Lee Kum Kee - Privacy Policy
Statement
GENERAL
This policy
statement provides information on the obligations and policies of the
subsidiaries, affiliates, and associated companies of Lee Kum Kee(hereinafter collectively referred to as the "Company") under the
Hong Kong SAR Personal Data (Privacy) Ordinance 1995 - Cap.486 (the
"Ordinance").
Although
this policy specifically addresses the Company's obligations in respect of the
laws of the Hong Kong SAR, the Company believes the principles embedded in the
Ordinance are equal to any in the world in respect of the protections they
provide to an individual. As such, the Company undertakes to apply, where
practicable, those principles and the processes set out herein to its operations
globally.
Where the
Company's operations are subject to privacy legislation other than that of Hong
Kong SAR, then this policy shall be applied so far as practicable and consistent
with such local legislation
Throughout
this policy, our use of the term "personal data" has the meaning ascribed to it
by the Ordinance.
OUR CORPORATE
POLICY
The Company
shall fully comply with the obligations and requirements of the Ordinance. The
Company's officers, management, and members of staff shall, at all times,
respect the confidentiality of and endeavor to keep safe any and all personal
data collected and/or stored and/or transmitted and/or used for, or on behalf
of, the Company.
The Company
shall endeavor to ensure all collection and/or storage and/or transmission
and/or usage of personal data by the Company shall be done in accordance with
the obligations and requirements of the Ordinance.
Where an
individual legitimately requests access to and/or correction of personal data
relating to the individual, held by the Company, then the Company shall provide
and/or correct that data in accordance with the times and manner stipulated
within the Ordinance.
STATEMENT OF
PRACTICES
Types of Personal Data
Collected
For the
purpose of carrying on the Company's business, including registration and
administration of the Company's web site and related products and services
(including relevant online services), you may be requested to provide personal
data such as, but not limited to, the following, without which it may not be
possible to satisfy your request:
a.
Your
name;
b.
Contact
details, including contact name and telephone number or email address.
In some
instances, you may also be requested to provide certain data that may be used to
further improve our products and services and/or better tailor the type of
information presented to you. In most cases, this type of data is optional
although, where the requested service is a personalized service, or provision of
a product or dependant on your providing all requested data, failure to provide
the requested data may prevent us from providing the service to you. This type
of data includes, but is not limited to:
a.
Your
age;
b.
Gender;
c.
Salary
range and employment details;
d.
Education
and Profession;
e.
Hobbies
and leisure activities;
f.
Other
related products and services subscribed to; and
g.
Family
and household demographics.
The
Company's Web servers may also collect data relating to your online session, the
use of which is to provide aggregated, anonymous, statistical information on the
server's usage so that we may better meet the demands and expectations of
visitors to our sites. This type of data may include, but is not limited
to:
a.
The
browser type and version;
b.
Operating
system; and
c.
The
IP address and/or domain name.
Retention of Personal
Data
The Company
will destroy any personal data it may hold in accordance with our internal
retention policy. The policy states that:
a.
Personal
data will only be retained for as long as is necessary to fulfil the original or
directly related purpose for which it was collected, unless the personal data is
also retained to satisfy any applicable statutory or contractual obligations;
and
b.
Personal
data are purged from the Company's electronic, manual, and other filing systems
in accordance with specific schedules based on the above criteria and the
Company's internal procedures.
Disclosure of Personal
Data
All
personal data held by the Company will be kept confidential but the Company may,
where such disclosure is necessary to satisfy the purpose, or a directly related
purpose, for which the data was collected provide such information to the
following parties:
a.
Any
subsidiaries, holding companies, associated companies, or affiliates of, or
companies controlled by, or under common control with the Company;
b.
Any
person or company who is acting for or on behalf of the Company, or jointly with
the Company, in respect of the purpose or a directly related purpose for which
the data was provided;
c.
Any
other person or company who is under a duty of confidentiality to the Company
and has undertaken to keep such information confidential, provided such person
or company has a legitimate right to such information; and
Personal
data may also be disclosed to any person or persons that have a right under the
Ordinance to gain access to such information provided they are able to prove
their authority to access such information. For example, if the Company were
served with a court order demanding certain customer information then the
Company would disclose the information to the duly appointed officer of the
court or such other persons as the court orders.
Transfer of Personal Data
Outside of Hong Kong
At times it
may be necessary and/or prudent for the Company to transfer certain personal
data to places outside of the Hong Kong SAR in order to carry out the purposes,
or directly related purposes, for which the personal data were collected. Where
such a transfer is performed, it will be done in compliance with the
requirements of the Ordinance.
Security of Personal
Data
Physical
records containing personal data are securely stored in locked areas and/or
containers when not in use.
Computer
data are stored on computer systems and storage media to which access is
strictly controlled and/or are located within restricted
areas.
Access to
records and data without appropriate management authorization are strictly
prohibited. Authorizations are granted only on a "need to know" basis that is
commensurate with an individual's Company responsibilities and their
training.
Records of
the Company are under the control of assigned information officers who are
responsible to ensure the transfer of or access to information is legitimate and
complies with the Ordinance.
Audit
records may be produced to validate data modifications in order to verify the
data's integrity.
There may
be violations logging processes for investigation of any unauthorized attempt to
access information.
Encryption
technology, such as SSL, may be employed for the transmission of data collected
online.
Access and Correction of
Personal Data
Under the
terms of the Ordinance, individuals have the right to:
a.
Check
whether the Company holds any personal data relating to them and, if so, obtain
copies of such data;
b.
Require
the Company to correct any personal data relating to them which is inaccurate
for the purpose for which it is being used; and
c.
Ascertain
the Company's policies and practices in relation to personal data, which are
those policies and practices set out in their entirety herein.
An
individual may exercise his or her right of access by checking it online with
assigned password and login name.
The Company
will, upon satisfying itself of the authenticity and validity of the access
request, make every endeavor to comply with and respond to the request within
the period set by the Ordinance.
An
individual may exercise their right of correction by login to personal data
update with assigned password and login name.
The Company
will, upon satisfying itself of the authenticity and validity of the correction
request, make every endeavor to comply with and respond to the request within
the period set by the Ordinance.
DIRECT
MARKETING
In
accordance with the requirements of the Ordinance, the Company will honor an
individual's request not to use his or her personal data for the purposes of
direct marketing. Should you wish not to receive direct marketing material from
the Company, please write to the Company's Privacy Compliance Officer at the
address listed below.
2-4 Dai Fat Street, Tai Po Ind. Est. Hong Kong
Any such
request should clearly state details of the personal data in respect of which
the request is being made. Specifically, we request that you include the
corresponding Company assigned account numbers which are printed on the
Company's statements/invoices. Please also state clearly the authority under
which you are authorized to make such a request.
Unless
otherwise instructed as per the above, the Company may use any of the data
collected in the normal course of its business for marketing
purposes.
RECRUITMENT AND
EMPLOYMENT
Recruitment
During the
recruitment process, job applicants may be required to provide sufficient
personal data so that the Company may, as appropriate and/or
applicable:
a.
Assess
the applicant's suitability for the position being applied for;
b.
Assess
the applicant's suitability for other positions the Company may have available;
c.
Determine
preliminary remuneration and benefit packages;
d.
Verification
of credentials and/or experience; and
e.
Perform
security vetting and/or integrity checking.
At a
minimum, such personal data will include:
a.
The
applicant's name and contact details, including address and telephone number(s);
b.
Previous
employment and relevant experience; and
c.
Education
and relevant training.
Additional
information may also be required dependant on the nature of the position being
applied for.
The
applicant is responsible for ensuring all personal data they provide is accurate
and complete. The provision of inaccurate information or the withholding of
requested information may prevent the Company from making an offer of
employment, invalidate such offer if the inaccuracy or omission is discovered
after an offer has been made, or lead to termination of employment if the
inaccuracy or omission is discovered after employment has
commenced.
The
personal data so provided may be transferred to persons within the Company who
are involved in the assessment of the applicant's suitability for the position
applied for and/or other positions, which may be, or may become, available
within the Company. The data may also be transferred to other third parties,
such as investigation agencies, as are necessary to satisfy the purposes set out
above.
The Company
shall retain the personal data of unsuccessful applicants for future recruitment
purposes for a period of two years from the date of application. The personal
data of successful applicants shall be retained for the duration of their
employment by the Company and as described below under the heading of
"Employment, Including Post Employment".
In respect
of the Company's practices regarding matters not directly addressed in this
section "Recruitment", the practices, and procedures set out in the preceding
sections of this Privacy Policy Statement shall apply.
Employment, including Post
Employment
In the
course of employment by the Company, personal data of employees and their
families, as appropriate, will be collected and used on an ongoing basis for
various Human Resources purposes including but not limited to; administering
staffing, performance management, training, career development, salary and
benefits administration, communication, medical benefits, provident fund
administration, insurance, taxation, welfare and providing information in
compliance with legal requirements. It will be transferred to those internal
departments, intra-company, and/or to other third parties as is necessary for
the purposes.
The Company
retains certain personal data of employees when they cease to be employed by the
Company. Such data are required for any residual employment-related activities
of the former employee including, but not limited to:
a.
The
provision of job references;
b.
Processing
applications for re-employment;
c.
Matters
relating to retirement benefits; and
d.
Allowing
the Company to fulfil contractual or statutory obligations.
Further details regarding
the Company's polices and practices in respect of its handling of personal data
relating to its employees, including post employment, are included in the
Company’s and Staff Handbooks. They are also available to the Company's
employees from their respective Human Resources
representative.
Human Resources
Department
Lee Kum Kee Company
Limited
2-4 Dai Fat St., Tai Po Ind. Est., Hong Kong
or email to:
总 览
本 政 策 声 明 是 根 据 香 港 特 别 行 政 区 《1995 年 个 人 资 料 ( 私 隐 ) 条 例 》 - 第 486 章 ( “ 条 例 ” ) , 为 李 锦 记 其 附 属 公 司 、 联 营 公 司 及 关 联 公 司 (以 下 统 称“ 本 公 司 ”) 就 其 责 任 及 政 策 提 供 资 料 。
虽 然 此 政 策 特 别 列 出 有 关 本 公 司 于 香 港 特 别 行 政 区 法 例 下 应 负 的 责 任 , 本 公 司 相 信 条 例 中 保 护 个 人 资 料 的 原 则 与 世 界 各 地 有 关 法 例 是 相 同 的 。 因 此 , 在 可 行 的 情 况 下 , 本 公 司 在 世 界 各 地 会 执 行 这 些 原 则 及 此 处 所 制 定 的 程 序 。
当 公 司 的 运 作 受 制 于 香 港 特 别 行 政 区 以 外 的 私 隐 法 例 时 , 此 政 策 将 在 可 行 并 与 该 法 例 相 符 的 情 况 下 实 施 。
此 政 策 内 “ 个 人 资 料 ” 一 词 含 有 条 例 所 解 释 的 意 义 。
本
公
司
政
策
本 公 司 遵 守 条 例 的