Privacy Policy

1. Collection of Personal Data

1.1 NTT Com Asia Limited and its subsidiaries, as applicable (the “Company”) collects personal data in strict compliance with Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) and this Privacy Policy, primarily to facilitate your use or subscription of our Website, products, services, and/or other support.

1.2 The types of personal data we may collect include, but are not limited to, your name, contact details, preferences related to our services and products, and information necessary for service provision and support.

1.3 The collection of personal data serves several purposes:

  1. To provide the products, services, and support you have requested or subscribed, where only necessary personal data will be collected;
  2. To enhance your user experience, including the use of anonymous aggregated data for website content and functionality improvement;
  3. For process and use by any third party service providers that provide administrative, payment gateway, financing, professional or other services to the Company;
  4. For process and use by any banking, financial, or other institution with which you have or propose to have dealings;
  5. For process and use by debt collection or credit reference agency or similar provider of debt collection or credit information services to the Company;
  6. For process and use by whom the Company transfers or proposes to transfer its interests and/or obligations under relevant contract, arrangement, or transaction between you and the Company, or otherwise in respect of you or any product or service provided by the Company to you;
  7. For process and use by governmental authorities or the court as required by applicable laws or court order;
  8. For essential system administration and troubleshooting purposes, involving the collection of technical logs; and
  9. For marketing and promotional activities, with your consent and providing an option to opt-out at any time.

2. Use and Disclosure of Personal Data
2.1 Personal data collected by the Company is accessed, stored, and processed with in line with PDPO requirements.

2.2 Disclosure of personal data is limited any may include sharing with:

  1. Parties you engage with our Website;
  2. The Company’s affiliates, agents, contractors, other telecommunication network providers, and other third party service providers necessary for business operations and service delivery;
  3. Business partners involved in providing services to you;
  4. Entities in the event of a transfer of the Company’s interests and/or obligations under any contract with you or in connection with a product or service provided to you;
  5. Law enforcement, regulatory bodies or the Court, as required by law.

2.3 It is acknowledged and agreed that personal data may be transferred outside Hong Kong, subject to the conditions set out in paragraph 2.2.

3. Data Subject Rights
3.1 Under the PDPO, data subjects are entitled to certain rights, which the Company respects and upholds. These rights include:
  1. Requesting access to personal data held by the Company;
  2. Seeking correction of any personal data that is inaccurate or incomplete;
  3. Receiving information on the Company’s policies and practices regarding personal data; and
  4. Objecting to the use of personal data for direct marketing.

3.2 To exercise these rights, you shall submit a written request to our designated Data Protection Officer in accordance with Clause 10 (Contact Use) below. There may be a reasonable fee charge for processing your access request as permitted under the PDPO.The Company is committed to honouring valid data subject rights request under the PDPO within legally mandated timeframe. We may charge a reasonable fee for processing such requests, as permitted under the PDPO.

3.3 For any inquiries or concerns about data privacy, including the exercise of rights under PDOP, please contact the Company’s designated officer as stated in Clause 8 below.

4. Data Security

4.1 The Company employs robust technical and organizational measures to safeguard personal data against unauthorized processing, loss, destruction or damage.

4.2 Key security safeguards include:

  1. Rigorous access controls and authentication protocols
  2. Comprehensive policy controls on data access
  3. Regular cybersecurity training for staff

4.3 Despite our stringent security measures, the Company cannot guarantee absolute security of personal data. We do not warrant that personal data will be entirely secure from unauthorized access or disclosure.

4.4 The Company's liability for security breaches, unauthorized disclosure, or data misuse is limited to the maximum extent permitted by law. The Company shall not be liable for any form of damages resulting from cybersecurity incidents. This limitation of liability supersedes any conflicting provision in this Privacy Policy.

4.5 The Company shall not under any circumstances be liable for any direct, indirect, incidental, consequential, special, exemplary or punitive damages arising out of or in connection with any cybersecurity breach or data leakage incident.

5. Data Retention
5.1 Personal data is retained only as long as necessary for its intended purposes. The Company adheres to legal, regulatory, and contractually retention requirements, ensuring data is not kept beyond necessary periods.

5.2 In the event of data correction or deletion requests by data subjects, the Company reserves the right to retain necessary personal data for compliance with legal obligations or for the establishment, exercise, or defense of legal claims. This data will be retained strictly in accordance with the PDPO and other relevant laws and regulations.

6. Third Party Data Sharing and Protection

6.1 Whenever the Company share your personal data with third parties, such as service providers, business partners, or other related third parties, we ensure such parties are obligated to protect your data in compliance with the PDPO. We will require all such third parties to maintain the confidentiality and security of the personal data they process on our behalf, prevent its misuse, and process it only in accordance with our specified purposes and in line with the applicable legal framework.

7. Modifications
7.1 Our Privacy Policy may be updated at any time without prior notice to reflect changes in our data processing practices or relevant laws. Amendments will be effective immediately upon posting on our Website.

7.2 We will notify you of any significant changes that affect the processing purposes or the categories of personal data processed. Notification will be provided through our website and, where feasible, via direct communication to you, such as email. We encourage you to review our Privacy Policy regularly to stay informed of how we are protecting your information.

7.3 The Company will endeavour to communicate significant changes to the Privacy Policy to affected users, when feasible, vial email or website notification. However, it is ultimately the responsibility of the users to stay informed about changes by regularly checking our Website.

7.4 Users’ continued use of the Company’s services after any changes to the Privacy constitutes their acceptance of the revised terms. If users do not agree to the amended Privacy Policy, they should cease using the Company’s services.

8. Relationship to General Terms
8.1 The Company's General Terms and Conditions ("General Terms") are incorporated by reference into this Privacy Policy as if fully set forth herein. All provisions of the General Terms apply to this Privacy Policy and the parties’ rights and obligations hereunder. This includes without limitation provisions relating to intellectual property, trademarks, disclaimers, limitations of liability, indemnification, governing law and other relevant terms in the General Terms.

8.2 In the event of any conflict between the General Terms and this Privacy Policy, the terms of this Privacy Policy shall prevail solely with respect to the collection, use, disclosure, and other processing of personal data by the Company. For all other purposes, including use of any other Company services, products, or websites, the General Terms shall control.

9. Miscellaneous
9.1 Unless otherwise defined in this Privacy Policy, all capitalized terms used herein shall have the meanings ascribed to them in General Terms. In the event of any conflict or inconsistency between the definitions in this Privacy Policy and those in the General Terms, the definitions set forth in this Privacy Policy shall prevail solely for the purposes of construing the provisions of this Privacy Policy. All rules of interpretation set forth in the General Terms shall apply to this Privacy Policy unless the context requires otherwise.

10. Contact Us

10.1 For any request concerning access to or correction of personal data, as well as any inquiries about this Privacy Policy, please direct your communication as set out below:

By Post

NTT Com Asia Limited

6 Chun Kwong Street, Tseung Kwan O Industrial Estate, Tseung Kwan O, New Territories, Hong Kong

Attn.: IMS Secretariat

 

By Email

IMS Secretariat at dpm@ntt.com.hk