Statement of Policy Privacy Principles
It has been our policy and priority to safeguard any information provided by our customers or other data subjects. In addition to our duty of confidentiality to customers, we shall at all times fully observe the Ordinance in collecting, maintaining and using the personal data of customers. In particular, we observe the following principles, save otherwise appropriately agreed by the customers:
(i) collection of personal data from customers shall be for purposes relating to provision of products or services offered by or through the Company or related purposes;
(ii) all practical steps will be taken to ensure that personal data is accurate and will not be kept longer than necessary or will be destroyed in accordance with the internal retention period;
(iii) personal data will not be used for any purposes other than those intended at the time of collection or purposes directly related thereto;
(iv) personal data will be protected against unauthorized or accidental access, processing, erasure, loss or use of that data;
(v) customers have the right of access to and for correction of their personal data held by us and that customers’ request for access or correction will be dealt with in accordance with the Ordinance; and
(vi) on the first collection of your personal data in applying our services, you will be provided with an opportunity to opt out from the use of your personal data in direct marketing.
A customer’s personal data is classified as confidential and can only be disclosed by us where permitted by the Ordinance or otherwise legally compelled to do so. However, to the extent permitted by law, your personal data will be transferred to third parties who provide services to GRTalent Consulting Limited and its group members (together, the “Group”) in connection with the operation of its business.
Statement of Practice
Kind of Personal Data to be Collected and/or Held by the Company and Main Purposes of Using Personal Data
There are two broad categories of personal data held in the Company. They comprise personal data contained in the following:
1. Personal data related to customers, which are necessary for customers to supply to the Company from time to time in connection with
- To respond to your inquiries and fulfill your requests, such as to send you newsletters or to respond to your questions and comments.
- To send administrative information to you, for example, information regarding the Sites and changes to our terms, conditions, and policies. Because this information may be important to your use of the Sites, you may not opt-out of receiving these communications.
- To complete and fulfill your purchase and/or your donation, for example, to process your payments, have your service delivered to you, communicate with you regarding your purchase and provide you with related customer service.
- To provide you with updates and announcements concerning our products, promotions and programs and to send you invitations to participate in special programs.
- To allow you to contact and be contacted by other users through the Sites, as permitted by the applicable Site.
- To permit you to participate on message boards, chat, profile pages and blogs and other services to which you are able to post information and materials (including our Social Media Pages).
- For our business purposes, such as analysing and managing our businesses, market research, audits, developing new products, enhancing our Sites, improving our services and products, identifying usage trends, determining the effectiveness of our promotional campaigns, tailoring the Sites experience and content based on your past activities on the Sites, and gauging customer satisfaction and providing customer service (including troubleshooting in connection with customer issues).
- The company use information collected by browsers or your device for statistical purposes as well as to ensure that the Sites function properly.
- The company may use your device’s physical location to provide you with personalized location-based services and content. The company may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns.
- As the company believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
- Your personal data will be processed by GRTalent both within and outside the Hong Kong, primarily for the purpose of completing your booking, providing you with the products and services that you have ordered (including travel insurance coverage), and for customer service and marketing activities. Because our servers are located in the HK, our sales teams are based in local offices globally, our head office is in HK, and the schools where the students chooses to take the classes are globally, we may share your personal data with our corporate affiliates, claims handlers and business partners both within and outside the HK. The business partners that we share information with are only such that need access to the Personal Information to process the order that you have placed on the Sites, such as transportation assistance, accommodation, or schools, and they will only receive the information necessary for that purpose. No business partner will receive your Personal Information for their own marketing purposes.
2. Personal data related to employment, which include but not limited to resume, application forms, references, appraisal and disciplinary records; personal contact details; salary and incentive, bonus and double pay, pension and benefits; records of medical, security and financial checks; staff company account(s) and tax details; information of family member(s), etc.
We are committed to keeping secure the personal information held by us. It is the policy of the Company to ensure an appropriate level of protection for personal data in order to prevent unauthorized or accidental access, processing, erasure, loss or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by occurrence of any of the said events. We take all reasonable precautions to protect the personal information we hold from misuse and loss and from unauthorized access, modification or disclosure. We have a range of practices and policies in place to provide a robust security environment. We ensure the ongoing adequacy of these measures by regularly reviewing them.
Our security measures include, but are not limited to:
- educating our staff as to their obligations with regard to personal information;
- encrypting data sent from your computer to our systems during Internet transactions and customer access codes transmitted across networks;
- employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorized persons and viruses from entering our systems;
- using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;
- ensuring security controls in place to protect against unauthorized access to buildings.
Retention of Personal Data
All practicable steps will be taken to ensure that personal data will not be kept longer than necessary for the fulfillment of the purposes (including any directly related purpose) for which the data is or is to be used and the compliance of all applicable statutory requirements. Different retention periods apply to the various kinds of personal data collected and held by the Company in accordance with internal retention policy.
Collection of Personal Information
According to the Company’s policy, the Company and the company service providers may collect Personal Information in a variety of ways, including:
- We may collect Personal Information through the Sites, e.g., when you sign up for a newsletter or make a purchase.
- We may collect Personal Information from you offline, such as when you contact customer service.
- We may receive your Personal Information from other sources, such as public databases; joint marketing partners; social media platforms; from people with whom you are friends or otherwise connected on social media platforms, as well as from other third parties. For example, if you elect to connect your social media account to your Website account, certain Personal Information from your social media account will be shared with us, which may include Personal Information that is part of your profile or your friends’ profiles.
- Certain information is collected by most browsers or automatically through your device. We use this information for statistical purposes as well as to ensure that the Sites function properly.
- Your “IP Address” is a number that is automatically assigned to the computer or device that you are using by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever a user visits the Sites, along with the time of the visit and the page(s) that were visited.
- When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
- Information from you such as date of birth, gender and zip code, as well as other information, such as your preferred means of communication, may be collected when you voluntarily provide this information.
- We may collect the physical location of your device.
The Company will not collect any personal information that identifies a visitor to this site unless specified otherwise. Only the IP address of the visitor and the pages the visitor visited will be recorded. Such information will be used to prepare aggregate information about the number of visitors to the site and general statistics on usage patterns of the site.
Data Access and Correction
The company processes your personal data in compliance with applicable privacy and data protection legislation. If you have questions about GRTalent processing of your personal data, or would like to have a copy of the information GRTalent holds about you, or have inaccurate personal data rectified or erased, please contact us.
Request for access to data or correction of data or for information regarding policies and kinds of data held should be addressed to:
GRTalent Consulting Limited
18/F, 50 Wing Lok Street, Sheung Wan, Hong Kong
(Last updated: June 29, 2016)