私隱政策
一般聲明
· 維健醫務有限公司致力於保護您的私隱,並承諾遵守《個人資料(私隱)條例》有關管理個人資料的規定,以保障我們持有的個人資料的私隱、保密及安全。我們同樣致力於確保我們所有員工及代理商履行同等的義務。
· 本私隱政策(以下簡稱“本政策”)將介紹維健醫務有限公司,我們可以如何收集、使用、披露、處理和管理您的個人資料,及您可以如何行使您的隱私權。
所有對“維健醫務有限公司”,“我們”,和“我們的”之統稱均指維健醫務有限公司及其所有香港子公司和關聯公司。
本政策的範圍
· 本政策的適用性。本政策適用於:
· 任何我們控制下的網站、平台、應用程式和其他在線服務或產品的任何用戶或來賓;
· 因潛在或持續的業務關係或因其他與業務相關的目的與我們共用其業務聯繫資訊和其他個人資料的自然人;以及
· 任何與我們進行互動的公眾人士及與我們有業務往來的自然人,包括但不限於監管機構的工作人員和供應商,及我們工作現場和辦公室的來賓。
個人資料
· 什麼是個人資料。“個人資料”是關於可直接或間接識別自然人的資料。
· 自願提供個人資料。一般而言,您向我們提供個人資料都是完全自願的。但是,在某些情況下,我們可能因缺乏您的個人資料而無法採取某些行動,如因為需要您的個人資料以處理您的請求、管理我們與您或您工作的機構之間的合約關係,或向您提供特定在線內容的訪問權限。當我們為了向您提供服務而強制需要您提供個人資料時,我們會特別通知您。如果您拒絕提供我們所需的個人資料,我們可能無法向您提供服務。
· 提供屬於他人的個人資料。如果您提供除您以外的任何人的個人資料(包括您的家庭成員,僱員(如公司醫療福利安排之成員等),則您保證已將我們收集他/她的個人資料目的告知了他/她,並且他/她已經同意您出於這些目的向我們披露他/她的個人資料。
· 準確性和完整性或個人資料。您確認提供給我們的所有個人資料都是真實,準確和完整的。
個人資料的收集
· 收集。在以下情況下,我們可能會自動收集您的個人資料(無論何時都會根據適用法律):
· 註冊或使用我們提供的任何服務或產品;
· 回應或註冊我們的任何倡議或活動;
· 瀏覽我們的網站或使用我們的App;
· 給我們發送電子郵件;
· 要求包含在我們的郵件發送列表中;
· 通過電話(可能有錄音記錄),信件,傳真,面對面的會議,社交媒體平臺,電子郵件與包括客戶服務人員在內的我們員工進行互動;
· 打電話給我們預約
· 當您在我們的場所內通過閉路電視攝像機時,或者在您參加我們的活動時通過被拍攝的照片或錄像;
· 要求我們與您聯繫;及/或
· 出於任何其他原因向我們提交您的個人資料。
收集您的個人資料的目的
· 主要目的。通常,我們出於以下的主要目的收集,使用或披露您的個人資料(或者,如果您是我們的公司客戶,則是您的員工的個人資料):
· 核實您的身份;
· 處理您與我們的關係;
· 為您提供所要求的服務,包括但不限於;
· 就您的查詢提供協助;
· 處理您的醫療保健有關的操作,包括配藥和治療;
· 與協力廠商專科醫生,診所,醫院和/或醫療機構聯繫(包括向他們提供接觸到您的醫療記錄的權限);
· 提供我們的服務後與您聯繫以獲取意見;
· 在我們的接觸點上個性化您的體驗;及/或
· 與上述內容之合理相關的目的。
· 經營宗旨。除上述目的外,我們還可能出於與我們業務相關或相關的目的收集,使用和/或披露您的個人資料,例如:
· 研究新產品和服務的開發或我們現有產品和服務的改進;
· 會計,風險管理和記錄保存;
· 進行計劃和統計分析;
· 處理醫療保險索償和付款
· 人員培訓;
· 保證我們的服務質量;
· 與任何索償,訴訟或程式(包括但不限於草擬和審閱檔,交易檔,獲得法律意見並促進解決爭端),和/或保護和執行我們的合同及法律權利和義務有關;
· 管理我們的場所和服務的安全和保障(包括但不限於進行閉路電視??監控和進行安全檢查);
· 進行任何形式的調查,包括但不涉及與糾紛,賬單,欺詐,犯罪,起訴等有關的調查;
· 符合或遵守對我們具有約束力的任何法律或監管機構發布的任何適用規則,法律,法規,業務守則或指南(包括但不限於回應監管投訴,向監管機構披露和進行審計檢查,盡責調查和調查);及/或
· 與上述合理相關的目的
· 供應商。如果您是我們的外部服務供應商或外判供應商的員工,管理人員或擁有者,除了本政策規定的目的(可能適用)之外,我們還可能出於以下目的收集,使用和/或披露您的個人資料:
· 評估您的組織是否適合作為我們的外部服務提供商或供應商;
· 管理項目招標和報價,處理訂單或管理商品和服務的供應;
· 在我們的系統數據庫中創建和維護我們的服務提供商和供應商的設定檔;
· 處理和支付供應商發票和票據;
· 管理我們的設施(包括但不限於發放訪客通行證和促進安全檢查);及/或
· 與上述合理相關的目的。
· 營銷目的。如果您單獨和明確地同意,我們可能會出於營銷我們的產品和服務以及我們的戰略合作夥伴和業務夥伴的產品和服務的目的而收集,使用和/或披露您的個人資料,例如向您通知我們的最新活動和服務。如我們因營銷目的而使用您的個人資料,我們將在收集您的個人資訊時徵求您的同意。
· 撤回同意關於市場營銷目的。您可以選擇撤回同意接收營銷或促銷材料/交流。您可以使用下面的聯繫方式與我們聯繫。請注意,一旦我們收到您確認撤回同意接收對市場營銷或促銷材料/通訊,您的撤回可能最多需要30個日曆日才能反映在我們的系統中。因此,在此期間,您可能仍會收到市場營銷或促銷材料/交流資訊。請注意,即使您撤回了同意接收市場營銷或促銷材料,我們仍可能出於有關其他目的與您要求或向我們購買的服務與您聯繫。
· 與您聯絡。當出於上述任何目的使用您的個人資料與您聯繫時,我們可能會通過常規郵件,傳真,電子郵件,SMS,電話或任何其他方式與您聯繫。關於營銷或促銷資訊的發送,我們只會通過普通郵件,傳真,電子郵件,SMS,電話或香港法律允許的任何其他方式向您發送此類資訊。
個人資料的披露
· 向協力廠商轉移。在遵守任何適用法律的規定的前提下,出於以上列出的目的(適用時),您的個人資料可能會披露給以下實體或當事方,無論它們位於海外還是在香港:
· 其中包括維健醫務有限公司及其關聯公司。
· 如果您已同意,我們可能向戰略合作夥伴和業務夥伴披露您的個人資料;
· 服務提供商和代表我們工作的資料處理服務提供商,並提供諸如託管和維護服務,分析服務,電子郵件消息傳遞服務,交付服務,付款交易處理,市場營銷等服務。
· 我們的顧問和專業顧問(例如會計師,律師,審計師);
· 外部銀行,信用卡公司,其他金融機構及其各自的服務提供商;
· 相關政府部門,監管機構,法定委員會或機構或執法機構,以遵守政府主管機關或任何另一方所實施任何法律,法規,準則,規章內被要求或被允許我們向其披露個人資料之相關法律規定;及/或
· 您授權我們向其披露您的個人資料的任何另一方。
· 向協力廠商轉移的限制。除因上述情況及上述提及的協力廠商外,我們不會將您的個人資料傳送給任何其他協力廠商。在任何情況下,我們都不會將您的個人資料出售給協力廠商。
個人資料從香港轉移至外地
· 轉移到香港以外的地方。我們是在全球合作夥伴的網絡內運營,我們可以出於上述目的將您的個人資料轉移到香港以外的任何地方。
保留
· 保留。我們向您收集的個人資訊時會因上述目的而保留,包括因我們有持續性的業務性需要、遵守相關法律的義務,法規或會計要求,或因我們需要保護我們的利益。
· 刪除。若我們收集您的個人資料的理由已不再適用,而我們因該等理由已不需要保留或處理您的個人資料,我們將刪除您的個人資料或將您的個人資料匿名化。若不能將您的個人資料刪除或匿名化(如因您的個人資料已儲存在備份檔案中),那麼我們將安全地儲存您的個人數據,並停止將其處理,並將其與其他個人資料隔離,直至您的個人資料可以刪除為止。
安全
· 風險性原則。我們會使用適當的技術和組織性的措施保護我們收集和處理的你的個人資料。我們使用的措施將與處理您的個人資料的風險性對等。
· 安全措施。我們使用的具體措施包括定期的惡意軟件掃描。您的個人資料將儲存在安全的網絡中,只有少數因其職位或職責而對系統擁有特殊訪問權限的人士可以訪問您的個人資料,他們也需保持您的個人資訊的保密性。根據適用的法律,我們要求任何參與處理您的個人數據的任何協力廠商進行相等程度的保護。
您的權利
· 訪問和更正。您有權要求訪問和更正我們持有的您的個人資料。
· 聯繫資料保護專員。如果您希望隨時撤回您已經給予我們的任何同意,或者希望更正或查詢我們持有的您的個人資料,或者您不接受本政策的任何修改,請聯繫我們的資料保護專員:
姓名:Mr. Raymond Yip
電話:852-21588571
電子郵件:dpo@hmmp.com.hk
· 查詢費用。我們可能會向您收取費用,以處理您查詢我們所擁有的您的個人資料的請求,或有關在您提出請求之前的一年中我們曾經(或可能有)使用您的個人資料的用途。如果需要收費,我們會提前通知您該金額,並在收到付款後回覆您的請求。我們將盡力在30天內回覆您的請求,如果不可能,我們將通知您我們將在什麼時間回覆您。
· 協力廠商個人資料。請注意,如果您的個人資料是由協力廠商(例如普通科醫生或您的僱主)提供給我們的,則您應聯繫該組織或個人代表您向我們提出此類查詢,投訴以及查詢和更正請求。
· 撤回同意之影響。在許多情況下,我們需要使用您的個人資料,以便我們為您提供所需的產品或服務。如果您沒有向我們提供所需的個人資料,或者您撤回同意出於這些目的而使用和/或披露您的個人資料,則我們可能無法繼續為您提供服務或向您提供您需要的產品和服務。
適用法律
· 本政策受香港法律管轄。您同意在與本政策有關的任何爭議中遵從香港法院之的專屬審裁權。
修改本政策
· 修改。我們可能會因法律、技術或業務的發展不時修訂本政策。更新後的政策將取代以前的版本,並將適用於之前提供給我們的個人資料。更新後的政策可要求我們的資料保護專員提供,及從我們的網站www.hmmp.com.hk閱?。如果閣下不接受本政策的任何修訂,請與我們的資料保護專員聯繫(請參閱以下段落)。
· 同意將個人資料用於新的目的。如果本政策被修改,未經您事先同意,您的個人資訊將不會用於任何新的目的。
網站或APP
· 匿名瀏覽。當您瀏覽我們的網站www.hmmp.com.hk或我們的App,我們的網站或App不會從您的設備收集任何資料,除非你個人和有意向我們提供您的資料。
· 使用Cookie。我們可能會在我們的網站或App使用“cookies”來存儲和查核資訊,如用戶的數量,使用頻率,類別和他們的在線喜好。Cookies不會存取識別您的身份資料,但收集的資料或可幫助我們分析我們網站/App的使用情況和改善你與我們的在線體驗。您可以通過更改瀏覽器上的設置來禁用Cookie。但是,這可能會影響我們網站的功能。您不能在App中管理Cookie設定。
· 鏈接到其他網站。我們的網站或App可能包含鏈接,這些不是我們所擁有或維修管理和可控制的其他網站。提供這些鏈接只是為了您的方便。本政策僅適用於我們的網站。當瀏覽這些協力廠商網站時,您應該閱讀他們的私隱政策。
Privacy Policy
GENERAL
· Health Maintenance Medical Practical Limited is committed to protecting the privacy, confidentiality and security of the personal data we hold by complying with the requirements of the Personal Data (Privacy) Ordinance with respect to the management of personal data. We are equally committed to ensuring that all our employees and agents uphold these obligations.
· This Privacy Policy (“Policy”) explains who we are, how we may collect, use, disclose, process and manage your personal data and how you can exercise your privacy rights.
All references to the “Health Maintenance Medical Practical Limited”, “we”, “us” and “our” refer collectively to the Health Maintenance Medical Practical Limited and all its subsidiaries and group companies in Hong Kong.
· Applicability of Policy. This Policy is applicable to:
o any user of, or visitor to, our websites, platforms, applications and other online services or products under our control;
o individuals who share their business contact information and other personal data with us in the framework of a potential or ongoing business relationship or for other business purposes; and
o any members of the public who interact with us and individuals with whom we do business, including, but not limited to, staff of regulatory authorities and suppliers and visitors to our sites and offices.
· What is personal data. “Personal data” is information directly or indirectly relating to a natural person who can be identified from that information.
· Voluntary provision of personal data. As a general principle, provision of any personal data to us is entirely voluntary. However, there are circumstances in which we cannot take action without certain personal data, for example because this personal data is required to process your requests, manage the contractual relationship between us or the company you work for, or provide you with access to a specific online content. When the provision of such personal data is mandatory in order for us to provide services to you, we will specifically inform you. Should you refuse to provide the required personal data in such circumstances, it may unfortunately not be possible for us to provide you with our services.
· Providing personal data belonging to others. If you provide the personal data of anyone other than yourself (including your family members, employees – in the case of corporate healthcare arrangements fellow etc.), you warrant that you have informed him/her of the purposes for which we are collecting his/her personal data and that he/she has consented to your disclosure of his/her personal data to us for those purposes.
· Accuracy and completeness of personal data. You confirm that all personal data that you provide to us is true, accurate and complete.
· Collection. We may collect your personal data automatically (at all times in accordance with applicable law) when you:
o register for or use any services or products we provide;
o respond to or register for any of our initiatives or events;
o visit our website or use our app;
o send us an email;
o request to be included in our mailing list;
o interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails;
o call us to fix an appointment;
o attend to our premises via CCTV cameras, or via photographs or videos taken during events;
o request that we contact you; and/or
o submit your personal data to us for any other reason.
· Primary purposes. Generally, we collect, use or disclose your personal data (or, where you are our corporate customer, the personal data of your employees) for the following primary purposes:
o to verify your identity;
o to manage your relationship with us;
o to provide you with the services that you have requested, including but not limited to:
o to contact you for feedback after the provision of our services;
o to personalise your experience at our facilities; and/or
o purposes which are reasonably related to the aforesaid.
· Business purposes. In addition to the purposes set out above, we may also collect, use and/or disclose your personal data for purposes connected or relevant to our business, such as:
o research into the development of new products and services or improvement of our existing products and services;
o accounting, risk management and record keeping;
o carrying out planning and statistical analysis;
o processing and handling of medical and insurance claims and payments;
o staff training;
o quality assurance of our services;
o in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
o managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
o conducting any form of investigations including but not limited to those relating to disputes, billing, fraud, offences, prosecutions etc.;
o meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations); and/or
o for purposes which are reasonably related to the aforesaid.
· Vendors. If you are an employee, officer or owner of an external service provider or vendor, in addition to the purposes set out above (as applicable), we may also collect, use and/or disclose your personal data for the following purposes:
o assessing your organisation’s suitability as an external service provider or vendor for us;
o managing project tenders and quotations, processing orders or managing the supply of goods and services;
o creating and maintaining profiles of our service providers and vendors in our system database;
o processing and payment of vendor invoices and bills;
o managing our premises and facilities (including but not limited to issuing visitor access passes and facilitating security clearance); and/or
o purposes which are reasonably related to the aforesaid.
· Marketing purposes. If you have separately and expressly consented, we may collect, use and/or disclose your personal data for the purposes of marketing our products and services and those of our strategic partners and business associates e.g. informing you of our latest events and services. If we intend to use your personal data for marketing purposes we will obtain your consent when we collect your personal data.
· Withdrawal of consent for marketing purposes. You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. You may contact us using the contact details found below. Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to [30 calendar days] for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials / communication during this period of time. Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the services that you have requested or purchased from us.
· Contacting you. When using your personal data to contact you for any of the above purposes, we may contact you via regular mail, fax, e-mail, SMS, telephone or any other means. In relation to the sending of marketing or promotional information, we will only send you such information via regular mail, fax, e-mail, SMS, telephone or any other means where this is permitted under the laws of Hong Kong.
· Transfer to third parties. Subject to the provisions of any applicable law, your personal data may be disclosed, for the purposes listed above (where applicable) to the following entities or parties, whether they are located overseas or in Hong Kong:
o where you have consented, we may disclose your personal data to our strategic partners and business associates;
o service providers and data processors working on our behalf and providing services such as hosting and maintenance services, analysis services, e-mail messaging services, delivery services, handling of payment transactions, marketing etc.
o our consultants and professional advisers (such as accountants, lawyers, auditors);
o external banks, credit card companies, other financial institutions and their respective service providers;
o relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority, or any other party to whom we are required or permitted to disclose personal data pursuant to the applicable laws; and/or
o any other party to whom you authorise us to disclose your personal data.
· Limits to transfers to third parties. Apart from the circumstances and third parties listed out above, we will not transfer your personal data to any other third parties. Under no circumstances will we sell your personal data to third parties.
· Transfer outside Hong Kong. Since we are operating within a global network of partners, we may transfer your personal data to any location outside of Hong Kong for the purposes set out above.
RETENTION
· Retention. The personal data we collect from you is retained for the purposes set out above, including where we have an ongoing legitimate business need, an obligation to comply with relevant laws, regulations or accounting requirements, or where we need to protect our interests.
· Deletion. When we have no further reasons to retain or process your personal data pursuant to the purpose that it was collected for, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
SECURITY
· Risk based approach. We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
· Security measures. Specific measures we use include regular malware scanning. Your personal data is contained behind secure networks and is only accessible by a limited number of people who have special access rights to such systems as required based on role and responsibility of such persons and are required to keep the information confidential. We require the same level of diligence from any third party involved in the processing of your personal data in accordance with applicable laws.
· Unauthorized access. We cannot be held responsible for unauthorised or unintended access that is beyond our control.
· Access and correction. You have the right to request access to and correct your personal data held by us.
· Contact Data Protection Officer. If you wish to withdraw any consent you have given us at any time, or if you wish to correct or have access to your personal data held by us, or if you do not accept any amendment to this Policy, please contact our Data Protection Officer:
Name: Mr. Raymond Yip
Tel.: +852-21588571
Email: dpo@hmmp.com.hk
· Fee for access. We may charge you a fee for responding to your request for access to your personal data held by us, or for information about the ways in which we have (or may have) used your personal data in the one-year period preceding your request. If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received. We will endeavour to respond to your request within 30 days, and if that is not possible, we will inform you of the time by which we will respond to you.
· Third party personal data. Please note that if your personal data has been provided to us by a third party (e.g. a general practitioner or your employer), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to us on your behalf.
· Effect of withdrawal of consent. In many circumstances, we need to use your personal data in order for us to provide you with products or services which you require. If you do not provide us with the required personal data, or if you withdraw your consent to our use and/or disclosure of your personal data for these purposes, it may not be possible for us to continue to serve you or provide you with the products and services that you require.
GOVERNING LAW
· This Policy is governed by the laws of Hong Kong. You consent to submit to the exclusive jurisdiction of the Courts of Hong Kong in any dispute relating to this Policy.
AMENDMENTS TO THIS POLICY
· Amendments. We may amend this Policy from time to time in response to changing legal, technical or business developments. The updated Policy will supersede earlier versions and will apply to personal data provided to us previously. The updated Policy will be made available upon request from our Data Protection Officer and on our website at www.hmmp.com.hk.
· Consent for use of personal data for new purposes. If this Policy is amended, your personal data will not be used for any new purposes without your prior consent.
· Anonymous browsing. Anonymity is maintained when you visit our websites at www.hmmp.com.hk or our app. Our websites or app are not configured to gather any information from your device, unless you otherwise personally and intentionally provide us with your information.
· Use of cookies. We may make use of “cookies” on our websites or app to store and track information such as the number of users and their frequency of use, profiles of users and their online preferences. Cookies do not capture information which would personally identify you, but the information collected may be used to assist us in analysing the usage of our websites/app and to improve your online experience with us. You can disable the cookies by changing the setting on your browser. However, this may affect the functionality of our websites. You cannot manage cookies in the app.
· Links to other websites. Our websites or app may contain links to other websites which are not owned or maintained by us and over which we have no control. These links are provided only for your convenience. This Policy only applies to our website. When visiting these third party websites, the privacy policies of such websites apply.