Terms & Privacy
Asphalt Surfaces (International) Limited
PERSONAL DATA (PRIVACY) ORDINANCE – PRIVACY POLICY STATEMENT
GENERAL
This policy statement provides information on the obligations and policies of Asphalt Surfaces (International) Limited, its subsidiaries, affiliates, and associated companies (the “Company”) under the Hong Kong SAR Personal Data (Privacy) Ordinance 1995 – Cap.486 (the “Ordinance”).
Although this policy specifically addresses the Company’s obligations in respect of the laws of the Hong Kong SAR, the Company believes the principles embedded in the Ordinance are equal to any in the world in respect of the protections they provide to an individual. As such, the Company undertakes to apply, where practicable, those principles and the processes set out herein to its operations globally.
Where the Company’s operations are subject to privacy legislation other than that of Hong Kong SAR, then this policy shall be applied so far as practicable and consistent with such local legislation. For further details on the Company’s compliance with the Ordinance and any other privacy legislation, please contact the Company at the address listed below.
Throughout this policy, our use of the term “personal data” has the meaning ascribed to it by the Ordinance.
OUR CORPORATE POLICY
The Company shall fully comply with the obligations and requirements of the Ordinance. The Company’s officers, management, and members of staff shall, at all times, respect the confidentiality of and endeavor to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Company.
The Company shall endeavor to ensure all collection and/or storage and/or transmission and/or usage of personal data by the Company shall be done in accordance with the obligations and requirements of the Ordinance.
Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, then the Company shall provide and/or correct that data in accordance with the times and manner stipulated within the Ordinance.
STATEMENT OF PRACTICES
TYPES OF PERSONAL DATA COLLECTED
For the purpose of carrying on the Company’s business, including operation and administration of the Company’s products and services, you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:
(a) Your company name;
(b) Service address, correspondence address, and/or registered address;
(c) Job details, including purchaser orders, or works orders numbers;
(d) Payment details, including banking information;
(e) Contact details, including contact name and telephone number; or
(f) Document for the verification of identity.
Under certain circumstances, telephone calls made to our order and/or service hotlines and/or inquiry telephone numbers may be recorded for the purposes of quality control, appraisal, as well as staff management and development. Unless expressly indicated at the time of calling, such recordings are NOT personal data of the caller and therefore, in respect of the caller, are not subject to the various provisions of the Ordinance and the caller has no rights and/or claims; either statutory, contractual or tortious, over or to such data. At all times, every care is taken to protect such recordings from inadvertent and/or unauthorized access.
ACCURACY OF PERSONAL DATA
Where possible, we will validate data provided using generally accepted practices and guidelines. This includes the use of check sum verification on some numeric fields such as account numbers. In some instances, we are able to validate the data provided against pre-existing data held by the Company. In some cases, as per the requirements of the Ordinance, the Company is required to see original documentation before we may use the personal data such as with Personal Identifiers and/or proof of address.
RETENTION OF PERSONAL DATA
The Company will destroy any personal data it may hold in accordance with our internal retention policy. The policy states that:
(a) Personal data will only be retained for as long as is necessary to fulfil the original or directly related purpose for which it was collected, unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and
(b) Personal data are purged from the Company’s electronic, manual, and other filing systems in accordance with specific schedules based on the above criteria and the Company’s internal procedures.
DISCLOSURE OF PERSONAL DATA
All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
(a) Any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with the Company;
(b) Any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose or a directly related purpose for which the data was provided; and
(c) Any other person or company who is under a duty of confidentiality to the Company and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information.
Personal data may also be disclosed to any person or persons that have a right under the Ordinance to gain access to such information provided they are able to prove their authority to access such information. For example, if the Company were served with a court order demanding certain customer information then the Company would disclose the information to the duly appointed officer of the court or such other persons as the court orders.
TRANSFER OF PERSONAL DATA OUTSIDE OF HONG KONG
At times it may be necessary and/or prudent for the Company to transfer certain personal data to places outside of the Hong Kong SAR in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done in compliance with the requirements of the Ordinance.
SECURITY OF PERSONAL DATA
Physical records containing personal data are securely stored in locked areas and/or containers when not in use.
Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas.
Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a “need to know” basis that is commensurate with an individual’s Company responsibilities and their training.
Records of the Company are under the control of assigned information officers who are responsible to ensure the transfer of or access to information is legitimate and complies with the Ordinance.
Audit records may be produced to validate data modifications in order to verify the data’s integrity.
There may be violations logging processes for investigation of any unauthorized attempt to access information.
ACCESS AND CORRECTION OF PERSONAL DATA
Under the terms of the Ordinance, individuals have the right to:
(a) Check whether the Company holds any personal data relating to them and, if so, obtain copies of such data;
(b) Require the Company to correct any personal data relating to them which is inaccurate for the purpose for which it is being used; and
(c) Ascertain the Company’s policies and practices in relation to personal data, which are those policies and practices set out in their entirety herein.
An individual may exercise his or her right of access by:
(a) Completing the form “Personal Data (Privacy) Ordinance 1995 – Data Subject Access Request”;
(b) Sending the completed form, along with appropriate proof of identity (a copy of the applicant’s Hong Kong Identity Card or Passport) and the prescribed fee (HK$100) to the Company at the address listed below.
(c) Alternatively, if you do not wish to provide a copy of your proof of identity, you may present the completed form in person, along with appropriate identification, at the address listed below. There, staff will verify your identity and stamp the completed form appropriately. Please send the stamped form and processing fee to the Company at the address listed below for processing.
The Company will, upon satisfying itself of the authenticity and validity of the access request, make every endeavor to comply with and respond to the request within the period set by the Ordinance.
An individual may exercise their right of correction by:
(a) Writing to the Company at the address listed below, specifying the data which they believe to be incorrect, the reason they believe it is incorrect, and the applicable corrections; and
(b) Providing “proof of identity” verifying that the individual making the request is authorized to request such corrections.
The Company will, upon satisfying itself of the authenticity and validity of the correction request, make every endeavor to comply with and respond to the request within the period set by the Ordinance.
DIRECT MARKETING
In accordance with the requirements of the Ordinance, the Company will honor an individual’s request not to use his or her personal data for the purposes of direct marketing. Should you wish not to receive direct marketing material from the Company, please write to the Company at the address listed below.
Any such request should clearly state details of the personal data in respect of which the request is being made. Specifically, we request that you include the corresponding Company assigned account numbers which are printed on the Company’s statements/invoices. Please also state clearly the authority under which you are authorized to make such a request.
Unless otherwise instructed as per the above, the Company may use any of the data collected in the normal course of its business for marketing purposes.
RECRUITMENT AND EMPLOYMENT
RECRUITMENT
During the recruitment process, job applicants may be required to provide sufficient personal data so that the Company may, as appropriate and/or applicable:
(a) Assess the applicant’s suitability for the position being applied for;
(b) Assess the applicant’s suitability for other positions the Company may have available;
(c) Determine preliminary remuneration and benefit packages;
(d) Verification of credentials and/or experience; and
(e) Perform security vetting and/or integrity checking
At a minimum, such personal data will include:
(a) The applicant’s name and contact details, including address and telephone number(s);
(b) Previous employment and relevant experience; and
(c) Education and relevant training.
Additional information may also be required dependant on the nature of the position being applied for.
The applicant is responsible for ensuring all personal data they provide is accurate and complete. The provision of inaccurate information or the withholding of requested information may prevent the Company from making an offer of employment, invalidate such offer if the inaccuracy or omission is discovered after an offer has been made, or lead to termination of employment if the inaccuracy or omission is discovered after employment has commenced.
The personal data so provided may be transferred to persons within the Company who are involved in the assessment of the applicant’s suitability for the position applied for and/or other positions, which may be, or may become, available within the Company. The data may also be transferred to other third parties, such as investigation agencies, as are necessary to satisfy the purposes set out above.
The Company shall retain the personal data of unsuccessful applicants for future recruitment purposes for a period of two years from the date of application. The personal data of successful applicants shall be retained for the duration of their employment by the Company and as described below under the heading of “Employment, Including Post Employment”.
In respect of the Company’s practices regarding matters not directly addressed in this section “Recruitment”, the practices, and procedures set out in the preceding sections of this Privacy Policy Statement shall apply.
EMPLOYMENT, INCLUDING POST EMPLOYMENT
In the course of employment by the Company, personal data of employees and their families, as appropriate, will be collected and used on an ongoing basis for various Human Resource purposes including but not limited to; administering staffing, performance management, training, career development, salary and benefits administration, communication, medical benefits, provident fund administration, insurance, taxation, welfare and providing information in compliance with legal requirements. It will be transferred to those internal departments, intra-company, and/or to other third parties as is necessary for the purposes.
The Company retains certain personal data of employees when they cease to be employed by the Company. Such data are required for any residual employment-related activities of the former employee including, but not limited to:
(a) The provision of job references;
(b) Processing applications for re-employment;
(c) Matters relating to retirement benefits; and
(d) Allowing the Company to fulfil contractual or statutory obligations.
Further details regarding the Company’s polices and practices in respect of its handling of personal data relating to its employees, including post employment, are included in the Company’s Human Resources Policies and Staff Handbooks.
THE COMPANY’S PERSONAL DATA (PRIVACY) ORDINANCE CONTACT DETAILS
All enquiries regarding the Company’s compliance with its obligations under the Ordinance should be in writing to:
Head Office – Kwun Tong
Room 1101-1105, 11/F Liven House, 61-63 King Yip Street, Kwun Tong,
Kowloon, Hong Kong
Or via email to: [email protected]
(If there is any inconsistency or conflict between the English and Chinese versions, the English version shall prevail.)