Privacy Policy

  1. Definitions
    1.1 Unless otherwise defined in this Privacy Policy, all capitalized terms used herein shall have the meanings ascribed to them in the General Terms. All rules of interpretation set forth in the General Terms shall apply to this Privacy Policy unless the context requires otherwise.

"Authorized User" means a Customer or an Alliance Partner, or their designated representatives, who have been granted specific authorization by the Company to access and utilize the CAP Portal pursuant to the CAP Portal Terms.

"CAP Portal" means the Customer and Alliance Partner Portal, being the online platform provided by the Company for Customers and Alliance Partners to access certain services, information, and resources.

"CAP Portal Content" means any information, documents, images, videos, materials, or other content available on, downloadable from, or obtained through the CAP Portal, whether by viewing, downloading, copying, or any other means.

Company” means NTT Com Asia Limited and its affiliates, as applicable, collectively referred to as "we," "us," or "our" throughout this Privacy Policy.

Personal Data” means any data relating directly or indirectly to a living individual from which it is practicable for the identity of the individual to be directly or indirectly ascertained and in a form in which access to or processing of the data is practicable, as defined under the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.

User” means collectively Website Users and Authorized Users.

"Website" means the Company's public-facing website accessible at www.ntt.com.hk (excluding the CAP Portal).

"Website User" means any individual or entity accessing or using the Company's public-facing website, without logging into the CAP Portal.

"Website Content" means any information, documents, images, videos, materials, or other content available on or obtainable through the Website, excluding CAP Portal Content.

           1.2 The headings in this Privacy Policy are for convenience only and have no legal or contractual effect.

           1.3 This Privacy Policy governs the collection, use, disclosure, and processing of personal data in connection with the access and use of the Company's website, including the CAP Portal. This Privacy Policy shall be read in conjunction with the CAP Portal Terms and the General Terms and Conditions. In the event of any inconsistency between this Privacy Policy and the aforementioned documents, this Privacy Policy shall prevail in respect of matters relating to personal data protection.

  1. Collection of Personal Data
    2.1 NTT Com Asia Limited and its affiliates, as applicable (the “Company”) collects personal data in strict compliance with Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) and this Privacy Policy, primarily to facilitate your use or subscription of our Website, products, services, and/or other support.

    2.2 The types of personal data we may collect include, but are not limited to, your name, contact details, preferences related to our services and products, and information necessary for service provision and support.

    2.3 The collection of personal data serves several purposes:
    a) To provide the products, services, and support you have requested or subscribed to, where only necessary personal data will be collected;
    b) To enhance your user experience, including the use of anonymous aggregated data for website content and functionality improvement;
    c) For processing and use by any third party service providers that offer administrative, payment gateway, financing, professional, or other services to the Company;
    d) For processing and use by any banking, financial, or other institution with which you have or propose to have dealings;
    e) For processing and use by debt collection or credit reference agency or similar provider of debt collection or credit information services to the Company;
    f) For processing and use by entities to which the Company transfers or proposes to transfer its interests and/or obligations under relevant contract, arrangement, or transaction between you and the Company, or otherwise in respect of you or any product or service provided by the Company to you;
    g) For processing and use by governmental authorities or the court as required by applicable laws or court order;
    h) For essential system administration and troubleshooting purposes, involving the collection of technical logs;
    i) For marketing and promotional activities, with your consent and providing an option to opt-out mechanism;
    j) For the transfer and processing of your personal data, such as name, contact details, transaction details, and product/service preferences, by the Company to its affiliates and business partners in Hong Kong or other jurisdictions (collectively, the “Related Entities”), as reasonably necessary for the Related Entities to provide member support, process your transactions, make product/service recommendations, administer contests, projects (including situations where you sign up for or participate in projects conducted by any Related Entity), and promotions in which you participate, perform administrative functions, enable your registration and account creation on platforms, portals, or apps operated by any Related Entity, and/or facilitate your attendance at e-learning sessions or other activities on websites, portals, or apps maintained by such Related Entity; and/or
    k) To facilitate access and use of the CAP Portal for Authorized Users.

    2.4 The Company may collect the following types of Personal Data through the Website and CAP Portal:
    (a) Login credentials and authentication information;
    (b) User preferences and settings;
    (c) Usage data, including but not limited to, pages visited, features used, and time spent on the Website or CAP Portal;
    (d) Device information, including IP address, browser type, and operating system; and
    (e) Any other information voluntarily provided by the user through the Website or CAP Portal.

    2.5 The Company distinguishes between data processing practices for the public-facing Website and the CAP Portal as follows:
    (a) Public Website: Collects limited Personal Data, primarily for analytical and functional purposes.
    (b) CAP Portal: Collects more extensive Personal Data, including account information and usage data, to provide personalized services to Authorized Users.

    Authorized Users should refer to the CAP Portal Terms for additional information on data processing related to CAP Portal usage.
  1. Use and Disclosure of Personal Data
    3.1 Personal data collected by the Company is accessed, stored, and processed with in line with PDPO requirements.

    3.2 Disclosure of personal data is limited any may include sharing with:
    a) Parties you engage with our Website;
    b) The Company’s affiliates, agents, contractors, other telecommunication network providers, and other third party service providers necessary for business operations and service delivery;
    c) Business partners involved in providing services to you;
    d) Entities in the event of a transfer of the Company’s interests and/or obligations under any contract with you or in connection with a product or service provided to you;
    e) Law enforcement, regulatory bodies or the Court, as required by law.

    3.3 It is acknowledged and agreed that personal data may be transferred outside Hong Kong, subject to the conditions set out in clause 3.2.

    3.4 The Company may collect and process different types of personal data for Website Users and Authorized Users. Authorized Users should refer to the CAP Portal Terms for additional information on data processing related to CAP Portal usage.

    3.5 Personal Data collected through the Website or CAP Portal may be integrated with other Company systems for the purposes of providing services, account management, and internal analytics. Such integration shall be subject to appropriate technical and organizational measures to ensure the security and confidentiality of the Personal Data.

    3.6 The Company may engage third-party service providers to assist in operating the Website and CAP Portal. These service providers may have access to Personal Data collected through the Website or CAP Portal solely for the purpose of performing their functions and are contractually bound to maintain the confidentiality and security of the data.
  2. User Rights under PDPO
    4.1 Under the PDPO, data subjects are entitled to certain rights, which the Company respects and upholds. These rights include:
    a) Requesting access to personal data held by the Company;
    b) Seeking correction of any personal data that is inaccurate or incomplete;
    c) Receiving information on the Company’s policies and practices regarding personal data;
    d) Objecting to the use of personal data for direct marketing; and
    e) Requesting the deletion of personal data, subject to legal and operational requirements.

    4.2 To exercise these rights, you shall submit a written request to our designated Data Protection Officer / IMS Secretariat. There may be a reasonable fee charge for processing your access request as permitted under the PDPO. The Company is committed to honouring valid data subject rights request under the PDPO within legally mandated timeframe. We may charge a reasonable fee for processing such requests, as permitted under the PDPO.

    4.3 Exercise of Rights under PDPO. In addition to the rights specified in Clause 4.1, users may exercise the following rights specifically in relation to Personal Data collected through the Website and CAP Portal:
    (a) The right to be informed about the purposes of use of their Personal Data;
    (b)The right to request erasure of their Personal Data, subject to legal and operational requirements;
    (c) The right to object to the use of their Personal Data for direct marketing purposes; and
    (d) The right to withdraw consent for specific data processing activities, where consent was the legal basis for such processing.

    To exercise these rights, users shall follow the procedure outlined in Clause 4.2.

 

  1. Data Security
    5.1 The Company employs robust technical and organizational measures to safeguard personal data against unauthorized processing, loss, destruction or damage.

    5.2 Key security safeguards include:
    a) Rigorous access controls and authentication protocols
    b) Comprehensive policy controls on data access
    c) Regular cybersecurity training for staff

    5.3 Despite our stringent security measures, the Company cannot guarantee absolute security of personal data. We do not warrant that personal data will be entirely secure from unauthorized access or disclosure.

    5.4 The Company's liability for security breaches, unauthorized disclosure, or data misuse is limited to the maximum extent permitted by law. The Company shall not be liable for any form of damages resulting from cybersecurity incidents. This limitation of liability supersedes any conflicting provision in this Privacy Policy.

    5.5 The Company shall not under any circumstances be liable for any direct, indirect, incidental, consequential, special, exemplary or punitive damages arising out of or in connection with any cybersecurity breach or data leakage incident.

    5.6 Users are responsible for maintaining the security of their account credentials and must promptly notify the Company of any unauthorized use of their account or any other breach of security.
  2. Data Retention
    6.1 Personal data is retained only as long as necessary for its intended purposes. The Company adheres to legal, regulatory, and contractually retention requirements, ensuring data is not kept beyond necessary periods.

    6.2 In the event of data correction or deletion requests by data subjects, the Company reserves the right to retain necessary personal data for compliance with legal obligations or for the establishment, exercise, or defense of legal claims. This data will be retained strictly in accordance with the PDPO and other relevant laws and regulations.

    6.3 The Company shall retain Personal Data collected through the Website and CAP Portal for the following periods:
    (a) For the duration of the user's active account plus 7 years following account closure;
    (b) For 3 years from the date of collection;
    (c) For the duration of the user's active account plus 30 days following account closure; and
    (d) Until the user withdraws consent or opts out of marketing communications.

    Notwithstanding the foregoing, the Company reserves the right to retain data for longer periods where necessary for legal, regulatory, or operational requirements.
  1. Cookies and Local Storage
    7.1 The Company utilizes cookies and local storage technologies on the Website and CAP Portal for the following purposes:
    (a) To enhance user experience and functionality;
    (b) To analyse usage patterns and improve our services;
    (c) To remember user preferences and settings; and
    (d) To facilitate secure login and authentication processes for Authorized Users.

    7.2 Users (both Website Users and Authorized Users) may manage their cookie preferences through their browser settings. However, disabling certain cookies may impact the functionality of the Website or CAP Portal.
  1. Third Party Services
    8.1 The Company may engage third-party service providers to assist in operating the Website and CAP Portal. These service providers may have access to Personal Data collected through the Website or CAP Portal solely for the purpose of performing their functions and are contractually bound to maintain the confidentiality and security of the data.

    8.2 Whenever the Company share your personal data with third parties, such as service providers, business partners, or other related third parties, we ensure such parties are obligated to protect your data in compliance with the PDPO. We will require all such third parties to maintain the confidentiality and security of the personal data they process on our behalf, prevent its misuse, and process it only in accordance with our specified purposes and in line with the applicable legal framework. This includes third-party service providers that offer administrative, payment gateway, financing, professional, or other services to the Company.
  2. Modifications
    9.1 Our Privacy Policy may be updated at any time without prior notice to reflect changes in our data processing practices or relevant laws. Amendments will be effective immediately upon posting on our Website.

    9.2 The Company will notify you of any significant changes that affect the processing purposes or the categories of personal data processed. Notification will be provided through our website and, where feasible, via direct communication to you, such as email. We encourage you to review our Privacy Policy regularly to stay informed of how we are protecting your information.

    9.3 The Company will endeavour to communicate significant changes to the Privacy Policy to affected users, when feasible, vial email or website notification. However, it is ultimately the responsibility of the users to stay informed about changes by regularly checking our Website.

    9.4 Users’ continued use of the Company’s services after any changes to the Privacy constitutes their acceptance of the revised terms. If users do not agree to the amended Privacy Policy, they should cease using the Company’s services.

    9.5 For Authorized Users, changes to this Privacy Policy may also be communicated through the CAP Portal.
  3. Relationship to General Terms
    10.1 The Company's General Terms and Conditions ("General Terms") are incorporated by reference into this Privacy Policy as if fully set forth herein. All provisions of the General Terms apply to this Privacy Policy and the parties’ rights and obligations hereunder. This includes without limitation provisions relating to intellectual property, trademarks, disclaimers, limitations of liability, indemnification, governing law and other relevant terms in the General Terms. Authorized Users are additionally bound by the CAP Portal Terms in respect of their access to and use of the CAP Portal.

    10.2 In the event of any conflict between the General Terms and this Privacy Policy, the terms of this Privacy Policy shall prevail solely with respect to the collection, use, disclosure, and other processing of personal data by the Company. For all other purposes, including use of any other Company services, products, or websites, the General Terms shall control.
  4. Order of Precedence
    11.1 Unless otherwise defined in this Privacy Policy, all capitalized terms used herein shall have the meanings ascribed to them in General Terms. In the event of any conflict or inconsistency between the definitions in this Privacy Policy and those in the General Terms, the definitions set forth in this Privacy Policy shall prevail solely for the purposes of construing the provisions of this Privacy Policy. All rules of interpretation set forth in the General Terms shall apply to this Privacy Policy unless the context requires otherwise.
  5. Language
    12.1 This Privacy Policy is written in the English language. Any translation into any other language shall be for convenience only and shall have no legal effect. In the event of any inconsistency between the English language version and any translation, the English language version shall prevail.
  6. Governing Law and Jurisdiction
    13.1 This Privacy Policy shall be governed by and construed in accordance with the laws of Hong Kong.

    13.2 Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Hong Kong.
  7. Contact Us
    14.1 For any request concerning access to or correction of personal data, as well as any inquiries about this Privacy Policy, please direct your communication as set out below:

By Post

NTT Com Asia Limited

6 Chun Kwong Street, Tseung Kwan O Industrial Estate, Tseung Kwan O, New Territories, Hong Kong

Attn.: IMS Secretariat

By Email

IMS Secretariat at dpm@ntt.com.hk