GENERAL |
 |
1. |
Octopus Cards Limited respects the privacy of its Cardholders and understands the importance of privacy to visitors to its website. Octopus Cards Limited (the "Card Company", "we", "our" or "us") collects and stores information so that it can efficiently provide services to its Cardholders. This Personal Data Policy Statement is designed to help you understand what information the Card Company gathers and what it does with the information. |
|
DEFINITIONS AND INTERPRETATION |
|
2. |
In this Personal Data Policy Statement, unless the context otherwise requires,
"Application Form" means any form containing an application by the Cardholder for the Card and/or the Automatic Add-Value Service;
"Automatic Add-Value Service" means the service whereby the Card Company or the Service Providers will automatically add a certain amount of value (determined by the Card Company from time to time) to the Card if the value stored in the Card has reached a certain level determined by the Card Company from time to time;
"Card" means the Octopus card issued or to be issued by the Card Company to the Cardholder, including the Personalised Octopus cards and, where applicable, the anonymous Octopus cards;
"Cardholder" means the bearer of the Card for the time being but in the case of the Personalised Octopus cards, the expression "Cardholder" means the person identified in the electronic data stored in the Card. The expression "Cardholders" shall be construed accordingly;
"Card System" means the payment system maintained and operated by the Card Company;
"Conditions" means the Conditions of Issue of Octopus and the Octopus Automatic Add-Value Agreement published by the Card Company as amended from time to time;
"matching procedure" has the meaning assigned to it by Section 2 of the Ordinance;
"Ordinance" means the Personal Data (Privacy) Ordinance (Cap. 486) of the Laws of the Hong Kong Special Administrative Region;
"personal data" means any personal data held by the Card Company including all information provided by Cardholders in the Application Forms and all the information relating to the use of the Card;
"Service Providers" means persons or companies participating in the Card System and whose goods and services may be paid for through the Card; and
"value" means the electronic value recognized by the Card System.
|
|
OUR COMPANY POLICY |
|
3. |
It is our policy to comply with the requirements of the Ordinance. The Card Company shall endeavor to ensure all collection and/or storage and/or transmission and/or usage of personal data by the Card Company shall be done in accordance with the obligations and requirements of the Ordinance. The Card Company's officers, management, and members of staff will, at all times, respect the confidentiality of and endeavor to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Card Company. |
|
STATEMENT OF PRACTICES
TYPES OF PERSONAL DATA COLLECTED
|
|
4. |
For the purpose of carrying on the Card Company's business (including relevant online services), you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request: |
|
|
a. |
Your name; |
|
|
b. |
Contact details, including contact name and telephone number or email address; |
|
|
c. |
Information for the verification of identity, including identification type and identification number; |
|
|
d. |
Your age and date of birth; |
|
|
e. |
Your Card number; and |
|
|
f. |
Your Card usage data. |
|
|
5. |
The Card Company's web servers may also collect data relating to your online session including your IP address and/or domain name, the use of which is to provide aggregated, anonymous, statistical information on the server's usage so that we may better meet the demands and expectations of browsers to our websites. |
|
6. |
The Card Company may place a "cookie" on your machine and "cookies" are small pieces of information that are stored by your browser on your computer's hard drive. We use "cookies" to track use of our websites, for example, to provide personalised services and/or maintain your identity across multiple pages within or across one or more sessions. This information may include, but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across our websites. Most browsers automatically accept "cookies" but if you like, you can edit your browser options to block them in the future but in doing so, you may be unable to enter certain part(s) of our websites. |
|
7. |
The personal data of the Cardholder may be used for the following purposes: |
|
|
a. |
processing an application for one of our services; |
|
|
b. |
the normal management, operation and maintenance of the Octopus payment system, including audit; |
|
|
c. |
designing new or improving existing services provided by us, our subsidiaries and our affiliates (that is, any other entity which directly or indirectly controls us, is controlled by us, or is under common control with us) for customers' use; |
|
|
d. |
marketing of goods and/or services by us, our subsidiaries, our affiliates or any of our selected business partners. We, our subsidiaries, our affiliates or any of our selected business partners may need to carry out matching procedure (as defined in the Ordinance) to enable us to better understand your characteristics and to provide other services better tailored to your needs (such as offering special birthday promotions to you), to assist us in selecting goods and services that are likely to be of interest to you and to establish whether you already have a relationship with our selected business partners; |
|
|
e. |
communication by us to you; |
|
|
f. |
investigation of complaints, suspected suspicious transactions and research for service improvement; |
|
|
g. |
prevention or detection of crime; |
|
|
h. |
disclosure as required by law; |
|
|
i. |
as a source of information and data for transport and other services in general; and |
|
|
j. |
other related purposes. |
|
DISCLOSURE OF PERSONAL DATA |
|
8. |
All personal data will be kept confidential but the Card Company may, where such
disclosure is necessary
to satisfy the
purpose, or a directly
related purpose,
for which the data
was collected provide such information to the following parties:
(whether within
or outside the
Hong Kong Special
Administrative
Region ("Hong Kong")): |
|
|
a. |
any relevant Service Provider under a duty of confidentiality to us; |
|
|
b. |
any agent, contractor or third party service provider under a duty of confidentiality to us who provides administrative, telecommunications, computer, payment, data processing or other services to us in connection with the operation of our business (such as debt collection agencies or credit reference agencies); |
|
|
c. |
any other person under a duty of confidentiality to us including our subsidiaries, our affiliates or our business partners; and |
|
|
d. |
any person to whom we, our subsidiaries, our affiliates or our business partners in (c) above, is under a binding obligation to make disclosure under the requirements of any law, rule and regulation, including those of countries outside of Hong Kong for data transferred to those countries, but such disclosure will only be made under proper authority. |
|
|
SECURITY OF PERSONAL DATA |
|
9. |
Physical records containing personal data are securely stored in locked areas and/or containers when not in use. Personal data may be stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas. |
|
10. |
If you submit your personal data to us through the Internet, your personal data may be intercepted or tampered with by third parties without your knowledge or consent during the transmission. The Card Company accepts no responsibility for your personal data being intercepted or tampered with. If you are concerned about such risks, please do not submit your personal data through the Internet. |
|
ACCESS AND CORRECTION OF PERSONAL DATA |
|
11. |
A Cardholder has the right to: |
|
|
a. |
check whether the Card Company holds any personal data relating to him/her and, if so, obtain copies of such data; and |
|
|
b. |
require the Card Company to correct any personal data relating to him/her which is inaccurate for the purpose for which it is being used. |
|
|
12. |
The Cardholder may exercise his or her right of access by completing the form "Data Subject Access Request" (the prescribed form of which (form: OPS003) is available at the office of the Privacy Commission for Personal Data) and sending the completed form, along with appropriate proof of identity (a copy of the applicant's Hong Kong Identity Card or Passport) and the prescribed fee to the Card Company's Data Protection Officer at the address listed below. |
|
13. |
The Cardholder may exercise his/her right of correction by writing to the Card Company's Data Protection Officer at the address listed below, specifying the data which he/she believes to be incorrect, the reason he/she believes it is incorrect, and the applicable corrections provided that the Cardholder can provide "proof of identity" verifying that the individual making the request is authorized to request such corrections. |
|
14. |
The address of the Card Company's Data Protection Officer is P. O Box 38170, Hing Fat Street Post Office, Hong Kong. |
|
DIRECT MARKETING |
|
15. |
The Card Company will honor the Cardholder's request not to use his or her personal data for the purposes of direct marketing. If you do not wish to receive direct marketing material from the Card Company, please write to the Card Company's Data Protection Officer. |
|
16. |
Any such request should clearly state details of the personal data in respect of which the request is being made. Please also state clearly the authority under which you are authorized to make such a request. |
|
17. |
Unless otherwise instructed as per the above, the Card Company may use any of the personal data collected in the normal course of its business for marketing purposes. |
|
LINKS TO OTHER WEBSITES |
|
18. |
The Card Company will, from time to time, contain links to other sites. Please note that when you enter these other sites (using the links on the Card Company's websites), you are entering a site for which the Card Company has no responsibility. We work with each of these sites to maintain the same level of confidentiality with respect to the Cardholder's information that we provide under the terms of our personal data policy. However, we cannot guarantee the same level of confidentiality. We recommend that you read the personal data policy of these sites because they may have a personal data policy that differs from ours. |
|
CHANGE OF PERSONAL DATA POLICY |
|
19. |
The Card Company reserves the right, at any time and without notice, to add to, change, update or modify this Personal Data Policy Statement, simply by posting such change, update or modification on this website. If the Card Company decides to change its personal data policy, those changes will be posted on this page so that you are always aware of what information the Card Company collects, how the Card Company uses the information, and under what circumstances the information is disclosed by the Card Company. Any such change, update or modification will be effective immediately upon posting on the web site. |
|
ENGLISH VERSION |
|
20. |
If there is any inconsistency or conflict between the English and Chinese versions, the English version shall prevail. |
|
CONDITIONS |
|
21. |
Nothing in this Personal Data Policy Statement shall affect the rights and obligations of the Card Company under the Conditions. |
|