SCOPE OF THIS POLICY
Applicability of Policy. This Policy is applicable to:
· any user of, or visitor to, our websites, platforms, applications and other online services or products under our control;
· individuals who share their business contact information and other personal data with us in the framework of a potential or ongoing business relationship or for other business purposes; and
· any members of the public who interact with us and individuals with whom we do business, including, but not limited to, staff of regulatory authorities and suppliers and visitors to our sites and offices.
PERSONAL DATA
What is personal data. “Personal data” is information directly or indirectly relating to a natural person who can be identified from that information.
· Voluntary provision of personal data. As a general principle, provision of any personal data to us is entirely voluntary. However, there are circumstances in which we cannot take action without certain personal data, for example because this personal data is required to process your requests, manage the contractual relationship between us or the company you work for, or provide you with access to a specific online content. When the provision of such personal data is mandatory in order for us to provide services to you, we will specifically inform you. Should you refuse to provide the required personal data in such circumstances, it may unfortunately not be possible for us to provide you with our services.
· Providing personal data belonging to others. If you provide the personal data of anyone other than yourself (including your family members, employees – in the case of corporate healthcare arrangements fellow etc.), you warrant that you have informed him/her of the purposes for which we are collecting his/her personal data and that he/she has consented to your disclosure of his/her personal data to us for those purposes.
· Accuracy and completeness of personal data. You confirm that all personal data that you provide to us is true, accurate and complete.
What is personal data. “Personal data” is information directly or indirectly relating to a natural person who can be identified from that information.
· Voluntary provision of personal data. As a general principle, provision of any personal data to us is entirely voluntary. However, there are circumstances in which we cannot take action without certain personal data, for example because this personal data is required to process your requests, manage the contractual relationship between us or the company you work for, or provide you with access to a specific online content. When the provision of such personal data is mandatory in order for us to provide services to you, we will specifically inform you. Should you refuse to provide the required personal data in such circumstances, it may unfortunately not be possible for us to provide you with our services.
· Providing personal data belonging to others. If you provide the personal data of anyone other than yourself (including your family members, employees – in the case of corporate healthcare arrangements fellow etc.), you warrant that you have informed him/her of the purposes for which we are collecting his/her personal data and that he/she has consented to your disclosure of his/her personal data to us for those purposes.
· Accuracy and completeness of personal data. You confirm that all personal data that you provide to us is true, accurate and complete.
PERSONAL DATA
COLLECTION OF PERSONAL DATA
Collection. We may collect your personal data automatically (at all times in accordance with applicable law) when you:
· register for or use any services or products we provide;
· respond to or register for any of our initiatives or events;
· visit our website or use our app;
· send us an email;
· request to be included in our mailing list;
· interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails;
· call us to fix an appointment;
· attend to our premises via CCTV cameras, or via photographs or videos taken during events;
· request that we contact you; and/or
· submit your personal data to us for any other reason.
收集。在以下情況下,我們可能會自動收集您的個人資料(無論何時都會根據適用法律):
· 註冊或使用我們提供的任何服務或產品;
· 回應或註冊我們的任何倡議或活動;
· 瀏覽我們的網站或使用我們的App;
· 給我們發送電子郵件;
· 要求包含在我們的郵件發送列表中;
· 通過電話(可能有錄音記錄),信件,傳真,面對面的會議,社交媒體平臺,電子郵件與包括客戶服務人員在內的我們員工進行互動;
· 打電話給我們預約
· 當您在我們的場所內通過閉路電視攝像機時,或者在您參加我們的活動時通過被拍攝的照片或錄像;
· 要求我們與您聯繫;及/或
· 出於任何其他原因向我們提交您的個人資料。
PURPOSES FOR COLLECTION OF YOUR PERSONAL DATA
Primary purposes. Generally, we collect, use or disclose your personal data (or, where you are our corporate customer, the personal data of your employees) for the following primary purposes:
· to verify your identity;
· to manage your relationship with us;
· to provide you with the services that you have requested, including but not limited to:
-
to assist you with your enquiries;
-
to administer medical care, including dispensing medication and treatment;
-
to liaise with third party specialist doctors, clinics, hospitals and/or medical institutions in relation to your medical care (including by providing them with access to your medical records);
· to contact you for feedback after the provision of our services;
· to personalise your experience at our facilities; and/or
· purposes which are reasonably related to the aforesaid.
Vendors. If you are an employee, officer or owner of an external service provider or vendor, in addition to the purposes set out above (as applicable), we may also collect, use and/or disclose your personal data for the following purposes:
· assessing your organisation’s suitability as an external service provider or vendor for us;
· managing project tenders and quotations, processing orders or managing the supply of goods and services;
· creating and maintaining profiles of our service providers and vendors in our system database;
· processing and payment of vendor invoices and bills;
o managing our premises and facilities (including but not limited to issuing visitor access passes and facilitating security clearance); and/or
o purposes which are reasonably related to the aforesaid.
Marketing purposes. If you have separately and expressly consented, we may collect, use and/or disclose your personal data for the purposes of marketing our products and services and those of our strategic partners and business associates e.g. informing you of our latest events and services. If we intend to use your personal data for marketing purposes we will obtain your consent when we collect your personal data.
Business purposes. In addition to the purposes set out above, we may also collect, use and/or disclose your personal data for purposes connected or relevant to our business, such as:
· research into the development of new products and services or improvement of our existing products and services;
· accounting, risk management and record keeping;
· carrying out planning and statistical analysis;
· processing and handling of medical and insurance claims and payments;
· staff training;
· quality assurance of our services;
· in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
· managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
· conducting any form of investigations including but not limited to those relating to disputes, billing, fraud, offences, prosecutions etc.;
· meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations); and/or
· for purposes which are reasonably related to the aforesaid.
Business purposes. In addition to the purposes set out above, we may also collect, use and/or disclose your personal data for purposes connected or relevant to our business, such as:
· research into the development of new products and services or improvement of our existing products and services;
· accounting, risk management and record keeping;
· carrying out planning and statistical analysis;
· processing and handling of medical and insurance claims and payments;
· staff training;
· quality assurance of our services;
· in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
· managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
· conducting any form of investigations including but not limited to those relating to disputes, billing, fraud, offences, prosecutions etc.;
· meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations); and/or
· for purposes which are reasonably related to the aforesaid.
DISCLOSURE OF PERSONAL DATA
Transfer to third parties. Subject to the provisions of any applicable law, your personal data may be disclosed, for the purposes listed above (where applicable) to the following entities or parties, whether they are located overseas or in Hong Kong:
· amongst Health Maintenance Medical Practical Limited and its affiliates;
· where you have consented, we may disclose your personal data to our strategic partners and business associates;
· service providers and data processors working on our behalf and providing services such as hosting and maintenance services, analysis services, e-mail messaging services, delivery services, handling of payment transactions, marketing etc.
· our consultants and professional advisers (such as accountants, lawyers, auditors);
· external banks, credit card companies, other financial institutions and their respective service providers;
· relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority, or any other party to whom we are required or permitted to disclose personal data pursuant to the applicable laws; and/or
· any other party to whom you authorise us to disclose your personal data.
Limits to transfers to third parties. Apart from the circumstances and third parties listed out above, we will not transfer your personal data to any other third parties. Under no circumstances will we sell your personal data to third parties.
PURPOSES FOR COLLECTION OF YOUR PERSONAL DATA
Primary purposes. Generally, we collect, use or disclose your personal data (or, where you are our corporate customer, the personal data of your employees) for the following primary purposes:
· to verify your identity;
· to manage your relationship with us;
· to provide you with the services that you have requested, including but not limited to:
-
to assist you with your enquiries;
-
to administer medical care, including dispensing medication and treatment;
-
to liaise with third party specialist doctors, clinics, hospitals and/or medical institutions in relation to your medical care (including by providing them with access to your medical records);
· to contact you for feedback after the provision of our services;
· to personalise your experience at our facilities; and/or
· purposes which are reasonably related to the aforesaid.
TRANSFER OF PERSONAL DATA OUT OF HONG KONG
Transfer outside Hong Kong. Since we are operating within a global network of partners, we may transfer your personal data to any location outside of Hong Kong for the purposes set out above.
RETENTION
Retention. The personal data we collect from you is retained for the purposes set out above, including where we have an ongoing legitimate business need, an obligation to comply with relevant laws, regulations or accounting requirements, or where we need to protect our interests.
Deletion. When we have no further reasons to retain or process your personal data pursuant to the purpose that it was collected for, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Risk based approach. We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
Security measures. Specific measures we use include regular malware scanning. Your personal data is contained behind secure networks and is only accessible by a limited number of people who have special access rights to such systems as required based on role and responsibility of such persons and are required to keep the information confidential. We require the same level of diligence from any third party involved in the processing of your personal data in accordance with applicable laws.
Unauthorized access. We cannot be held responsible for unauthorised or unintended access that is beyond our control.
TRANSFER OF PERSONAL DATA OUT OF HONG KONG
Transfer outside Hong Kong. Since we are operating within a global network of partners, we may transfer your personal data to any location outside of Hong Kong for the purposes set out above.
RETENTION
Retention. The personal data we collect from you is retained for the purposes set out above, including where we have an ongoing legitimate business need, an obligation to comply with relevant laws, regulations or accounting requirements, or where we need to protect our interests.
Deletion. When we have no further reasons to retain or process your personal data pursuant to the purpose that it was collected for, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
SECURITY
Risk based approach. We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
Security measures. Specific measures we use include regular malware scanning. Your personal data is contained behind secure networks and is only accessible by a limited number of people who have special access rights to such systems as required based on role and responsibility of such persons and are required to keep the information confidential. We require the same level of diligence from any third party involved in the processing of your personal data in accordance with applicable laws.
Unauthorized access. We cannot be held responsible for unauthorised or unintended access that is beyond our control.
SECURITY
TRANSFER OF PERSONAL DATA OUT OF HONG KONG
Transfer outside Hong Kong. Since we are operating within a global network of partners, we may transfer your personal data to any location outside of Hong Kong for the purposes set out above.
RETENTION
Retention. The personal data we collect from you is retained for the purposes set out above, including where we have an ongoing legitimate business need, an obligation to comply with relevant laws, regulations or accounting requirements, or where we need to protect our interests.
Deletion. When we have no further reasons to retain or process your personal data pursuant to the purpose that it was collected for, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Risk based approach. We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
Security measures. Specific measures we use include regular malware scanning. Your personal data is contained behind secure networks and is only accessible by a limited number of people who have special access rights to such systems as required based on role and responsibility of such persons and are required to keep the information confidential. We require the same level of diligence from any third party involved in the processing of your personal data in accordance with applicable laws.
Unauthorized access. We cannot be held responsible for unauthorised or unintended access that is beyond our control.
YOUR RIGHTS
Access and correction. You have the right to request access to and correct your personal data held by us.
· Contact Data Protection Officer. If you wish to withdraw any consent you have given us at any time, or if you wish to correct or have access to your personal data held by us, or if you do not accept any amendment to this Policy, please contact our Data Protection Officer:
Name: Mr. Raymond Yip
Tel.: +852-2122 5451
Email: IT.SUPPORT@HMMP-Dental.com
· Fee for access. We may charge you a fee for responding to your request for access to your personal data held by us, or for information about the ways in which we have (or may have) used your personal data in the one-year period preceding your request. If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received. We will endeavour to respond to your request within 30 days, and if that is not possible, we will inform you of the time by which we will respond to you.
· Third party personal data. Please note that if your personal data has been provided to us by a third party (e.g. a general practitioner or your employer), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to us on your behalf.
· Effect of withdrawal of consent. In many circumstances, we need to use your personal data in order for us to provide you with products or services which you require. If you do not provide us with the required personal data, or if you withdraw your consent to our use and/or disclosure of your personal data for these purposes, it may not be possible for us to continue to serve you or provide you with the products and services that you require.
Transfer outside Hong Kong. Since we are operating within a global network of partners, we may transfer your personal data to any location outside of Hong Kong for the purposes set out above.
Retention. The personal data we collect from you is retained for the purposes set out above, including where we have an ongoing legitimate business need, an obligation to comply with relevant laws, regulations or accounting requirements, or where we need to protect our interests.
Deletion. When we have no further reasons to retain or process your personal data pursuant to the purpose that it was collected for, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Risk based approach. We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
Security measures. Specific measures we use include regular malware scanning. Your personal data is contained behind secure networks and is only accessible by a limited number of people who have special access rights to such systems as required based on role and responsibility of such persons and are required to keep the information confidential. We require the same level of diligence from any third party involved in the processing of your personal data in accordance with applicable laws.
Unauthorized access. We cannot be held responsible for unauthorised or unintended access that is beyond our control.
TRANSFER OF PERSONAL DATA OUT OF HONG KONG
Transfer outside Hong Kong. Since we are operating within a global network of partners, we may transfer your personal data to any location outside of Hong Kong for the purposes set out above.
RETENTION
Retention. The personal data we collect from you is retained for the purposes set out above, including where we have an ongoing legitimate business need, an obligation to comply with relevant laws, regulations or accounting requirements, or where we need to protect our interests.
Deletion. When we have no further reasons to retain or process your personal data pursuant to the purpose that it was collected for, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
SECURITY
Risk based approach. We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
Security measures. Specific measures we use include regular malware scanning. Your personal data is contained behind secure networks and is only accessible by a limited number of people who have special access rights to such systems as required based on role and responsibility of such persons and are required to keep the information confidential. We require the same level of diligence from any third party involved in the processing of your personal data in accordance with applicable laws.
Unauthorized access. We cannot be held responsible for unauthorised or unintended access that is beyond our control.
GOVERNING LAW
This Policy is governed by the laws of Hong Kong. You consent to submit to the exclusive jurisdiction of the Courts of Hong Kong in any dispute relating to this Policy.
AMENDMENTS TO THIS POLICY
Amendments. We may amend this Policy from time to time in response to changing legal, technical or business developments. The updated Policy will supersede earlier versions and will apply to personal data provided to us previously. The updated Policy will be made available upon request from our Data Protection Officer and on our website at www.hmmp.com.hk.
Consent for use of personal data for new purposes. If this Policy is amended, your personal data will not be used for any new purposes without your prior consent.
WEBSITE OR APP
Anonymous browsing. Anonymity is maintained when you visit our websites at http://www.hmmpdental.com or our app. Our websites or app are not configured to gather any information from your device, unless you otherwise personally and intentionally provide us with your information.
· Use of cookies. We may make use of “cookies” on our websites or app to store and track information such as the number of users and their frequency of use, profiles of users and their online preferences. Cookies do not capture information which would personally identify you, but the information collected may be used to assist us in analysing the usage of our websites/app and to improve your online experience with us. You can disable the cookies by changing the setting on your browser. However, this may affect the functionality of our websites. You cannot manage cookies in the app.
· Links to other websites. Our websites or app may contain links to other websites which are not owned or maintained by us and over which we have no control. These links are provided only for your convenience. This Policy only applies to our website. When visiting these third party websites, the privacy policies of such websites apply.
Transfer outside Hong Kong. Since we are operating within a global network of partners, we may transfer your personal data to any location outside of Hong Kong for the purposes set out above.
Retention. The personal data we collect from you is retained for the purposes set out above, including where we have an ongoing legitimate business need, an obligation to comply with relevant laws, regulations or accounting requirements, or where we need to protect our interests.
Deletion. When we have no further reasons to retain or process your personal data pursuant to the purpose that it was collected for, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Risk based approach. We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
Security measures. Specific measures we use include regular malware scanning. Your personal data is contained behind secure networks and is only accessible by a limited number of people who have special access rights to such systems as required based on role and responsibility of such persons and are required to keep the information confidential. We require the same level of diligence from any third party involved in the processing of your personal data in accordance with applicable laws.
Unauthorized access. We cannot be held responsible for unauthorised or unintended access that is beyond our control.
Anonymous browsing. Anonymity is maintained when you visit our websites at www.hmmp.com.hk or our app. Our websites or app are not configured to gather any information from your device, unless you otherwise personally and intentionally provide us with your information.
· Use of cookies. We may make use of “cookies” on our websites or app to store and track information such as the number of users and their frequency of use, profiles of users and their online preferences. Cookies do not capture information which would personally identify you, but the information collected may be used to assist us in analysing the usage of our websites/app and to improve your online experience with us. You can disable the cookies by changing the setting on your browser. However, this may affect the functionality of our websites. You cannot manage cookies in the app.
· Links to other websites. Our websites or app may contain links to other websites which are not owned or maintained by us and over which we have no control. These links are provided only for your convenience. This Policy only applies to our website. When visiting these third party websites, the privacy policies of such websites apply.
Privacy Policy
GENERAL
HMMP (Dental) Limited is committed to protecting the privacy, confidentiality and security of the personal data we hold by complying with the requirements of the Personal Data (Privacy) Ordinance with respect to the management of personal data. We are equally committed to ensuring that all our employees and agents uphold these obligations.
This Privacy Policy (“Policy”) explains who we are, how we may collect, use, disclose, process and manage your personal data and how you can exercise your privacy rights.
All references to the “HMMP (Dental) Limited ”, “we”, “us” and “our” refer collectively to the HMMP (Dental) Limited and all its subsidiaries and group companies in Hong Kong.