This Policy sets out the policies and practices of Hong Kong Cyberport Management Company Limited and all subsidiaries of which it forms part (“Cyberport” or “We”) in relation to the handling of personal data in respect of or collected through the platform of iTalent.
We collect and use personal data in the Hong Kong Special Administrative Region (“Hong Kong”) and this Policy is formulated in accordance with the applicable laws of Hong Kong.
We respect privacy. Cyberport is committed to complying with all applicable personal data privacy laws and regulations.
When we collect and process personal data, we will ensure that there is legal basis for us to do so – including but not limited to issuing a Privacy Notice and/or fulfilling any other requirements as provided under all applicable laws.
We collect personal data in five broad categories as set out below (the “Categories of Personal Data”):
All processing of personal data shall be conducted according to the data protection principles as follows:
We have also kept a data inventory and data flow process to determine various aspects of our data processing, including:
Such data inventory would facilitate Cyberport in tracking its data and the related processing activities, and put us in a better position to comply with the relevant privacy and other laws and regulations.
We ensure that there is a legal basis for our collection and processing of personal data.
Such legal bases include: (i) legitimate interests of Cyberport in processing personal data; (ii) compliance with applicable laws or regulations, after having sought your specific consent to process such personal data; and/or (iii) any other relevant basis under applicable laws and regulations.
If Cyberport processes personal data under the "legitimate interests" legal basis, it means that the processing of the personal data is necessary for the legitimate interest pursued by Cyberport, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which requires the protection of personal data.
In each relevant situation, we assess: (i) what these legitimate interests are; (ii) whether it is necessary to process such data to attain the objective; and (iii) the relevant rights of the data subjects. We will then balance such rights against our interests in achieving such objective, and ensure that such rights do not override Cyberport’s legitimate interests before we conclude that Cyberport can process the personal data on the basis of legitimate interests.
All data subjects will be informed of our collection of their personal data, the Categories of Personal Data concerned and the purpose of processing. This is to ensure that the data subjects are clear about our collection and processing of personal data and such collection and processing are within the data subjects’ reasonable expectations. Please be informed that all data subjects can object to our collection and processing of their personal data at any time, in addition to their rights of requesting for accessing and/or correcting their personal data in our possession.
We have also implemented appropriate mechanisms, policies and procedures to protect the confidentiality and security of the personal data that we collect and process, as we respect the privacy and related rights of the data subjects relating to such personal data by reducing the risks or potential negative impact of processing, including, but not limited to, data minimisation, de-identification, encryption, restricted access and all other technical security methods and efforts to protect personal data. Such protection of the privacy and related rights of the data subjects would enable Cyberport to process personal data under the legitimate interest legal basis.
Cyberport uses personal data for direct marketing purposes unless the data subject explicitly objects or such is otherwise specifically prohibited under applicable laws.
Our use of personal data for direct marketing is subject to the consent of the data subjects in this regard. You may also exercise your opt-out right at any time. We will cease using your personal data in direct marketing once we receive your notification indicating your objection to receive any direct marketing materials from us. Please also refer to the "Consent" section below for more information.
Personal data may be provided or transferred in the following circumstances as we may consider necessary whether the recipients are inside or outside of Hong Kong:
Where relevant legal requirement demands that specific consent of the data subject must be obtained before we can process personal data in a certain way, such as conducting direct marketing, we will ensure that such specific and explicit consent will be obtained and that the data subject is fully aware of the types of the personal data that we intend to use, the purposes of such usage (such as improving our services to the data subject or direct marketing) and, if we intend to transfer the data, the name/identity of the transferee and how the transferee shall use the data subject’s personal data.
Two general types of cookies are used on our website:
Session Cookies: temporary cookies are only used during a visit to our website and will be deleted at the end of each visit. Session cookies are used to compile anonymous statistics about the use of our website.
Persistent Cookies: persistent cookies remain in your browser for a longer period of time for the purpose of compiling anonymous statistics about the use of our website and/or tracking and recording your preferences.
You may refuse to accept cookies by modifying the settings feature of your browser or internet security software. However, if you do so you may not be able to utilise or activate some of the features and/or functions of our website.
Cyberport acknowledges that data subjects have certain rights about the data processing and the data which is recorded about them under the applicable laws and regulations, and we will take all practicable steps to ensure that these rights are respected and exercisable in respect of the data kept by Cyberport.
Cyberport uses internal resources to develop and maintain its IT systems and also engages third-party vendors to provide certain services relating to its IT systems. Your personal data may also be stored by third parties, via cloud services or other technology, with whom Cyberport has contracted. Such vendors and third parties will only have access to the personal data collected for purposes that are not inconsistent with the purposes for which the personal data was collected, including cloud storage and retrieval.
In case where any vendor or third party stores or has access to any personal data, Cyberport uses reasonable measures to ensure that: (i) such vendor is contractually bound to keep such personal data confidential and adopt appropriate means to prevent any unauthorised access, use, loss, retention, modification, transfer or otherwise.
We implement data retention policies and records to ensure that personal data will not be kept longer than is necessary in relation to the purpose for which they were collected. Different retention periods apply to various types of personal data that we hold, depending on the respective data collection/usage purpose and relevant legal requirements.
We have appointed a Data Protection Officer whose responsibilities include the following:
You have the right to know whether Cyberport holds your personal data, access the data and/or correct any inaccuracies of such data. You also have the right to make reasonable inquiries about Cyberport’s personal data policies and procedures. You have the right to object to the processing of your personal data or withdraw your consent (if applicable) at any time. Please note however that if you object to the processing of your personal data, it may affect Cyberport’s ability to provide the services that you required to you or may affect the quality of such services. If you withdraw your consent (if applicable), Cyberport will stop providing such services to you which applicable laws require specific consent.
All of the above requests should be made in writing to our Data Protection Officer at [firstname.lastname@example.org] or via mail to [Level 6, Cyberport 2, 100 Cyberport Road, Hong Kong].
A reasonable fee may be charged in light of the administrative costs that Cyberport shall incur in addressing your request(s).
Such use of advertising cookies enables these third party vendors and their partners to serve ads to you based on your visit to our website and/or other sites on the Internet.
Users may opt out of personalized advertising at their own discretion.
This Policy was last updated on [21 April 2021].