Group E Company Limited (“Group E”) observes rights of privacy as granted by laws to our potential customers and customers (collectively “Customer” hereinafter) when it collects, retains, uses and transfer personal data. This Policy aims to set out Group E’s privacy policies and practices in relation to the personal data it handles. Customer may read and understand the following policies and practices of handling personal data. Group E has the rights to amend or alter relevant content from time to time without notice to particular Customer.
It is Group E’s policy to observe Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong laws (“Ordinance”). We use our best endeavours to require our staff to comply with relevant requirements. Supervisory staff should also explain this Policy to his/her subordinates in order to ensure that all staff members are well informed and comply with.
In this Policy, “personal data” means any information (e.g. example name, email address, policy number, gender, phone number, date of birth, occupation, income, education level etc.) that can practically ascertain identity of particular person.
1. Purpose and manner of collection of personal data
1.1 Group E collects necessary personal data for a lawful purpose directly related to its insurance function or activity by lawful and fair means. In respect of the purpose of collection, the data so collected should be adequate but not excessive. If Customer does not provide relevant personal data, Group E will be unable to provide services to those Customers who refuse to provide necessary data.
1.2 The personal data of Customer collected and retained by Group E may be used for the following purposes:
a. handle daily operations of relevant insurance or financial products or services, including amendment, termination or renewal;
b. handle, investigate or analyse claims application;
c. (with Customer’s consent – please refer to clause 3.2 below) direct marketing, including but not limited to marketing by electronic or other means, market products or services in relation to insurance or finance provided by Group E or jointly provided by Group E and other companies;
d. comply with laws or regulations that are applicable to Group E or its group companies; and
e. use for investigation, statistics and research purposes.
1.3 Every time Group E on collects personal information from Customer, Group E shall provide Customer with appropriate Personal Information Collection Statements where such provision includes but not limited to providing application form with the statement printed thereon, showing at counter, posting the statement conspicuously, showing on website etc.
1.4 We may make voice record when Customer makes or picks up customer services and/or enquiry phone calls, as well as at the time of making complaint. If voice records are made, the purposes of making such records includes services quality management, staff performance evaluation, management and development etc. Unless there is a declaration during phone calls, the voice record is not personal data of Customer and not restricted by the Ordinance. The calling person has no statutory, contractual or tortious rights in respect of the said data and is restrained from making claims. Group E shall always ensure that such voice record is prohibited from unauthorized uses or unintentional uses.
2. Accuracy and duration of retention of personal data
2.1 Group E shall take all practicable steps to ensure that personal data is accurate having regard to the purposes (including any directly related purposes) for which the personal data is or is to be used. Where there are reasonable grounds for believing that Customer’s personal data is inaccurate, Group E shall cease using such personal data and providing services to such Customer as well as erase the data. If, according to this Policy, a third party is engaged to process and keep relevant inaccurate data, Group E shall inform relevant third party that the data is inaccurate and use best endeavours to require the third party to rectify the data.
2.2 Group E shall determine the duration of retention of personal data with reference to insurance industry and other applicable regulations. In general, Group E shall retain Customer’s personal data during the term of policy and a period of 7 years after termination of policy in order to comply with relevant regulatory requirements.
3. Use of personal data
3.1 Transfer of Personal Data
For insurance-related purpose, Group E may use, retain, disclose and/or transfer Customer’s personal data to: (1) insurance companies or relevant third party services providers, who provide service or represent Group E to carry out business activities (e.g. loss adjuster, claims investigator, claims handling staff, professional consultants (including physicians and other medical services providers) and call centre); (2) Group E’s related companies; (3) any member of association/confederation of insurance industry; (4) institutions with judicial authority; (5) any person/institution in relation to Group E (within Hong Kong or overseas) for the aforesaid purposes; and/or (6) regulatory and law enforcement bodies (upon court request).
3.2 Direct Marketing
Group E may use Customer’s name, phone number, address and email address for the purpose of marketing insurance products / services, while we will not so use unless we have Customer’s prescribed consent. We shall obtain Customer’s consent before we collect personal data for the purpose of direct marketing. Customer has opportunity to refuse direct marketing. If Customer does not refuse direct marketing at the first instance and decides otherwise later, Customer may request Group E to cease direct marketing.
4. Security of personal data
4.1 Group E shall take all practicable steps to ensure that personal data (including data in a form in which access to or processing of the data is not practicable) held by it are protected against unauthorized or accidental access, processing, erasure, loss or use. For such reason, Group E shall decide practicable steps to ensure security of personal data by having regard to:
a. the kind of data and the harm that could result if any of those things should occur;
b. the physical location where the data is stored;
c. any security measures incorporated (whether by automated means or otherwise) into any equipment in which the data is stored;
d. any measures taken for ensuring the integrity, prudence and competence of persons having access to the data; and
e. any measures taken for ensuring the secure transmission of the data.
4.2 If Group E engages data processor, whether within or outside Hong Kong, to process personal data on Group E’s behalf, Group E will adopt contractual or other means to prevent unauthorized or accidental access, processing, erasure, loss or use of the data transferred to the data processor for processing.
5. Information availability
5.1 Any person may ascertain Group E’s policies and practices in relation to personal data by requesting a copy of this Policy, and be informed of the main purposes for which personal data held by Group E is or is to be used by requesting relevant Personal Information Collection Statement.
5.2 Any person may be informed of the kind of personal data held by Group E by submitting personal data access request (see paragraph below).
6. Access to personal data
Unless exemptions apply, Customer has rights to access copy of and/or correct personal data. If Customer wishes to access or correct personal data, he/she may use Form OPS003 that is provided by the Office of the Privacy Commissioner for Personal Data, and submit to Group E’s data protection office (Tel: 3157 1300; Fax: 3157-1200; Address: Suite 910-911, 9/F., Ocean Centre, 5 Canton Road, Tsim Sha Tsui, Hong Kong.). Group E may charge appropriate administration fee for processing relevant access request.