This is a template provided for your convenience. Do not forget to adjust it to your needs. Replace all red-colored text with your company's details.
This is a template provided for your convenience.
You are strongly advised to adapt the text to fit your particular case.
The Company is a company with limited liability incorporated under the laws of Hong Kong, whose business office is at Suite 1703, 17/F., Harcourt House, 39 Gloucester Road, Wan Chai, Hong Kong. The Individual can contact the Company at:for any questions related to the Policy.
The Policy sets out the basis on which any Personal Information that the Company collects from the Individual, or that the Individual provides to the Company, will be processed by the Company. The Company shall ensure that the Individual’s Personal Information is collected, processed and maintained in accordance with relevant laws and regulations. The Individual must read the Policy carefully to understand the Company’s views and practices regarding the Individual’s Personal Information and how the Company will treat such information. To the extent any applicable data protection and privacy laws and regulations of a jurisdiction apply to the Individual, the requirements of which are not reflected in the Policy, the Company shall also comply with those laws and regulations.
The Company maintains strict security standards, policies and procedures for the prevention of unauthorised access to any Personal Information that it collects from the Individual and requires all of its staff and any third parties it shares the Individual’s Personal Information with in connection to the Services it provides to the Individual, to observe, and to comply with, the Policy and the applicable laws and regulations.
“Agreements” means the additional agreements and related documents required from the Individual in case the Company provides regulatory compliance consulting and other related services as set out on the Website to the Individual.
“Consent’’ means a freely given, specific, informed, and unambiguous indication of the Individual signifying his agreement by either a statement or a clear affirmative action.
“EU Person” a natural person who is located in an EU country (not limited to EU citizens) at the time his Personal Information is collected and processed by the Company.
“GDPR” means the European Union General Data Protection Regulation 2016, as may be applicable to the Individual and/or the Company.
“Personal Information” means any information in connection to a natural person’s identity which can be used to identify a natural person, either directly or indirectly that the Company collects from the Individual, processes and/or stores, including, but not limited to, the Individual’s name, address, identification number, phone number, and/or other information by which the Individual may be personally identified.
“Services” means the regulatory compliance consulting and other related services as set out on the Website, or any other services provided by the Company.
“Website” meansor such website to provide the Services.
(a) information and documents that the Individual provides to the Company including through electronic means or sent to the Company physically. This includes, but is not limited to, information and documents that the Individual provides to the Company during the process of accepting the Individual as a client of the Company in relation to the Services (eg. for compliance purposes such as ”know your client” information) in person or otherwise, or information and documents provided through the Website (for example, when completing the “smart form” questionnaire(s) via AltQuest AutoDocs or when posting an enquiry);
(b) the Company may also ask the Individual for information at other times, for example, for the continuance of providing the Services to the Individual, or when it receives a complaint from the Individual;
(e) information about the Individual from publicly available resources (eg. from databases the Company uses to carry out compliance checks);
(f) the Company may also ask the Individual to complete surveys that the Company uses for research purposes, although the Individual may not be obliged to respond to them;
(h) information about the Individual’s preferences, where it is relevant to the services the Company provides;
(i) the Individual’s password and other related log-in details for platforms maintained by the Company including, but not limited, for AltQuest Autodocs (if any); and
(j) details of bank accounts which the Individual has provided to the Company physically or by any other means for eg. processing payments and billing purposes.
1.2. In addition to the Personal Information that the Company collects directly from the Individual (as described above), the Company may also collect certain of the Individual’s Personal Information from third party sources, some of which may not be publicly available.
2. Uses made of the Personal Information
2.1. By using the Company’s Services or visiting the Website, the Individual grants the Company a right to collect, use, copy, transmit, store and back-up the Individual’s Personal Information for the provision of the Services to the Individual and/or for any other purpose(s) as contemplated by the Policy.
2.2. The purposes for which the Individual’s Personal Information may be used by the Company within or outside Hong Kong include:
(b) taking steps to prepare, or to enter into, a contract to be entered into between the Individual and the Company;
(c) carrying out its obligations arising from any contracts entered into between the Individual and the Company;
(d) complying with the Company’s internal policies and standards and the laws and regulations applicable to the Company or any of its affiliates in or outside Hong Kong;
(e) ensuring that the Individual’s or another natural person’s (where the Individual is incapable of giving Consent) vital interests are protected;
(f) performance of a task carried out in the public interest;
(g) for the Company’s legitimate interest;
(h) legal proceedings, including collecting overdue amounts and seeking professional advice;
(i) improving and furthering the Services;
(j) ensuring that the content(s) of the Website are presented in the most effective manner for the Individual and for the Individual’s computers and other devices;
(l) promoting and marketing the Services, products and technologies that the Company offers or may offer and also inviting the Individual to events, webinars and on-line trainings that the Company may organise subject to the Individual’s Consent;
(m) to communicate with the Individual through the channels the Individual has approved to keep the Individual up-to-date on the Services and/or other developments and/or announcements;
(n) in the good faith belief that such action is necessary for the Company:
(i) to comply with a legal obligation;
(ii) to protect and defend the rights or property of the Company;
(iii) to prevent or investigate possible wrongdoing in connection with the Services;
(iv) to protect the personal safety of users of the Services or the public; or
(v) to protect against legal liability;
(o) other purpose(s) that the Company has obtained the Individual’s Consent for; or
2.3. Such Personal Information will be used to facilitate communication, and processing of internal administrative and record keeping. The Company will keep the Personal Information it holds confidential but may provide Personal Information to third parties for purposes described in the Policy. As a result, the Individual’s Personal Information may be transferred to locations inside or outside Hong Kong. When making such transfers, the Company will ensure that they are subject to appropriate safeguards in accordance with applicable data protection legislation. Such third parties may include:
2.4 For the provision of the Services, the Company may also transfer the Individual’s Personal Information to third parties located outside Hong Kong which do not have laws that protect the Individual’s Personal Information to the extent that the laws in Hong Kong do. In the event that the Company does, it will, to the best of its abilities, take all appropriate steps that are within its control to ensure adequate safeguards are in place for the protection of the Individual’s Personal Information. Where no adequate safeguards can be put in place, the transfer of the Individual’s Personal Information will be kept to the minimum to what is necessary for the provision of the Services.
2.5 The Company shall take all steps reasonably necessary to ensure that the Individual’s Personal Information is treated securely and in accordance with the Policy and no transfer of the Individual’s Personal Information will take place to a third party or a country unless there are adequate controls in place including the security of the Individual’s Personal Information and other personal information.
2.6. Where the Individual provides the Company with other natural persons’ Personal Information (eg. directors and employees of the Individual’s related companies), the Individual must ensure that he is entitled to disclose such Personal Information to the Company so that the Company can collect, use and disclose such Personal Information in accordance with the Policy without taking any further steps, and that the Individual is satisfied with the contents of the Policy.
3.1. The Company employs appropriate technical and organizational measures to ensure that the Individual’s Personal Information is kept confidential and secure, in accordance with the Company’s internal policies and procedures and to prevent unauthorized access.
3.2. The Company may transfer the Individual’s Personal Information to its affiliates or to any of the third parties listed above, who may be located within or outside Hong Kong.
3.3. The Company subjects itself to regular checks by third party security evaluation specialists and restricts access to the Individual’s Personal Information by its staff on a need-to-know basis only. However, the Company cannot ensure or warrant the security of any Personal Information the Individual transmits to the Company or guarantee that the Individual’s Personal Information may not be accessed, disclosed, altered or destroyed by a breach of any of the Company’s physical, managerial or technical safeguards.
4.2. A cookie is a small file of letters and numbers that the Company stores on the Individual’s browser or the hard drive of the Individual’s computer and of the Individual’s other device if the Individual agrees. Cookies contain information that is transferred to the Individual’s computer's hard drive.
4.3. The Company uses the following cookies:
(a) Strictly necessary cookies. These are cookies that are required for the operation of the Website. They include, for example, cookies that enable the Individual to log into secure areas of the Website.
(b) Analytical/performance cookies. They allow the Company to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. This helps the Company to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
(c) Functionality cookies. These are used to recognize the Individual when the Individual returns to the Website. This enables the Company to personalize its content for the Individual, greet the Individual by name and remember the Individual’s preferences (for example, the Individual’s choice of language or region).
4.5. The Company may use the following third party web analytics services on the Website. The service providers that administer these services use technologies such as cookies, web server logs and web beacons to help the Company analyze how visitors use the Website. The information collected through these means (including IP address) is disclosed to these service providers, who use the information to evaluate use of the Website. These analytic services may use the data collected to contextualize and personalize the marketing materials of their own advertising network.
(a) Google Analytics
i. Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google's ability to use and share information collected by Google Analytics is in accordance with its policies:
ii. The Individual can prevent Google’s collection and processing of data by using the Google Ads Settings page or by downloading and installing its browser plug-in: (https://tools.google.com/dlpage/gaoptout).
(b) Baidu Analytics
i. Baidu Analytics is a web analysis service provided by Baidu, Inc. (“Baidu”). Baidu’s ability to use and share information collected by Baidu Analytics is in accordance with its policies:
4.6. The Individual can block cookies by activating the setting on his browser that allows the Individual to refuse the setting of all or some cookies. However, if the Individual uses his browser settings to block all cookies (including essential cookies), he may not be able to access all or parts of the Website.
5. Retention of Personal Information
5.1. The Company shall retain the Individual’s Personal Information for as long as it is necessary, or where the Company has relied on the Individual’s Consent to keep the Individual’s Personal Information, until the Individual withdraws his Consent for the Company to do so, and at all times at least for the minimum period set by relevant laws and regulations. The Individual’s Personal Information may be archived for as long as the Company believes that the purpose for which it was used still exists but will ensure that such Personal Information is held subject to appropriate security measures at all times. The Company will delete the Individual’s Personal Information within a reasonable time once it is no longer necessary for the provision of the Services to the Individual, or once the Individual withdraws his Consent. The Individual reserves the right, at any time, to:
(a) withdraw his Consent for the Company to process his Personal Information; and
(b) require the Company to delete his Personal Information without undue delay under specified circumstances, including (i) where his Personal Information is no longer necessary in relation to the purposes for which it is collected, (ii) where he withdraws the Consent (which forms the basis of processing), (iii) where there is no overriding legitimate interest, etc.
5.2. If the Individual decides to stop using the Company’s Services, the Company will delete all such Personal Information within a reasonable time after the termination of the Services or after cessation of the subject matter to which such Personal Information relates, subject to retention for purposes of complying with applicable laws, resolving disputes and/or enforcing the terms of its agreement with the Individual.
6.1. The Individual has voluntarily provided his Personal Information in connection with the provision of the Company’s Services to the Individual and/or to enter into an Agreement with the Company, where failure to supply such Personal Information may result in the provision of the Company’s Services to the Individual to be rejected.
6.2 While the Company shall obtain the Individual’s Consent prior to processing the Individual’s Personal Information for marketing purposes or disclosing the Individual’s data to third parties, for such purposes, the Individual reserves the right to require the Company to not process his Personal Information at any time for such purposes.
7. Direct Marketing
7.1. With the Individual’s consent as described in this section:
(i) his Personal Information may be used for direct marketing of the Company’s Services and products and services and products related to the Company’s affiliates; and
(ii) the Company may conduct direct marketing via fax, email, direct mail, telephone, SMS, and other means of communication or send e-newsletters to the Individual.
7.2. If the Individual does not consent to the Company using his Personal Information for direct marketing, the Individual should opt-out by ticking the appropriate box in the Declaration of the Policy or inform the Company in writing at the contacts provided below.
7.3. [APPLICABLE TO EU PERSONS ONLY] The Company shall not use the Individual’s Personal Information in direct marketing unless and until the Individual opts-in by ticking the appropriate box in the Declaration of the Policy or otherwise informing the Company of his Consent for his Personal Information to be used for such purpose in writing at the contacts provided below.
7.4. If the Individual does not consent (as described above) to the Company using his Personal Information in direct marketing, the Company will maintain such Personal Information as strictly confidential and will not sell, lease or distribute the same to any third party (other than certain trusted third party service providers involved in the operations of the Company’s business and performing services on the Company’s behalf, with restricted access to customer data and information, on a need-to-know basis only, and in compliance with the Policy), unless the Company is required or requested to do so by applicable laws or by any regulatory authority in the jurisdictions in which it operates.
7.5. The Company will not share or provide the Individual’s Personal Information to any other persons, or use the Individual’s Personal Information, for the purposes of third party direct marketing.
8.1. The Individual has a right to request access to, and to request correction of, any Personal Information concerning him held by the Company, and has a right to withdraw his consent for use by the Company of the Individual’s Personal Information in direct marketing at any time. Such requests may be made in writing to the Company at the contacts provided below. The Company reserves the right to charge a reasonable fee for processing any data access request(s).
9. [APPLICABLE TO EU PERSONS ONLY] Rights Under The GDPR
9.1 If the Individual is an EU Person, the EU Person has certain additional data protection rights. The Company aims to take reasonable steps to allow the Company to correct, amend, delete, or limit the use of his Personal Information.
9.2. If the EU Person wishes to be informed what Personal Information the Company holds about the EU Person and if the EU Person wants to be removed from the Company’s systems, he may contact the Company in writing at the contacts below.
9.3 In certain circumstances, the EU Person has the following data protection rights:
i. The right to access, update or to delete the information the Company has on the EU Person. Whenever made possible, the EU Person can access, update or request deletion of his Personal Information by contacting the Company.
ii. The right of rectification. The EU Person has the right to have his Personal Information rectified if that information is inaccurate or incomplete.
iii. The right to object. The EU Person has the right to object to the Company’s processing of his Personal Information.
iv. The right of restriction. The EU Person has the right to request that the Company restricts the processing of his Personal Information.
v. The right to data portability. The EU Person has the right to be provided with a copy of the information the Company has on him in a structured, machine-readable and commonly used format.
vi. The right to withdraw consent. The EU Person has the right to withdraw his consent at any time where the Company relied on the EU Person’s consent to process his Personal Information.
9.4 The Company shall not process Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or data concerning the EU Person’s sex life or sexual orientation, and genetic data or biometric data processed for the purpose of uniquely identifying the EU Person unless (i) the EU Person has given Consent to the processing; (ii) where the processing is necessary for reasons of substantial public interest, which is proportionate to the aim pursued; or (iii) where any other condition specified in subsections (a) to (j) of Article 9(2) of the GDPR is satisfied.
10. Limitation of Liability
10.1. Nothing in the Policy shall limit the Individual’s rights as a data subject under the PDPO and GDPR.
10.2. To the maximum extent permitted by law, the Company will not be liable to the Individual for any loss (including loss of information, data, revenues, profits or savings) or damage resulting, directly or indirectly, from any use of, or reliance on the Services and/or the Website. The Individual shall assume full responsibility for results obtained from the use of the Services and/or the Website and the conclusions drawn from such use.
10.3. The Website may contain links to other websites not operated or controlled by the Company. The Policy does not extend to such websites. The Company is not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by the Company.
11. Changes to the Policy
The Company may revise the terms of the Policy from time to time and will always provide the most up-to-date version to the Individual by any means eg. via the Website. It is the Individual’s responsibility to periodically review and keep himself appraised of the latest terms but, if any revision meaningfully affects the Individual’s rights, the Company will take reasonable steps to notify the Individual of such changes.
The Policy shall be governed by the laws of Hong Kong. The Company and the Individual agrees to submit to the exclusive jurisdiction of the Hong Kong courts.
13. Language Versions
In case of discrepancies between the English and Chinese versions of the Policy, the English version shall apply and prevail.
14. Contact Details
For any and all requests and complaints related to the Policy, the Individual should contact the Company as directed below.
ATTENTION: The Data Protection Officer
ADDRESS: Suite 1703, 17/F., Harcourt House, 39 Gloucester Road, Wan Chai, Hong KongEMAIL ADDRESS: