This privacy notice aims to provide our clients on how RP Financial (“RP”) collects and processes our clients' information. The notice also serves to comply with the updated General Data Protection Regulation (GDPR) as well as the Hong Kong Personal Data (Privacy) Ordinance.
It is important that all clients and employees of RP read the privacy notice together with any other privacy notice that RP provide on any specific occasion, when collecting and processing client’s data, in order to understand the purpose and use of such data. This privacy notice is supplemented with other notices and is not intended to override them.
Collection of Data
RP collects client’s personal data for various purposes, these include account opening, KYC requirements, and the processing of client due diligence etc.
Personal data will be collected according to different client type, investment products and the jurisdiction of the product registered in.
- Personal Data as defined by the Hong Kong Personal Data (Privacy) Ordinance;
- Relating directly or indirectly to a living individual;
- From which it is practicable for the identity of the individual to be directly or indirectly ascertained; and in a form in which access to or processing of the data is practicable;
Data Subject in relation to personal data, means the individual who is the subject of the data.
Control and Use of Collected Data
Personal Data collected will only be used for businesses purpose, and will only be in relation to our services. All data will be used when the law allows us to. Licensed Representative is required to explain RP’s control and use of the collected data, at the time of data collection.
Contact information among the collected data is used for notifying the up-to-date information or communicating events that may be of interest or relevance to the data subject. Data subject can unsubscribe to these information at any time by notifying RP via email or by mail.
RP along with its affiliates (could be a third party) will be acted as the “data controller”, for the purposes of the data protection regulations of various jurisdiction. The Data Controller will process all data collected lawfully. Unless RP are obliged or permitted to do so, all collected data will not be disclosed to third parties, within RP Financial (“the group”). All personal data is stored securely in accordance with the principles of the Data Protection Regulations and the Personal Data (Privacy) Ordinance.
Common Use of collected personal data:
- Perform the contract;
- When RP need to comply with a legal or regulatory obligation;
- Internal record keeping;
- Managing events and keep data subject informed all updates of the subscribed products and services;
Whenever there is a change of the above controls, notification will be sent to the related data subject. Note that, personal data might be use without the knowledge or consent of the data subject, if and only if, it is in compliance with the rules mentioned in this policy and any supplements of this policy, where it is permitted or required by law.
Data Subject's Rights
Under certain circumstances, data subject has the below rights, under Personal Data (Privacy) Ordinance, in relation to his/her personal data
- Request access to his/her personal data;
- Request correction of his/her personal data;
- Request erasure of his/her personal data;
- Object to process of his/her personal data;
- Request restriction of processing his/her personal data;
- Request transfer of his/her personal data;
- Right to withdraw consent;
- Right to lodge compliant to the supervisory authority;
RP will retain all data collected for as long as necessary to fulfill the purposes of collecting it, these purposes include but not limited to, satisfying any legal, accounting, or reporting requirements.
RP has in place proper security measures in relation to data collected from data subject to prevent data, including personal data, from being altered, disclosed, lost, and unauthorized use or access. In case of data breach, the related data subject and applicable regulator will be notified as soon as practicable. All data subjects should be aware that the transmitting of information over the internet may not entirely secure and could expose to certain risk. RP cannot ensure the security of data transmitted via internet.
Speak with one of our expert advisors today.