NEFIN shall fully comply with the obligations and requirements of the Ordinance. NEFIN’s representatives, officers, management, staff shall, at all times, respect the confidentiality of and endeavor to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, NEFIN. NEFIN shall endeavor to ensure all collection, storage, transmission and other handling or usage of personal data by NEFIN shall be done in accordance with the requirements of the Ordinance. Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by NEFIN, NEFIN may provide and/or correct that data in accordance with the time and manner stipulated within the Ordinance.
Statement of Practices of Personal Data Collected From Customers
For the purpose of carrying on NEFIN‘s businesses, including (i) uses of PERSONAL DATA (PRIVACY) ORDINANCE website and applications; (ii) promotion events hold by us; and (iii) other related products and services, you may be requested to provide personal data.
In addition, when you visit our website, use our mobile applications, or interact with our tools, widgets or plug-ins, NEFIN’s web servers may also collect data relating to your online session by automated means, the use of which is to provide aggregated, anonymous, statistical information so that NEFIN may better meet the demands and expectations of visitors to our websites, and take necessary actions in respect of any illegal or unlawful contents on any website visited through NEFIN’s web servers. The types of data may include, but are not limited to: the browser characteristics; operating system; IP address and/or domain name; language preferences; device characteristics; URLs; information on actions taken; and dates and times of activity.
A "cookie" is a text file that NEFIN’s websites send to your machine to uniquely identify your browser or to store information or settings in the browser. This information may include, but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across NEFIN’s websites. You can disable cookies on your web browser, however if you do so you may not be able to access all parts of our websites.
Use Of Personal Data
Your personal data may be used for:
- Verifying your identity;
- Provide products and services you request;
- Provide customer support and respond to and communicate with you about your requests, questions and comments;
- Establish and manage your account;
- Communicate about, and administer your participation in, special events, programmes, surveys, contests, prize draws and other offers or promotions;
- Send information to your contacts if you ask us to do so;
- Process claims we receive in connection with our services;
- Matching (as defined in the Ordinance) your personal data with other data collected for other purposes and from other sources including third parties in relation to the provision of goods, services to you;
- Marketing and advertising of any goods, services to you by NEFIN, related companies, agents, contractors and third party suppliers upon your consent in accordance with the prevailing requirements in the Ordinance;
- Business planning and improving product and services supply to you, by NEFIN, related companies, agents, contractors and third party suppliers, which may be performed by various means including without limitation research, analyses and/or surveys;
- Analysing, verifying, enforcing contractual rights, and/or checking of your credit, payment and/or status in relation to supply of goods and services to you;
- Enabling the daily operation of your account and/or the collection of amounts outstanding in your account with NEFIN including the use of debt collection agents;
- Maintaining and developing our business systems and infrastructure, including testing and upgrading of these systems;
- Keeping you informed about products and services supplied to you and other products and services made available by NEFIN;
- Prevention, detection or investigation of crime;
- Disclosure as permitted or required by law; and/or
- Any other purposes as may be agreed to between you and NEFIN.
Accuracy of Personal Data
Where possible, NEFIN will validate data provided using generally accepted practices and guidelines. This includes the use of check sum verification on some numeric fields such as account numbers or credit card numbers. In some instances, the data provided will be validated against pre-existing data held by NEFIN. In some cases, as per the requirements of the Ordinance, NEFIN is required to see original documentation before the personal data may be used, such as with personal identifiers (as defined in the Ordinance) and/or proof of address. NEFIN fully complies with the “Rights of Access and Correction” obligations of the Ordinance. Please refer to the section titled “Access and Correction of Personal Data” below for details on how you can obtain and correct any personal data relating to you that NEFIN may hold. Please note that the accuracy of such personal data NEFIN collect, use and disclose depends to a large extent on the information you provide. You have a right to request correction of your personal data and we recommend that you let us know if there are any errors in your personal data and keep us up-to-date with changes to your personal data such as your name or address.
We are not liable for any action you may take or for any loss or damage suffered by you as a result of relying on such information in the Site.
Limitation of Liability
The information contained herein in the Site is accessed and used at your own risk and to the fullest extent permissible and subject and pursuant to all applicable laws and regulations. Except where prohibited by law, in no event will NEFIN be liable to you for any indirect, consequential, exemplary, incidental or punitive damages, including lost profits arising from or in connection with any use of or inability to use the Site, even if NEFIN has been advised of the possibility of such damages.
You agree to indemnify, hold harmless, and defend NEFIN, its officers, directors, shareholders, employees, agents, subsidiaries and affiliates, from and against any demand, claim, cause of action, loss or liability, including legal fees, by any third party due to or arising out of or in connection with your use of the Site.
Retention of Personal Data
NEFIN will destroy any personal data it may hold in accordance with its internal policy. Generally speaking, NEFIN’s policies cover the following principles:
- Personal data will only be retained for as long as is necessary to fulfil the original or directly related purposes for which it was collected, unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and
- Personal/business data are safeguarded by either accounts authentication and passwords or access rights permission to avoid unauthorized access of personal data. For digital records or physical copies containing nonrecurring/non-current personal data not required by audit requirement, NEFIN will purge/destroy them after use.
Disclosure of Personal Data
All personal data held by NEFIN will be kept confidential but NEFIN may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
- Any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with NEFIN;
- Any person or company who is acting for or on behalf of NEFIN, or jointly with NEFIN, in respect of the purpose or a directly related purpose for which the data was provided;
- Any other person or company who is under a duty of confidentiality to NEFIN and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information;
- NEFIN’s agents, contractors, suppliers; its professional advisers, including its accountants, auditors and lawyers;
- Government and regulatory authorities and law enforcement agencies and other organisations, as required or authorised by law;
- Any financial institutions, charge or credit card issuing companies, credit providers, credit information or reference bureaux, or collection agencies, security agencies, necessary to establish and support the payment of any services being requested;
- Your authorized representatives or your legal advisers when requested by you to do so;
- Any proposed or actual participant, assignee or transferee of all or any part of NEFIN’s operation or business.
Personal data may also be disclosed to any person or persons pursuant to any statutory or contractual obligations or as required by court of law, provided such person or persons are able to prove the required right/authority to access such information. In addition, personal data may be disclosed under any of the circumstances described in Part VIII of the Ordinance in which the concerned personal data are exempt from the provisions of Data Protection Principle 3 of the Ordinance.
Transfer of Personal Data Outside Hong Kong
At times it may be necessary for NEFIN to transfer certain personal data to places outside the Hong Kong SAR in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done in compliance with the prevailing requirements of the Ordinance.
Security of Personal Data
- Physical records containing personal data are securely stored in locked areas and/or containers when not in use.
- All physical computer data are safeguarded by storing in locked cabinets. Computer data are stored within computer systems which are protected within server room with access control system. Storage media will also be placed in cabinets or server rooms.
- Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a “need to know” basis that is commensurate with an individual's responsibilities and their training.
- Where NEFIN holds, uses and/or transmits the customers’ personal data it will be adequately protected from accidental and/or unauthorized disclosure, change and/or destruction.
Links to Third Party Websites
Access and Correction of Personal Data
Under the Ordinance, individuals have the right to:
- Ascertain whether NEFIN holds any personal data relating to them and, if so, obtain copies of such data (“right of access”);
- Require NEFIN to correct personal data in its possession which is inaccurate for the purpose for which it is being used by means of a data access request (right of correction); and
- Ascertain NEFIN 's policies and practices in relation to personal data, which are those policies and practices set out in their entirety herein.
An individual may exercise his or her right of access by emailing his or her request to email@example.com, together with appropriate proof of identity (as determined by NEFIN). An administration fee may be required to be paid.
NEFIN will, upon satisfying itself of the authenticity and validity of the access request and proof of payment of administration fee, make every endeavor to comply with and respond to the request within the period set by the Ordinance (i. e. within 40 days after receiving the request).
An individual may exercise their right of correction by writing to firstname.lastname@example.org, specifying the data which needs to be corrected. Satisfactory proof and/or explanation of the inaccuracy is essential before NEFIN would consider correcting the specified data. Upon satisfying itself of the authenticity and validity of the correction request, NEFIN will comply with and respond to the request as required by the Ordinance.
Customers can at any time send a request to email@example.com together with their contact details to stop receiving the promotion materials aforesaid or to start receiving the same (if customers have unsubscribed from receiving such materials before). Any such request should clearly state the details of the personal data in respect of which the request is being made.
Handling of Personal Data in Recruitment and Employment Recruitment
During the recruitment process, job applicants may be required to provide sufficient personal data so that NEFIN may, as appropriate and/or applicable:
- Assess the applicant's suitability for the position being applied for;
- Assess the applicant's suitability for other positions NEFIN may have available;
- Determine preliminary remuneration and benefit packages;
- Verification of credentials and/or experience; and
- Perform security vetting and/or integrity checking.
At a minimum, such personal data will include:
- The applicant's name and contact details, including address and telephone number(s);
- Previous employment and relevant experience; and
- Education and relevant training.
Additional information may also be required dependent on the nature of the position being applied for. The applicant is responsible for ensuring all personal data they provide is accurate and complete. The provision of inaccurate information or the withholding of requested information may:
- Prevent NEFIN from making an offer of employment;
- Invalidate such offer if the inaccuracy or omission is discovered after an offer has been made; or
- Lead to termination of employment if the inaccuracy or omission is discovered after employment has commenced.
The personal data so provided may be transferred to persons within NEFIN, its associated companies, and its clients in client projects; who are involved in the assessment of the applicant's suitability for the position applied for and/or other positions, which may be, or may become, available within NEFIN. The data may also be transferred to third parties, such as investigation agencies or previous employer, as are necessary to satisfy the purposes set out above. NEFIN shall retain the personal data of unsuccessful applicants for future recruitment purposes for a period of not exceeding two years from the day on which the recruitment period ends.
Employment, Including Post Employment
In the course of employment by NEFIN, personal data of employees and their families, as appropriate, will be collected and used on an ongoing basis for various human resource purposes including but not limited to; administering staffing, performance management, training, career development, salary and benefits administration, communication (e.g. company news, staff benefit offerings and promotions), medical benefits, provident fund administration, insurance, taxation, welfare and providing information in compliance with legal requirements. It will be transferred to those internal departments, intra-company, and/or to other third parties as is necessary for the purposes.
NEFIN retains certain personal data of employees when they cease to be employed by NEFIN (and such data will be retained for no longer than seven years after their cessation of employment). Such data are required for any residual employment-related activities of the former employee including, but not limited to:
- The provision of job references;
- Processing applications for re-employment;
- Matters relating to retirement benefits; and
- Allowing NEFIN to fulfil contractual or statutory obligations.
NEFIN’s Personal Data (Privacy) Ordinance Contact Details
All enquiries regarding NEFIN’s compliance with its obligations under the Ordinance should be in writing to firstname.lastname@example.org.