Integrated Management Systems Hong Kong Limited (”We”) are committed to protecting and respecting your privacy. Your privacy is important to us. This privacy statement explains what Personal Data we collect from you, through our interactions with you and through our products, and how we use that data. Our Group means our ultimate holding company INTEGRATED MANAGEMENT SYSTEMS HONG KONG LIMITED and its subsidiary INTER BIZTECH SOLUTIONS LIMITED. This notice sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. We respect your privacy rights about your Personal Data and do so in accordance with the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) (“Ordinance”) and the new General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”). The GDPR is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018. This statement applies to our interactions with you and any third-party software that we may use on your behalf as outlined below or agreed upon at time of contractual service agreement. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it. We are not required to appoint a Data Protection Officer. However, correspondence on any data protection matters should be marked for the attention of Anastasios Papadopoulos at Integrated Management Systems, 36/F, 41 Heung Yip Road, Wong Chuk Hang, Hong Kong.
Privacy Policy and Data Processing Notice
Who we are and what we do
We are a global management and digital consulting firm. We collect the personal data of the following types of data subjects to carry out our core business and to operate effectively and provide you the best experiences with our services:
- Prospective and live client contacts, for digital initiatives;
- Supplier contacts to support our services;
- Employees, consultants, temporary workers.
Information you give to us, or we collect about you
You have choices about the data we collect. When you are asked to provide Personal Data, you may decline. Information you provide us This is information about you that you give us by filling in our forms or by corresponding with us by phone, email, Site live chat or otherwise. It includes information you provide when you register to use our Sites, subscribing to services, newsletters and alerts, register for or attend a conference or event, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, request a white paper or further information, and when you report a problem with our Site. Pages that collect this type of information may provide further information as to why your data is needed and how it will be used. It is completely up to you whether you want to provide it. The information you give us, or we collect about you may include your name, address, private and corporate email address, phone number, and other similar contact data. We may collect links to your professional profiles available in the public domain (e.g. LinkedIn, Twitter, business Facebook or corporate website), gender, language preferences, and date of birth and other similar demographic data. For instance, by registering for IMS newsletters or alerts, you agree to receive the correspondence to which you have subscribed at the e-mail address that you provided at registration. Only IMS or its consultants will contact you using this e-mail address. We will send e-mails to this address related to your registration. Information collected via website activity We may also automatically collect device and usage data when you interact with our Sites. The information we automatically collect may include IP address, device identifier, operating system, web browser, regional and language settings, and browsing information collected through cookies, web beacons, pixels, clear gifs, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) on our Sites. We may also automatically collect information about how you use the Sites, such as your visit history, what you have searched for, viewed, and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data. Please see the Cookies section below for more information. The information automatically collected will be associated with any Personal Data you have provided and be used for system administration, to filter traffic, to look up user domains and to report on statistics. When this information relates to or identifies you, we will treat it as “Personal Data.” Information collected via mobile devices In connection with our mobile applications, we may use third-party service providers to analyse non-personally identifiable user activity to fix errors, monitor usage, and improve the performance of our mobile applications. For example, we receive reports on some of our mobile applications’ aggregate usage and browsing patterns, including information about the type of device used, pages and articles accessed, and other events occurring within our apps. We also receive reports on certain errors occurring within mobile applications. None of these third-party service providers gathers information in a manner intended to identify any particular user personally. When this information relates to or identifies you, we will treat it as “Personal Data.”
What about sensitive Personal Data?
We do not generally seek to collect sensitive personal data (also known as special categories) through this Site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with GDPR. If you choose to provide us with unsolicited Sensitive Personal Data, you consent to our using the data, subject to applicable law as described in this privacy policy. The term “Sensitive Personal Data” refers to the various categories of Personal Data identified by European and other data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent. These categories may include personal identity numbers, financial account information, racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union or profession or trade association, physical or mental health, biometric or genetic data, sexual life, or criminal record (including information about suspected criminal activities).
Information we obtain from other sources
We may obtain information about you from other third-party sources such as LinkedIn, corporate websites, your business card and personal recommendations. We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time, but have included:
- Data brokers from which we purchase demographic data to supplement the data we collect.
- Service providers that help us determine a location based on your IP address in order to customise certain products to your location.
- Partners with which we offer co-branded services or engage in joint marketing activities, and
- Publicly-available sources such as open government databases or other data in the public domain.
We review data protection policies and consent processes of our suppliers to ensure they are compliant with GDPR and the Hong Kong Personal Data (Privacy) Ordinance.
How we use personal data
The core service we offer to our clients is the implementation of digital services, including digital transformation, advanced analytics, strategic planning, marketing, organisation and operations. Our legal basis for the processing of Personal Data is our legitimate business interests, described in more detail below, and also the performance of a contract, legal obligations and consent for some specific uses of data. We will rely on contract if we are negotiating or have entered into an agreement for consulting services with you or your organisation or any other contract to provide services to you or receive services from you or your organisation. We will rely on legal obligation if we are legally required to process information relating to you to fulfil our legal obligations. We will in some circumstances rely on consent for particular uses of your data, and you will be asked for your express consent if legally required. We use information held about you in the following ways: To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to you or your organisation. Providing and improving our services: We use data to provide and improve the services we offer and perform essential business operations. This includes providing service, maintaining and improving our services, conducting research, and providing customer support. Examples of such uses include the following:
- Providing services. We use data to carry out your interactions with us and to provide our services to you, which includes collection and (statistical) analysing of information for individual profiling; Often, those services include personalised content and recommendations that enhance your productivity and automatically tailor your experience with us based on the data we have about your activities, interests and location.
- Customer support. We use data to identify the services provided to you by us and provide other customer care and support services. The data we collect helps us to respond to customer service requests and support needs more effectively.
- Service Improvement. We use data to continually improve our services, including adding new offerings or capabilities. For example, we use error reports to improve security features, search queries and clicks on our Sites to improve the relevancy of search results.
- Security, Safety and Dispute Resolution. We use data to protect the security and safety of our customers, to detect and prevent fraud and enforce our agreements.
- Business Operations. We use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.
- To administer a contest, promotion, survey or other Site feature. To send you the information you agreed to receive about topics we think will be of interest to you.
- To personalise User experience. We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
- To process transactions. We may use the information you provide about yourself when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
- To provide you with information about other services we offer that are similar to those that you have already purchased, been provided with or enquired about.
- To send periodic emails. The private or corporate email address you provide for order processing will only be used to send you or your company information and updates pertaining to your order. It may also be used to respond to your inquiries, and other requests or questions. If you decide to opt-in to our mailing list, you will receive emails that may include company news, updates, related product or service information, etc. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or you may contact us via our Site.
- Advertising: We do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you. We use data we collect through our interactions with you for legitimate interest-based advertising.
In carrying out these purposes, we may combine data we collect to give you a more seamless, consistent and personalised experience. However, to enhance privacy, we have built in technological and procedural safeguards designed to prevent certain data combinations. In the course of our Services, we will analyse your information to build individual profiles. These profiles will be used to predict future interests and display targeted (online) advertisement. The aim is to provide you with offers that are relevant and interesting for you. The profiling is based on your (surfing)behaviour on the internet. This includes the viewing of advertisements, any interaction with it and the overlap between desktop and mobile usage. As your name is not collected in the course of our Services, we expect that our Services will have no further impact, other than providing you with a more pleasant user experience when surfing the Internet. We will obtain your prior consent before processing your information for its own purposes, unless we have a legitimate interest to process your information. If you have given your consent to the processing, you have the right to withdraw your consent at any time, by sending an email to that extent to: support@imanagesystems.com. We will discontinue the processing of your information upon receipt of your withdrawal. However, any processing performed prior to your withdrawal remains a legitimate processing based on a valid consent at the time. We will not be under the obligation to reverse the processing.
Our Legitimate Business Interests
“Legitimate Interests” means the interests of our company in conducting and managing our business, to enable us to give you the best service/products and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant to you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our Site, and to ensure our Sites and systems are secure. When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). The table below sets out further detail on the ways we process your data for our legitimate interests. If you have any concerns about the processing below, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section below.
PROCESSING PURPOSE | LEGITIMATE INTEREST |
---|---|
INDIVIDUAL RIGHTS | We may need to retain and continue processing your Personal Data after you have exercised your right to erasure/to be forgotten, in order to keep basic data to identify you as an individual, and retain it solely for suppression purposes to prevent further unwanted processing. |
SUPPRESSION | We may hold Personal Data about you on a suppression file to ensure there is a record of your objection to direct marketing. We will hold a minimised amount of Personal Data in order to uphold this request. |
PERSONALISATION | We may analyse non-sensitive Personal Data to inform our marketing strategy and to enable it to enhance and personalise the “consumer experience” we offer you. |
MONITORING | Our customer support team use software solutions that utilise big data to identify recurring problems and analyse the patterns of behaviour of our customers. These solutions include the capturing and processing of customer support interactions by way of, LiveChat, Web Forms, and FAQ webpage activity and are used to enable our customer support centre to ensure optimum staff performance and to serve our customers better. |
ARTIFICIAL INTELLIGENCE | Our customer support team puts in place algorithms that help us manage customer service requests. The system uses artificial intelligence methods to route customer contacts to the most appropriate part of our organisation. For example, these routes link individuals to specific agents who can handle specific requests for optimised customer service. |
WEB ANALYTICS | We use online social platforms that use diagnostic analytics to assess the number of visitors, posts, page views, reviews and followers in order to optimise future marketing campaigns. |
AUTOMATED PROCESSING BASED ON CUSTOMER HISTORY | We may conduct automated processing based on your transactional history, to predict what other products and services you may be interested in. |
INFORMATION, SYSTEM, NETWORK AND CYBER SECURITY | We may process your Personal Data from online interactions to monitor, detect and protect our organisation, our systems, networks, infrastructure, and other rights from unwanted intrusion, unauthorised access, and data and system breaches. |
PRODUCT DEVELOPMENT AND ENHANCEMENT | We may process your Personal Data to deliver and improve our products or services. |
COMMUNICATION, MARKETING AND INTELLIGENCE | We may process your Personal Data to gather market intelligence, promote products and services, communicate with and tailor offer our services. |
Consent
Should we want or need to rely on consent to lawfully process your Personal Data we will request your consent orally, by email, by signing a paper form or by an online process for the specific activity we require consent for and record your response in our systems. Where consent is the lawful basis for our processing, you have the right to withdraw your consent to this particular processing at any time.
Disclosure of your information
We may share your personal information with:
- Business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you;
- Our auditors.
- Banks and financial institutions. When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets.
- If Integrated Management Systems or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Integrated Management Systems, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
The lawful basis for the third-party processing will include:
- Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
- Satisfaction of their contractual obligations to us as our data processor;
- For the purpose of a contract in place or in contemplation;
- To fulfil their legal obligations.
Where we store and process your Personal Data
The data that we collect from you will not be transferred to or stored at, a destination outside of our organisation in Hong Kong. It will not be processed by staff operating outside of our organisation. This includes staff engaged in, among other things, our consulting services and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How we protect your information
We are committed to protecting the security of your Personal Data and adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.
Retention of your data
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention period of up to 6 years and run data routines to remove data that we no longer have a legitimate business interest in maintaining. We do the following to try to ensure our data is accurate:
- Before making an introduction, we check that we have accurate information about you
- We keep in touch with you so you can let us know of changes to your Personal Data
- We may segregate our data so that we keep different types of data for different time periods.
The criteria we use to determine whether we should retain your Personal Data includes:
- The nature of the Personal Data;
- Its perceived accuracy;
- Our legal obligations;
- Whether a consultation or contractual agreement has been arranged; and
- Our digital consulting expertise and knowledge of the industry by country, sector and job role.
We may archive part or all of your Personal Data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your Personal Data on to our database, unless requested to do so. For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
Collection of data from children
When our offerings or services collect age, it will block users under 16 years. We will not knowingly ask children under 16 years to provide data.
Your rights
You have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect express consent from you if legally required before using your Personal Data for marketing purposes. You can exercise your right to accept or prevent such processing by either checking consent agreement boxes on the forms we use to collect your data or by managing your subscriptions with us with unsubscribe links in our communications. You can also exercise this right at any time by contacting us at support@imanagesystems.com. Our Site may, from time to time, contain links to and from the Sites of our partner networks, advertisers and affiliates. If you follow a link to any of these Sites, please note that these Sites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these Sites.
Guided by the GDPR we provide you with the following rights:
- Right to be informed – you have the right to be informed about the collection and use of your Personal Data.
- Right of access – you have the right to access your Personal Data and supplementary information.
- Right to rectification – you have the right to have your Personal Data rectified.
- Right to erasure – you have the right to be erased; this is also known as the ‘right to be forgotten’.
- Right to restrict processing – you have the right to ‘block’ or suppress processing of your Personal Data.
- Right to data portability – you have the right to obtain and reuse your own Personal Data for your own purposes across different services.
- Right to object – you have the right to object to the collection and processing of your Personal Data.
All requests to your rights above should be submitted to support@imanagesystems.com, we will respond to your requests without undue delay, but within one month. If permitted under applicable legislation, we may extend the response period with two further months if such is necessary due to the complexity and number of requests. We will notify you of any extension and the reason thereof. If we deny your request, we shall inform you on the reasons for such a denial. You may (in addition to the rights above) lodge a complaint regarding the processing of your information by us, or regarding the denial of a request as meant above, with the supervisory authority of the Member State where you reside, where you work, or where the infringement occurred. If information about you is processed by us on behalf of one of our clients, we will forward your request to the relevant client. We will inform you that we have forwarded your request and provide you with the contact details of the relevant client.
How to access & control your Personal Data
The Hong Kong Personal Data (Privacy) Ordinance and the GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. Your right of access can be exercised in accordance with the Ordinance and the GDPR once it is in force. All subject access request should be submitted to support@imanagesystems.com. Your communication preferences You can choose whether you wish to receive promotional communications from us by email, SMS, and telephone. If you receive promotional email or SMS messages from us and would like to opt out, you can do so by following the directions in that message. Browser-Based Controls
- Cookie Controls. Relevant browser-based cookie controls are described in the Cookies section of this privacy statement.
- Tracking Protection. Internet Explorer (versions 9 and up) has a feature called Tracking Protection that will block third-party content, including cookies, from any site that is listed in a Tracking Protection List you add. By limiting calls to these sites, the browser will limit the information these third-party sites can collect about you.
- Browser Controls for “Do Not Track.” Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked.
Changes to our privacy notice
We have the discretion to update this privacy policy at any time without any prior notice. Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by email. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.
How to contact us
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to support@imanagesystems.com, or by completing our Web form. We will respond to question or concerns within 30 days. Unless otherwise stated, Integrated Management Systems is a data processor and controller for personal data we collect through the services subject to this statement. Our address is 3Suites 2301-02, 23rd Floor South Island Place,8 Wong Chuk Hang Road, Wong Chuk Hang, Hong Kong. Telephone: +852 3611-0130