PRIVACY POLICY

  1. INTRODUCTION

    1. This Policy is adopted as the Privacy Policy (the “Policy”) of Falcon Insurance Company (Hong Kong) Limited (the “Company”). The purpose of this Policy is to establish the Company’s commitment to protect the privacy of personal data and to act in compliance with the provisions of the Personal Data (Privacy) Ordinance (Cap. 486) (the “Ordinance”) and the Data Protection Principles.
    2. To ensure compliance with the Ordinance, internal guidelines on protection of personal data are established and updated from time to time for reference and use by the staff of the Company.
    3. The Company retains the right to change this Policy.
  2. KINDS OF PERSONAL DATA HELD BY THE COMPANY

    1. There are three broad categories of personal data held in the Company. They are personal data related to (potential) customers, (potential) employees and (potential) individual insurance agents and responsible officers of insurance agencies (collectively “Insurance Agents”) of the Company.
    2. Personal data held by the Company regarding customers may include the following:

      1. name, address, contact details, credit information and claims history of customers or potential customers;
      2. occupation, date of birth and nationality of customers, their identity card and/or passport numbers and place and date of issue thereof;
      3. current employer, nature of position, annual salary and other benefits of customers;
      4. details of properties, assets or investments held by customers;
      5. details of all other assets or liabilities (actual or contingent) of customers;
      6. information obtained by the Company in the ordinary course of the continuation of the business relationship (for example, when customers lodge insurance claims with the Company or generally communicate verbally or in writing with the Company, by means of documentation or telephone recording system, as the case may be); and
      7. information which is in the public domain.
    3. Personal data relating to employment held by the Company may include the following:

      1. name and address, contact details, date of birth and nationality of employees and potential employees and their dependents and their identity card and/or passport numbers and place and date of issue thereof;
      2. additional information compiled about potential employees to assess their suitability for a job in the course of the recruitment selection process which may include references obtained from their current or former employers or other sources;
      3. additional information compiled about employees in the ordinary course of the continuation of the employment relationship which may include records of remuneration and benefits paid to the employees, records of job postings, transfer and training, records of medical checks, sick leave and other medical claims and performance appraisal reports of the employees;
      4. relevant personal data pertaining to former employees may be required by the Company to fulfil its obligations to the former employees and its legal obligations under certain ordinances; and
      5. information which is in the public domain.
    4. Personal data held by the Company regarding appointment of Insurance Agents may include the following:

      1. Individual Agent name, address, contact details, date of birth, bank account number, qualifications, additional information compiled about potential Individual Agents for the Company to assess his/her suitability for being appointed as an agent of the company, and information which is in the public domain.
      2. Responsible Officer of Insurance Agency name, address, contact details, any information related to the Responsible Officer which the relevant regulatory authorities of the insurance industry may require the Company to provide, and information which is in the public domain.
    5. The Company may hold other kinds of personal data which it needs in the light of experience and the specific nature of its business.
  3. PURPOSES THE PERSONAL DATA ARE HELD

    1. It is necessary for customers to supply the Company with data in connection with the purchase of insurance related products or services, and in the ordinary course of the administration of policies and undertaking other business relationships. Failure by customers to supply such data may result in the Company being unable to write new policies, establish or continue business relationship, or provide insurance services.
    2. The purposes for which data relating to customers or potential customers may be used are as follows:

      1. processing and considering applications for insurance products and services;
      2. providing insurance products and services and processing requests made by customers in relation to insurance products and services, including but not limited to requests for addition, alteration or deletion of insurance benefits or insured members, setting up of direct debit facilities as well as cancellation, renewal, or reinstatement of insurance policies;
      3. processing, adjudicating, settling and defending insurance claims as well as conducting any incidental investigation, detecting and preventing fraud;
      4. performing functions and activities incidental to the provision of insurance products and services such as identity verification, data matching and reinsurance arrangement;
      5. exercising the Company’s rights in connection with the provision of insurance products and services to customers from time to time, for example, to recover indebtedness;
      6. designing insurance products and services with a view to improving the Company’s service;
      7. preparing statistics and conducting research;
      8. complying with the obligations, requirements and/or arrangements for disclosing and using data that bind on or apply to the Company or that it is expected to comply according to:

        1. any law binding or applying to it within or outside the Hong Kong Special Administrative Region (“Hong Kong”) existing currently and in the future;
        2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of insurance or financial services providers within or outside Hong Kong existing currently and in the future; or
        3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of insurance or financial services providers that is assumed by or imposed on the Company by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations;
      9. complying with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
      10. enabling an actual or proposed assignee, transferee, participant or sub-participant of the Company’s rights or business to evaluate the transaction intended to be the subject of the assignment, transfer, participation or sub-participation; and
      11. any other purposes relating to the purposes listed above.
    3. The purposes for which data relating to employees and potential employees may be used are as follows:

      1. processing employment applications;
      2. determining and reviewing salaries, bonuses and other benefits;
      3. conducting fit and proper assessment and performance assessment according to internal policy or regulatory requirements or consideration of promotion, training, secondment or transfer;
      4. determining any disciplinary or rectifying action arising from employees’ conduct or employees’ ability to perform their job requirements;
      5. consideration of eligibility for administration of staff benefits and entitlements;
      6. providing employee references;
      7. registering employees as intermediaries or licensees with statutory authorities or relevant organisation for purposes directly related to or associated to the employment;
      8. monitoring compliance with regulatory requirements and internal governance, policies, procedures, guidelines or rules of the Company;
      9. meeting the requirements to make disclosure according to any applicable law, guidelines or guidance within or outside Hong Kong existing currently and in the future, or any present or future contractual or other commitment with local or foreign legal or other authorities or relevant self-regulatory or industry bodies or associations, binding on or applying to the Company or with which it is expected to comply;
      10. complying with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
      11. detecting or conducting investigation regarding any suspicious fraud cases, misconduct (e.g. fake sick leave) or criminal activities; and
      12. for human resources management or any other purposes relating to the purposes listed above.
    4. The purposes for which data relating to Insurance Agents and potential Insurance Agents may be used are as follows:

      1. processing Insurance Agent applications;
      2. determining and reviewing commission and other benefits (if any);
      3. registering Insurance Agents as intermediaries or licensees with statutory authorities/institutions for purposes directly related to or associated with their appointments;
      4. monitoring compliance with internal rules of the Company;
      5. meeting the requirements to make disclosure according to any applicable law, guidelines or guidance within or outside Hong Kong existing currently and in the future, or any present or future contractual or other commitment with local or foreign legal or other authorities or relevant self-regulatory or industry bodies or associations, binding on or applying to the Company or with which it is expected to comply;
      6. complying with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
      7. conducting investigation regarding any suspicious fraud cases, misconduct or criminal activities; and
      8. any other purposes relating to the purposes listed above.
  4. SECURITY OF PERSONAL DATA
    It is the policy of the Company to ensure an appropriate level of protection for personal data in order to prevent unauthorised or accidental access, processing, erasure, loss or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by occurrence of any of the aforesaid events. It is the practice of the Company to achieve appropriate levels of security protection by restricting physical access to and processing of data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Personal data is only transmitted by secure means to prevent unauthorised or accidental access. If the Company engages a data processor (whether within or outside Hong Kong) to process personal data on the Company’s behalf, the Company will adopt contractual or other means to prevent unauthorised or accidental access, processing, erasure, loss or use of the data transferred to the data processor for processing.
  5. ACCURACY OF PERSONAL DATA
    It is the policy of the Company to ensure that all practicable steps have been taken to maintain the accuracy of all personal data collected and processed by the Company having regard to the purpose for which the personal data is or is to be used. Appropriate procedures are implemented such that all personal data is regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used.
  6. COLLECTION OF PERSONAL DATA

    1. In the course of collecting personal data, the Company will provide the individuals concerned with a Personal Information Collection Statement informing them of the purpose of collection, classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
    2. Prior to using any personal data from public domain, due regards will be given by the Company to observe the original purposes of making the personal data available in the public domain (such as the purpose of establishing the public register in the enabling legislation). The restrictions, if any, imposed by the original data users on further users and the reasonable expectation of personal data privacy of the individuals concerned will be observed by the Company.
    3. In relation to the collection of personal data online, the following practices are adopted:

      1. The Company will follow strict standards of security and confidentiality to protect any information provided to the Company online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals’ privacy.
      2. Personal data provided to the Company through an online facility, once submitted, may not be readily deleted, corrected or updated online. If deletion, correction and updates are not allowed online, users should approach the relevant department of the Company.
      3. Personal data collected online will be transferred to relevant department of the Company for processing. Reasonable and practical steps will be taken to ensure that personal data will not be kept longer than necessary.
    4. Use of Cookies, Tags and Web Logs etc.

      1. Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user. Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user’s hard drive, get a user’s email address or gather a user’s sensitive information.
      2. The Company uses cookies, tags and web logs to identify users’ web browser for the following purposes:-

        1. The Company will not store user’s sensitive information in cookies. Once a session is established, all the communications will use the cookies to identify a user. The cookies will expire once the session is closed.
        2. Users’ visit to the Company’s website will be recorded for analysis and information may be collected through technologies such as cookies, tags and web logs etc. The information collected is anonymous research data and no personally identifiable information is collected. The Company mainly collects the information to understand more about our users including user demographics, interests and usage patterns. Information may be transferred to or collected by third parties on the Company’s behalf (for example, providers of external service like web traffic tracking and reporting) for the above use. The information would not be further transferred to other parties by the third parties. The information collected is anonymous research data and no personally identifiable information is collected or shared by third parties. Most web browsers are initially set up to accept cookies. Users can choose not to accept cookies by changing the settings on the web browsers but this may disable the access to the Company’s website and certain features on the Company’s website will not work properly. The Company will retain the information collected online for as long as is necessary to fulfil the original or directly related purpose for which it was collected and to satisfy any applicable statutory or contractual requirements.
  7. DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS

    1. It is the policy of the Company to comply with all data access and correction requests, for all staff to be familiar with the requirements for assisting individuals to make such requests, and to process such requests in accordance with the provisions of the Ordinance.
    2. The Company may, subject to the Ordinance and the guidelines issued by the Office of the Privacy Commissioner for Personal Data, impose a fee or reimbursement for complying with a data access request. The Company is only allowed to charge a requestor for the costs which are directly related to and necessary for complying with the request. If a person making a request requires an additional copy of the personal data that the Company has previously supplied pursuant to an earlier request, the Company may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
    3. Data access and correction requests to the Company may be addressed to the Data Protection Officer or another person as specifically advised.
  8. RETENTION OF PERSONAL DATA

    1. The Company will take reasonable and practicable steps to ensure that personal data will not be kept longer than necessary. In general, the Company shall usually hold the related personal data for a period as prescribed by applicable laws and regulation.
    2. If the Company engages a data processor (whether within or outside Hong Kong) to process personal data on the Company’s behalf, the Company will adopt contractual or other means to prevent any personal data transferred to the data processor from being kept longer than is necessary for processing of the data.
  9. OTHER PRACTICES

    1. The following are maintained by the Company to ensure compliance with the Ordinance:

      1. A Log Book as provided for in section 27 of the Ordinance;
      2. Internal policies and guidelines on compliance with the Ordinance for observance by staff of the Company;
      3. Data Access Request Form and Data Correction Request Form for individuals’ requests for access to and correction of personal data held by the Company.
  10. APPOINTMENT OF DATA PROTECTION OFFICER

    1. To co-ordinate and oversee compliance with the Ordinance and the personal data protection policies of the Company, a Data Protection Officer has been appointed by the Company.
    2. The contact details of the Data Protection Officer are as follows:

      Data Protection Officer
      Falcon Insurance Company (Hong Kong) Limited
      Suites 307-11, 3/F,
      12 Taikoo Wan Road,
      Taikoo Shing,
      Hong Kong
      Email: [email protected]
      Fax: (852) 2232 2899

  11. Should you have any query with this Policy, please do not hesitate to contact our Customer Service Hotline at 2232 2888.
(Should there be any discrepancy between the English and Chinese versions, the English version shall prevail.)