This policy (this “Policy”) specifically addresses the processes involved the collection and use of personal data by JETCO (herein, the term “JETCO”) and its subsidiaries.
When JETCO collects any personal data of an individual, it is JETCO’s policy to fully comply with applicable laws and regulations and contractual obligations concerning the collection, use, processing, modification, storage, disclosure and deletion of personal data. Personal data is any information relating to any living individual from which it is possible to identify that individual. In dealing with personal data, JETCO will ensure compliance by staff with the strictest standards of security and confidentiality. JETCO is equally committed to ensuring that all the appointed agents and third parties, which personal data will be disclosed to for the operations of services, uphold these obligations.
2. Privacy Commitment
JETCO’s commitment to comply with the said applicable laws and regulations is premised on the following principles:
1. Only necessary personal data from individuals will be collected by JETCO.
2. JETCO and, if applicable, its third party providers, must make the necessary disclosures and obtain the necessary consents of relevant individuals in order for JETCO and/or its third party providers to collect, use, process, modify, store, disclose and delete personal data of said individuals;
3. Personal data collected must only be used for purposes approved by the said individuals and not for any other purposes;
4. JETCO will not disclose personal data to any third party unless JETCO (i) has obtained the consent of the said individuals and do not breach any obligations of confidentiality as a result of such disclosure or (ii) are required by a Court order, or applicable laws or regulations, but JETCO will not disclose more than it is legally required to;
5. JETCO must take all practicable and reasonable steps to ensure that individuals’ personal data are kept secure, confidential and will exercise every effort to ensure the accuracy, but no guarantee regarding the accuracy or completeness is given in connection with such data. Such data will not be retained longer than it is necessary;
6. Only authorized personnel can access or process the personal data of individuals;
7. JETCO will comply with and process all data access requests and data correction requests in accordance with the provisions of the Personal Data (Privacy) Ordinance (Cap. 486)
3. Types of Personal Data Held by JETCO
3.1 Personal data held by JETCO for the purpose of carrying on JETCO’s businesses may include the following:
a. Individual customer data such as full name as registered for bank account, address, gender; occupation, date of birth, nationality;
b. Information for the verification of identity, including identification document type, identification number and proof of identity and address;
c. Bank account details, including bank account numbers;
d. Contact details, including smartphone number, email address, job title and employer’s name;
e. Payment details, including credit card, debit card and banking information;
f. Any other information obtained by JETCO in the ordinary course of continuation of the business relationship.
3.2 Personal data held by JETCO regarding employees may include the following:
a. Name and address, contact details, date of birth, nationality, identity card and/or passport numbers and place and date of issue of employees (including potential employees, their spouses and family members, as applicable);
b. Additional information complied about potential employees to assess their suitability for a job in the course of the recruitment selection process which may include references obtained from their current or former employers or other sources;
c. Additional information complied about employees which may include records of remuneration and benefits paid to the employees, records of job postings, transfer and training, records of medical checks, sick leave, attendance, emergency contact and other medical claims and performance appraisal reports of the employees;
3.4 The webserver shall make a record of all visits to the website. The record will include, but not limited to, the server address, browser and OS information and details of the visited pages. JETCO only collects aggregate information of the numbers and types of visitors by reference to their server address, browser and OS information. Such information will be used by JETCO for preparing general statistics on the frequency of using the website. JETCO may disclose any or all of the personal data to legal advisors and law enforcement agencies in order to respond to investigations, court orders, legal process, or to investigate, prevent or take action regarding illegal activities as required by law.
4. Purposes of Keeping Personal Data
4.1 The purposes for which the personal data may be used are as follows:
a. Processing of application or registration to access or use our services;
b. Conducting customer due diligence as required by law, rules, regulations, codes or guidelines;
c. The daily operation of the services;
d. Communication by JETCO to customers;
e. Marketing services and products to customers by JETCO;
f. Processing of any payment instructions in relation to supply of goods and services to customers;
g. Analyzing, verifying, enforcing contractual rights, and/or checking of customers’ payment status in relation to supply of goods and services to customer;
h. Administering, managing, operating and maintaining our products and services, or any related support facilities and systems;
i. Designing, developing, and improving our products and services or any related services or contents;
j. Compiling aggregate statistics on visitors’ interactions on our products and services;
k. Conducting analytics;
l. Transferring business(es)/asset(s) or changing service providers by merger, acquisition, consolidation, amalgamation or re-organisation;
m. Investigating of any complaints and/or suspected suspicious transactions;
n. Preventing or detecting crime;
o. Exercising our rights under any terms and conditions of our products and services or any related services or contents;
p. Designing new features/functionalities or improving our products and services and related services provided by us, our subsidiaries or our affiliates; and;
q. Complying with applicable laws, rules, regulations, codes or guidelines.
4.2 The purposes for which the personal data relating to JETCO employees may be used are as follows:
a. processing employment applications;
b. determining and reviewing salaries, bonuses and other benefits;
c. consideration for promotion, training or transfer;
d. providing employee references;
e. monitoring compliance with internal rules of JETCO;
f. any other purposes directly or indirectly relating to the compliance by JETCO or any of the employment or statutory obligations; and
g. meeting the requirements to make disclosure under the requirements of any law binding on JETCO or under and for the purposes of any guidelines issued by regulatory or other authorities with which JETCO are expected to comply.
5. Disclosing Personal Data
Personal data held by JETCO will be kept confidential by JETCO, but may be transferred or disclosed to the following parties within Hong Kong or outside Hong Kong, on a need-to-know basis for any of the purposes stated under Section 4:
a. JETCO’s agents or contractors (including their respective sub-contractors), under a duty of confidentiality to JETCO, which provide administrative, telecommunications, computer, anti-money laundering and counter terrorist financing intelligence, data processing or other services to JETCO in connection with the daily operation of JETCO. For example, professional advisors, debt collection agencies (when employee owes JETCO money), courier or data entry companies;
b. among JETCO subsidiaries and/or affiliates for fulfilling their daily operations and under a duty of confidentiality to disclosing party;
c. any law enforcement agencies and/or regulatory bodies for compliance with applicable laws, rules, regulations, codes, and/or guidelines; and
d. any persons or entity to whom JETCO, is under a binding obligation to satisfy a legally enforceable demand for disclosure under the requirements of any law, rule, regulation, code and/or guideline and/or order of any competent court of law, law enforcement agencies and/or regulatory bodies.
JETCO must at all times comply with confidential obligations agreed with third parties unless to do so would result in JETCO contravening the terms of a Court order or any applicable laws or regulations.
6. Security of Personal Data
JETCO must ensure a reasonable level of protection for personal data in order to prevent unauthorised or accidental access, processing, erasure or other use of the data. It is the practice of JETCO to achieve appropriate levels of security protection by implementing reasonable physical, electronic and managerial measures to safeguard and secure personal data. It is also the practice of JETCO to use appropriate secure encryption systems for the collection of personal data.
7. Accuracy of Personal Data
JETCO will exercise every effort to ensure the accuracy of all personal data by using generally accepted practices and guidelines, but no guarantee regarding the accuracy or completeness is given in connection with this data. Appropriate procedures are implemented to ensure that all personal data is reasonably accurate having regard to the purposes for which that data is used. In some cases, original document, such as personal identity document and/or proof of address, will be referred before the personal data is used.
8. Retention of Personal Data
Personal data will only be retained for as long as is necessary to fulfil the original or directly related purposes for which it was collected. However, JETCO may, under certain circumstances (for example, after the termination of service), continue to hold data relating to the customer(s) for a period of 7 years or such other period as prescribed by applicable laws and regulations. If a data user engages a data processor (whether within or outside the home jurisdiction of the data subject) to process personal data on data user’s behalf, the data user must adopt contractual or other means to prevent any personal data transferred to the data processor from being kept longer than is necessary for processing of the data.
9. Access and Correction of Personal Data
Individual customer has the right: –
i. To check whether JETCO holds any personal data of the customer and of access to such data;
ii. To require JETCO to correct any personal data relating to the customer which is inaccurate;
iii. To ascertain JETCO’s policies and practices in relation to personal data and to be informed of the kind of personal data held by JETCO;
JETCO may charge a reasonable fee for the processing of any such data access request.
10. Privacy related enquiries or request
All enquiries and request regarding JETCO’s compliance with its obligations under the said applicable laws and regulations should be made to our Data Protection Officer using the following contact details:
Address: 35/F., Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong
This Policy has been translated into Chinese. If there is any inconsistency or ambiguity between the English version and the Chinese version, the English version shall prevail.
– End of Document –
APIX Personal Information Collection Statement
Effective Date: 1 January 2019
This APIX Personal Information Collection Statement (“PICS”) is made by Joint Electronic Teller Services Limited (hereinafter referred to as “JETCO”, “we”, “our” or “us”). We are the service provider of the API exchange platform known as “APIX” (“APIX”). This PICS is designed to help you understand what information we will gather from you and what we will do with such information in terms of your access of use of APIX and/or related services.
- Definitions For the purposes of this PICS, the term “Ordinance” means the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong Special Administrative Region), and the term “Personal Data” means any personal data held by us, including: (a) all information provided by you in any application or registration process to access or use APIX and related services; (b) all information provided by you to us in the ordinary course of business in relation to the provision of APIX and related services; and (c) all information collected by means of cookies on this website about your use of APIX and related services, to the extent that such transactional records are “personal data” within the meaning of the Ordinance.
- Our Company Policy We are committed to protecting the privacy, confidentiality and security of the Personal Data collected and held by us by complying with the requirements of the Ordinance with respect to the management of Personal Data. We are equally committed to ensuring that all our employees and agents, and third parties we disclose Personal Data to, uphold these obligations.
- Collection of Personal Data
For the Purposes (defined below), we may, from time to time, collect from you and hold some or all Personal Data, such as, but not limited to, the following:
- Your first name.
- Your surname.
- Your photographs.
- Your job title.
- Your contact details, including contact name, telephone number, email address.
- Your employer’s name. In the event that you do not provide Personal Data to us, we may not be able to provide you with access or use of APIX or any of the related services.
- Purposes of Keeping Personal Data
Personal Data held by us may be used for the following purposes (“Purposes”):
- processing your application or registration to access or use APIX from time to time and managing your user account on APIX;
- conducting due diligence as required by law, rules, regulations, codes or guidelines or by providers of APIs on APIX;
- managing, operating and maintaining APIX, and related support facilities and systems;
- verifying any information and records provided by you;
- designing new or improving APIX and related services provided by us, our subsidiaries or our affiliates;
- compiling aggregate statistics on visitors’ interactions on APIX;
- communicating with you;
- investigating of any complaints and/or suspected suspicious transactions;
- preventing or detecting crime; and/or
- complying with the laws, rules, regulations, codes or guidelines. We will not use any Personal Data for direct marketing purposes or provide Personal Data to third parties for use in direct marketing or for any other unrelated purposes without obtaining your prior consent, or without you providing us with an indication of no objection.
- Disclosing Personal Data
Personal Data held by us will be kept confidential by us, but we may transfer or disclose Personal Data to the following parties within Hong Kong or outside Hong Kong, on a need-to-know basis for any of the Purposes:
- providers of APIs on APIX;
- our agents or contractors (including their respective sub-contractors) under a duty of confidentiality to us who provide administrative, telecommunications, computer, anti-money laundering and counter terrorist financing intelligence, data processing or other services to us in connection with the operation of our business (such as professional advisors, debt collection agencies (when you owe us any money), courier or data entry companies);
- our subsidiaries and/or affiliates under a duty of confidentiality to us;
- any law enforcement agencies and/or regulatory bodies for compliance with applicable laws, rules, regulations, codes, and/or guidelines; and
- any persons or entity to whom we, our subsidiaries and/or our affiliates are under a binding obligation to satisfy a legally enforceable demand for disclosure under the requirements of any law, rule, regulation, code and/or guideline and/or order of any competent court of law, law enforcement agencies and/or regulatory bodies.
- Security of Personal Data We treat security of Personal Data seriously and have implemented appropriate controls to safeguard Personal Data against unauthorised, accidental, or malicious access, processing, deletion or loss. However, JETCO has no control over the acts of any person, and accordingly, assume no responsibility to anyone for any unauthorised, accidental, or malicious access, processing, deletion or loss of Personal Data.
- Access and Correction of Personal Data You have the right to ask us if we hold any Personal Data about you and if so, to request a copy of the same. If you would like to make such a request, please submit your request by email or by post to our Data Protection Officer at the addresses shown below. We may charge you a fee at a level permitted by the Ordinance for this service. You may also have the right to ask us to correct your Personal Data which you consider as inaccurate by emailing or posting your correction request to our Data Protection Officer at the addresses shown below. The address of our Data Protection Officer is: Email: email@example.com Address: Data Protection Officer, JETCO, 35/F, Sunlight Tower, 248 Queen’s Road East, Wan Chai, Hong Kong
- Retention of Personal Data We will not keep Personal Data for longer than is necessary for the fulfillment of the Purposes, subject to legal, statutory and regulatory requirements mandating the retention of data. Unnecessary Personal Data will be deleted from our system in accordance with our internal procedures, except we will retain copies of the Personal Data for archiving/backup purposes.
- Links to Other Websites Our website may, from time to time, contain link to other websites. This PICS only applies to this website so when you link to other websites, you should read the privacy policies posted on those websites.
- Changes of the PICS JETCO reserves the exclusive right to change and amend this PICS. Unless otherwise required by law, we will notify you before we make any changes to this PICS. Once any updated PICS is in effect, you will be bound by them if you continue to use APIX or other related services.
- Language In the event of any inconsistency between the English and Chinese versions of this PICS, the English version shall prevail.
– End of Document –