Personal Data Protection Policy and Practices
Personal Data Protection Policy and Practices (“the Policy”)
Last updated on 12 Nov 2020
MediConCen Limited (“the Company”) is committed to implementation and compliance with the
provisions in regard to the collection, holding, processing, use and/ or transfer of personal data under the
Personal Data (Privacy) Ordinance (Cap. 486) (“the Ordinance”) Personal data will be collected only for lawful and
relevant purposes. The Company will take all practicable steps to ensure security of the personal data and to
avoid unauthorised or accidental access, erasure or other use.
When you sign up for or use MediConCen's mobile applications ("mobile applications") and/or
MediConCen’s website (“website”), you need to confirm that you have read and agreed to the Policy. By doing so,
you consent to the collection, use and disclosure of Your Personal Data and other information as set out in this
Policy.
This Policy applies to all products and services provided by the Company and sets out how the
Company may collect, use and disclose your personal information.
The Company reserves the right, at any time effective upon notice to you, to add to, change,
update or modify the Policy.
PERSONAL INFORMATION COLLECTION STATEMENT (“PICS”)
1.
Collection of Personal Data
1.1
From time to time, it is necessary for you to supply the Company or agents and representatives
acting on its behalf with personal information and particulars in connection with our services and products. If
you do not provide us the necessary information and particulars, we may not be able to provide these services and
products to you or process your request.
1.2
The Company may collect information about the mobile applications, browsers, and devices you
use to access our services, which helps the Company provide features like automatic service updates.
1.3
The Company may also generate and compile additional personal data using the information and
particulars provided by you. All personal data collected, generated and compiled by the Company about you from
time to time is collectively referred as "Your Personal Data".
1.4
As detailed in the Policy, Your Personal Data may also be processed by the Company's
subsidiaries, holding companies, associated or affiliated companies and companies controlled by or under common
control with the Company (collectively, "the Group").
2.
Types of Personal Data Held
2.1
“Your Personal Data ” means any information that you provide to us which identifies or can
reasonably be used to identify you, including but not limited to your name, email address or other data that can
be reasonably linked to such information by MediConCen, such as information we associate with your account.
2.2
"Your Personal Data" will also include personal data relating to your dependents,
beneficiaries, authorized representatives and other individuals in relation to which you have provided
information. If you provide personal data on behalf of any person you confirm that you are either their parent or guardian or you have obtained that person's
consent to provide that personal data for use by the Company for the purposes set out in the Policy.
2.3
The Company may also collect information including unique identifiers, browser type and
settings, device type and settings, operating system, mobile network information including carrier name and
application version number. The Company may also collect information about the interaction of your mobile
applications, browsers, and devices with our services, including IP address, crash reports, system activity, and
the date, time, and referrer URL of your request.
2.4
The Company may collect information about you from publicly accessible sources.
2.5
The Company may record and keep record(s) of user number, date, type of medical service
received and other relevant data fields related to the medical consultation.
2.6
The Company may request medical service providers to provide relevant certificate or other
document to ensure that they are duly qualified.
3.
Purpose of Personal Data Collection
3.1
The Company will use Your Personal Data only for the purpose for which it was provided, as well
as other purposes for which you have given consent. This includes, but is not limited to, the following purposes:
i.
providing our services and products to you, including administering, maintaining, managing and
operating such services and products, which may include, without limitation, insurance, pension, financial and
wealth management services and products;
ii.
processing, assessing and determining any applications or requests made by you in connection
with our services or products and maintaining your account with the Company;
iii.
underwriting of insurance products;
iv.
providing health related advices;
v.
developing insurance and other financial services and products;
vi.
developing and maintaining credit and risk related models;
vii.
processing payment instructions;
viii.
determining any indebtedness owing to or from you, and collecting and recovering any amount
owing from you or any person who has provided any security or other undertakings for your liabilities;
ix.
exercising any rights that the Company may have in connection with our services and/or
products;
x.
carrying out and/or verifying any eligibility, credit, physical, medical, security,
underwriting and/or identity checks in connection with our services and products
xi.
any purposes in connection with any claims made by or against or otherwise involving you in
respect of any of our services or products, including making, defending, analysing, investigating, processing,
assessing, determining, responding to, resolving or settling such claims;
xii.
performing policy reviews and needs analysis (whether or not on a regular basis);
xiii.
meeting disclosure obligations and other requirements imposed by or for the purposes of any
laws, rules, regulations, codes of practice or guidelines (whether applicable in or outside Hong Kong) binding on
the Company or any other member of the Group, including making disclosure to any legal, regulatory, governmental,
tax, law enforcement or other authorities (including compliance with sanctions laws, the prevention or detection
of money laundering, terrorist financing or other unlawful activities) or to any self-regulatory or industry
bodies such as federations or associations of insurers;
xiv.
for statistical or actuarial research undertaken by the Company or any member of the Group,
including matching of any data held which relates to you from time to time for any of the purposes listed
herein;
xv.
for recruitment purposes (in connection with job applications); and
xvi.
fulfilling any other purposes directly related to i to xv above.
4.
Transfer of Your Personal Data
4.1
Your Personal Data will be kept confidential, but to facilitate the purposes set out in section
3.1 above, the Company may transfer, disclose, grant access to or share Your Personal Data with the following:
i.
other members of the Group;
ii.
any person or company carrying on insurance-related and/or reinsurance-related business which
is engaged by the Company in connection with the Company's business;
iii.
any physicians, hospitals, clinics, medical practitioners, loss adjustors, risk intelligence
providers, claims investigators, legal advisors and/or other professional advisors engaged in connection with the
Company's business;
iv.
any person (including private investigators) in connection with any claims made by or against
or otherwise involving you in respect of any products/ services provided by the Company and/or our
affiliates;
v.
any agent, contractor, service provider or third party providing administrative, distribution,
credit reference, debt collection, telecommunications, call centre, computer, call centre, data processing,
payment processing, printing, redemption or other services in connection with the Company's business;
vi.
credit reference agencies or, in the event of default, debt collection agencies; and/or
vii.
any official, regulator, ministry, law enforcement agent or other person (whether within or
outside Hong Kong) to whom the Company or another member of the Group is under an obligation or otherwise required
or expected to make disclosures under the requirements of any law, rules, regulations, codes of practice or
guidelines (whether applicable in or outside Hong Kong).
4.2
Your Personal Data may be transferred or disclosed to any assignee, transferee, participant or
sub-participant of all or any substantial part of the Company's business.
4.3
To facilitate the purposes set out in section 3.1 the Company may transfer, disclose, grant
access to or share Your Personal Data with the parties set out in sections 4.1 and 4.2 and you acknowledge that
those parties may be based outside Hong Kong and that Your Personal Data may be transferred to places where there
may not be in place data protection laws which are substantially similar to, or serve the same purposes as, the
Ordinance.
4.4
The Company may only transfer Your Personal Data as mentioned above if you consent or do not
object in writing or by digital signoff.
5.
Use of Personal Data in Direct Marketing
5.1
In connection with direct marketing, the Company intends to use your name, contact details,
services and products portfolio information, financial background and demographic data held by the Company from
time to time in direct marketing to market the following classes of services and products offered by the Company,
other members of the Group and/or Our Business Partners (being providers of the product and services described
below) from time to time:
i.
insurance services and products;
ii.
wealth management services and products;
iii.
pensions, investments, brokering, financial advisory, credit and other financial services and
products;
iv.
health-check, medical and wellness services and products;
v.
media, entertainment and telecommunications services;
vi.
reward, loyalty or privileges programmes and related services and products; and
vii.
donations and contributions for charitable and/or non-profit making purposes.
5.2
The Company may only use Your Personal Data in direct marketing as mentioned above if you
consent or do not object in writing or by digital signoff.
5.3
If you do not wish the Company to use Your Personal Data in direct marketing, you may inform
the Chief Executive Officer of the Company in writing to the address below. We will withdraw you from future
direct marketing activities.
5.4
In addition to marketing the medical services and products directly, the Company intends to
provide Your Personal Data to any members of the Group and/or Our Business Partners for their use in direct
marketing the classes of services and products described in section 5.1 above (including, in the case of Our
Business Partners, for money or other commercial benefit).
5.5
If you do not wish the Company to provide Your Personal Data to other members of the Group
and/or Our Business Partners for their use in direct marketing, you may write to the Chief Executive Officer of
the Company at the address below to opt out from direct marketing at any time.
6.
Data Access/ Correction Requests
6.1
Under the Ordinance:
i.
you have the right to request access to Your Personal Data held by the
Company and correction of any of Your Personal Data which is inaccurate; and
ii.
the Company has the right to charge you a reasonable fee for processing and complying with your
data access request.
6.2
Requests for access to or correction of Your Personal Data should be made in writing to the
Chief Executive Officer of the Company at the address below.
7.
Accuracy of Personal Information
7.1
The Company will ensure the accuracy of all personal data collected and processed by the
Company. Appropriate procedures are implemented so that all personal data is regularly checked and updated to
ensure that it is reasonably accurate having regard to the purposes for which that data is used.
7.2
In so far as personal data held by the Company consists of statements of opinion, all
reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are
correct.
7.3
The Company will at all times endeavour to ensure the accuracy of personal data held by the
Company, and if such personal data is transferred to third parties, it will notify that third party of any
correction to be made.
8.
Retention of Personal Information
8.1
No personal data is kept for longer than is necessary and that the Company will comply with all
statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of
personally identifiable information.
8.2
For the Company’s mobile applications, membership registration data of data subject will be
deleted within 2 years after termination of membership of the App.
9.
Location Information
9.1
We collect information about your location when you use our services, which helps us offer
features such as searching clinics near you. Your location can be determined with varying degree of accuracy by
GPS. The types of location data that we collect depend in part on your device and account setting.
10.
Data Security
10.1
The Company will ensure an appropriate level of protection for personal data in order to
prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data
and the harm that would be caused by unauthorized access to that data. It is the practice of the Company to
achieve appropriate levels of security by restricting physical access to data, providing secure storage facilities
and incorporating security measures into equipment in which data is held.
10.2
Measures are taken to ensure the integrity, prudence, and competence of persons having access
to personal data and personal data is only transmitted by secure means.
10.3
In addition, the Company takes prudent security measures to ensure personal data collected via
the mobile applications are stored and transmitted under protection:
i.
For mobile app development, the mobile applications is developed by secure coding and
penetration testing is conducted;
ii.
The personal data collected via the mobile applications is stored in an database with strict
access control;
iii.
Data transfers between the Company and the mobile applications are made in SSL secured
connection and valid session key management is in place to ensure unauthorized access is restricted and prevented;
and
iv.
A multi-layered defense system is used in the Company’s data centre to secure transmission and
ensure effective data protection is in place.
11.
Use of Cookies and Third-Party Links
11.1
The Company’s website may include hyperlinks to third party websites. The Company has no
control over the content, accuracy, opinion expressed, and other links provided at these third -party websites or
how these third-party websites deal with Your Personal Data. You should investigate the privacy policies on these
third-party sites.
11.2
The Company may use "cookies" to improve our internet service to you. Cookies are small data
files that are automatically stored on your web browser in your computer that can be retrieved by the Company’s
website. Cookies enable the Company’s website to remember you and your preferences when you visit the website and
enable us to tailor the website to your needs. The information collected by cookies is anonymous visitor’s
personalized settings information and contains no name or address information or any information that will enable
anyone to contact you via telephone, e-mail or any other means. No customer personal data is stored in cookies.
However, you can disable cookies by changing the settings of your web browser.
11.3
In relation to the service of our website and mobile application, we may employ third party
companies and individuals to facilitate such service, provide on our behalf, perform related service or/and to
assist the analysis of usage, of such service. The said third party have access to your personal information only
to perform such task on our behalf and are obligated not to disclose or use it for any other purpose. The said
third party companies and individuals we employed include but not limited to Google Analytics.
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website
traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with
other Google services. Google may use the collected data to contextualize and personalize the ads of its own
advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by
installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript
(ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy &
Terms web page: http://www.google.com/intl/en/policies/privacy/
12.
Online Job Applications
12.1
Making an online application to a job advertisement on the Company's website is a free and
optional service that requires user to complete mandatory fields (including but not limited to the applicant's
first name, last name, email and resume) so that the Company can identify and contact the applicant. When you
apply for a job application on our website, the application, including the attachments and cover letters are
stored in the Company's database to allow easy and effective management of the recruitment process.
12.2
Any personal information retained by the Company as part of your application will only be used
in accordance with this Policy.
13.
Miscellaneous
13.1
In case of discrepancies between the English and Chinese versions, the English version shall
apply and prevail.
13.2
By accepting this Policy, you consent to the transfer of Your Personal Data outside Hong Kong
and you understand Your Personal Data may not be protected to the same or similar level in Hong Kong.
13.3
Further enquiries regarding the Company's Personal Data Protection Policy and Practices may be
directed to:
Chief Executive Officer
MediConCen Limited
Room A-C, 10/F, Infotech Centre, 21 Hung To Road, Kwun Tong, Hong Kong
Email: info@mediconcen.com