GENERAL
This policy statement provides information on the obligations and policies of NETGEAR ASIA PTE Limited, its subsidiaries, affiliates, and associated companies (the "Company") under the Hong Kong SAR Personal Data (Privacy) Ordinance - Cap.486 (the "Ordinance") and, where applicable, the EU’s General Data Protection Regulation (Regulation EU 2016/679, the “GDPR”). All individuals who submit an application to the Company in respect of a job vacancy and all employees of the Company upon accepting offer of employment shall be deemed to have consented to their personal data to be processed, stored, transferred or howsoever used or handled in accordance with this Statement. To the extent the GDPR applies to the processing of such applications, the processing of personal data is done in the legitimate interests of the Company.
This policy specifically addresses the Company's obligations in respect of the data privacy laws of the Hong Kong SAR which is one of the most developed data protection regimes worldwide. The Company believes the principles embedded in the Ordinance offer no less protection in personal data privacy than those in other jurisdictions. As such, the Company undertakes to apply, where practicable, those principles and the processes set out herein to its operations globally. This policy also addresses, where required, the requirements of the GDPR.
Where the Company's operations are subject to privacy legislation other than that of Hong Kong SAR, then this policy shall be applied in so far as practicable and consistent with such local legislation. For further details on the Company's compliance with the Ordinance and any other privacy legislations, please contact the Company’s Privacy Compliance Officer at the address listed below.
Throughout this policy, the meaning of the term "personal data" is as defined in the Ordinance and, where applicable, the GDPR.
This policy specifically addresses the Company's obligations in respect of the data privacy laws of the Hong Kong SAR which is one of the most developed data protection regimes worldwide. The Company believes the principles embedded in the Ordinance offer no less protection in personal data privacy than those in other jurisdictions. As such, the Company undertakes to apply, where practicable, those principles and the processes set out herein to its operations globally. This policy also addresses, where required, the requirements of the GDPR.
Where the Company's operations are subject to privacy legislation other than that of Hong Kong SAR, then this policy shall be applied in so far as practicable and consistent with such local legislation. For further details on the Company's compliance with the Ordinance and any other privacy legislations, please contact the Company’s Privacy Compliance Officer at the address listed below.
Throughout this policy, the meaning of the term "personal data" is as defined in the Ordinance and, where applicable, the GDPR.
COMPANY CORPORATE POLICY
The Company shall fully comply with the obligations and requirements of the Ordinance and, where applicable, the GDPR. The Company's officers, management, and members of staff shall, at all times, respect the confidentiality of and keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Company.
The Company shall ensure all collection, storage, transmission and other handling or usage of personal data by the Company shall be done in accordance with the obligations and requirements of the Ordinance and, where applicable, the GDPR.
Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, then the Company shall provide and/or correct that data in accordance with the time and manner stipulated within the Ordinance and, where applicable, the GDPR.
The Company shall ensure all collection, storage, transmission and other handling or usage of personal data by the Company shall be done in accordance with the obligations and requirements of the Ordinance and, where applicable, the GDPR.
Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, then the Company shall provide and/or correct that data in accordance with the time and manner stipulated within the Ordinance and, where applicable, the GDPR.
STATEMENT OF PRACTICES - RECRUITMENT
During the recruitment process, job applicants may be required to provide sufficient personal data so that the Company may, as appropriate and/or applicable:
At a minimum, such personal data will include:
Additional information may also be required subject to the nature of the position being applied for.
The applicant is responsible for ensuring all personal data they provide is accurate and complete. Any attempt to provide inaccurate information or withhold (or deliberately omit) provision of requested information may cause one or more of the following consequences:
The personal data so provided may be transferred, at the time of recruitment or after employment has commenced, to persons within the Company and its clients for the purpose of certain client projects who are involved in the assessment of the applicant's suitability for the position applied for and/or other positions, which may be, or may become, available within the Company. The data may also be transferred to third parties, such as investigation agencies, as are necessary to satisfy purposes relating to human resources management.
The Company shall retain the personal data of unsuccessful applicants for future recruitment purposes for a period of two years from the day on which the recruitment period ends. The personal data of successful applicants shall be retained for the duration of their employment by the Company and handled in such manner as described below under the heading of "Employment, Including Post Employment".
- Assess the applicant's suitability for the position being applied for;
- Assess the applicant's suitability for other positions the Company may have available;
- Determine remuneration and benefit packages;
- Verification of credentials and/or experience; and
- Perform security vetting and/or integrity checking.
At a minimum, such personal data will include:
- The applicant's name and contact details, including address and telephone number(s);
- Previous employment and relevant experience; and
- Education and relevant training.
Additional information may also be required subject to the nature of the position being applied for.
The applicant is responsible for ensuring all personal data they provide is accurate and complete. Any attempt to provide inaccurate information or withhold (or deliberately omit) provision of requested information may cause one or more of the following consequences:
- Prevention of making any offer of employment;
- Invalidate any offer of employment made; or
- Termination of employment (whether with or without notice), if the employment has commenced.
The personal data so provided may be transferred, at the time of recruitment or after employment has commenced, to persons within the Company and its clients for the purpose of certain client projects who are involved in the assessment of the applicant's suitability for the position applied for and/or other positions, which may be, or may become, available within the Company. The data may also be transferred to third parties, such as investigation agencies, as are necessary to satisfy purposes relating to human resources management.
The Company shall retain the personal data of unsuccessful applicants for future recruitment purposes for a period of two years from the day on which the recruitment period ends. The personal data of successful applicants shall be retained for the duration of their employment by the Company and handled in such manner as described below under the heading of "Employment, Including Post Employment".
EMPLOYMENT, INCLUDING POST EMPLOYMENT
In the course of employment by the Company, personal data of employees and their families, as appropriate, will be collected and used on an ongoing basis for various purposes relating to human resources management including but not limited to administering staffing, performance management, training, career development, salary and benefits administration, communication (e.g. Company news, staff benefit offerings and promotions), medical benefits, provident fund administration, insurance, taxation, welfare and providing information in compliance with legal requirements. Personal data will be transferred to internal departments, intra-company, and/or to other third parties as deemed necessary by the Company for the purposes of which the data are collected.
The Company retains certain personal data of employees when they cease to be employed by the Company (and such data will be retained for no longer than seven years after their cessation of employment). Such data are required for any residual employment-related activities of the former employee including, but not limited to:
Further details regarding the Company's policies and practices in respect of its handling of personal data relating to its employees, including post-employment, are included in the Company's Human Resources Policies and Staff Handbooks. They are also available to the Company's employees from their respective Human Resources representative.
The Company retains certain personal data of employees when they cease to be employed by the Company (and such data will be retained for no longer than seven years after their cessation of employment). Such data are required for any residual employment-related activities of the former employee including, but not limited to:
- The provision of job references;
- Processing applications for re-employment;
- Matters relating to retirement benefits; and
- Allowing the Company to fulfil contractual or statutory obligations.
Further details regarding the Company's policies and practices in respect of its handling of personal data relating to its employees, including post-employment, are included in the Company's Human Resources Policies and Staff Handbooks. They are also available to the Company's employees from their respective Human Resources representative.
TRANSFER OF PERSONAL DATA OUTSIDE OF HONG KONG
At times it may be necessary and/or prudent for the Company to transfer certain personal data to places outside of the Hong Kong SAR in order to carry out the purposes, or directly related purposes, for which the personal data are collected. By submitting job applications or entering into an employment relationship with the Company, candidates or employees have consented to such transfer which will be performed in compliance with the requirements of the Ordinance and, where applicable, the GDPR.
SECURITY OF PERSONAL DATA
Physical records containing personal data are securely stored in locked areas and/or containers when not in use.
Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas.
Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a "need to know" basis.
Where the Company holds, uses and/or transmits personal data, the data will be adequately protected from accidental and/or unauthorized disclosure, change and/or destruction.
Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas.
Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a "need to know" basis.
Where the Company holds, uses and/or transmits personal data, the data will be adequately protected from accidental and/or unauthorized disclosure, change and/or destruction.
ACCESS AND CORRECTION OF PERSONAL DATA
Under the terms of the Ordinance and, where applicable, the GDPR, job applicants and employees (current or former) have the right to:
The said right to access personal data can be exercised by:
The Company will, upon satisfying itself of the authenticity and validity of the access request, make every endeavour to comply with and respond to the request within the period set by the Ordinance (i.e. within 40 days after receiving the request) and, where applicable, the relevant requirements provided under the GDPR.
If the accessed data contains any incorrect information, the Company will accept written request for correction which can be sent to the Company's Privacy Compliance Officer at the address listed below, specifying the data obtained through the Data Access Request mentioned above which needs to be corrected. Satisfactory proof and/or explanation of the inaccuracy is essential before the Company would consider correcting the specified data.
- Ascertain whether the Company holds any personal data relating to them and, if so, obtain copies of such data (“right of access”);
- Require the Company to correct personal data in its possession which is inaccurate for the purpose for which it is being used by means of a data access request (right of correction); and
- Ascertain the Company's policies and practices in relation to personal data, which are those policies and practices set out in their entirety herein.
The said right to access personal data can be exercised by:
- Completing the "Data Access Request Form” as prescribed by the Privacy Commissioner for Personal Data or the “Data Access Request” Form- see “Note 1” below;
- Sending the completed form, along with appropriate proof of identity (a copy of the applicant's Hong Kong Identity Card or Passport) and the prescribed fee to the Company's Privacy Compliance Officer at the address listed below.
The Company will, upon satisfying itself of the authenticity and validity of the access request, make every endeavour to comply with and respond to the request within the period set by the Ordinance (i.e. within 40 days after receiving the request) and, where applicable, the relevant requirements provided under the GDPR.
If the accessed data contains any incorrect information, the Company will accept written request for correction which can be sent to the Company's Privacy Compliance Officer at the address listed below, specifying the data obtained through the Data Access Request mentioned above which needs to be corrected. Satisfactory proof and/or explanation of the inaccuracy is essential before the Company would consider correcting the specified data.
CONTACT DETAILS
All enquiries regarding the Company's compliance with obligations under the Ordinance and, where applicable, the GDPR should be addressed to:
Privacy Compliance Officer
Netgear Asia Pte Limited
Unit 3003, Metroplaza Tower 2,
223 Hing Fong Road, Kwai Fong, N.T.,
Hong Kong
or via email to: info@netgearclub.com.hk
(If there is any inconsistency or conflict between the English and Chinese version of this Statement, the English version shall prevail.)
Privacy Compliance Officer
Netgear Asia Pte Limited
Unit 3003, Metroplaza Tower 2,
223 Hing Fong Road, Kwai Fong, N.T.,
Hong Kong
or via email to: info@netgearclub.com.hk
(If there is any inconsistency or conflict between the English and Chinese version of this Statement, the English version shall prevail.)
Note 1: Please contact Privacy Compliance Officer to obtain a copy of the “Data Access Request” Form, please note that we may apply an administrative charge for providing access to your personal information in response to such request.