal data may be disclosed under any of the circumstances described in Part VIII of the Ordinance in which the concerned personal data are exempt from the provisions of Data Protection Principle 3 of the Ordinance.
TRANSFER OF PERSONAL DATA OUTSIDE HONG KONG
At times it may be necessary for the Company to transfer certain personal data to places outside the Hong Kong SAR in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done in compliance with the prevailing requirements of the Ordinance.
SECURITY OF PERSONAL DATA
Physical records containing personal data are securely stored in locked areas and/or containers when not in use.
All physical computer data are safeguarded by storing in locked cabinets. Computer data are stored within computer systems which are protected within server room with access control system. Storage media will also be placed in cabinets or server rooms.
Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a “need to know” basis that is commensurate with an individual’s Company responsibilities and their training. Where the Company holds, uses and/or transmits the customers’ personal data it will be adequately protected from accidental and/or unauthorized disclosure, change and/or destruction.
Where the Company holds, uses and/or transmits the customers’ personal data it will be adequately protected from accidental and/or unauthorized disclosure, change and/or destruction.
LINKS TO THIRD PARTY WEBSITES
Our websites may contain links to other sites and pages which are operated by third parties. We have no control over the content of the linked websites or the way in which the operators of those websites deal with your personal data. You should review the privacy policy for those third party websites to understand the ways in which your personal data may be used by those third parties.
ACCESS AND CORRECTION OF PERSONAL DATA
Under the Ordinance, individuals have the right to:
An individual may exercise his or her right of access by:
The Company will, upon satisfying itself of the authenticity and validity of the access request, make every endeavour to comply with and respond to the request within the period set by the Ordinance (i. e. within 40 days after receiving the request).
An individual may exercise their right of correction by writing to the Company’s Information Technology Department at the address listed below, specifying the data obtained through the Data Access Request mentioned above which needs to be corrected.
Satisfactory proof and/or explanation of the inaccuracy is essential before the Company would consider correcting the specified data.
Upon satisfying itself of the authenticity and validity of the correction request, the Company will comply with and respond to the request as required by the Ordinance.
DIRECT MARKETING
In accordance with the requirements of the Ordinance, the Company will honour a customer’s request not to use his or her personal data for the purposes of direct marketing.
Upon customer’s consent, the Company may use his or her personal data (including name, contact information, and information about the products and services that he or she has purchased or subscribed to) to deliver to customer, through various communication channels by using email address, correspondence address, mobile phone number, telephone number, service number and service account number, etc., various promotion materials including the Company’s latest offers, gifts, discounts, benefits, information relating to the Company’s products and services, computer peripheral, accessories and mobile applications, personal assistance services and information services. Customer may also be provided with the latest offers on various kinds of products or services. For the avoidance of doubt, this consent can be withdrawn at any time as per this Privacy Policy without reference to the duration of the services, and will survive the termination or expiration of customer’s service contracts.
Customer can at any time send request to our Information Technology Department together with your contact details to stop receiving the promotion materials aforesaid or to start receiving the same (if customers have unsubscribed from receiving such materials before).
Any such request should clearly state the details of the personal data in respect of which the request is being made.
HANDLING OF PERSONAL DATA IN RECRUITMENT AND EMPLOYMENT
RECRUITMENT
During the recruitment process, job applicants may be required to provide sufficient personal data so that the Company may, as appropriate and/or applicable:
At a minimum, such personal data will include:
Additional information may also be required dependent on the nature of the position being applied for.
The applicant is responsible for ensuring all personal data they provide is accurate and complete. The provision of inaccurate information or the withholding of requested information may:
The personal data so provided may be transferred to persons within the Company, its associated companies, and its clients in client projects; who are involved in the assessment of the applicant’s suitability for the position applied for and/or other positions, which may be, or may become, available within the Company. The data may also be transferred to third parties, such as investigation agencies or previous employer, as are necessary to satisfy the purposes set out above.
The Company shall retain the personal data of unsuccessful applicants for future recruitment purposes for a period of not exceeding two years from the day on which the recruitment period ends.
EMPLOYMENT, INCLUDING POST EMPLOYMENT
In the course of employment by the Company, personal data of employees and their families, as appropriate, will be collected and used on an ongoing basis for various Human Resource purposes including but not limited to; administering staffing, performance management, training, career development, salary and benefits administration, communication (e.g. Company news, staff benefit offerings and promotions), medical benefits, provident fund administration, insurance, taxation, welfare and providing information in compliance with legal requirements. It will be transferred to those internal departments, intra-company, and/or to other third parties as is necessary for the purposes.
The Company retains certain personal data of employees when they cease to be employed by the Company (and such data will be retained for no longer than seven years after their cessation of employment). Such data are required for any residual employment-related activities of the former employee including, but not limited to:
THE COMPANY’S PERSONAL DATA (PRIVACY) ORDINANCE CONTACT DETAILS
All enquiries regarding the Company’s compliance with its obligations under the Ordinance should be in writing to:
Asia Pacific Professional eCommerce Limited
Address: 20/F Tower 535, 535 Jaffe Road, Causeway Bay, Hong Kong