Last updated on 1 July 2018
We Are Committed to Protecting Your Privacy
Fiducia Management Consultants and its subsidiaries and/or affiliated companies (collectively referred to as “Fiducia”, “we”, “us”, “ours” or “ourselves” below), are strongly committed to protecting and respecting your privacy.
For the processing of Personal Data of a Data Subject (as defined herein below), we comply with the European Union General Data Protection Regulation (‘GDPR’) and any country-specific data protection regulations as applicable to us.
“Personal Data” means any information relating to an identified or an identifiable natural person (“Data Subject), who is one that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Profiling” means any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interest, reliability, behavior, location or movements.
“Data Controller/Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- The type of Personal Data We Collect
We may collect and process the personal information about you including but not limited to your name, company name, contact number, address, e-mail address, age, gender, passport and/or other identification document details.
2.1 Personal Data about Other Individuals
2.2 Special categories of Personal Data
“Special Categories of Personal Data” are a subset of Personal Data, and include information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership (or non-membership), physical or mental health or condition and genetic and biometric information.
As a general rule, we do not process Special Categories of Personal Data. If we do, we will require your explicit consent unless exceptional circumstances apply such as necessary for public interest or we are required to do so by law.
Where you are providing Special Categories of Personal Data about other individual(s), you agree that you have procured their consent to our collection, processing and disclosure of their Special Categories of Personal Data.
- DATA PROTECTION PRINCIPLES
We shall comply with the principles of data protection (“Principles”) enumerated in the European Union General Data Protection Regulation (“GDPR”). We will make every effort possible in everything we do to comply with the Principles. The Principles are:
3.1 Lawful, Fair and Transparent
Personal Data processing must be fair for a legal purpose and we must be open and transparent as to how the data will be used.
3.2 Purpose Limitation
Personal Data can only be processed for purposes which are specified, explicit and legitimate.
3.3 Data Minimisation
Any Personal Data processed must be necessary, relevant and adequate in relation to the purposes.
The Personal Data we retain must be accurate and kept up to date and shall be erased or rectified without delay if it is inaccurate for the purposes for which they are processed.
3.5 Storage Limitation
The retention of Personal Data in a form which permits identification of you as Data Subject should not be longer than necessary than the purpose for which the Personal Data was collected.
3.6 Integrity and Confidentiality
We adopt appropriate security measures of Personal Data to avoid unauthorised or unlawful processing, loss and disclosure.
We as Data Controllers must ensure we comply with the Principles and are able to demonstrate compliance.
- JUSTIFICATIONS OF USE OF PERSONAL DATA
Please note that the use of Personal Data under the GDPR must be justified under at least one of the following legal grounds:
Consent: where you have consented to our use of your Personal Data (you will have been presented with a consent form in relation to any such use);
Contract performance: where your Personal Data is necessary to perform the contract to which you are a party of or necessary to do so at the request of the Data Subject prior to entering into a contract;
Legal obligation: where we need to use your Personal Data to comply with our legal obligations;
Legitimate interest: where we use your Personal Data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights;
Public interest: where the processing of your Personal Data is necessary to perform a task carried out in public interest;
Vital interest: where we need to process your Personal Data to protect the vital interest of you or another natural person; and
Following are the principal legal grounds that justify our use of your Special Categories of Personal Data:
Explicit consent: You have given your explicit consent to the processing of those Personal Data for one or more specified purposes. You are free to withdraw your consent by contacting us.
- PURPOSE OF COLLECTING YOUR PERSONAL DATA
We may collect and use your Personal Data for purposes directly or incidental to the following matters:
5.1 To Answer Your Enquiries
If you would like to make an enquiry through our website, we will request for Personal Data including but not limited to your name, company name, telephone number and email address. The Personal Data that you provide to us for making an enquiry is made available to us for the purpose of answering your enquiry and for us to follow up with you on the enquiry and/or the services. Instead of enquiring via the Contact Us section on our Website, you may also get in touch with us by contacting our offices by phone or e-mail
- To Provide You with Our Services
In general, we collect your Personal Data in order for us to provide you with our services and any information which is relevant to our services. In addition to Personal Data collected via our Website, we may also collect your Personal Data from but not limited to the following methods:
- Any correspondence with us; and
- Your use of our Website such as, enquiring and registering with us for our services via our Website, subscribing to our newsletter, events and/or services updates, posting information on our Website, reporting any problem to us on our services or Website.
5.3 To Conduct Direct Marketing
With your explicit consent (i.e. by subscribing to our newsletter) we may send you e-newsletters, printed publications, event invitations, and information about our services by post or e-mail. It is our intention to only send you materials that you may want to receive. We typically use third-party e-mail service providers to send e-mails. These service providers are contractually prohibited from using your e-mail address for any purpose other than to send e-mails related to us. Your Personal Data will not be shared with third-parties for their own marketing purposes.
We provide you the ability to unsubscribe from all marketing communications. Every time you receive an e-mail, you will be provided with the choice to opt-out of future e-mails by following the instructions provided in the e-mail or by sending us an e-mail to firstname.lastname@example.org.
5.4 For Analytics and Profiling
In connection with our marketing activities, we analyse information that we collect to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. From time to time, we will assess the Personal Data that we hold about you in order to tailor surveys, questionnaire and marketing communications to include offers and content that are relevant to you. We may also use this method to avoid sending you offers that are inappropriate or unlikely to be of interest to you. You have the right to opt-out of such analysis of Personal Data at any time by requesting us to do so by e-mail to email@example.com.
5.5 To Comply with Our Legal Obligations
We may use your Personal Data to comply with our obligations arising from any contract entered into between you and us, corporate and financial reporting requirements and those imposed by our auditors and government authorities, and to cooperate with law enforcement agencies, government authorities, regulators and/or the court in connection with court proceedings or investigations anywhere in the world where we are compelled to do so.
5.6 To Improve Our Services and Products
We may use your Personal Data to assist us in researching, designing, launching and improving our services and to assist us with holding seminars, events and/or forums.
5.7 To Ensure Proper Functioning of Our Website
(a) Our Website
When you browse the Website, the Website collects series of general data and information which is stored in server log files. Information collected may be (1) the browser types and versions used; (2) the operating system used by the accessing system; (3) the website from which an accessing system reaches the Website (so-called referrers); (4) the sub-websites; (5) the date and time of access to the Website; (6) an Internet Protocol Address (IP Address); (7) the Internet Service Provider of the accessing system; and (8) any other similar data and information that may be used in the event of attacks on our information technology systems. We treat this information as personal data if identifiable person can be directly or indirectly identified by reference to log files. When using these general data and information, we do not draw any conclusions about you as Data Subject. Rather, this information is needed to (1) deliver the content of the Website correctly; (2) optimise the content of the Website (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, we analyse anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our company, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from personal data provided by you.
We use analytical and performance cookies. They allow us to recognise and count the number of visitors to our Website and to see how visitors navigate on our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
5.8. To coordinate marketing collaborations
If you have agreed to be a guest speaker at a Fiducia event or to be featured in one of our publications, we may collect your contact details, such as phone number and e-mail address, for the purpose of coordination and communication between you and Fiducia. We may also ask for your name, company name, and position for marketing purpose, to be published in event invitations and published articles, related to the agreed collaboration. Whenever the collaboration entails you providing information to us, such as in the form of an interview or PowerPoint presentation, we will ask for your approval before sharing it with anyone outside Fiducia.
- DISCLOSURE TO THIRD-PARTY
Fiducia may engage third-parties to assist in the provision of service by us to you and which may, as part of their role in delivering the service, process your Personal Data. As part of using service provided by us, you consent to us sharing your Personal Data with the following parties:
a) agents, other service providers, event collaboration partners and third-party partners who process and store Personal Data (“Sub Processor”);
b) professional advisors; and
c) law enforcement agencies.
Fiducia has concluded data processing agreements with all Sub Processors that are compliant with GDPR.
6.1 Third-party service providers who process Personal Data on our behalf
We may share Personal Data and information with Sub Processors working with us in connection with the operation of the Website and/or services provided by us to you and who need access to such Personal Data and information to carry out their work for us. When we organise events in collaboration with third-parties, we may share your name, company name, and position once you have registered to attend the event. We do not disclose your contact details to them. In addition to the required information sharing described above, we use the services of third-party agents, such as e-mail service providers for the purpose of mailing materials to you. These parties are contractually prohibited from using your Personal Data for any purpose other than for the purposes specified in their respective contracts. We do not permit the sale of your Personal Data to entities outside of Fiducia for any use unrelated to us or use of your Personal Data by third-party for their own purposes.
We are not responsible for any additional information you provide directly to these Sub Processors. Please become familiar with their practices before disclosing any of your Personal Data directly to such Sub Processors.
6.2 Sharing of Personal Data with your express consent
From time to time, we may also share your Personal Data with third-parties when you give us your explicit consent to do so. For example, we may enter into relationships with other parties to make specific services or offers available to you by providing at the time of contracting with us your Personal Data, such as your name, company name and/or other contact information, that we deem reasonably necessary or appropriate for our business partners to provide these services or offers to you.
6.3 Law enforcement agencies, government authorities, regulators and the court
We may disclose your Personal Data in good faith belief that we are lawfully authorised or required to do so, or that doing so is reasonably necessary or appropriate to comply with the law or with legal process or authorities, respond to any claims, or to protect the rights, property or safety of Fiducia, our users, our employees or the public, including without limitation to protect us or our users from fraudulent, abusive, inappropriate or unlawful use of our service. We will promptly notify you by e-mail of any request of an executive or administrative agency or other governmental authority that it receives, and which is related to your Personal Data and information, unless prohibited by applicable law.
6.4 Third-parties who require such data in connection with a change in the structure of our business
- YOUR RIGHTS
You as Data Subject have the following rights to your Personal Data which we respect and comply with to the best of our ability. You can exercise these rights at any time by contacting us at firstname.lastname@example.org.
7.1 Right of confirmation
You shall have the right to obtain from us the confirmation as to whether or not your Personal Data and information concerning you are being processed. If you wish to avail yourself of this right of confirmation, you may at any time contact us by e-mail to email@example.com.
7.2 Right of access
You shall have the right to obtain from us free information about your Personal Data stored at any time. Furthermore, you are also entitled to access to the following information:
(a) the purposes of the processing;
(b) the categories of Personal Data concerned;
(c) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from us rectification or erasure of Personal Data, or restriction of processing of Personal Data concerning you, or to object to such processing;
(f) the existence of the right to lodge a complaint with the Supervisory Authority of the concerned EU Member State;
(g) where the Personal Data are not collected from you, any available information as to their source;
(h) the existence of automated decision-making, including profiling as well as the significance and envisaged consequences of such processing for you.
Furthermore, you shall have a right to obtain information as to whether your Personal Data are transferred to a third country or to an international organisation. Where this is the case, you shall have the right to be informed of the appropriate safeguards relating to the transfer.
If you wish to avail yourself of this right of access, you may at any time contact us by e-mail to firstname.lastname@example.org or to our Data Protection Officer, with their contact information provided below.
7.3 Right to rectification
You shall have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of processing, you shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
If you wish to exercise this right of rectification, you may at any time contact us by e-mail to email@example.com or to our Data Protection Officer, with their contact information provided below.
7.4 Right to erasure
You shall have the right to obtain from us the erasure of Personal Data concerning you without undue delay where one of the following grounds applies, as long as the processing is not necessary:
(a) The Personal Data are no longer necessary in relation to the purposes for which we collected or otherwise processed them;
(b) You withdraw consent to which the processing is based and where there is no other legal ground for the processing;
(c) You object to the processing and there are no overriding legitimate grounds for the processing pursuant to Article 21(1) of the GDPR
(d) You object to the processing for direct marketing purposes.
(e) The Personal Data have been unlawfully processed.
(f) The Personal Data must be erased for compliance with a legal obligation in the European Union or Member States law to which the controller is subject.
(g) The Personal Data have been collected in relation to the offer of services to a child.
If one of the aforementioned reasons applies, and you wish to request the erasure of Personal Data stored by us, you may at any time contact us by e-mail to firstname.lastname@example.org or to our Data Protection Officer, with their contact information provided below and we will promptly ensure that the erasure request is complied with without undue delay.
7.5 Right of restriction of processing
You shall have the right to obtain from us restriction of processing where one of the following applies:
(a) The accuracy of the Personal Data is contested by you, for a period enabling us to verify the accuracy of the Personal Data.
(b) The processing is unlawful and you oppose the erasure of the Personal Data and requests instead the restriction of their use instead.
(c) We no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
(d) You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the Data Subject.
If one of the aforesaid conditions is met, and you wish to request the restriction of the processing of Personal Data stored by us, you may at any time contact us by e-mail to email@example.com or to our Data Protection Officer, with their contact information provided below and we will promptly arrange the restriction of the processing.
7.6 Right to data portability
You shall have the right to receive the Personal Data concerning you, which was provided to us, in a structured, commonly used and machine-readable format. You shall have the right to transmit those data to another controller without hindrance, where technically feasible and when doing so does not adversely affect the rights and freedom of others.
In order to assert the right of data portability, you may at any time contact us by e-mail to firstname.lastname@example.org or to our Data Protection Officer, with their contact information provided below.
7.7 Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of Personal Data concerning you based on legitimate interest or performance of a public interest task. This also applies to profiling based on these grounds.
If we process Personal Data for direct marketing purposes, you shall have the right to object at any time to processing of Personal Data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to our processing for direct marketing purposes, we will no longer process the Personal Data for these purposes.
In order to exercise the right to object, you may directly contact us by e-mail to email@example.com or to our Data Protection Officer, with their contact information provided below.
7.8 Right in relation to automated individual decision making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you as long as the decision
- is not necessary for entering into, or the performance of, a contract between you as Data Subject and us as a Data Controller; or
- is not authorised by the European Union Member States law and any other local laws and regulations to which we are subject to and which also lays down suitable measures to safeguard you rights and freedoms and legitimate interests, or
- is not based on your explicit consent.
However, if the decision
- is necessary for entering into, or the performance of, a contract between you as Data Subject and us as a Data Controller; or
- is based on your explicit consent,
then we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and contest the decision.
If you wish to exercise the rights concerning automated individual decision making, you may at any time directly contact us by e-mail to firstname.lastname@example.org or to our Data Protection Officer, with their contact information provided below.
7.9 Right to withdraw consent
You shall have the right to withdraw your consent to processing of your Personal Data at any time. If you wish to exercise your right to withdraw your consent, you may at any time contact us by e-mail to email@example.com or to our Data Protection Officer, with their contact information provided below.
7.10 Right to Complain
In the event that you wish to make a complaint about how your Personal Data and information is being processed by us, you have the right to complain to the Supervisory Authority in the relevant EU member state. You may contact us by e-mail to firstname.lastname@example.org or to our Data Protection Officer, with their contact information provided below to obtain information in relation to how to lodge such complaint.
- DATA TRANSMISSION ACROSS INTERNATIONAL BORDERS
We may transfer and store your data outside the European Economic Area (“EEA”) or your country. We will only do so if adequate protection measures are in place in compliance with data protection legislation. We have put in place European Commission approved standard contractual clauses to protect your Personal Data. You can ask us by e-mail to email@example.com or to our Data Protection Officer, with their contact information provided below for a copy of these clauses.
It may also be processed by staff operating outside the EEA or your country who work for us or for one of our service providers for the purposes outlined in this Policy. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of our services.
- RETENTION OF PERSONAL DATA
- DATA STORAGE
We take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us is stored on our secure servers.
While we have implemented reasonable technical and organisational precautions to protect the security and integrity of personal data provided to our Website, due to the inherent nature of the internet as an open global communications method, we cannot guarantee that information, during transmission through the internet or while stored on our system or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. We do however maintain physical, electronic and procedural safeguards to protect your Personal Data.
- DATA SECURITY
11.1 Accounts and Passwords
Where we have given you or where you have chosen a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
11.2 E-mail and Online Communication
It is important to note that all e-mail communication is not secure. There is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail. We recommend that you do not include any sensitive information including credit card details when using e-mail or using any public computers/public WIFI. Our e-mail responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the Internet is guaranteed to be secure. Any Personal Data transferred over e-mail or online is at your own risk.
11.3 Internal Controls
12. OTHER SITES
DATA PROTECTION OFFICER
By Mail: Fiducia Management Consultants, 15/F OTB Building, 160 Gloucester Road, Hong Kong.