This is a template provided for your convenience. Do not forget to adjust it to your needs. Replace all red-colored text with your company's details.
This is a template provided for your convenience.
You are strongly advised to adapt the text to fit your particular case.
ALTQUEST LIMITED
This
privacy policy (the “Policy”), as
amended from time to time, shall be provided to existing and prospective
individual clients, as well as any individual from whom Personal Information
has been and/or may in the future be collected (the “Individual”). AltQuest
Limited (the “Company”) is committed
to protecting and respecting the Individual’s privacy.
The
Company is a company with limited liability incorporated under the laws of Hong
Kong, whose business office is at Suite 1703, 17/F., Harcourt House, 39
Gloucester Road, Wan Chai, Hong Kong. The Individual can contact the Company at:
info@altquest.com.hk
for any questions related to the Policy.
The Policy
sets out the basis on which any Personal Information that the Company collects
from the Individual, or that the Individual provides to the Company, will be
processed by the Company. The Company shall ensure that the Individual’s Personal
Information is collected, processed and maintained in accordance with relevant
laws and regulations. The Individual must read the Policy carefully to
understand the Company’s views and practices regarding the Individual’s
Personal Information and how the Company will treat such information. To the
extent any applicable data protection and privacy laws and regulations of a
jurisdiction apply to the Individual, the requirements of which are not
reflected in the Policy, the Company shall also comply with those laws and
regulations.
The
Company maintains strict security standards, policies and procedures for the
prevention of unauthorised access to any Personal Information that it collects
from the Individual and requires all of its staff and any third parties it shares
the Individual’s Personal Information with in connection to the Services it provides
to the Individual, to observe, and to comply with, the Policy and the
applicable laws and regulations.
Definitions:
“Agreements” means the additional agreements and related
documents required from the Individual in case the Company provides regulatory
compliance consulting and other related services as set out on the Website to
the Individual.
“Consent’’ means a freely given, specific,
informed, and unambiguous indication of the Individual signifying his agreement
by either a statement or a clear affirmative action.
“EU Person”
a natural person who is located in an EU country (not limited to EU citizens)
at the time his Personal Information is collected and processed by the Company.
“GDPR”
means the European Union General Data Protection Regulation 2016, as may be
applicable to the Individual and/or the Company.
“Personal
Information” means any information in connection to a natural person’s identity
which can be used to identify a natural person, either directly or indirectly
that the Company collects from the Individual, processes and/or stores,
including, but not limited to, the Individual’s name, address, identification
number, phone number, and/or other information by which the Individual may be
personally identified.
“Services”
means the regulatory compliance consulting and other related services as set
out on the Website, or any other services provided by the Company.
“Website”
means www.altquest.com.hk
or such website to provide the Services.
(b) the
Company may also ask the Individual for information at other times, for
example, for the continuance of providing the Services to the Individual, or
when it receives a complaint from the Individual;
(e) information
about the Individual from publicly available resources (eg. from databases the
Company uses to carry out compliance checks);
(f) the Company may also ask the Individual to
complete surveys that the Company uses for research purposes, although the
Individual may not be obliged to respond to them;
(h) information
about the Individual’s preferences, where it is relevant to the services the
Company provides;
(i) the Individual’s password and other related
log-in details for platforms maintained by the Company including, but not
limited, for AltQuest Autodocs (if any); and
(j) details of bank accounts which the Individual
has provided to the Company physically or by any other means for eg. processing
payments and billing purposes.
1.2. In addition to the Personal Information that the
Company collects directly from the Individual (as described above), the Company
may also collect certain of the Individual’s Personal Information from third
party sources, some of which may not be publicly available.
2. Uses made of the Personal
Information
2.1. By using the Company’s Services or visiting the
Website, the Individual grants the Company a right to
collect, use, copy, transmit, store and back-up the Individual’s Personal
Information for the provision of the Services to the Individual and/or for any
other purpose(s) as contemplated by the Policy.
2.2. The purposes for which the Individual’s Personal
Information may be used by the Company within or outside Hong Kong include:
(b) taking
steps to prepare, or to enter into, a contract to be entered into between the
Individual and the Company;
(c) carrying
out its obligations arising from any contracts entered into between the
Individual and the Company;
(d) complying
with the Company’s internal policies and standards and the laws and regulations
applicable to the Company or any of its affiliates in or outside Hong Kong;
(e) ensuring
that the Individual’s or another natural person’s (where the Individual
is incapable of giving Consent) vital interests are protected;
(f) performance of a task carried out in the public
interest;
(g) for the Company’s legitimate interest;
(h) legal
proceedings, including collecting overdue amounts and seeking professional
advice;
(i) improving and furthering the Services;
(j) ensuring that the content(s) of the Website are
presented in the most effective manner for the Individual and for the
Individual’s computers and other devices;
(l) promoting and marketing the Services, products and
technologies that the Company offers or may offer and also inviting the
Individual to events, webinars and on-line trainings that the Company may
organise subject to the Individual’s Consent;
(m) to
communicate with the Individual through the channels the Individual has
approved to keep the Individual up-to-date on the Services and/or other
developments and/or announcements;
(n) in
the good faith belief that such action is necessary for the Company:
(i)
to comply with a legal obligation;
(ii)
to protect and defend the rights or property of the
Company;
(iii) to
prevent or investigate possible wrongdoing in connection with the Services;
(iv) to
protect the personal safety of users of the Services or the public; or
(v) to
protect against legal liability;
(o) other
purpose(s) that the Company has obtained the Individual’s Consent for; or
2.3. Such Personal Information will be used to
facilitate communication, and processing of internal administrative and record
keeping. The Company will keep the Personal Information it holds confidential
but may provide Personal Information to third parties for purposes described in
the Policy. As a result, the Individual’s Personal Information may be transferred
to locations inside or outside Hong Kong. When making such transfers, the
Company will ensure that they are subject to appropriate safeguards in
accordance with applicable data protection legislation. Such third parties
may include:
(b) the
Company’s affiliates, business partners and counterparts, overseas or otherwise
(if any);
(c) persons
under a duty of confidentiality to the Company;
2.4 For the provision of the Services, the Company may
also transfer the Individual’s Personal Information to third parties located
outside Hong Kong which do not have laws that protect the Individual’s Personal
Information to the extent that the laws in Hong Kong do. In the event that the Company does, it will,
to the best of its abilities, take all appropriate steps that are within its
control to ensure adequate safeguards are in place for the protection of the
Individual’s Personal Information. Where no adequate safeguards can be put in
place, the transfer of the Individual’s Personal Information will be kept to
the minimum to what is necessary for the provision of the Services.
2.5 The Company shall take all steps reasonably
necessary to ensure that the Individual’s Personal Information is treated
securely and in accordance with the Policy and no transfer of the Individual’s
Personal Information will take place to a third party or a country unless there
are adequate controls in place including the security of the Individual’s
Personal Information and other personal information.
2.6. Where the Individual provides the Company with
other natural persons’ Personal Information (eg. directors and employees of the
Individual’s related companies), the Individual must ensure that he is entitled
to disclose such Personal Information to the Company so that the Company can
collect, use and disclose such Personal Information in accordance with the Policy
without taking any further steps, and that the Individual is satisfied with the
contents of the Policy.
3.2. The Company may transfer the Individual’s Personal
Information to its affiliates or to any of the third parties listed above, who
may be located within or outside Hong Kong.
3.3. The Company subjects itself to regular checks by
third party security evaluation specialists and restricts access to the
Individual’s Personal Information by its staff on a need-to-know basis only.
However, the Company cannot ensure or warrant the security of any Personal
Information the Individual transmits to the Company or guarantee that the
Individual’s Personal Information may not be accessed, disclosed, altered or
destroyed by a breach of any of the Company’s physical, managerial or technical
safeguards.
3.4. In relation to the Website, the Individual should
keep his user ID and password (client login details (if any)) strictly
confidential at all times and should not share these details with anyone. In
public areas, the Individual should exercise caution and not leave his computer
unattended whilst logged into his account. The Individual should also avoid
using public computer terminals to access his account, unless he can adequately
verify that the terminal is free from spyware and that he can erase all of his information
upon exiting the terminal. The Company cannot ensure that the Individual’s
Personal Information will be protected, controlled or otherwise managed
pursuant to the Privacy Policy and will not be liable for any loss or damage
arising from unauthorized access to the Individual’s account due to any failure
to comply with these precautions.
4. Cookies
4.1. The Website uses cookies to distinguish the
Individual from other users of the Website. This helps the Company to provide the
Individual with a good experience when the Individual browses the Website and
also allows the Company to improve the Website. By continuing to browse the
Website, the Individual is agreeing to the Company’s use of cookies.
4.2. A cookie is a small file of letters and numbers
that the Company stores on the Individual’s browser or the hard drive of the
Individual’s computer and of the Individual’s other device if the Individual agrees.
Cookies contain information that is transferred to the Individual’s computer's
hard drive.
4.3. The Company uses the following cookies:
(a) Strictly
necessary cookies. These are cookies that are required for the operation of
the Website. They include, for example, cookies that enable the Individual to
log into secure areas of the Website.
(b) Analytical/performance
cookies. They allow the Company to recognize and count the number of
visitors and to see how visitors move around the Website when they are using
it. This helps the Company to improve the way the Website works, for example,
by ensuring that users are finding what they are looking for easily.
(c) Functionality
cookies. These are used to recognize the Individual when the Individual returns
to the Website. This enables the Company to personalize its content for the
Individual, greet the Individual by name and remember the Individual’s preferences
(for example, the Individual’s choice of language or region).
4.4. Third parties (including, for example, providers
of external services like web traffic analysis services) may also use cookies,
over which the Company has no control. These cookies are likely to be
analytical/performance cookies or targeting cookies.
4.5. The Company may use the following third party
web analytics services on the Website. The service providers that administer
these services use technologies such as cookies, web server logs and web
beacons to help the Company analyze how visitors use the Website. The
information collected through these means (including IP address) is disclosed
to these service providers, who use the information to evaluate use of the
Website. These analytic services may use the data collected to
contextualize and personalize the marketing materials of their own advertising
network.
(a) Google
Analytics
i. Google
Analytics is a web analysis service provided by Google Inc. (“Google”). Google's
ability to use and share information collected by Google Analytics
is in accordance with its policies:
(http://www.google.com/policies/privacy/partners/)
ii. The Individual can prevent Google’s collection and processing of data by using the
Google Ads Settings page or by downloading and installing its browser plug-in:
(https://tools.google.com/dlpage/gaoptout).
(b) Baidu
Analytics
i.
Baidu Analytics is a web analysis service
provided by Baidu, Inc. (“Baidu”).
Baidu’s ability to use and share information collected by Baidu Analytics is in
accordance with its policies:
(http://ir.baidu.com/phoenix.zhtml?c=188488&p=privacy)
4.6. The Individual can block cookies by activating
the setting on his browser that allows the Individual to refuse the setting of
all or some cookies. However, if the Individual uses his browser settings to
block all cookies (including essential cookies), he may not be able to access
all or parts of the Website.
5. Retention of Personal Information
5.1. The Company shall retain the Individual’s Personal
Information for as long as it is necessary, or where the Company has relied on the
Individual’s Consent to keep the Individual’s Personal Information, until the
Individual withdraws his Consent for the Company to do so, and at all times at
least for the minimum period set by relevant laws and regulations. The Individual’s Personal Information may be
archived for as long as the Company believes that the purpose for which it was
used still exists but will ensure that such Personal Information is held
subject to appropriate security measures at all times. The Company will delete the
Individual’s Personal Information within a reasonable time once it is no longer
necessary for the provision of the Services to the Individual, or once the
Individual withdraws his Consent. The Individual reserves the right, at any time,
to:
(a) withdraw
his Consent for the Company to process his Personal Information; and
(b) require
the Company to delete his Personal Information without undue delay under
specified circumstances, including (i) where his Personal Information is no
longer necessary in relation to the purposes for which it is collected, (ii)
where he withdraws the Consent (which forms the basis of processing), (iii)
where there is no overriding legitimate interest, etc.
5.2. If the Individual decides to stop using the
Company’s Services, the Company will delete all such Personal Information
within a reasonable time after the termination of the Services or after
cessation of the subject matter to which such Personal Information relates,
subject to retention for purposes of complying with applicable laws, resolving
disputes and/or enforcing the terms of its agreement with the Individual.
6.1. The Individual has voluntarily provided his Personal
Information in connection with the provision of the Company’s Services to the Individual
and/or to enter into an Agreement with the Company, where failure to supply
such Personal Information may result in the provision of the Company’s Services
to the Individual to be rejected.
6.2 While the Company shall obtain the Individual’s Consent
prior to processing the Individual’s Personal Information for marketing
purposes or disclosing the Individual’s data to third parties, for such
purposes, the Individual reserves the right to require the Company to not
process his Personal Information at any time for such purposes.
7. Direct Marketing
7.1. With the Individual’s consent as described in
this section:
(i) his Personal Information may be used for direct
marketing of the Company’s Services and products and services
and products related to the Company’s affiliates; and
(ii) the Company may conduct direct marketing via
fax, email, direct mail, telephone, SMS, and other means of communication or
send e-newsletters to the Individual.
7.2. If the Individual does not consent to the
Company using his Personal Information for direct marketing, the Individual
should opt-out by ticking the appropriate box in the Declaration of the Policy
or inform the Company in writing at the contacts provided below.
7.3. [APPLICABLE TO EU PERSONS ONLY] The Company
shall not use the Individual’s Personal Information in direct marketing unless
and until the Individual opts-in by ticking the appropriate box in the
Declaration of the Policy or otherwise informing the Company of his Consent for
his Personal Information to be used for such purpose in writing at the contacts
provided below.
7.4. If the Individual does not consent (as described
above) to the Company using his Personal Information in direct marketing, the
Company will maintain such Personal Information as strictly confidential and
will not sell, lease or distribute the same to any third party (other than
certain trusted third party service providers involved in the operations of the
Company’s business and performing services on the Company’s behalf, with
restricted access to customer data and information, on a need-to-know basis
only, and in compliance with the Policy), unless the Company is required or
requested to do so by applicable laws or by any regulatory authority in the
jurisdictions in which it operates.
7.5. The Company will not share or provide the
Individual’s Personal Information to any other persons, or use the Individual’s
Personal Information, for the purposes of third party direct marketing.
8. Access and Correction of Personal Information
8.1. The Individual has a right to request access to,
and to request correction of, any Personal Information concerning him held by
the Company, and has a right to withdraw his consent for use by the Company of
the Individual’s Personal Information in direct marketing at any time. Such
requests may be made in writing to the Company at the contacts provided below. The
Company reserves the right to charge a reasonable fee for processing any data
access request(s).
9. [APPLICABLE TO EU PERSONS ONLY] Rights Under The GDPR
9.1 If the Individual is an EU Person, the EU Person
has certain additional data protection rights. The Company aims to take reasonable steps to allow the
Company to correct, amend, delete, or limit the use of his Personal Information.
9.2. If the EU Person wishes to be informed what
Personal Information the Company holds about the EU Person and if the EU Person
wants to be removed from the Company’s systems, he may contact the Company in
writing at the contacts below.
9.3 In certain circumstances, the EU Person has the
following data protection rights:
i. The right
to access, update or to delete the information the Company has on the EU Person.
Whenever made possible, the EU Person can access, update or request deletion of
his Personal Information by contacting the Company.
ii. The right
of rectification. The EU Person has the right to have his Personal Information
rectified if that information is inaccurate or incomplete.
iii. The right
to object. The EU Person has the right to object to the Company’s
processing of his Personal Information.
iv. The right
of restriction. The EU Person has the right to request that the Company
restricts the processing of his Personal Information.
v. The right
to data portability. The EU Person has the right to be provided with a copy
of the information the Company has on him in a structured, machine-readable and
commonly used format.
vi. The right
to withdraw consent. The EU Person has the right to withdraw his consent at
any time where the Company relied on the EU Person’s consent to process his Personal
Information.
9.4 The Company shall not process Personal
Information revealing racial or ethnic origin, political opinions, religious or
philosophical beliefs, trade union membership, data concerning health or data
concerning the EU Person’s sex life or sexual orientation, and genetic data or
biometric data processed for the purpose of uniquely identifying the EU Person
unless (i) the EU Person has given Consent to the processing; (ii) where the
processing is necessary for reasons of substantial public interest, which is
proportionate to the aim pursued; or (iii) where any other condition specified
in subsections (a) to (j) of Article 9(2) of the GDPR is satisfied.
9.5 Where the EU Person has submitted to the Company
a complaint with respect to the Privacy Policy and/or the Company’s practices
in relation to his Personal Information which he feels has not been adequately
resolved, he should note that he has the right to contact his local data
protection supervisory authority.
10. Limitation of Liability
10.1. Nothing in the Policy shall limit the
Individual’s rights as a data subject under the PDPO and GDPR.
10.2. To the maximum extent permitted by law, the
Company will not be liable to the Individual for any loss (including loss of
information, data, revenues, profits or savings) or damage resulting, directly
or indirectly, from any use of, or reliance on the Services and/or the Website.
The Individual shall assume full responsibility for results obtained from the
use of the Services and/or the Website and the conclusions drawn from such use.
10.3. The Website may contain links to other websites
not operated or controlled by the Company. The Policy does not extend to such
websites. The Company is not responsible for the content, accuracy or opinions
expressed in such websites, and such websites are not investigated, monitored
or checked for accuracy or completeness by the Company.
11. Changes to the Policy
The
Company may revise the terms of the Policy from time to time and will always
provide the most up-to-date version to the Individual by any means eg. via the
Website. It is the Individual’s responsibility to periodically review and keep
himself appraised of the latest terms but, if any revision meaningfully affects
the Individual’s rights, the Company will take reasonable steps to notify the
Individual of such changes.
12. Governing law and jurisdiction
The
Policy shall be governed by the laws of Hong Kong. The Company and the
Individual agrees to submit to the exclusive jurisdiction of the Hong Kong
courts.
13. Language Versions
In
case of discrepancies between the English and Chinese versions of the Policy,
the English version shall apply and prevail.
14. Contact Details
For
any and all requests and complaints related to the Policy, the Individual
should contact the Company as directed below.
ATTENTION:
The Data Protection Officer
ADDRESS: Suite
1703, 17/F., Harcourt House, 39 Gloucester Road, Wan Chai, Hong Kong
Sign in/up with Facebook
Sign in/up with Twitter
Sign in/up with Linkedin
Sign in/up with Google
Sign in/up with Apple
Wouldn't it be a good idea to create a course?