Hysan’s Group Privacy Policy Statement
This is the Privacy Policy of the Hysan Group. The Hysan Group comprises Hysan Development Company Limited and each of its subsidiaries including Hysan Leasing Company Limited, Hysan Marketing Services Limited, Hysan Property Management Limited, Hysan Corporate Services Limited, Bamboo Grove Recreational Services Limited, 希慎(上海)房地产有限公司 (Hysan (Shanghai) Properties Limited), 希慎企业管理(上海)有限公司 as well as their holding companies, branches, representative offices and affiliates (collectively the “Group“, “Hysan“, “we“, “us” or “our“).
As a responsible corporation, Hysan respects personal data privacy and is committed to fully implementing and complying with the data protection principles under the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (the “Ordinance“), Personal Information Protection Law of the PRC and other applicable data privacy laws (collectively, “Laws”) in the relevant jurisdictions of which Hysan has operations. In this Privacy Policy, “personal data” shall bear the corresponding meaning of personal data under the applicable laws and regulations applicable in your jurisdiction.
Our privacy principles are:
· Hysan only collects personal data which we believe to be relevant and required to conduct our business.
· Hysan will use your personal data only for the purposes for which the data is collected or for a directly related purpose, unless consent for a new purpose is obtained from you.
· Hysan will keep your personal data accurate and up-to-date.
· Hysan will not transfer or disclose your personal data to any entity that is not a Group entity or not a party as detailed in this Privacy Policy without your consent unless it is permitted or required by law or it was previously notified to you.
· Hysan has implemented various physical, electronic and management measures to safeguard and secure the personal data we collect.
Please read the following Privacy Policy to understand how Hysan handles your personal data collected through various means, including its websites, mobile applications, social media platforms, application forms and other collection channels. By providing your personal data to us, you are consenting to this Privacy Policy and the collection, use, access, transfer, storage and processing of your personal data as described in this Privacy Policy. We may also collect your sensitive personal data and we will collect and use such sensitive personal data strictly in accordance with the applicable laws. The types of sensitive personal data which we may collect are in bold and underlined below.
1. Kinds of Personal Data Collected and Held
1.1 We collect and hold the following broad categories of personal data (“Data”) depending on our engagement with you:
a) Tenant records: (mainly for the provision of tenant and property management services and the relevant activities, etc.) including but not limited to name, contact details, identification proof document or numbers (including facial images shown thereon), date of birth, nationality, family members, company name, business title, bank details and other information supplied by tenants and collected in connection with tenant services and related activities;
b) Customer records: (mainly for the provisions of goods or services, handling enquiries, providing loyalty programmes rewards, handling your membership, etc.) including but not limited to salutation, name, gender, marital status, month of birth, age range, company name, business title, education background, telephone number, fax number, email address, correspondence address, membership numbers, photograph, bank details, credit card/debit card/stored value card information, mobile payment and other payment information, identification proof document or numbers, vehicle plate number, social media account details (e.g. user names or account numbers), relevant log-in information that customers use to access our products and services, information regarding customer spending, geographical location, and if you log-in to our websites, applications or WiFi services via your social media accounts, we may collect such log-in details and other information you have made available on the relevant social media site, and other information supplied by customers and collected in connection with our loyalty club programmes and surveys;
c) Personnel records: (when you apply for a job with us) including but not limited to job application data, basic personal data (e.g. name, personal phone number, personal email address, employment and education history, and other information voluntarily provided to us; (when you are employed by us) including but not limited to Hysan personnel details, job particulars, details of salary, payments, benefits, leave and training records, group medical insurance records, health data, employment records, mandatory provident schemes participation, social security fund/provident fund, performance appraisals and disciplinary matters;
d) Consultant and contractor etc. records: (if you are our consultant, contractor, supplier or service provider) including but not limited to name, contact details and other information of any individual employed or engaged by service providers in the fields of construction, information technology, marketing and other areas providing necessary services required by Hysan;
e) Records collected on webservers, mobile devices or digital media: (when you visit our webservers, mobile devices or digital media) including but not limited to email addresses, browsing preferences, location data, behavioural data, MAC addresses and IP addresses (whereas they constitute personal data under specific circumstances that the addresses can be used to identify an individual) collected for newsletter subscription, online enquiries, membership log-in or otherwise. Note that if the WiFi function on your device has been enabled, the MAC address and IP address of your device may be collected, even if the device is not connected to our WiFi services;
f) Other records: including but not limited to records of visitors to the premises operated by Hysan, members of the public making enquiries or responding to our surveys, business partners, officers, shareholders, investors and other operational and administrative records that contain personal data, and other information as may be set out in the relevant form or collection channel.
2. Purposes for which the Data are Collected and Used
2.1 We may use the Data for the following main purposes (or any directly related purpose):
a) Tenant records: for providing tenant and property management services and related activities, maintaining tenant accounts, managing moving in and out of Hysan premises or car parks, processing rental receivables, responding to and follow up enquiries;
b) Customer records: for communication, providing rewards or benefits for loyalty club programmes, administration of loyalty club membership including verification of identity, accumulating and redeeming reward points, handling requests for and providing services, membership, redemption or benefits, providing, targeting and customising marketing communications and materials to you (subject to your prior consent), market research and analysis, data analytics or any other purposes which the customer has been notified of and consented to;
c) Personnel records: for recruitment and human resource management purposes, relating to such matters as employees’ appointment, employment benefits, termination, performance appraisal and discipline;
d) Consultant and contractor records: engaging, monitoring, managing and appraising relationships with consultants and contractors who are and/or engage or employ individuals to provide services to Hysan;
e) Records collected on webservers, mobile device or digital media: for sending newsletters to subscribers registered through websites and providing marketing materials and replies to enquiries, and for market research and data analytics; and
f) Other records: for various purposes varying according to the nature of the records, including for administration and operation of the Hysan premises (including the provision of car park services and information), handling enquiries from members of the public and carrying out daily business.
g) General:
· for communicating with you;
· for delivering goods or services to you;
· for our daily operation and administration;
· for market research and data analytics;
· subject to your consent, for direct marketing (see below paragraph on direct marketing);
· for identification and verification;
· for enforcing our legal rights;
· for complying with legal or regulatory obligations applicable to any Group member;
· for handling your enquiries or requests; and
· for any other purposes to which you may from time to time agree.
2.2 If we wish to use your personal data for a new purpose (other than the purposes (if any directly related purpose) outlined above, we will obtain your consent in advance.
2.3 We will not sell or rent the Data provided to us, or without your prior consent knowingly or intentionally use or share the Data in ways unrelated to the purposes aforementioned.
3. Disclosure and Transfer of Data
3.1 We may disclose, grant access to, share or transfer the Data you provide or which are otherwise collected by us to the following parties and other persons who we consider appropriate (whether local or overseas) in connection with the purposes set out above (or any directly related purpose):
a) any member of the Group (including different divisions within each Group entity);
b) any of our agents, professional advisers, contractors, service providers, or any persons under a duty of confidentiality to us;
c) our business associates or partners whom you may from time to time agree;
d) our successors or assigns (whether actual or proposed) under an acquisition, sale or restructuring of the business and/or assets of any member of the Group, or any assignee of our rights;
e) any person to whom we are under an obligation to make disclosure under the requirements of law or a court order of any jurisdiction or to any government or law enforcement authorities or administrative organs as requested;
f) any person to whom we believe in good faith that disclosure is otherwise necessary or advisable including to protect our rights or properties or in circumstances which we consider to be related to any of the purposes for which the Data are collected; and
g) to any person when we have reason to believe that disclosing the Data to such person is necessary to identify, contact or bring or defend legal action against someone, e.g. anyone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
3.2 The Data you provide to us may also be sourced from or transferred to other jurisdictions outside Hong Kong or mainland China or jurisdictions where Data is being collected for the purposes mentioned above. We will try to ensure, as far as possible and practicable, that Data sourced or transferred outside Hong Kong or mainland China or jurisdictions where Data is being collected is protected to standards in line with the requirements of the Laws, subject to any other requirements and limitations of the particular jurisdiction, for example, we may seek your consent to the cross-border transfer of personal information as appropriate, or implement security measures such as data de-identification before transfer. If you are located in mainland China, you can email us at data.officer@hysan.com.hk for further information about the recipients of the Data.
4. Data Security and Retention
4.1 Subject to any legal and regulatory requirements, the Data you provide to us will be kept by us in the appropriate form only for as long as is necessary to fulfil the purposes mentioned above, after which it will be destroyed.
4.2 In order to ensure the correct use and to maintain the accuracy of Data collected from you, as well as to prevent unauthorised or accidental access, processing, erasure or other use of the Data, we have implemented various physical, electronic and management measures to safeguard and secure the Data we collect and have appropriate security policies in place. However, we cannot guarantee that data transmission over the internet or other media is completely secure.
5. Our Commitment to Children’s Privacy
5.1 For the purpose of this Privacy Policy, we regard minors under the age of 14 as children. Protecting the privacy of children is our primary concern.
5.2 Our site and services are primarily intended for adults. If you are under the age of 14, you should obtain consent from your parent or guardian before providing us with your Data. We will only use or disclose the Data as permitted by laws, with the explicit consent of your parent or guardian, or as necessary to protect children.
5.3 In addition to complying with the provisions of this privacy policy, we will also uphold the principles including necessity, informed consent, clear purpose, security, and lawful use, and also strictly abide by the requirements in respect of the protection of children’s personal information by the relevant laws and regulations. However, please note that in most cases, we cannot identify or ascertain whether the personal information collected and processed is children’s personal information and its accuracy.
5.4 In the event that we become aware of the collection of personal data of children without the prior consent of the parent or guardian, we will take appropriate measures to delete such personal data as soon as possible. If you are the parent or guardian of the relevant children and wish to report any such potential unauthorised collection, please contact us at data.officer@hysan.com.hk to request to delete personal information of children.
6. Direct Marketing
6.1 We may only use your personal data for the purposes of direct marketing if you have consented to such use. You may indicate your consent to us to use your personal data for direct marketing by selecting the relevant option in the appropriate online or paper form or any other means submitted to us.
6.2 You can withdraw your consent for use by us of your Data for direct marketing at any time by sending an email to our Data Privacy Officer at data.officer@hysan.com.hk or as indicated in the relevant materials.
7. Cookies and Other Tracking Mechanisms
7.1 We may automatically collect information about your computer or device, including where available your IP address, device ID, MAC address, operating system and browser type, when you access our website or applications or use our WiFi services. This is statistical data which does not reveal your identity. Similarly, cookies may be left on the hard drive of your computer, mobile phone or other devices.
7.2 Cookies are small text files that are stored on your browser and the hard drive of your computer, mobile or other handheld device. We use cookies and other tracking mechanisms mentioned above for system administration, to track information about your use of our websites or mobile applications and to automatically improve and personalise your browsing and user experience (e.g. Google Analytics and functionality cookies). By accessing our website or applications, you provide your consent to the use of cookies pursuant to the above. You may choose to accept or refuse cookies by adjusting the settings of your web browser. However, if you select to refuse cookies, you may not be able to fully access certain functions or information contained on our website or applications.
7.3 We use analytics tools to automatically measure how visitors interact with content on our websites and applications, or in relation to your use of our WiFi services. If you log-in to our websites, applications or WiFi services via your social media accounts, we may collect information you have made available on the relevant social media site and link your interaction with us to such information. Where you have consented to direct marketing, we may also engage social media sites or send you push notifications via mobile applications to show you advertisements that are customised (which may be automatic) based on analysis of any Data we may retain in relation to you, your interactions with us and/or aggregated and anonymous non-personally identifiable information we collect via analytics technologies.
7.4 We may feature embedded links, “share” buttons or widgets on our websites or applications to enable you to connect to third party sites, including social media sites. These third party sites may set cookies which can identify you as an individual when you are logged in to their services. We do not control these cookies or how these sites collect and handle your Data. You should read the relevant third-party sites for their privacy policies before submitting any Data to these sites. We have no control over and are not responsible or liable for the contents of third party sites or third party posts on our social media accounts.
7.5 We may use analytic technologies to collect non-personally identifiable information about you on an aggregated and anonymous basis, such as information captured by devices in real-time during your visit (e.g. visitor counts and information), and those which are collected via our WiFi services through your WiFi enabled device (even if it is not connected to our WiFi services) (e.g. IP address, MAC address, location data, visitor statistics and preferences, activity patterns and device information). If you do not wish us to collect the aforesaid information via our WiFi services, then you can turn off the WiFi on your device. We use this data for research and analytics purposes, including helping us to study activity patterns and visitor preferences in order to improve service experience. If you are a member of one of our loyalty programmes, and you sign in to use our WiFi services through your membership log-in details, such non-personally identifiable information may be linked to any Data we may retain in relation to you, and if you have consented to receive direct marketing materials, we may provide you with targeted advertisements, content, features, deals and offers through push notifications via our mobile applications. Otherwise this data will not be linked to any Data we may retain in relation to you, and cannot be used to identify or re-identify you.
8. How to Access or Correct Your Data or Contact Us
8.1 You are entitled to access, correct or delete any Data related to you held by us, or exercise your other rights in relation to your Data under the applicable laws. If you wish to obtain a copy of any of your Data or if you believe that the Data related to you which we collect and maintain is inaccurate or wish to request to delete, or if you wish to exercise your other rights under the applicable laws, please contact our Data Privacy Officer at data.officer@hysan.com.hk or at the following address:
Data Privacy Officer
Hysan Development Company Limited
50/F, Lee Garden One
33 Hysan Avenue
Causeway Bay
Hong Kong
8.2 In accordance with the terms of the Ordinance (if applicable) and other applicable laws, we have the right to charge a reasonable fee for the processing of any data access request.
8.3 You may also contact us at the above details for any other data privacy related matters.
9. Access to Data Privacy Policy
9.1 You may access and obtain a copy of our Data Privacy Policy, as amended from time to time, on our website at www.hysan.com.hk/privacy-policy-statement/ so that you are always informed of the way we collect and use your Data.
9.2 We amend or update this Privacy Policy from time to time without prior notice. You are advised to visit the above website regularly for the latest version of this Policy. If the amendments or updates of this Privacy Policy involves substantial changes, we will seek for your explicit consent subject to the circumstances and in accordance with the applicable laws.
9.3 We will not derogate your rights under this Privacy Policy without your express consent.
10. Language
10.1 This Notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.
Last version date: June 2023