Compliance

Scope

This privacy notice aims to provide our clients on how RP Financial (“RP”) collects and processes our clients' information. The notice also serves to comply with the updated General Data Protection Regulation (GDPR) as well as the Hong Kong Personal Data (Privacy) Ordinance.

It is important that all clients and employees of RP read the privacy notice together with any other privacy notice that RP provide on any specific occasion, when collecting and processing client’s data, in order to understand the purpose and use of such data. This privacy notice is supplemented with other notices and is not intended to override them.

Collection of Data

RP collects client’s personal data for various purposes, these include account opening, KYC requirements, and the processing of client due diligence etc.

Personal data will be collected according to different client type, investment products and the jurisdiction of the product registered in.

• Personal Data as defined by the Hong Kong Personal Data (Privacy) Ordinance;
• Relating directly or indirectly to a living individual;
• From which it is practicable for the identity of the individual to be directly or indirectly ascertained; and in a form in which access to or processing of the data is practicable;

Data Subject in relation to personal data, means the individual who is the subject of the data.

Control and Use of Collected Data

Personal Data collected will only be used for businesses purpose, and will only be in relation to our services. All data will be used when the law allows us to. Licensed Representative is required to explain RP’s control and use of the collected data, at the time of data collection.

Contact information among the collected data is used for notifying the up-to-date information or communicating events that may be of interest or relevance to the data subject. Data subject can unsubscribe to these information at any time by notifying RP via email or by mail.

RP along with its affiliates (could be a third party) will be acted as the “data controller”, for the purposes of the data protection regulations of various jurisdiction. The Data Controller will process all data collected lawfully. Unless RP are obliged or permitted to do so, all collected data will not be disclosed to third parties, within RP Financial (“the group”). All personal data is stored securely in accordance with the principles of the Data Protection Regulations and the Personal Data (Privacy) Ordinance.

Common Use of collected personal data:

• Perform the contract;
• When RP need to comply with a legal or regulatory obligation;
• Internal record keeping;
• Managing events and keep data subject informed all updates of the subscribed products and services;

Whenever there is a change of the above controls, notification will be sent to the related data subject. Note that, personal data might be use without the knowledge or consent of the data subject, if and only if, it is in compliance with the rules mentioned in this policy and any supplements of this policy, where it is permitted or required by law.

Data Subject's Rights

Under certain circumstances, data subject has the below rights, under Personal Data (Privacy) Ordinance, in relation to his/her personal data

• Request access to his/her personal data;
• Request correction of his/her personal data;
• Request erasure of his/her personal data;
• Object to process of his/her personal data;
• Request restriction of processing his/her personal data;
• Request transfer of his/her personal data;
• Right to withdraw consent;
• Right to lodge compliant to the supervisory authority;

If the data subject wish to exercise any of the above rights, he/she should contact RP representatives. Specific personal data may be requested in order to confirm your identity during the process. For security reason, RP representatives may also contact the data subject for further information. All requests and exercise of the mentioned rights will be performed in a timely manner, within one month. Under this privacy policy, data subject’s rights cannot be transferred to any other person.

Retention

RP will retain all data collected for as long as necessary to fulfill the purposes of collecting it, these purposes include but not limited to, satisfying any legal, accounting, or reporting requirements.

Data Security

RP has in place proper security measures in relation to data collected from data subject to prevent data, including personal data, from being altered, disclosed, lost, and unauthorized use or access. In case of data breach, the related data subject and applicable regulator will be notified as soon as practicable. All data subjects should be aware that the transmitting of information over the internet may not entirely secure and could expose to certain risk. RP cannot ensure the security of data transmitted via internet.

General Terms

If any court or competent authority finds any provision or part-provision of this privacy policy is invalid, illegal or unenforceable, other provisions of this privacy policy will not be affected. The privacy policy is governed by and interpreted according to both the Hong Kong Personal Data (Privacy) Ordinance and the GDPR. All disputes arising under this privacy policy are subject to the exclusive jurisdictions.

Changes to this Privacy Policy

RP reserves the right to change this privacy policy as necessary from time to time as may be required by law. Any changes will be effective and the updated policy will be posted on the Website immediately. All data subjects are deemed to have accepted the terms of the privacy policy at the time he/she subscribed to RP’s products and services. For further information, please contact RP Financial via email at info@rpfingroup.com.