PERSONAL DATA (PROTECTION)

 

Objective

The Company observes the principles of the Personal Data (Privacy) Ordinance and has formulated these Personal Data Protection Policies to ensure the confidentiality, security, accuracy and proper usage of all employees’ personal data, and provide practical guidance to relevant personnel of the Company on how to properly handle personal data received from perspective employees (job applicants) and current employees.

This Policy is applicable to all prospective employees, current full-time or part-time, permanent or temporary employees.

1. Recruitment

1.1 Apart from stating job title, requirement and job duties, recruitment advertisements will ask job applicants                  (“applicants”) to provide detailed resume, expected salary and availability. The following statement will be made on the Company’s recruitment advertisements:

“Personal data collected will be treated in the strictest confidence and only be used for recruitment-related purposes.”

The contact information of the Company, e.g. company name and e-mail address will also be stated in the advertisement.

All personal data of unsuccessful applicants will be destroyed within 6 months.

1.2 All personal data received via mail, fax, e-mail, referrals from staff or recruitment agencies, printed forms, face-to-face or telephone interview from applicants, will only be reviewed by designated staff of the Company. Applicants should complete a Job Application Form and present identity card or valid document to the Company to prove his/her right to work in Hong Kong. The document of income-proof may be required to provide as part of application procedure. In the Application Form such individual should also sign to authorize the Company to contact his/her former employers or parties concerned for reference.

1.3 Personal data will only be disclosed to concerned parties, namely HR staff and line manager and/or division head of hiring division.

1.4 When applicants are referred to different divisions from their original application, consent from the applicants must be obtained before disclosing their personal data to that divisions, unless such personal data was received in response to job advertisement that states that the personal data collected may be used for consideration of other positions in the Company.

1.5 If additional personal data is required from the applicant, the purpose of requesting such additional personal data will be made known to the applicant prior to receipt of the same.

1.6 Only relevant additional personal data shall be requested from the applicants.

1.7 HR shall be responsible for handling requests for return of or access to personal data of applicants.

1.8 Personal data will be returned or made accessible to the applicant upon receipt of duly signed written request provided that the relevant personal data has not been destroyed by the Company.

1.9 All written requests for access and return of personal data of applicants must be centrally filed in HR division. Reason(s) for refusing to grant access or return the personal data shall be recorded in a logbook. The records in the logbook shall be kept for one year.

1.10 HR shall be responsible for destroying the personal data of unsuccessful applicants within 6 calendar months. This will be mentioned in the rejection letter, if any, sent to the unsuccessful applicants.

1.11 Line managers and division head of hiring division will not normally possess applicants’ personal data, including but not limited to resume, testimonial, income proof, interview assessment and any other related information and will return the same to HR upon completion of the recruitment or receipt of request from HR at any time.

2. Employees & Ex-employees

2.1 Collection of Personal Data from Newly Employed & Current Employees

2.1.1 As soon as the appointment has been confirmed, the new employee is requested to provide personal data on him/her and his/her immediate family members. The personal data provided by the employees to the Company will mainly be used for the following purpose:

1. i) Used by different departments for internal purposes, e.g. payroll processing, benefits administration, tender submission, emergency contact, tax return;
2. ii) Supplied to third parties which are carefully selected by the Company, e.g. life /medical insurance companies, panel doctors, trustee of Mandatory Provident Fund service provider, auto-pay center of bank.

2.1.2 Prior to collecting personal data from current employees, when necessary, HR will inform employees the purpose of collection of such data, to whom such data will be transferred and whether it is obligatory or voluntary for employees to provide such data unless it is obvious from the circumstances.

2.1.3 HR will not disclose employment-related data of employees to a third party without obtaining the employee’s prior consent unless the disclosure is for purpose directly related to the employment, or such disclosure is required by law or by statutory authorities, and in such case HR will require that the third party protects the employment-related data against unauthorized or accidental access or disclosure.

2.1.4 It is employee’s obligation to keep HR up-to-data of employee’s personal data. To provide updated personal data, or to exercise the right of access to the personal data, the employee shall complete the “Personal Data Update Form” and submit to HR Manager.

2.2 Former Employee’s Personal Data

2.2.1 HR will retain personal data of former employees for 7 years from the data of the former employee ceases employment.

2.2.2 If any public announcement notice regarding a former employee having left the Company, the identity card number for the employee must not be disclosed in the notice.

2.2.3 HR will not provide a reference concerning a former employee to a third party without obtaining prior consent from the employee, or unless the third party has obtained the prior consent of the employee concerned, HR is satisfied with such consent.

2.2.4nFormer employees and current employees, who wish to access his/her own personal data kept by the Company, should complete the “Personal Data Access Form” and submit to HR.

 

2.3 Personal Data Protection

2.3.1 HR will not release personal data of employees to any internal personnel, unless HR has approved in writing.

2.3.2 Personal data are stored as hard copy or electronic copy. The personnel of HR, who are authorized to access personal data of employees, will ensure that the keys for hard copy’s cabinets are properly secured and electronic copies including those attached in emails or distribution are password protected, and that password should not be attached into the same email enclosing personal data. Such personnel must not disclose personal data of employees by any mean to a third party, unless an appropriate written consent or approval has been obtained from HR.

3. The Company reserves the right to amend this Policy at its discretion. Such changes will supersede the pervious policies and practices and will be announced to all employees as soon as practicable.