eprivacy

Document Sample
eprivacy Powered By Docstoc
					Privacy Policy Statement
(Aug 2011)
                                                          Table of Contents


1.   INTRODUCTION ............................................................................................................................... P.3

2.   KINDS OF PERSONAL DATA HELD BY THE COMPANY ....................................................................... P.3

3.   PURPOSES THE PERSONAL DATA ARE HELD ...................................................................................... P.4

4.   SECURITY OF PERSONAL DATA ......................................................................................................... P.5

5.   ACCURACY OF PERSONAL DATA ....................................................................................................... P.5

6.   COLLECTION OF PERSONAL DATA .................................................................................................... P.5

7.   DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS.......................................................... P.6

8.   OTHER PRACTICES ............................................................................................................................ P.6

9.   APPOINTMENT OF DATA PROTECTION OFFICER ............................................................................... P.6




                                                                                                                                          P. 2 of 6
1. INTRODUCTION

   1.1 This Statement is adopted as the Privacy Policy Statement (“Statement”) of Blue Cross (Asia-Pacific) Insurance
       Limited (the “Company”). The purpose of this Statement is to establish the policies and practices of the
       Company’s commitment to protect the privacy of personal data and to act in compliance with the provisions
       of the Personal Data (Privacy) Ordinance (the “Ordinance”), Data Protection Principles and relevant
       guidelines issued by the Group (i.e. The Bank of East Asia, Limited).

   1.2 To ensure compliance with the Ordinance, internal guidelines on protection of personal data are established
       and updated from time to time for reference and use by the staff of the Company.


2. KINDS OF PERSONAL DATA HELD BY THE COMPANY

   2.1 There are three broad categories of personal data held in the Company. They are personal data related to
       (potential) customers, (potential) employees and (potential) individual insurance agents and responsible
       officers of insurance agencies (collectively “Insurance Agents”) of the Company.

   2.2 Personal data held by the Company regarding customers may include the following:
       (a) name, address, and contact details of customers or potential customers;
       (b) occupation, date of birth and nationality of customers, their identity card and/or passport numbers and
           place and date of issue thereof;
       (c) current employer, nature of position, annual salary and other benefits of customers;
       (d) details of properties, assets or investments held by customers;
       (e) details of all other assets or liabilities (actual or contingent) of customers;
       (f) information obtained by the Company in the ordinary course of the continuation of the business
           relationship (for example, when customers write cheques or generally communicate verbally or in writing
           with the Company, by means of documentation or telephone recording system, as the case may be); and
       (g) information which is in the public domain.

   2.3 Personal data relating to employment held by the Company may include the following:
       (a) name and address, contact details, date of birth and nationality of employees and potential employees
           and their spouses and their identity card and/or passport numbers and place and date of issue thereof;
       (b) additional information compiled about potential employees to assess their suitability for a job in the
           course of the recruitment selection process which may include references obtained from their current or
           former employers or other sources;
       (c) additional information compiled about employees which may include records of remuneration and
           benefits paid to the employees, records of job postings, transfer and training, records of medical checks,
           sick leave and other medical claims and performance appraisal reports of the employees;
       (d) relevant personal data pertaining to former employees may be required by the Company to fulfil its
           obligations to the former employees and its legal obligations under certain ordinances; and
       (e) information which is in the public domain.

   2.4 Personal data held by the Company regarding appointment of Insurance Agents may include the following:
       (a) Individual Agent
           name, address, contact details, date of birth, bank account number, qualifications, additional
           information compiled about potential Individual Agents for the Company to assess his/her suitability for
           being appointed as an agent of the company, and information which is in the public domain.
       (b) Responsible Officer of Insurance Agency
           name, address, contact details, any information related to the Responsible Officer which the relevant
           regulatory authorities of the insurance industry may require the Company to provide, and information
           which is in the public domain.

                                                                                                             P. 3 of 6
   2.5 The Company may hold other kinds of personal data which it needs in the light of experience and the specific
       nature of its business.


3. PURPOSES THE PERSONAL DATA ARE HELD

   3.1 It is necessary for customers to supply the Company with data in connection with the purchase of insurance
       or financial related products or services, and in the ordinary course of the administration of policies and
       undertaking other business relationships. Failure by customers to supply such data may result in the Company
       being unable to write new policies, establish or continue business relationship, or provide financial services.

   3.2 The purposes for which data relating to customers or potential customers may be used are as follows:
       (a) processing applications for insurance products and services;
       (b) providing insurance products and services and processing requests made by customers in relation to
           insurance products and services, including but not limited to requests for addition, alteration or deletion
           of insurance benefits or insured members, establishment of direct debit facilities as well as cancellation,
           renewal, or reinstatement of insurance policies;
       (c) processing, adjudicating and defending insurance claims as well as conducting any incidental
           investigation;
       (d) performing functions and activities incidental to the provision of insurance products and services such as
           identity verification, data matching and reinsurance arrangement;
       (e) exercising the Company’s rights in connection with the provision of insurance products and services to
           customers from time to time, for example, to recover indebtedness;
       (f) designing insurance products and services with a view to improving the Company’s service;
       (g) preparing statistics and conducting research;
       (h) marketing the following services and products (in respect of which the Company may or may not be
           remunerated):
           (1) insurance, financial, banking and related services and products;
           (2) reward, loyalty or privileges programmes and related services and products; and
           these services or products may be provided and/or marketed by:
           (1) the Company or members of the Bank of East Asia Group;
           (2) third party reward, loyalty or privileges programme providers; and
           (3) third party marketing services providers;
       (i) making disclosure under the requirements of any law or rules, regulations, codes of practice or guidelines
           issued by regulatory or other authorities binding on the Company or the Bank of East Asia Group or with
           which the Company or the Bank of East Asia Group is expected to comply;
       (j) enabling an actual or proposed assignee, transferee, participant or sub-participant of the Company’s
           rights or business to evaluate the transaction intended to be the subject of the assignment, transfer,
           participation or sub-participation; and
       (k) any other purposes relating to the purposes listed above.

   3.3 The purposes for which data relating to employees and potential employees may be used are as follows:
       (a) processing employment applications;
       (b) determining and reviewing salaries, bonuses and other benefits;
       (c) consideration for promotion, training, secondment or transfer;
       (d) consideration of eligibility for administration of staff benefits and entitlements;
       (e) providing employee references;
       (f) registering employees as intermediaries or licensees with statutory authorities/institutions for purposes
           directly related to or associated with their employment;
                                                                                                              P. 4 of 6
       (g) monitoring compliance with internal rules of the Company;
       (h) meeting the requirements to make disclosure under the requirements of any law binding on the Company
           or under and for the purposes of any guidelines issued by the regulatory or other authorities with which
           the Company is expected to comply; and
       (i) other purposes relating thereto.

   3.4 The purposes for which data relating to Insurance Agents and potential Insurance Agents may be used are as
       follows:
       (a) processing Insurance Agent applications;
       (b) determining and reviewing commission and other benefits (if any);
       (c) registering Insurance Agents as intermediaries or licensees with statutory authorities/institutions for
           purposes directly related to or associated with their appointments;
       (d) monitoring compliance with internal rules of the Company;
       (e) meeting the requirements to make disclosure under the requirements of any law binding on the Company
           or under and for the purposes of any guidelines issued by the regulatory or other authorities with which
           the Company is expected to comply; and
       (f) other purposes relating thereto.


4. SECURITY OF PERSONAL DATA

   It is the policy of the Company to ensure an appropriate level of protection for personal data in order to prevent
   unauthorized or accidental access, processing, erasure or other use of that data, commensurate with the
   sensitivity of the data and the harm that would be caused by occurrence of any of the aforesaid events. It is the
   practice of the Company to achieve appropriate levels of security protection by restricting physical access to data
   by providing secure storage facilities, and incorporating security measures into equipment in which data is held.
   Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data.
   Data is only transmitted by secure means to prevent unauthorized or accidental access.


5. ACCURACY OF PERSONAL DATA

   It is the policy of the Company to ensure accuracy of all personal data collected and processed by the Company.
   Appropriate procedures should be implemented to provide for all personal data to be checked and updated to
   ensure that it is reasonably accurate having regard to the purposes for which that data is used.


6. COLLECTION OF PERSONAL DATA

   6.1 In the course of collecting personal data, the Company will provide the individuals concerned with a
       Personal Information Collection Statement (“PICS”) informing them of the purpose of collection, classes of
       persons to whom the data may be transferred, their rights to access and correct the data, and other relevant
       information.

   6.2 In relation to the collection of personal data on-line, the following practices are adopted:
       (a) On-line Security
           The Company will follow strict standards of security and confidentiality to protect any information
           provided to the Company online. Encryption technology is employed for sensitive data transmission on
           the Internet to protect individuals’ privacy.
       (b) Cookies
           (1) Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is
               stored on a local hard drive such that web server can later read back the cookie data from a web
               browser. This is useful for allowing a website to maintain information on a particular user.

                                                                                                              P. 5 of 6
              (2) Cookies are designed to be read only by the website that provides them. Cookies cannot be used to
                  obtain data from a user’s hard drive, get a user’s e-mail address or gather a user’s sensitive
                  information.
              (3) The Company will only use cookies as a session identifier and will not store user’s sensitive
                  information in cookies. Once a session established, all the communications will use the cookies to
                  identify a user. The cookies will expire once the session is closed. If users try to disable cookies from
                  their web browsers, they may not be able to access the Company’s online insurance application
                  services.
       (c) On-line Correction
              Personal data provided to the Company through an on-line facility, once submitted, it may not be deleted,
              corrected or updated on-line. If deletion, correction and updates are not allowed online, users should
              approach the Company for assistance.

       (d) On-line Retention
              Reasonable and practical steps will be taken to ensure that personal data will not be kept longer than
              necessary.

7. DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS

   7.1 It is the policy of the Company to comply with all data access and correction requests, for all staff to be
       familiar with the requirements for assisting individuals to make such requests, and to process such requests in
       accordance with the provisions of the Ordinance.

   7.2 The Company may, subject to the Ordinance, impose a nominal fee or reimbursement for complying with a
       data access request. If a person making a data access request requires an additional copy of the personal data
       that the Company has previously supplied pursuant to an earlier data access request, the Company may
       charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.

   7.3 Data access and correction requests to the Company may be addressed to the Corporate Data Protection
       Officer or other person as specifically advised.


8. OTHER PRACTICES

   The following are maintained by the Company to ensure compliance with the Ordinance:
   (a) A Log Book as provided for in section 27 of the Ordinance;
   (b) Internal policies and guidelines on compliance with the Ordinance for use by staff of the Company;
   (c) Data Access Request Form and Data Correction Request Form for individual access and correction requests of
       personal data held by the Company.


9. APPOINTMENT OF DATA PROTECTION OFFICER

   9.1 To co-ordinate and oversee compliance with the Ordinance and the personal data protection policies of the
       Company, a Corporate Data Protection Officer has been appointed by the Company.

   9.2 The contact details of the Corporate Data Protection Officer are as follows:
       The Corporate Data Protection Officer
       Blue Cross (Asia-Pacific) Insurance Limited
       29th Floor, BEA Tower, Millennium City 5
       418 Kwun Tong Road, Kwun Tong, Kowloon
       Telephone: 3608 2888
       Fax:           3608 2938



                                                                                                                  P. 6 of 6
私隱政策聲明
(2011年8月)
                                                                        目錄


1.   引言 .................................................................................................................................................. P.3

2.   本公司持有的個人資料的種類 .............................................................................................................. P.3

3.   使用個人資料的目的 ........................................................................................................................... P.4

4.   個人資料的保安 .................................................................................................................................. P.5

5.   個人資料的準確性 .............................................................................................................................. P.5

6.   個人資料的收集 .................................................................................................................................. P.5

7.   查閱資料要求及改正資料要求 .............................................................................................................. P.6

8.   其他實務 ............................................................................................................................................ P.6

9.   資料保障主任的委任 ........................................................................................................................... P.6




                                                                                                                                                   P. 2 of 6
1. 引言

  1.1 此聲明乃採納為藍十字(亞太)保險有限公司(「本公司」)的私隱政策聲明(「本聲明」)。訂立本聲明的目的,
      是為確立本公司全力執行及遵守保障資料原則的政策及實務,以遵守個人資料(私隱)條例(「條例」)各項條款
      及條文,以及由所屬集團東亞銀行有限公司頒布的相關指引。

  1.2 為確保依從該條例所載的規定,本公司備有不時更新的保障個人資料內部指引以供員工參考及使用。


2. 本公司持有的個人資料的種類

  2.1 概括而言,本公司持有的個人資料有三大類,包括(準)客戶的個人資料、與僱傭有關的個人資料及(準)個人保
      險代理 /(準)保險代理商的業務代表(統稱「保險代理」)的個人資料。

  2.2 本公司持有的客戶個人資料可能包括下列各項:
    (a) 準客戶及客戶的姓名、地址和聯絡詳情;
    (b) 客戶的職業、出生日期和國籍、其身份證及/或護照號碼及證件發出日期和地點;
    (c) 客戶現時的僱主、職位性質、年薪及其他福利;
    (d) 客戶持有的物業、資產或投資的詳情;
    (e) 客戶所有的其他資產或負債(實有或或然)的詳情;
    (f) 本公司在延續與客戶正常業務關係中獲得的資料(例如,當客戶開出支票或在一般情況下以口頭或書面形
        式與本公司溝通時,本公司亦會收集客戶的資料,當中可能以文書形式或電話錄音系統收集);及
    (g) 可透過公開渠道取得的資料。

  2.3 本公司持有與僱傭有關的個人資料可能包括下列各項:
    (a) 僱員或準僱員及其配偶的姓名和地址、聯絡詳情、出生日期和國籍、其身份證及/或護照號碼及證件發
        出日期和地點;
    (b) 在遴選過程中進一步匯集的求職者資料,可能包括從其現任僱主或前僱主或其他來源取得的評介,藉以
        評估求職者是否勝任有關職位;
    (c) 本公司在延續僱傭關係過程中收集更多關於僱員的資料,可能包括向僱員發放的工資及提供福利的記
        錄,僱員所擔任的職位、調職及培訓記錄,體格檢驗、病假及其他醫療補償申索記錄及僱員的工作表現
        評核報告;
    (d) 本公司為履行對前僱員的責任或履行某些條例所規定的法律責任而可能保留前僱員的相關個人資料;及
    (e) 可透過公開渠道取得的資料。

  2.4 本公司持有與委任保險代理有關的個人資料可能包括下列各項:
    (a) 個人保險代理
        姓名、地址、聯絡詳情、出生日期、銀行戶口號碼、資格證明、作為本公司評估準個人保險代理是否勝
        任有關職位而進一步匯集的資料及可透過公開渠道取得的資料。
    (b) 保險代理商的業務代表
        姓名、地址、聯絡詳情、任何與保險業有關的監管機構可能要求本公司提供有關保險代理商業務代表的
        資料及可透過公開渠道取得的資料。

  2.5 本公司或會持有鑑於經驗及個別特殊業務性質所需的其他種類的個人資料。




                                                     P. 3 of 6
3. 使用個人資料的目的

  3.1 當客戶購買與保險或財務相關的產品或服務,及與本公司進行正常的保單行政及其他業務運作時,需不時向
      本公司提供有關的資料。如客戶未能提供該等資料將可能導致本公司未能簽發新保單,建立或延續業務關係
      或提供財務服務。

  3.2 準客戶及客戶的資料可能會用於下列用途:
    (a) 處理保險產品及服務的申請;
    (b) 提供保險產品及服務及處理客戶就本公司的保險產品及服務提出的要求,包括但不限於要求增加、更改
        或刪除保障項目或受保成員,安排直接付款及保單取消、更新或復效申請;
    (c) 處理、判定保險索償及就索償抗辯,包括進行任何附帶調查;
    (d) 執行與提供保險產品及服務相關的功能及活動,如核實身份、資料配對及再保險之安排;
    (e) 行使本公司向客戶提供保險產品及服務而享有的權利,例如追討欠款;
    (f) 設計保險產品及服務以提升本公司的服務質素;
    (g) 製作數據及進行研究;
    (h) 營銷下列服務和產品(本公司或會因此而得到報酬):
      (1) 保險、金融、銀行和相關服務及產品;
      (2) 獎賞、會員或優惠計劃和相關服務及產品; 及
      以上服務或產品可能會由下列機構提供及/或營銷:
      (1) 本公司或東亞銀行集團成員;
      (2) 第三方獎賞、會員或優惠計劃提供者;及
      (3) 第三方營銷服務提供者;
    (i) 為遵守任何法例之要求,或根據監管或其他機關所發出對本公司或東亞銀行集團具有約束力或要求其遵
        守的規則、規例、實務守則或指引,而作出披露;
    (j) 允許本公司的權益或業務的實際或建議承讓人、受讓人、參與人或次參與人,就涉及的轉讓、出讓、參
        與或次參與的交易進行評估;及
    (k) 與上述有關的其他用途。

  3.3 與僱傭有關的個人資料可能會用於下列用途:
    (a) 處理受聘申請;
    (b) 釐定及檢討工資、獎金及其他福利;
    (c) 考慮升職、培訓、調用或調職;
    (d) 評審員工貸款及其他福利和享有權的資格及有關的管理;
    (e) 為員工出具諮詢証明書;
    (f) 為員工申領與僱傭直接有關/相關的中介人或持牌資格;
    (g) 監察遵守本公司內部規則的情況;
    (h) 本公司為履行任何對其有約束力的法例的規定而作出披露;或為依循及施行任何預期本公司會遵從的監
        管或其他機構所發出的指引而作出披露;及
    (i) 與上述有關的用途。




                                                  P. 4 of 6
  3.4 與準保險代理及保險代理有關的個人資料可能會用於下列用途:
    (a) 處理保險代理申請;
    (b) 釐定及檢討佣金及其他福利(如有);
    (c) 為保險代理申領與委任保險代理直接有關/相關的中介人或持牌資格;
    (d) 監察遵守本公司內部規則的情況;
    (e) 本公司為履行任何對其有約束力的法例的規定而作出披露;或為依循及施行任何預期本公司會遵從的監
        管或其他機構所發出的指引而作出披露;及
    (f) 與上述有關的用途。


4. 個人資料的保安

  本公司的政策為確保個人資料的保安及會因應資料的敏感程度及因擅自查閱所造成的損害程度提供適度的保障,
  以防止資料被擅自或意外地查閱、處理、刪除或作其他用途。為達到適當程度的保安,本公司的一貫做法為透過
  提供安全的儲存設施,以及在資料存置設備實施保安措施,來嚴格限制資料被查閱。本公司亦會採取措施以確保
  處理該等資料的人士具備良好操守、審慎態度及辦事能力。資料只會以妥善保安的方式傳送,從而防止資料被擅
  自或意外地查閱。


5. 個人資料的準確性

  本公司的政策為確保所有經由本公司收集及處理的資料均為準確。本公司會實施適當的程序以核對及更新所有個
  人資料,以確保有關的資料就被使用的目的而言是為合理準確。


6. 個人資料的收集

  6.1 在收集個人資料的過程中,本公司會向資料當事人提供一份個人資料收集聲明(「收集聲明」),述明收集資
      料的目的、將獲轉交資料的人士的身分類別、查閱及改正資料的權利,以及其他有關資料。

  6.2 有關本公司從互聯網收集個人資料,本公司會採納以下實務:
    (a) 網上保安
      本公司會按照嚴格的保安及保密標準保障在互聯網提供給本公司的任何資料。並已採用加密法在互聯網
      上傳輸敏感性的資料,以保障個人的私隱。
    (b) 「曲奇」檔案
      (1) 「曲奇」檔案是由網站伺服器傳送至瀏覽器的小段資訊,這些資料儲存於電腦硬碟中,使網站伺服
          器能於稍後再從瀏覽器內讀取。這有助網站保存某些使用者的資料。
      (2) 「曲奇」檔案被設計成祇可讓發出的網站讀取,但不能用作取得使用者的硬碟資料、電郵地址或收
          集使用者的敏感性資料。
      (3) 本公司祇利用「曲奇」檔案來鑑定特定期間的使用者,而不會把使用者的敏感性資料存置於「曲
          奇」檔案內。當使用者瀏覽本公司網站時,所有聯系將會利用「曲奇」檔案去鑑定使用者身份。當
          使用者結束瀏覽本公司網站時,「曲奇」檔案亦會無效。倘若使用者嘗試將其網絡瀏覽器的「曲
          奇」檔案設定為停止運作,便未必能使用本公司的網上保險申請服務。
    (c) 網上改正資料
      透過網上設施提供給本公司的個人資料一經呈交,便未必能在網上取消、改正或更新。使用者如未能在
      網上作出取消、改正或更新,須聯絡本公司尋求協助。
    (d) 網上保留資料
      本公司將採取一切合理及實際可行步驟,確保不會保留客戶的個人資料超過必需的時間。

                                                  P. 5 of 6
7. 查閱資料要求及改正資料要求

  7.1 本公司的政策為按照條例的規定,依從及處理一切查閱資料及改正資料要求;及讓所有有關職員熟悉有關的
      規定,以協助各人士作出有關要求。

  7.2 本公司或會在符合條例的規定下,就查閱資料要求而收取象徵式費用或要求償還相關開支。倘若任何提出查
      閱資料要求的人士要求本公司提供按早前的查閱資料要求提供過的個人資料的額外副本,本公司或會收取費
      用以全數彌補因提供該額外副本而涉及的行政成本或其他成本的費用。

  7.3 有關查閱及改正資料的要求,可向本公司的個人資料保障主任或其他相關指定人員提出。


8. 其他實務

  為確保依從條例所載的規定,本公司備有:
  (a) 資料記錄簿,即條例第 27 條所規定的記錄簿;
  (b) 內部政策及指引以供本公司員工使用,以確保各員工遵守條例的規定;
  (c) 查閱資料要求表格及改正資料要求表格,供任何人士使用以查閱及改正本公司所持有關於他們的個人資料。


9. 資料保障主任的委任

  9.1 本公司已委任個人資料保障主任,以負責統籌及監察條例及本公司保障個人資料政策的遵守情況。

  9.2 個人資料保障主任的聯絡資料如下︰
    九龍觀塘觀塘道 418 號創紀之城 5 期東亞銀行中心 29 樓
    藍十字(亞太)保險有限公司
    個人資料保障主任
    電話: 3608 2888
    傳真: 3608 2938




                                                    P. 6 of 6

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:5/17/2012
language:English
pages:12
fanzhongqing fanzhongqing http://
About