Protection of Personal Data (Privacy) Policy

(for Customers and Business Partners only)

1.Objectives

1.1 The company as a data user undertakes to comply with the requirements of the Personal Data (Privacy) Ordinance (http://www.pcpd.org.hk) to ensure that personal data kept are accurate, securely kept and used only for the purpose for which they have been collected.

1.2 This Policy provides a framework on how we handle personal data and how we ensure an adequate level of data protection.  This Policy is derived from Yusen Logistics Group - Privacy Policy.

1.3 All staff members who handle identifiable personal data should take extra precaution to ensure that the relevant laws on person data (privacy) are complied with and that effective security measures are adopted to protect personal and sensitive data concerning a wide spectrum of data subjects including employee, customer and third-party data.

1.4 We fully abide by all laws and regulations concerning personal data protection in each country. We fully abide by all laws and regulations concerning personal data protection in each country.

1.5 The EU General Data Protection Regulation (GDPR), adopted in 2016, has come into force in 2018.  The GDPR, which involves new provisions and enhanced rights, has replaced existing data protection laws throughout Europe and introduced significant changes and additional requirements that will have a wide range impact on businesses around the world, irrespective of where they operate.  For details, please check Personal Data (Privacy) Ordinance (http://www.pcpd.org.hk).

2. Guidelines

The Guidelines are based on the following EIGHT (8) Principles to define how personal data may be lawfully used and processed.  We are required to comply with in the collection, use, disclosure and retention of personal data:

 

2.1 Collection of Personal Data

We will use and process personal data lawfully, fairly and in a transparent manner only to the extent necessary for providing our services or performing our contractual obligations.

2.2 Data Minimization

We will keep personal data adequate, relevant and limited to what is necessary in relation to the purpose for which it was provided.  This means that we will not collect personal data in advance or store personal data for (potential) future purposes, unless required or permitted by laws.

 

2.3 Intended Use of Personal Data

We will only use personal data for one or more specified and legitimate purposes.  Personal data will not be used or further processed in any manner incompatible with those purposes. When we need to use personal data beyond the scope of such purposes, we shall obtain your (additional) consent, unless extended use would be permitted by laws or regulations.

 

2.4 Accuracy

We will keep personal data accurate and up-to-date and shall take all reasonable steps to ensure that personal data that is inaccurate will be removed or rectified without delay.

 

2.5 Limited Retention

We will keep personal data no longer than is necessary for the purposes for which the personal data was provided.  Unless otherwise prescribed by laws, personal data that is no longer needed or relevant will be purged or deleted. 

 

2.6 Management of Personal Data

Your personal data is subject to data secrecy.  This means that we will take appropriate technical and organizational measures against unauthorized or unlawful use or processing of your personal data and against accidental loss, destruction or damage of your personal data.

 

2.7 Provision to Third Parties

Unless otherwise permitted by laws and regulations, we will not provide your personal data to any third party without your consent.  (Please also counter-check to #3.3)  In addition, your personal data will not be transferred to another country or territory unless that country or territory will ensure an adequate level of data protection.

 

2.8 Inquiries, Corrections, and Erasure of Personal Data

We acknowledge that you have the right to know which of your personal data we hold and have the right to access your personal data for rectification, removal or object to the (automated) processing of it.  We will respond promptly in a suitable and reasonable manner to any inquiry from you about your personal data or requests for corrections or erasure.  If needed, please contact Human Resources and Administration Division for further assistance.

3. Processing of Customer and Third-Party Data

To use, collect and process personal data of customers, suppliers and/or other third-parties will only be permitted under the following conditions:

 

a. Data Processing for Contractual Relationship

  • We will only use and process personal data of relevant prospects, customers, suppliers and/or other third-parties in order to establish, execute or terminate a contract.
  • Prior to entering into a contract, personal data may be processed to prepare bids, RFQs, or purchase orders and/or to fulfill other requests of the customers.
  • We may contact customers in a pre-contractual phase by using the information that it has provided.
  • Where appropriate, we will observe any restrictions requested by the customer relating to the use and/or processing of personal data.

 

b. Data Processing for Advertising Purposes

  • Personal or customer data may be processed for advertising or market and opinion research, provided that this is consistent with the purpose for which the data was originally collected or provided.
  • Where appropriate, we will inform our customer about the use if his/her personal data for advertising purposes.
  • If the customer objects to the use of its personal data for advertising purposes, we will no longer use the data and block if from being used.

c. Consent to Data Processing

  • Personal data will only be processed following consent of the customer or data subject. We will duly inform the customer and data subjects about the use and purpose of its personal data before giving consent.
  • Although consent may be withdrawn at any time, withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

d. Data Processing pursuant to Legal Authorization

  • Customers should be aware that the processing of personal data may (also) be permitted if legislation requires to do so.
  • The type and extent of such data processing should be necessary for the lawful and authorized data processing activity and we will, in such a case, observe all relating and relevant statutory provisions.

4. Contact us

If you have any questions about the policy, please feel free to contact our Compliance Officer as below:-

 

Compliance Officer Ms. Justine Liu
Division Human Resources and Administration Division
E-mail Justine.liu@hk.yusen-logistics.com