- Legal
- Privacy Policy
Privacy Policy
We take our responsibilities under data privacy laws seriously and are committed to protecting your personal data.
This Privacy Policy (“Policy”) is designed to assist you in understanding how we collect, use, disclose, store and/or process the personal data you have provided to us. It applies to all individuals whose Data may be handled, whether as controller or processor, by the BDx Group (“BDx“, “we“, “us” or “our“, its subsidiaries, affiliates and associated companies). Please read this Policy carefully to understand our practices regarding your personal data and how we handle it. By visiting or using our Website, data centers or services, you agree to the terms of this Policy.
We may update this Policy from time to time. Any changes we make to this Policy will be posted on this webpage, and your continued access of the website https://www.bdxworld.com (“Website”) or access or use of our services or any of the content accessible through our Website, shall constitute your acknowledgment and acceptance of the changes we make to this Policy.
- Introduction
- This Policy applies to personal data that is in our possession or under our control, and personal data which is collected, used, disclosed and/or processed by us.
- Unless you withdraw your consent in accordance with the procedure set forth in this Policy, we may continue to share the personal data that we collect from you with our affiliates and subsidiaries. Such personal data may also be transferred to and used by us, subject to applicable data privacy laws and in accordance with this Policy.
- We are committed to processing your Data in accordance with the required standards. This includes protecting your privacy and ensuring the security of your Data in compliance with, in particular and where applicable, the requirements of the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong).
- Collection, Use and Disclosure of Personal Data
- In this Policy, “personal data” means personal data that:
- Information You Give Us: We receive and store any information you provide in relation to our services. You can choose not to provide certain information, but then you might not be able to take advantage of many of our services.
- Information from Other Sources: We might receive information about you from other sources, such as your employers, our customers or our suppliers.
- Subject to the applicable data privacy laws, we will obtain consent before collecting, using and disclosing your personal data and will notify you of such purposes. In doing so, we shall make a reasonable effort to ensure your personal data collected is accurate and complete. If obliged to do so by law, or in the good faith belief that doing so is reasonably necessary to comply with the law, or to protect the rights, property, or safety of BDx, its employees, clients, or the public, we retain the right to disclose your Personal Data.
- The type of personal data that we collect about you depends on the nature of the activity or transaction. We collect personal data about you that you knowingly and voluntarily provide in connection with certain activities or transactions with us, including but not limited to:
- when you visit our premises (e.g. the Internet Data Centre);
- when you access or use our Website (or the website of any of our affiliates);
- when you enter into a contract with us for the provision of any of our goods or services;
- when we are providing service and support in connection with our products and services;
- when you contact us to ask questions, provide feedback, submit an access or correction request, or make a complaint; and
- when you report a problem with our Website or our services; etc.
- We may also collect your personal data from, and disclose your personal data to, our affiliates, including building security service providers engaged by us to protect our premises, related companies, independent third-party sources, third parties we contact at your request, contracted service providers, suppliers, and third-party processors like third-party marketing agencies acting on our behalf and in accordance with our directives. Your Personal Data may only be used by these suppliers as required to carry out their services for us.
- The type of personal data which we may collect includes the following:
- your full name, designation, date of birth and other details documented on your Hong Kong Identity Card or other legal identity card, travel document, student card and/or driver’s license;
- contact details including name, address, phone number, mobile telephone number and/or email address;
- your image or likeness as recorded by the CCTV cameras installed in our premises for security purposes;
- if you apply for employment with the Company, your employment-related information (e.g. curriculum vitae, job history, references);
- account details or Data relating to Services registered with us including the relevant PIN, username or password, account numbers and/or service numbers;
- device specific information such as hardware model, operating system, version, unique device identifier, serial numbers, setting configurations and software and mobile network configuration;
- your internet protocol (IP) address, login data, cookie data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, international mobile equipment identity, how you use and view any content on the Website and other information and technology on the devices you use to access the Website; and
- information that allows us to identify you for verification purpose including biometric information like your fingerprints and voice pattern.
- The Website may contain links to other websites operated by other parties, such as our business affiliates, advertisers or other third parties. We are not responsible for the data protection practices of websites operated by these other parties. You are advised to check on the applicable data protection policies of those websites to determine how they will handle any information they collect from you.
- When you provide your personal data to us, you are giving us permission to use and store that information consistent with this Policy, including storage in servers outside of your country, subject to the requirements of the applicable data privacy laws on cross-border data transfers. We might send your Personal Data to a few of our contracted service providers in a nation or territory where the data privacy laws may not be the same as those in your own. Further, we have in place appropriate transfer legitimization measures to ensure the validity of Personal Data transfers to countries in which there is not a similar level of protection as required under applicable data protection laws.
- If you provide personal data of any third party to us, you represent and warrant that you have obtained the necessary consent, license and permissions from that third party to share and transfer his/her personal data to us, and for us to collect, store, use and disclose that data in accordance with this Policy.
- We process your Personal Data for, or based on, one or more of the following legal bases:
- Your Consent. When you opt-in to receive our marketing and promotional materials, we process your Personal Data to send messages to you about us and the products and services we offer. You can withdraw your consent at any time.
- Performance of a Contract. We may use your Personal Data to enter into, or perform under, the agreement between us and you or the business with which you are associated.
- Legitimate Interests. We may use your Personal Data for our legitimate interests, including improving our services; providing information about our products and/or services; preventing and detecting fraud; ensuring network and information security; and for administrative and legal compliance purposes.
- Compliance with Legal Obligations and Protection of Individuals. We may use your Personal Data to comply with the law and our legal obligations, as well as to protect you and other individuals from certain harms.
- In this Policy, “personal data” means personal data that:
- Purposes for Collection, Use and Disclosure
- Depending on your relationship with us, other than the personal data described in clause 2.5(b) and 2.5(c) above, the personal data which we collect from you (either directly or through our affiliates, related companies or any other third party) may be collected, used and disclosed for the following (non-exhaustive) purposes:
- to carry out our obligations or to facilitate your use of the services or access to the Website;
- to communicate with you and to process and respond to your queries, feedback, claims or disputes, whether directly or through any outsourced customer service vendors;
- to update you on any of our products and services as well as the latest developments at BDx;
- to assess the suitability and eligibility of a prospective job candidate who has applied for employment with BDx;
- to improve our Website or to improve the services provided and products sold;
- to carry out market research on our users’ demographics, advertising or purchasing preferences, and other behaviour;
- to comply with a court order or other legal process or other statutory and/or regulatory requirements of any governmental and/or regulatory authorities; and
- any other purpose permitted by the applicable data privacy laws, or as may be described to you from time to time at the point of collection of your personal data.
- The personal data described in clauses 2.5(b) and 2.5(c) above may be collected, used and disclosed for the following (non-exhaustive) purposes:
- to establish the identity of every visitor to our premises in order to safeguard and secure premises, assets and infrastructure;
- to establish the identity of a person when we are providing of service and support in connection with our products and services; and
- is otherwise necessary to accurately establish or verify your identity to a high degree of fidelity.
- Depending on your relationship with us, other than the personal data described in clause 2.5(b) and 2.5(c) above, the personal data which we collect from you (either directly or through our affiliates, related companies or any other third party) may be collected, used and disclosed for the following (non-exhaustive) purposes:
- Cookies and Web Tracking Tools
- Cookies are text files temporarily placed on your computer with your permission, to gather anonymous and non-personally identifiable information about your behaviour on our Website. We do not employ the use of cookies or web tracking tools that collect personal data from this Website. However, to facilitate your use of our Website and services, we may employ the use of session cookies. Session cookies, which expire at the end of a browser session, are only used to collect and store technical data. Most internet browsers are automatically set to accept cookies. You can manage your cookie settings through your internet browser settings or mobile device settings.
- Sharing of Personal Data
- We may share your personal data with third parties, related companies and our affiliates for any of the purposes described in clause 3 (“Purposes”), including but not limited to, facilitating your use of the Website or any services provided by us, completing a transaction with you, managing your account and our relationship with you, marketing and fulfilling any legal or regulatory requirements and requests as deemed necessary by us.
- In sharing your personal data with external parties, we endeavour to ensure that the third parties and our affiliates and related companies keep your personal data secure from unauthorised access, collection, use, disclosure, processing or similar risks and retain your personal data only for as long as they need your personal data to achieve the Purposes.
- Accuracy of Personal Data
- It is important that the personal data you provide to us is accurate and complete. You are responsible for informing us of changes to your personal data, or in the event you believe that the personal data we have about you is inaccurate, incomplete, misleading or out of date.
- You can update your personal data anytime by contacting our Data Protection Officer as indicated below.
- We may take steps to share the updates to your personal data with third parties and our affiliates with whom we have shared your personal data if your personal data is still necessary for the above Purposes.
- Transfers of Personal Data
- By providing us with your personal data, you understand and agree that your personal data may be transferred to servers located outside your country for processing by us, our affiliates and/or any other organisation which we may choose, in accordance with this Policy.
- In situations where we transfer your personal data overseas, we shall take steps to ensure that appropriate levels of protection necessary to maintain the security and integrity of your personal data are in place. We shall ensure that the recipient organisation is able to provide the transferred personal data with a standard of protection comparable to that under the applicable data privacy laws.
- Withdrawal of Consent
- You may, at any time, communicate the withdrawal of your consent to the continued use, disclosure, storing and/or processing of your personal data for any of the Purposes by contacting our Data Protection Officer as indicated below.
- Please note that if you withdraw your consent to our use, disclosure, storing or processing of your personal data for the Purposes as stated above, we may not be able to continue to provide the services to you or perform on any contract we have with you, and we will not be liable in the event that we do not continue to provide the services to, or perform our contract with you.
- Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within ten (10) days of receiving it.
- Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
- Access to and Correction of Personal Data
- You may, at any time, request to access your personal data in our possession, or enquire about the ways in which your personal data may have been used, disclosed, stored or processed by us for the past year. You may also, at any time, request to correct any error or omission in your personal data records.
- In order to facilitate the processing of your access or correction request, it may be necessary for us to request further information relating to your request. Please also note that an administrative fee may be payable on access requests made.
- If you wish to access, or correct an error or omission in, your personal data records, please contact our Data Protection Officer as indicated below. We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days from the date of your request, we will inform you in writing.
- If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the applicable data protection laws).
- Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that we have on record, if the record of your personal data forms a negligible part of the document.
- Retention of Personal Data
- We may retain your personal data for as long as the purpose for which the personal data was collected continues, or if the retention is necessary for our legal or business purposes, including, but not limited to: (i) to perform services for you or the company you work for; (ii) to enter into or carry out contracts with you or the company you work for; (iii) to comply with applicable laws, regulations, rules, and requests of relevant law enforcement and/or other governmental agencies; and (iv) to protect our rights, property, or safety, as well as the rights, property, and safety of our customers, users, and other third parties, even in circumstances where you have closed your account with us. We will cease to retain personal data once we have no reason for doing so.
- Security of Personal Data
- We take reasonable care of your personal data. We have implemented technical, procedural and other measures to protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. However, no method of information security is completely secure. While we use security measures to protect your Personal Data, we cannot guarantee that they will be effective or sufficient. Furthermore, you should be aware that Internet data transmission is not always secure, and we cannot guarantee the security of any information you transmit to us.
- Contact Us
- If you have any questions on this Policy or if you have any other queries in relation to how we may manage, protect and/or process your personal data, please contact our Data Protection Officer.
Data Protection Officer
Email Address: DPO@bdxworld.com
This Policy is accurate as of 20 March 2023.