This policy statement provides information on the obligations and policies of Visual Paradigm (the "Organization") under the Hong Kong SAR Personal Data (Privacy) Ordinance 1995 - Cap.486 (the "Ordinance").
Where the Company's operations are subject to privacy legislation other than that of Hong Kong SAR, then this policy shall be applied so far as practicable and consistent with such local legislation.
Throughout this policy, our use of the term "personal data" has the meaning ascribed to it by the Ordinance.
The Organization shall at all times fully comply with the obligations and requirements of the Ordinance. The Organization shall try to ensure all collection and/or storage and/or transmission and/or usage of personal data by the Organization shall be done in accordance with the obligations and requirements of the Ordinance.
Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Organization, then the Organization shall provide and/or correct that data in accordance with the times and manner stipulated within the Ordinance.
For the purpose of carrying on the Organization's business, including registration of the Organization's related products and services, you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:
The Organization's web servers may also collect data relating to your online session, the use of which is to provide aggregated, anonymous, statistical information on the server's usage so that we may better meet the demands and expectations of visitors to our sites. This type of data may include, but is not limited to:
The Organization's web site may place a "cookie" on your machine or read it if you has visited the sites previously; for example to maintain your identity across multiple pages within single session. This information may include, but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences without our web site.
By submitting your testimonial and/or photos, you irrevocably consent to and authorize the use and reproduction by Visual Paradigm International Ltd., or anyone authorized by Visual Paradigm International Ltd. of any and all photographs, general information and quotes, for any legitimate purposes, including, but not limited to promotional and marketing purpose. Submitter also warrants that the photograph submitted is an original work by you, or you have obtained all rights, licenses, consents and permissions necessary to use, and can be used in Visual Paradigm's marketing materials for internal and external audiences. These materials include, but are not limited to, brochures, website testimonial, posters and video.
Although we do not currently provide online access to and correction of personal data held by the Company, we fully comply with the "Rights of Access and Correction" obligations of the Ordinance. Please refer to the section titled "Access and Correction of Personal Data " below for details on how you can obtain and correct any personal data relating to you that we may hold.
The Organization will destroy any personal data it may hold in accordance with our internal retention policy. The policy states that:
Personal data may also be disclosed to any person or persons that have a right under the Ordinance to gain access to such information provided they are able to prove their authority to access such information.
At times it may be necessary and/or prudent for the Organization to transfer certain personal data to places outside of the Hong Kong SAR in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done in compliance with the requirements of the Ordinance.
Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas.
Access to records and data without appropriate management authorization is strictly prohibited. Authorizations are granted only on a "need to know" basis that is commensurate with an individual's responsibilities in the Organization.
Under the terms of the Ordinance, individuals have the right to:
An individual may exercise his or her right of access and correction by sending a request to the Organization. The Organization will, upon satisfying itself of the authenticity and validity of the access/correction request, make every attempt to comply with and respond to the request within the period set by the Ordinance.
In accordance with the requirements of the Ordinance, the Organization will honor an individual's request not to use his or her personal data for the purposes of direct marketing. Should you wish not to receive direct marketing material from the Organization, please write to the Organization at the email address listed below.
Unless otherwise instructed as per the above, the Organization may use any of the data collected in the normal course of its business for marketing purposes.
As a company that has always made data protection and information security a central part of our products and services, the Organization welcomes the introduction of GDPR in May 2018.
Under GDPR personal information including identified or identifiable data may be collected. We may only process personal information based on your direction. We do not use your content for our own purposes without your consent. Upon request, our security administrators can locate, modify, and delete your data to meet all of the requirements of GDPR regulations, and can permanently delete applicable data records from our systems.
The Organization is committed to high standards of information security, privacy and transparency and for many years, our products and services managed data are in accordance with the highest recognized standards.
The Organization will comply with all applicable GDPR provisions as they come into force, whilst also working closely with our customers in order to meet our contractual obligations for our products and services in all sectors. To ensure compliance, the Organization already appointed both a Data Protection Officer and a multi-disciplinary GDPR Working Committee.
The Organization fully recognizes the impact of the GDPR upon our customer base and, as such, continues to be committed to support customers' GDPR obligations.
If you have any questions relating to our approach to data protection and security, please don't hesitate to contact us at email@example.com.
All enquiries regarding the Organization's compliance with its obligations under the Ordinance should be via email to:firstname.lastname@example.org