Data Privacy Notice

Updated 5/06/2020

Print

Introduction

Your information will be held by the company you contract with, which may be with any legal entity which is part of the Aerapass group company members.

This privacy notice is to let you know how Aerapass group company members look after your information. This includes what you tell us about yourself, your privacy rights and how the law protects you.

Our Data Privacy Principles:
  • Data Collection
    We will only collect personal data in a lawful and fair way, for a purpose directly related to a function /activity we undertake related to your account. The data we collect will be relevant and not excessive.
  • Accuracy & Retention
    We will ensure your personal data is accurate and not kept longer than is necessary to fulfil the purpose for which it is used.
  • Data Use
    We will use your personal data for the purpose for which it is collected or for a directly related purpose, unless you voluntary consent to it being used for a new purpose.
  • Data Security
    We will safeguard your personal data from unauthorised or accidental access, processing, erasure, loss or use.
  • Transparency
    We will advise you of your rights and how your data is used in a transparent manner.
  • Data Access & Correction
    We will allow you access to your personal data and make corrections if it is inaccurate.

Personal Data

Information is considered as Personal Data when it relates to a living person and can be used to identify that person and where it exists in a form in which access or processing is practicable.

Types of Personal Data include:

  • name
  • address/ IP Address
  • ID card/passport number
  • income
  • cultural profile

Sensitive Personal Information is afforded special treatment due to its sensitive nature; this includes information about racial or ethnic origin, sexual orientation, religious beliefs, trade union membership, health data, and criminal records.

We will not collect or use these types of data without your consent unless the law allows us to do so. If we do, it will only be when it is necessary:

  • For reasons of substantial public interest, or
  • To establish, exercise or defend legal claims.

Legal Protections

The General Data Protection Regulation (GDPR) sets out detailed requirements for companies and organisations on collecting, storing and managing personal data. It applies both to European organisations that process personal data of individuals in the EU, and to Non-European organisations that processes personal data in relation to the offering of goods or services to individuals in the EU, or monitors the behaviour of individuals within the EU.

The Personal Data (Privacy) Ordinance (Cap. 486) is in place to protect the privacy rights of personal data in Hong Kong.

Data Protection laws say we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside the Aerapass group company members. The law says we must have one or more of these reasons:

  • To fulfil a contract we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When you consent to it.

Use of your personal information

We are allowed to use personal information only if we have a proper reason to do so, this is known as ‘legitimate interest’ and means that we have a business or commercial reason to use the information and it must not conflict unfairly with your interests). We may also rely on your explicit consent to your data being used via an electronic consent box.

You can withdraw your consent at any time. If you withdraw your consent, we may not be able to provide certain products or services to the business. You also have the ‘Right to Object’ to us keeping or using your personal information.

Your personal information may be used by in a number of ways including but not limited to:

  • to verify your identity or transactions which you may enter into with us;
  • to provide the product and services that you request;
  • to administer and manage the provision of our products and services;
  • to respond to queries or complaints;
  • to collect payment from you;
  • to comply with laws and regulatory requirements including complying with any request made by a governmental authority in connection with legal proceedings or the prevention or detection of fraud and crime;
  • to comply with our risk management policies and procedures; or
  • to train our staff.

We may use your personal information for additional purposes related to the purposes listed above. We will not use your personal information other than for:

  • a purpose made known to you;
  • a purpose directly related to the original purpose;
  • a purpose required by law; or
  • a purpose otherwise authorised by you

Use of our web site

We will collect some information from you when you visit our website. Your use of the facilities and services available through the website will determine the amount and type of information that we will collect about you. Some of this information will not be personal information because it will not reveal your identity.

The only personal information which we collect about you when you use the website is what you tell us about yourself; for example, by completing an online form such as an application form or by asking for a disclosure document for our products or by sending us an email. We will record your email address if you send us an email.

Storage and security of information

Aerapass stores personal information in an encrypted database on our servers. We will take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification or disclosure.

Use of our web site

We will collect some information from you when you visit the Aerapass website. Your use of the facilities and services available through the website will determine the amount and type of information that we will collect about you. Some of this information will not be personal information because it will not reveal your identity.

The only personal information which we collect about you when you use the website is what you tell us about yourself; for example, by completing an online form such as an application form or by asking for a disclosure document for our products or by sending us an email. We will record your email address if you send us an email.

Sharing your Information

We may share your personal and business information with outside organisations. This is so that we can provide products and services, run our business, and obey rules that apply to us. Here we list types of organisations that we may share information with:

Authorities

This means official bodies that include:

  • Central and local government
  • Regulators and tax authorities
  • Law enforcement and fraud prevention agencies.

Financial Industry services

Outside companies we work with to provide services to run our business.

  • Agents, suppliers, sub-contractors and advisers. These are types of firm that we use to help us run accounts, policies and services.
  • Someone linked with the business’s product or service. This could mean a joint account holder, trustee, or fellow company director.
  • Other financial services companies (to help prevent, detect and prosecute unlawful acts and fraudulent behaviour)
  • Independent accountants and auditors.

How we use your information to make automated decisions

We sometimes use systems to make automated decisions about your account or the business. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. Automated decisions can affect the products, services or features we may offer the business now or in the future, or the price that we charge for them. They are based on personal and business information that we have or that we are allowed to collect from others. Here are the types of automated decision we make:

Tailoring products, services and marketing

We may place the business in groups with similar clients. These are called client segments. We use these to study and learn about our clients’ needs, and to make decisions based on what we learn. This helps us to design products, services, marketing and offers and to manage our client relationships.

Detecting fraud and financial crime

We use your information to help decide if accounts may be being used for fraud or financial crime. We may detect that an account is being used in ways that fraudsters work or that an account is being used in a way that is unusual for you. If we think there is a risk of fraud or financial crime, we may block activity on accounts.

Opening accounts

When accounts are opened with us, we check that you meet the conditions needed to open the account. This may include checking age, residency, nationality, place of incorporation or source of income.

As a person you have rights over automated decisions.

  • You can ask that we do not make our decision based on the automated score alone.
  • You can object to an automated decision, and ask that a person reviews it.
  • If you want to know more about these rights, please contact us.

Data outside the EEA

Where your personal data is held outside of the EEA, we make sure that it is protected to the same extent as in the EEA by the following safeguards:

  • Ensuring that the privacy laws give equivalent protection as the EEA affords to data.
  • Put in place a contract with the recipient that means they must protect it to equivalent standards as the EEA.

Cookies

When you visit the website, our server places small pieces of data known as ‘cookies’ on your hard drive. Cookies are pieces of information that are transferred to your computer when you visit a website for record-keeping purposes.

We may use cookies to provide us with aggregate (anonymous) information on how people use our website and to help us know what our customers find interesting and useful in our website. We do not link this information back to other information that you have provided to us nor provide it to other third parties for marketing purposes.

Most Web browsers are set to accept cookies. However, if you do not wish to receive any ‘cookies’ you may set your Web browser to refuse cookies. Only necessary cookies are used by us to run our site. You consent to these cookies by using our website.

Marketing

We may use your personal information to make decisions about what products, services and offers we think you may be interested in.

We can only use your personal or business information to send marketing messages if we have consent or a ‘legitimate interest’. By ‘legitimate interests’ we mean that we have a business or commercial reason to use your information, and it must not conflict unfairly with your interests.

You can contact us at any time and ask us to stop using your information this way.

We may show or send your business marketing material online (on our own and other websites including social media), in our app, by email or mobile phone.

We do not sell the information we have to outside organisations.

We may ask you to confirm or update these choices, if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.

Company mergers and takeovers

We reserve the right to share your personal information if the make-up of Aerapass group company members changes in the future:

We may choose to sell, transfer, or merge parts of our business and during such a process, we may share data with other parties involved. We will only do this if they agree to keep it confidential and secure and use this data in the same way as set out in this notice.

Data Access

You have the right to access your personal data, free of charge. If you request a copy of the personal data being processed related to you, we will provide this in an accessible format, within a one-month time frame.

In the event that we refuse you access to your personal information, we will provide you with an explanation for that refusal. These reasons may include:

  • an unreasonable impact on the privacy of other individuals;
  • the information relates to legal proceedings between Aerapass Group Companies and you;
  • the information would reveal sensitive corporate decision-making process; or
  • we are prevented by law from disclosing the information or providing access.

Data Correction

If you believe that your personal data is incorrect, incomplete or inaccurate, you have the right to have it rectified or completed without undue delay. You must advise of which data is incorrect and we will notify any data recipients that the personal data has been changed or deleted.

Data Portability

When processing is based on your consent or a contract, you can ask for personal data to be transmitted to another company. This is known as the right to data portability

Data Erasure

You can also ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to be forgotten’.

We will delete or stop using your data unless there are legal or other official reasons why we need to keep or use your data.

Data Restriction

We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, such as legal claims or to exercise legal rights.

You can ask us to restrict the use of your personal information if:

  • It is not accurate
  • It has been used unlawfully but you don’t want us to delete it

Data Security

We store personal information in an encrypted database on our servers. We will take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification or disclosure.

Period of Retention

We will keep your personal information as long as you are a client of Aerapass group company members.

After you stop being a client we will keep your personal information for seven years to obey rules that apply to us about keeping records. We may also keep your data for longer than seven years if we cannot delete it for legal or regulatory reasons.

Changes to our Privacy Policy

We may make changes to this Data Privacy Notice from time to time for any reason and will make concerted efforts to update the website in a timely manner.

Contacting us about data privacy

If you have any questions, or want more details about any of the topics in this Privacy Notice or how we use your personal and business information, you can call us on +852 5801 4223 (Hong Kong).

If you have concerns about any breach or potential breach of your privacy, please contact us and we will make every effort to resolve your complaint.

You can write to us at: info@aerapass.com

Responding to requests

Where we receive a request from you regarding data privacy we will respond to this request without undue delay and in any case within 1 month of receiving the request.

This response time may be extended by 2 months for complex or multiple requests, as long as the individual is informed about the extension. Requests are dealt with free of charge.

If a request is rejected, then we will inform you of the reasons for doing so and of your right to file a complaint with the relevant Data Protection Authority.

Have a question?

We’d be happy to chat with you and clear things up for you. Anytime!

Call anytime

+852 8191-4085

Email us

info@aerapass.com