As a responsible business Hysan respects personal data privacy and is committed to fully implementing and complying with the data protection principles under the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (the “Ordinance”).
Our privacy principles are:
- Hysan only collects personal data which we believe to be relevant and required to conduct our business.
- Hysan will use your personal data only for the purpose for which the data is collected or for a directly related purpose, unless consent for a new purpose is obtained from you.
- Hysan will keep your personal data accurate and up-to-date.
- Hysan has implemented various physical, electronic and management measures to safeguard and secure the personal data we collect.
1. Kinds of Personal Data Collected and Held
1.1 We collect and hold the following broad categories of personal data (“Data”) depending on our engagement with you:
a) Tenant records: including name, contact details, company name, business title and other information supplied by tenants and collected in connection with tenant services and related activities;
b) Customer records: including salutation, name, gender, marital status, month of birth, age range, company name, business title, education background, telephone number, fax number, email address, correspondence address, membership numbers, photograph, bank details, credit card/debit card/stored value card information, mobile payment and other payment information, identification proof, document or numbers, vehicle plate number, social media account details (e.g. user names or account numbers), relevant log-in information that customers use to access our products and services, information regarding customer spending, geographical location, and if you log-in to our websites, applications or WiFi services via your social media accounts, we may collect such log-in details and other information you have made available on the relevant social media site, and other information supplied by customers and collected in connection with our loyalty club programmes and surveys;
c) Personnel records: including Hysan personnel details, job particulars, details of salary, payments, benefits, leave and training records, group medical insurance records, mandatory provident schemes participation, performance appraisals and disciplinary matters;
d) Consultant and contractor records: including name, contact details and other information of any individual employed or engaged by service providers in the fields of construction, information technology, marketing and other areas providing necessary services required by Hysan;
e) Records collected on webservers, mobile or digital media: including email addresses, browsing preferences, MAC addresses and IP addresses (whereas they constitute personal data under specific circumstances that the addresses can be used to identify an individual) collected for newsletter subscription, online enquiries, membership log-in or otherwise. Note that if the WiFi function on your device has been enabled, the MAC address and IP address of your device may be collected, even if the device is not connected to our WiFi services;
f) Other records: including records of visitors to the premises operated by Hysan, members of the public making enquiries or responding to our surveys, business partners, officers, shareholders, investors and other operational and administrative records that contain personal data, and other information as may be set out in the relevant form or collection channel.
2. Purposes for which the Data are Collected and Used
2.1 We may use the Data for the following main purposes (or any directly related purpose):
a) Tenant records: for providing tenant and property management services and related activities, maintaining tenant accounts, managing moving in and out of Hysan premises or car parks, processing rental receivables, responding to and follow up enquiries;
b) Customer records: for communication, providing rewards or benefits for loyalty club programmes, administration of loyalty club membership including verification of identity, accumulating and redeeming reward points, handling requests for and providing services, membership, redemption or benefits, providing, targeting and customising marketing communications and materials to you (subject to your prior consent), market research and analysis, data analytics or any other purposes which the customer has been notified of and consented to;
c) Personnel records: for recruitment and human resource management purposes, relating to such matters as employees’ appointment, employment benefits, termination, performance appraisal and discipline;
d) Consultant and contractor records: engaging, monitoring, managing and appraising relationships with consultants and contractors who are and/or engage or employ individuals to provide services to Hysan;
e) Records collected on webservers, mobile device or digital media: for sending newsletters to subscribers registered through websites and providing marketing materials and replies to enquiries, and for market research and data analytics; and
f) Other records: for various purposes varying according to the nature of the records, including for administration and operation of the Hysan premises (including the provision of car park services and information), handling enquiries from members of the public and carrying out daily business.
- for communicating with you;
- for our daily operation and administration;
- for market research and data analytics;
- subject to your consent, for direct marketing (see below paragraph on direct marketing);
- for identification and verification;
- for enforcing our legal rights;
- for complying with legal or regulatory obligations applicable to any Group member;
- for handling your enquiries or requests; and
- for any other purposes to which you may from time to time agree.
2.2 If we wish to use your personal data for a new purpose (other than the purposes (if any directly related purpose) outlined above, we will obtain your consent in advance.
2.3 We will not sell or rent the Data provided to us, or knowingly or intentionally use or share the Data in ways unrelated to the purposes aforementioned.
3. Disclosure and Transfer of Data
3.1 We may disclose and transfer the Data you provide or which are otherwise collected by us to the following parties and other persons who we consider appropriate (whether local or overseas) in connection with the purposes set out above (or any directly related purpose):
a) any member of the Group (including different divisions within each Group entity);
b) any of our agents, professional advisers, contractors, service providers, or any persons under a duty of confidentiality to us;
c) our business associates or partners whom you may from time to time agree;
d) our successors or assigns (whether actual or proposed) under an acquisition, sale or restructuring of the business and/or assets of any member of the Group, or any assignee of our rights;
e) any person to whom we are under an obligation to make disclosure under the requirements of law or a court order of any jurisdiction or to any government or law enforcement authorities or administrative organs as requested;
f) any person to whom we believe in good faith that disclosure is otherwise necessary or advisable including to protect our rights or properties or in circumstances which we consider to be related to any of the purposes for which the Data are collected; and
g) to any person when we have reason to believe that disclosing the Data to such person is necessary to identify, contact or bring or defend legal action against someone, e.g. anyone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
3.2 The Data you provide to us may also be sourced from or transferred to other jurisdictions outside Hong Kong for the purposes mentioned above, and you explicitly consent to and accept all risks of such transfer. We will try to ensure, as far as possible and practicable, that Data sourced or transferred outside Hong Kong is protected to standards in line with the requirements of the Ordinance, subject to any other requirements and limitations of the particular jurisdiction.
4. Data Security and Retention
4.1 Subject to any legal and regulatory requirements, the Data you provide to us will be kept by us in the appropriate form only for as long as is necessary to fulfil the purposes mentioned above, after which it will be destroyed.
4.2 In order to ensure the correct use and to maintain the accuracy of Data collected from you, as well as to prevent unauthorised or accidental access, processing, erasure or other use of the Data, we have implemented various physical, electronic and management measures to safeguard and secure the Data we collect and have appropriate security policies in place. However, we cannot guarantee that data transmission over the internet or other media is completely secure.
5. Our Commitment to Children’s Privacy
Protecting the privacy of children is our primary concern. If you are under the age of 18, you should obtain consent from your parent or guardian before providing us with your Data.
6. Direct Marketing
6.1 We may only use your personal data for the purposes of direct marketing if you have consented to such use. You may indicate your consent to us to use your personal data for direct marketing by selecting the relevant option in the appropriate online or paper form or any other means submitted to us.
6.2 You can withdraw your consent for use by us of your Data for direct marketing at any time by sending an email to our Data Privacy Officer at firstname.lastname@example.org or as indicated in the relevant materials.
7. Cookies and Other Tracking Mechanisms
7.1 We may automatically collect information about your computer or device, including where available your IP address, device ID, MAC address, operating system and browser type, when you access our website or applications or use our WiFi services. This is statistical data which does not reveal your identity. Similarly, cookies may be left on the hard drive of your computer, mobile phone or other devices.
7.3 We use analytics tools to automatically measure how visitors interact with content on our websites and applications, or in relation to your use of our WiFi services. If you log-in to our websites, applications or WiFi services via your social media accounts, we may collect information you have made available on the relevant social media site and link your interaction with us to such information. Where you have consented to direct marketing, we may also engage social media sites or send you push notifications via mobile applications to show you advertisements that are customised (which may be automatic) based on analysis of any Data we may retain in relation to you, your interactions with us and/or aggregated and anonymous non-personally identifiable information we collect via analytics technologies.
7.4 We may feature embedded links, “share” buttons or widgets on our websites or applications to enable you to connect to third party sites, including social media sites. These third party sites may set cookies which can identify you as an individual when you are logged in to their services. We do not control these cookies or how these sites collect and handle your Data. You should read the relevant third-party sites for their privacy policies before submitting any Data to these sites. We have no control over and are not responsible or liable for the contents of third party sites or third party posts on our social media accounts.
7.5 We may use analytic technologies to collect non-personally identifiable information about you on an aggregated and anonymous basis, such as information captured by devices in real-time during your visit (e.g. visitor counts and information), and those which are collected via our WiFi services through your WiFi enabled device (even if it is not connected to our WiFi services) (e.g. IP address, MAC address, location data, visitor statistics and preferences, activity patterns and device information). If you do not wish us to collect the aforesaid information via our WiFi services, then you can turn off the WiFi on your device. We use this data for research and analytics purposes, including helping us to study activity patterns and visitor preferences in order to improve service experience. If you are a member of one of our loyalty programmes, and you sign in to use our WiFi services through your membership log-in details, such non-personally identifiable information may be linked to any Data we may retain in relation to you, and if you have consented to receive direct marketing materials, we may provide you with targeted advertisements, content, features, deals and offers through push notifications via our mobile applications. Otherwise this data will not be linked to any Data we may retain in relation to you, and cannot be used to identify or re-identify you.
8. How to Access or Correct Your Data or Contact Us
8.1 You are entitled to access or correct any Data related to you held by us. If you wish to obtain a copy of any of your Data or if you believe that the Data related to you which we collect and maintain is inaccurate, please contact our Data Privacy Officer at email@example.com or at the following address:
Data Privacy Officer
Hysan Development Company Limited
50/F, Lee Garden One
33 Hysan Avenue
8.2 In accordance with the terms of the Ordinance, we have the right to charge a reasonable fee for the processing of any data access request.
8.3 You may also contact us at the above details for any other data privacy related matters.
10.1 This Notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.
Last version date: September 2020