Privacy Policy

Confidentiality, Privacy and Data Protection Policy

Storfield Insurance Consultants Limited (“SICL”) respects personal data privacy and are committed to complying with the requirements of the Personal Data (Privacy) Ordinance (“PDPO”) (Cap. 486 of the Laws of Hong Kong) and guidelines of the Privacy Commissioner for Personal Data (the “PCPD”).

Here, we explain SICL’s Confidentiality, Privacy and Data Protection Policy (“Policy”) relating to the collection and handling of your personal data, including the information practices of websites (referred to as “Sites”), in accordance with the PDPO and guidelines of the PCPD. This Policy applies to all past, present and future individuals who interact with SICL

We”, “Us”, “Our” in this Policy refers to SICL

By using these Sites, you consent to the use, storage and processing of your personal data and other information stored on these Sites or submitted by you at or through these Sites in accordance with this Policy, and you acknowledge and agree with the PDPO and guidelines of the PCPD including the use for direct marketing purposes.

Pursuant to the PDPO and the PCPD:

 

Personal Data means any data: (a) relating directly or indirectly to a living individual; (b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and (c) in a form in which access to or processing of the data is practicable.

 

Data user in relation to personal data, means a person who, either alone or jointly or in common with other persons, controls the collection, holding, processing or use of the data.

 

Confidential Information

Confidential Information includes without limitation data which a disclosing party ("Discloser"), or its related companies, now or in the future possesses relating to technical, business, financial, and other data generally considered by Discloser to be proprietary or confidential and which, (a) is marked as "Confidential or "Proprietary," or with a similar legend, at the time of disclosure; or (b) is clearly identified to the party receiving Confidential Information as confidential or proprietary at the time of disclosure; or (c) is material which would typically be treated by a prudent business person as confidential. Confidential Information may include without limitation information belonging to a third party such as customers or suppliers, or potential customers or suppliers, of Discloser or its related companies.

 

All such Confidential Information received from you is used only for the purposes intended (i.e. providing advice and dealing with matters related to insurance policies) and special purposes mentioned in agreements made between you and us.

 

Direct Marketing

As per Guidance on Direct Marketing (April 2023) of the PCPD, direct marketing is defined as (a) the offering, or advertising of the availability, of goods, facilities or services; or (b) the solicitation of donations or contributions for charitable, cultural, philanthropic, recreational, political or other purposes, (c) sending information or goods, addressed to specific people by name, by mail, fax, electronic mail or other means of communication; or (d) making telephone calls to specific people.

Basically, your name and contact information should suffice for the purpose of direct marketing. We should inform you that the supply of any other personal data to allow us to carry out specific purposes, e.g. customer profiling and segmentation, is entirely voluntary. e.g. Hong Kong Identity Card Number is not normally required for direct marketing purposes.

Contact our Data protection officer to handle data request and data management.

 

Data Security, Storage and Transfers

As per the Data Protection Principle (“DPP”) 4(1) in Schedule 1 to the PDPO we are required to take all reasonably practicable steps to ensure that your personal data held by us is protected against unauthorised or accidental access, processing, erasure, loss or use having regard to:

 

  1. the kind of data and the harm that could result if any of those things should occur;
  2. the physical location where the data is stored;
  3. any security measures incorporated (whether by automated means or otherwise) into any equipment in which the data is stored;
  4. any measures taken for ensuring the integrity, prudence and competence of persons having access to the data; and
  5. any measures taken for ensuring the secure transmission of the data.

 

We take all reasonable and appropriate steps to maintain the security of personal data, confidential documents and information that are in our possession.                                                           

 

In some instances (for example placing medical or life policies or handling employee’s compensation claims), we need to collect and handle Personal Data or Confidential Information, but we will not use the Personal Data or Confidential Information for any purposes other than its intended use.

 

We may at times require to transmit or transfer such data/ confidential information to third parties including but not limited to insurance companies, loss adjusters and legal advisers. In such instances, we apply encryption to ensure the security of your Personal Data and Confidential Information including using password to protect documents (and where possible encrypted email).

 

Retention of Personal Data

As per the PCPD’s Guidance, we may retain Personal Data of customers for not more than seven (7) years after the end of the business relationship. However, different retention periods apply to the various kinds of personal data collected and held by us. We take all reasonably practicable steps to ensure that personal data will not be kept longer than is necessary for the fulfilment of the purposes (or any directly related purpose) for which the data is or is to be used, unless the retention is otherwise permitted or required by law.

 

Data Breach and Remedies

As per the PDPO and guidelines of the PCPD, we have a Data Breach Response Plan to effectively manage any data breaches which includes, (1) Immediate gathering of essential information, (2) Containing the data breach, (3) Assessing the risk of harm, (4) Data breach notifications, and (5) Documenting the breach.

 

Contact Details

If you have any questions, concerns or comments about this Policy or want to contact our Data Protection Officer, please contact us at:

 

Lobo Law

Storfield Insurance Consultants Limited,

2706, C C Wu Building, 302-308 Hennessy Rd, Wan Chai, Hong Kong.

 

  • Telephone: +852 2231 0316

 

  • E-mail: lobolaw@storfield.com.hk

 

  • Fax: +852 2231 0338

 

Updates of this Notice

We may update this Notice as and when required. When we do, the latest version will be published on this Site and the revised version date will be displayed at the bottom of this page.

 

Last updated: Nov 2024