Personal Information Collection Statement
(Updated as at 1 November 2019)
Please read the following statements carefully:
- This Personal Information Collection Statement sets out how Boardroom Corporate Services (HK) Limited and its Hong Kong subsidiaries (collectively “Boardroom Hong Kong”, “us”, “we” or “our”) receives, uses and protects your Personal Data.
- We may ask you to provide your name, passport or other identification numbers, mailing addresses, email address, network data, telephone numbers, shareholding details, security holding or plan participation details and balances, bank account details, tax file numbers, date of birth, employment details and such other information regarding your identity (“Personal Data”). Your Personal Data will be used strictly in accordance with this Personal Information Collection Statement and the applicable laws such as the Hong Kong Personal Data (Privacy) Ordinance (the “Ordinance”) (“the PDPO”) and the EU General Data Protection Regulation 2016/679 (the “GDPR”) for the provision of or in relation to the services provided by Boardroom Hong Kong.
- If you provide us with any Personal Data relating to a third party, by submitting such information to us, you represent to us that you have notified the third party as required under the PDPO, or have obtained the consent of the third party to provide us with their Personal Data for the respective purposes. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the services you have requested.
- Boardroom Hong Kong is primarily defined as a Data Processor. However, we are also a Data User of Personal Data collected from you. By accessing to, interfacing with our website, submitting Personal Data to us and/or using our services, you agree and consent to be bound by the terms of this Personal Information Collection Statement and that your Personal Data may be disclosed for processing to any of the countries where we operate or interface with insofar as may be legally permitted. This Personal Information Collection Statement supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which we may have at law to collect, use and/or disclose your Personal Data.
- We process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. In this respect, we may use your personal data for the following:
- To prepare a proposal for you regarding the services we offer;
- To provide you with the services as set out in our Terms of Engagement with you or as otherwise agreed with you from time to time;
- To deal with any complaints or feedback you may have;
- For any other purpose for which you provide us with your personal data.
- In this respect, we may share your personal data with or transfer it to the following:
- Your agents, advisers, intermediaries, and custodians of your assets who you tell us about;
- Third parties whom we engage to assist in delivering the services to you, including other companies in the Boardroom Group;
- Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers;
- Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you;
- Our data storage providers;
- Any governmental, regulatory or other bodies or institutions, whether as required by law or regulations applicable to any member of Boardroom Group.
- When you browse our website, you generally do so anonymously save for the cookies referred to below in paragraph 7. We do not, at our website, automatically collect Personal Data unless you provide such information.
- We are committed to ensuring that your Personal Data, whether stored electronically or in paper form, is secure. In order to prevent against risks of loss, destruction, duplication, use, modification, unauthorised access or disclosure, we have put in place reasonably suitable physical, electronic and managerial procedures to safeguard and secure the Personal Data we collect online. These include, but are not limited to:-
- restricting access to Personal Data to those who have a need to know (i.e. authorised and designated officers of Boardroom Hong Kong). Those individuals who need to have access to the Personal Data are required to maintain the confidentiality of such information;
- having regular Personal Data housekeeping in terms of retention periods for and classification of Personal Data for legal and business requirements; and removing and destroying documents and/or purging databases containing your Personal Data, or removing the means by which your Personal Data can be associated with you as soon as it is reasonable to assume that the purpose for which the Personal Data was provided to us is no longer being served by such retention, and retention is no longer necessary for legal or business purposes.
- We will notify you without undue delay after becoming aware of a Personal Data Breach and the notification will:
- include at least a description of the nature of the Personal Data Breach, including, where possible, the categories and approximate number of natural persons and the categories and approximate number of Personal Data records concerned;
- describe the measures taken by us, or that we propose to take, to address the Personal Data Breach including, where appropriate, measures to mitigate its possible adverse effects; and
- upon your request, assist you to communicate the Personal Data Breach to the relevant natural persons without undue delay where such notification is necessary.
- At your option, we will either delete or return to you all Personal Data provided by you to us for the purpose of us performing the services, collected by us from the relevant natural person or persons or from any third person during our performance of the services or otherwise generated or arising from or out of processing Personal Data in connection with the services. We will also delete existing copies of such Personal Data except to the extent that we need to retain and store them for our legal or business purposes.
- Please contact Boardroom Hong Kong ’s Personal Data Protection Steering Committee (“PDPSC”) at firstname.lastname@example.org for the purposes of:-
- withdrawal of any consent or deemed consent given by you;
- right of access to correct and/or update Personal Data provided by you; or
- asking any questions or giving feedback relating to our administration of your Personal Data or our Personal Information Collection Statement; or
- reporting a Data Privacy Security Breach.
- The Boardroom Hong Kong Personal Data Protection Steering Committee will try to resolve the aforementioned matters within forty (40) business days. If we are unable to resolve the matter within that time, we will contact you to let you know how long it will take to resolve the complaint or, if more appropriate, suggest the matter be referred to the Personal Data Protection Commissioner. Please note that if your Personal Data was provided to us by a third party, you should contact that organisation or individual to make such queries, complaints, and access and correction requests to us on your behalf.
- If you are located in Hong Kong, you can also find out more about your rights at www.pcpd.org.hk. If you are located in Europe, to find out more about your rights please refer to the EU regulator in the place where you are located (in the EU).
- We may from time to time update this Personal Information Collection Statement to ensure that this Personal Information Collection Statement is consistent with our future developments, industry trends and/or changes in legal or regulatory requirements. You agree to be bound by the prevailing terms of the Personal Information Collection Statement as updated from time to time on our website.
- This Personal Information Collection Statement and your use of our website shall be governed in all respects by the laws of Hong Kong and, where applicable, the GDPR.