 |
| PERSONAL DATA (PRIVACY) ORDINANCE
- PRIVACY POLICY STATEMENT |
|
| GENERAL |
|
This policy statement provides information
on the obligations and policies of VICTON REGISTRATIONS
LIMITED , its subsidiaries, affiliates, and associated
companies (the "Company") under the
Hong Kong SAR Personal Data (Privacy) Ordinance
1995 - Cap.486 (the "Ordinance").
Although this policy specifically addresses the
Company's obligations in respect of the laws of
the Hong Kong SAR, the Company believes the principles
embedded in the Ordinance are equal to any in
the world in respect of the protections they provide
to an individual. As such, the Company undertakes
to apply, where practicable, those principles
and the processes set out herein to its operations
globally.
Where the Company's operations are subject to
privacy legislation other than that of Hong Kong
SAR, then this policy shall be applied so far
as practicable and consistent with such local
legislation. For further details on the Company's
compliance with the Ordinance and any other privacy
legislation, please contact the Company's Privacy
Compliance Officer at the address listed below.
Throughout this policy, our use of the term "personal
data" has the meaning ascribed to it by the
Ordinance. |
|
| OUR CORPORATE POLICY |
|
The Company shall fully comply with the obligations
and requirements of the Ordinance. The Company's
officers, management, and members of staff shall,
at all times, respect the confidentiality of and
endeavor to keep safe any and all personal data
collected and/or stored and/or transmitted and/or
used for, or on behalf of, the Company.
The Company shall endeavor to ensure all collection
and/or storage and/or transmission and/or usage
of personal data by the Company shall be done
in accordance with the obligations and requirements
of the Ordinance.
Where an individual legitimately requests access
to and/or correction of personal data relating
to the individual, held by the Company, then the
Company shall provide and/or correct that data
in accordance with the times and manner stipulated
within the Ordinance. |
|
| ACCURACY OF PERSONAL DATA |
|
Where possible, we will validate data provided
using generally accepted practices and guidelines.
This includes the use of check sum verification
on some numeric fields such as account numbers
or credit card numbers. In some instances, we
are able to validate the data provided against
pre-existing data held by the Company. In some
cases, as per the requirements of the Ordinance,
the Company is required to see original documentation
before we may use the personal data such as with
Personal Identifiers and/or proof of address.
Although we do not currently provide online access
to and correction of personal data held by the
Company, we fully comply with the "Rights
of Access and Correction" obligations of
the Ordinance. Please refer to the section titled
"Access and Correction of Personal Data "
below for details on how you can obtain and correct
any personal data relating to you that we may
hold. |
|
| RETENTION OF PERSONAL DATA |
|
The Company will destroy any personal data
it may hold in accordance with our internal retention
policy. The policy states that:
| (a) |
Personal data will only be retained for
as long as is necessary to fulfil the original
or directly related purpose for which it was
collected, unless the personal data is also
retained to satisfy any applicable statutory
or contractual obligations; and |
| |
|
| (b) |
Personal data are purged from the Company's
electronic, manual, and other filing systems
in accordance with specific schedules based
on the above criteria and the Company's internal
procedures. |
|
|
| DISCLOSURE OF PERSONAL DATA |
|
All personal data held by the Company will
be kept confidential but the Company may, where
such disclosure is necessary to satisfy the purpose,
or a directly related purpose, for which the data
was collected provide such information to the
following parties:
| (a) |
Any subsidiaries, holding companies, associated
companies, or affiliates of, or companies
controlled by, or under common control with
the Company; |
| |
|
| (b) |
Any person or company who is acting for
or on behalf of the Company, or jointly with
the Company, in respect of the purpose or
a directly related purpose for which the data
was provided; |
| |
|
| (c) |
Any other person or company who is under
a duty of confidentiality to the Company and
has undertaken to keep such information confidential,
provided such person or company has a legitimate
right to such information; and |
| |
|
| (d) |
Any financial institutions, charge or credit
card issuing companies, credit information
or reference bureaux, or collection agencies
necessary to establish and support the payment
of any services being requested. |
Personal data may also be disclosed to any person
or persons that have a right under the Ordinance
to gain access to such information provided they
are able to prove their authority to access such
information. For example, if the Company were
served with a court order demanding certain customer
information then the Company would disclose the
information to the duly appointed officer of the
court or such other persons as the court orders. |
|
| TRANSFER OF PERSONAL DATA OUTSIDE
OF HONG KONG |
|
| At times it may be necessary and/or prudent for
the Company to transfer certain personal data to
places outside of the Hong Kong SAR in order to
carry out the purposes, or directly related purposes,
for which the personal data were collected. Where
such a transfer is performed, it will be done in
compliance with the requirements of the Ordinance. |
|
| SECURITY OF PERSONAL DATA |
|
| Physical records containing personal data are
securely stored in locked areas and/or containers
when not in use. Computer data are stored on
computer systems and storage media to which access
is strictly controlled and/or are located within
restricted areas.
Access to records and data without appropriate
management authorization are strictly prohibited.
Authorizations are granted only on a "need
to know" basis that is commensurate with
an individual's Company responsibilities and their
training.
Records of the Company are under the control
of assigned information officers who are responsible
to ensure the transfer of or access to information
is legitimate and complies with the Ordinance.
Audit records may be produced to validate data
modifications in order to verify the data's integrity.
There may be violations logging processes for
investigation of any unauthorized attempt to access
information. |
|
| ACCESS AND CORRECTION OF PERSONAL
DATA |
|
Under the terms of the Ordinance, individuals
have the right to:
| (a) |
Check whether the Company holds any personal
data relating to them and, if so, obtain copies
of such data; |
| |
|
| (b) |
Require the Company to correct any personal
data relating to them which is inaccurate
for the purpose for which it is being used;
and |
| |
|
| (c) |
Ascertain the Company's policies and practices
in relation to personal data, which are those
policies and practices set out in their entirety
herein. |
|
|
| 《個人資料(私隱)條例》── 個人資料私隱的政策 |
|
| 總覽 |
|
| 本政策聲明是根據香港特別行政區《1995年個人資料(私隱)條例》-第486章(「條例」),為偉通註冊有限公司、其附屬公司、聯營公司及關聯公司(「本公司」)就其責任及政策提供資料。
雖然此政策特別列出有關本公司於香港特別行政區法例下應負的責任,本公司相信條例中保護個人資料的原則與世界各地有關法例是相同的。因此,在可行的情況下,本公司在世界各地會執行這些原則及在此處列明的程序。
當公司的運作受制於香港特別行政區以外的私隱法例時,此政策將在可行並與該法例相符的情況下實施。如欲索取本公司有關遵守條例及其他私隱法例的資料,請致函下列地址聯絡本公司的私隱條例事務主任。
此政策內「個人資料」一詞含有條例所解釋的意義。 |
|
| 本公司政策 |
|
| 本公司遵守條例的責任及要求,屬下主管人員、管理層及員工必須時刻對本公司(或代表本公司)所收集及/或儲存及/或傳送及/或使用的所有個人資料保密,並妥善保存。
本公司確保所收集及/或儲存及/或傳送及/或使用的所有個人資料,必須遵照條例規定的責任及要求處理。
倘若個人以合法方式要求取得及/或修正本公司所持有關於其本人的個人資料,本公司會根據條例規定的時限及方式提供及/或修正上述資料。 |
|
| 個人資料的準確性 |
|
| 本公司盡可能利用業內通用的做法及守則,核實所提供的資料,包括對賬戶號碼或信用卡號碼等一些數字項目核對總和。在若干情況下,本公司能藉著所持有的現有資料,鑒別所提供資料的真偽。根據條例的要求,本公司在某些情況下需要查核文件正本,才能使用身分證明文件及/或住址證明等個人資料。
雖然本公司目前沒有安排將所持有的個人資料以聯機方式提供查閱及改正,但本公司已全面履行條例所規定的「查閱及改正資料的權利」責任。詳情請參閱下文「查詢及改正個人資料」一節,以瞭解如何取得及改正本公司所持任何有關閣下的個人資料。 |
|
| 個人資料的保存 |
|
本公司將會根據內部的保存政策,銷毀所持有的個人資料。此政策指出:
| (a) |
個人資料會保存至達到與收集上述資料之原來目的,或直接有關之目的為止;除非上述個人資料可根據任何適用法規或合約規定須予以保存;及 |
| |
|
| (b) |
根據上述準則及本公司的內部程序,個人資料在特定的儲存期限後便會在本公司的電子、人手及其他儲存系統中被清洗。 |
|
|
| 個人資料的披露 |
|
本公司所持有的全部個人資料將予以保密,然而本公司可在有需要披露此等資料以達到收集此等資料之目的,或直接與其有關之目的時,向下述人士披露資料:
| (a) |
任何附屬公司、控股公司、關聯公司,或由本公司所持有或與本公司同屬一家控制公司的公司或聯營公司; |
| |
|
| (b) |
任何代表本公司,或與本公司聯營的個人或公司,以達到提供此等資料之目的,或直接與其有關之目的; |
| |
|
| (c) |
有責任為本公司對上述資料保密的任何其他人士或公司,而該人士或公司有法定的權利取用該資料;以及 |
| |
|
| (d) |
任何所需的金融機構、收費或信用卡發行公司、信貸資料或調查機構,或收數公司,以便就有關服務的費用,設立及提供支援。 |
個人資料也可根據條例披露予有權取用此等資料的任何人士,但他們須證明其取用資料的權利。例如,若法庭發出指令,要求本公司提供若干客戶的資料,本公司便會向法庭正式委任的人員披露上述資料。 |
|
| 將個人資料轉移至香港以外地方 |
|
| 本公司在有需要時會審慎地將若干個人資料轉移至香港特別行政區以外的地方以達到收集此等資料之目的,或直接與其有關之目的。該轉移會遵守條例之規定。 |
|
| 個人資料的保安 |
|
| 載列個人資料的實際記錄,在不使用時妥善存放在上鎖的儲存器內。
而電腦數據存放在設有限制進出地方的電腦系統及儲存媒體內,取用資料亦受嚴格監管。
凡未經管理層正式授權的人士,不得取用記錄及數據。有關權利只在「必須知道」的情況下授予,並根據個別人士在公司的職責及受訓情況而定。
本公司的記錄由指定的資料專責人員控制,他們負責確保資料的轉移或取用是合法並符合條例規定。
本公司可能提出審計記錄,以核實更改的數據,並確定數據的完整性。
本公司可能設有記錄違反事項的程序,以便調查未經授權試圖取用資料的行為。 |
|
| 查詢及改正個人資料 |
|
根據條例規定,個人可有權:
| (a) |
確定本公司是否持有關於其本人的個人資料,並(如有者)取得該等資料的副本; |
| |
|
| (b) |
要求本公司改正關於其本人而不準確 的個人資料以達致使用該資料之目的;以及 |
| |
|
| (c) |
確定本公司有關其本人個人資料的政策及做法,總體上符合本政策及做法的規定。 |
(若中、英文版本有歧異之處,應以英文版為準。) |
| |
