This policy statement provides information on the obligations and policies of Kado Industrail Co., Ltd. (the "Company") under the Hong Kong SAR Personal Data (Privacy) Ordinance 1995 - Cap. 486 (the "Ordinance").
Our Corporate Policy
The Company shall fully comply with the obligations and requirements of the Ordinance. The Company's officers, management, and members of staff shall, at all times, respect the confidentiality of and keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Company.
All collection and/or storage and/or transmission and/or usage of personal data by the Company shall be done in accordance with the obligations and requirements of the Ordinance.
Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, then the Company shall provide and/or correct that data in accordance with the times and manner stipulated within the Ordinance.
Statement of Practices
Types of Personal Data collected
For the purpose of registration and administration of the Company's telecommunications products and services (including relevant online services), you may be requested to provide personal data such as the following, without which it may not be possible to satisfy your request:
· Your name;
· Service installation address, correspondence address, or billing address;
· Account details, including account numbers, service numbers, or user accounts;
· Payment details, including credit card and banking information;
· Contact details, including contact name and telephone number or email address; or
· Information for the verification of identity, including identification type and identification number.
In some instances, you may also be requested to provide certain data that may be used to better tailor the type of information presented to you. In most cases, this type of data is optional although, where the requested service is a highly personalised service, failure to provide the requested data may prevent us from providing the service. This type of data includes, but is not limited to:
· Your age;
· Salary range;
· Education and Profession; or
· Hobbies and leisure activities.
In support of our telecommunications and other services, information may be automatically collected relating to those services so we may perform accurate reporting and administration of your accounts such as call time, duration, origin, and destination.
The Company's web servers may also collect data relating to your online session, the use of which is to provide aggregated, anonymous, statistical information on the server's usage so that we may better meet the demands and expectations of visitors to our sites. This type of data includes:
· The browser type and version;
· Operating system; or
· The IP address and/or domain name.
Certain web sites may place a "cookie" on your machine in order to provide personalised services and/or maintain your identity across multiple pages within a single session.
Accuracy of Personal Data
Where possible, we will validate data provided using generally accepted practices and guidelines. This includes the use of check sum verification on some numeric fields such as account numbers or credit card numbers. In some instances, we are able to validate the data provided against pre-existing data held by the Company. In some cases, as per the requirements of the Ordinance, the Company is required to see original documentation before we may use the personal data such as with Personal Identifiers and/or proof of address.
Retention of Personal Data
The Company will destroy any personal data it may hold in accordance with our internal retention policy. This policy is that:
b. the personal data is retained to satisfy any applicable statutory or contractual obligations.
Disclosure of Personal Data
All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:-
a. any subsidiaries, holding companies, associated companies or affiliates of or companies controlled by or under common control with the Company;
b. any other person or company who is under a duty of confidentiality to the Company who has undertaken to keep such information confidential; and
c. any financial institutions, charge or credit card issuing companies, credit information or reference bureaux, or collection agencies necessary to establish and support the payment of any services being requested.
Personal data may also be disclosed to any person or persons that have a right under the Ordinance to gain access to such information provided they are able to prove their authority to access such information. For example, if the Company were served with a court order demanding certain customer information then the Company would disclose the information to the duly appointed officer of the court.
Security of Personal Data
Physical records containing personal data are securely stored in locked containers when not in use.
Computer data are stored on computer systems and storage media located within restricted areas.
Access to records and data without appropriate management authorisation are strictly prohibited. Authorisations are granted only on a "need to know" basis that is commensurate with an individual's responsibilities and training.
The records of the Company are under the control of assigned information officers who are responsible to ensure the transfer of or access to information is legitimate and complies with the Ordinance.
Proper audit trails are produced to validate any data modification for data integrity.
There is a violation logging process for investigation of any unauthorised attempt to access information.
Encryption technology, such as SSL, is employed for the transmission of sensitive data collected online.
In accordance with the requirements of the Ordinance, the Company will honor an individual's request not to use his or her personal data for the purposes of direct marketing. Should you wish not to receive direct marketing material from the Company, please write to the Kado Industrail Co., Ltd. Privacy Compliance Officer at the address listed below.
Any such request should clearly state details of the personal data in respect of which the request is being made. Specifically, we request that you include the corresponding Company assigned account numbers which are printed on the Company's statements/invoices. Please also state clearly the authority under which you are authorized to make such a request.
Unless otherwise instructed as per the above, the Company may use any of the data collected in the normal course of its business for marketing purposes.