The main provisions of the Personal Data (Privacy) Ordinance (the "Ordinance") came into force on 20 December 1996. This Statement sets out the obligations and policies of The “IOI INTERNATIONAL COMPANY LIMITED” (the "Company") under the Ordinance.
The Company keeps personal details of its customers on file such as names, addresses, telephone numbers and information relating to product and billing, together with other information which may be necessary for the provision of the Company's services.
Customers are required to supply the Company with this kind of data in connection with the opening of accounts, and when the Company provides other related facilities and services.
The purposes for which data may be used include:
the daily operation of the Company's services and processing applications or requests relating to the Company's products, facilities and services
opening and maintaining accounts for customers
providing after-sales and maintenance services (if necessary)
conducting customer, product, facility and service surveys
direct marketing of products, facilities and services (please see further details in the section entitled "Use of Your Personal Data in Direct Marketing" below)
handling customer complaints and enquiries
making disclosure according to the requirements of any law, regulations, codes of conduct or guidelines applicable to any member of the Group (defined below)
any other directly related matters.
Without such data, the Company may not be able to provide services to its customers.
Transfer of Personal Data
Personal data of customers held by the Company will be kept confidential but the Company may provide such information to the following persons (whether within or outside Hong Kong) except that the Company has no current intention to transfer customer data to another person for it to use in direct marketing:
subsidiaries and associated companies of the Company (the Company and all its subsidiaries and associated companies collectively called the "Group")
any agent, contractor or third party service provider who provides services to the Group in connection with the operation of the Company's business
the media (only in relation to the handling of customer complaints and enquiries referred to the Company by the media)
any person to whom any Group member is under an obligation or is otherwise expected to make disclosure according to any law, regulations, codes of conduct or guidelines applicable to any Group member
any person who owes a duty of confidentiality to any Group member (e.g. professional advisers of the Group).
Use of Your Personal Data in Direct Marketing
The Company is allowed to use your personal data in direct marketing only if you consent or do not object.
In connection with direct marketing, the Company intends:
to use your name, contact details, customer profiling and service portfolio information held by the Company from time to time in direct marketing
to market the following classes of products, facilities, services and subjects which may be offered or arranged by any member of the Group or business partners with which any member of the Group conducts cross or joint marketing activities.
If you do NOT wish the Company to use your personal data in direct marketing, you may exercise your opt-out right.
You may opt out at the time you registered for the Company’s services. You may also write to the Company's Data Protection Officer or send to email@example.com stating your name and other necessary particulars to opt out from direct marketing at any time. The Company will then cease to use your personal data in direct marketing. Processing of such request is free of charge.
Retention of Personal Data
The Company keeps personal data for such period that is necessary for the fulfillment of the purposes for which the data was collected or as required or permitted by applicable laws.
The Company takes all reasonably practical measures to protect personal data, whether stored physically or electronically, and prevent unauthorized or accidental access, processing, erasure, loss or use (including transfer). Personal data is stored under lock, encrypted or password-protected as necessary. When the Company engages a data processor to process personal data on its behalf, contractual or other means are adopted to prevent unauthorized or accidental access, processing, erasure, loss or use (including transfer) of the data transferred to the data processor.
(If there is any inconsistency or conflict between the English version and Chinese version of this Statement, the English version shall prevail.)