Privacy and Security

Privacy Policy and Personal Information Collection Statement

Last Update: 2 March, 2016

This Statement is, except where separate and distinctive statements are provided, applicable to the AMTD Asia Limited's group of companies and the AMTD Group Company Limited's group of companies (together hereinafter the "Group"), including but not limited to AMTD Direct Limited, AMTD Strategic Capital Limited, AMTD Risk Management Limited, AMTD Securities Limited, AMTD Asset Management Limited and AMTD China (Holdings) Limited. Accordingly, references to "we", "us", or "our company" shall mean, as the case may be, the relevant company within the Group. This Statement is applicable to all our websites, including but not limited to our websites at www.amtd.com.hk , www.amtddirect.com.hk and www.amtdgrand.com.hk .

Please note that this Statement may be amended from time to time without prior notice. You are advised to check the latest version on a regular basis. If there is any inconsistency or conflict between the English and Chinese versions of this Statement, the English version shall prevail.

I. Privacy Policy Statement

Our Pledge

We are committed to safeguarding the privacy of individuals with respect to your personal data. We assure that our policies and practices, and those adopted by our affiliated companies and agents in relation to the collection, use, retention, disclosure, transfer, security and access of your personal data comply with the requirements of the Personal Data (Privacy) Ordinance (Chapter 486) (the "Ordinance") under the laws of Hong Kong, as well as the relevant code of practice and guidance issued by the Office of the Privacy Commissioner for Personal Data, Hong Kong. The meaning of the term "personal data" adopted in this Statement is defined in the Ordinance.

Where our operations are subject to privacy legislation other than that of Hong Kong (such as due to our carrying out of operational functions outside of Hong Kong), this Statement shall apply so far as it is consistent with such local legislation.

Collection of Personal Data

At times, you may be required to give your personal data and/or survey data including, but not limited to, your name, gender, age, date of birth, identity document number and/or its copy, telephone number, fax number, home address and/or its proof, email address, credit card information, bank account number and etc. Whilst some of the above requested data are optional (and the furnishing of which are subject to your voluntary choice), the refusal to provide certain requested data may render us unable to handle any application, or may deny you access to certain parts of our websites, or may otherwise defeat the objectives of your visit. If you are under the age of 18, consent from your parent or guardian is required before you give us any personal data and/or survey data.

When you provide us your personal data and/or survey data, they would be deemed to be correct, complete and not misleading. We shall not be liable for any losses or damages in relation to or arising from the incorrectness or incompleteness of the personal data and/or survey data provided by you to us from time to time.

Information relating to your use, purchase or order of our services and/or products, such as call/connection time, duration, origin and destination, may be automatically collected for our accurate reporting and administration of your accounts.

Some of our websites may disclose non-personally identifiable aggregate statistics relating to our visitors to advertisers. Some of our websites may collect aggregate information about our visitors, e.g. statistics on the number of visits. This type of data may include, but is not limited to, the browser type and version, operating system, IP address and/or domain name.

Cookies used (if any) in any part of our websites will not be deployed for collecting personal data. For your information, Cookies are small computer files that can be stored in web surfers' computers for the purposes of obtaining configuration information and analyzing web surfers' viewing habits. They can save you from registering again when re-visiting a website and are commonly used to track your preferences in relation to the subject matter of the website. You may refuse to accept Cookies by modifying the relevant Internet options or browsing preferences of your computer system, but to do so you may not be able to utilize or activate certain available functions in our websites. Our websites may bar users who do not accept Cookies.

Calls between you and our Customer Service may be recorded for, including but not limited to, regulatory compliance, audit compliance, staff training, service quality control and contractual clarification purposes.

Accuracy of Personal Data

Your application for the use, purchase or order of any of our services and/or products may be subject to, including but not limited to, credit assessments, verification of your personal details and etc.. If we regard results of such checking as unsatisfactory, we will not enter into any agreements, arrangements or engagements with you. In some instances, data provided by you will be validated by using generally accepted practice or against our pre-existing data, or we may require you to show the original documentation before the data may be used, such as personal identifiers and/or proof of address.

Use of Personal Data Collected

Specific purposes for which your personal data may be used are set out in our "Personal Information Collection Statement" set out in Part II below (particularly those contained in points 1. through to 8. in the first paragraph of Part II below).

Data Access and Correction

Under the Ordinance, you have the right to:

Check whether we hold any of your personal data;
Access your personal data held by us;
Request us to correct any inaccurate personal data held by us; and
Ascertain our policies and practices established (from time to time) in relation to personal data
and the types of personal data held by us.
If you want to access and/or correct your personal data which you have given us via application form, internet or other means, or if you want to ascertain our policies and practices in relation to personal data and the kind of your personal data held by us, please contact our Data Protection Officer in writing, we will respond within 40 days after receiving the request. We may charge you a reasonable fee for each personal data access. However, such fee will be waived if the data access is made for the purpose of correcting your personal data.

Security of Personal Data

We use various encryption techniques to transmit via the Internet your personal data, which can only be accessed by our authorized personnel. Given the operational nature of the Internet, we cannot guarantee that the transmission is 100% secure. Please, however, refer to our "Security Statement" in Part III below for details on the steps that we have taken to ensure that any personal data collected by us via our websites is safe and secure to avoid third party's unauthorized interference.

Internal Guidelines on Record Retention and Access to Personal Data

Our staff are required to strictly adhere to our Internal Guidelines on Record Retention and Access to Personal Data. Physical records containing personal data are securely stored in locked areas when not in use. Access to such physical and/or computer records is strictly controlled and requires management approval for each access. Approvals for access to customers’ personal data are granted only on a "need to know" basis. Where we retain, use and/or transmit customers’ personal data, we have put in place adequate measures to protect it from accidental and/or unauthorized disclosure, modifications, loss and/or destruction.

Retention of Personal Data

If you are a customer of ours, your personal data which you have given us via application form, internet or other means, during the subscription period of our services and/or products will be retained for a reasonable period after termination of your subscription. We will erase any unnecessary personal data from our system in accordance with our internal policy.

On-line Services

We may promote on-line stores or service providers or product providers operated by third party merchants on our website. If you want to use or order any services and/or products from them, please note that once the information that you provided is transferred to the relevant merchant, it will be beyond our control and thus outside the scope of protection afforded by us.

II. Personal Information Collection Statement

As a customer of our company, or a visitor or user of our websites, it may be necessary for you to provide us with your personal data when you apply to us and/or continue to subscribe with us for any services and/or products. If your personal data is incomplete or incorrect, we may not be able to provide or continue to provide the services and/or products to you. We shall keep your personal data confidential at all times. Our policies and practices with respect to the collection, use, retention, disclosure, transfer, security and access of personal data will be in accordance with requirements under the Ordinance and this Statement. We may use the personal data provided by you for the following purposes and for other purposes as shall be agreed between you and us or required by law from time to time:

Processing of your application for the use, purchase or order of any services and/or products, and provisioning of the services and/or products;
Subject to your consent, we may use your personal data (which may include name, gender, telephone number, fax number, postal address, email address and/or month and year of birth) for marketing the services and/or products (restricted to insurance, reinsurance, banking, mortgage referral, credit card, property development, retailing, securities and investment, telecommunications, third party reward, loyalty and privilege programme, co-branding, finance, education, media, entertainment and leisure, health and beauty, apparel, jewelry, electrical and electronic products, hotels and travelling, restaurant and catering, logistic and transport, real estate agency, concierge and social network services) (irrespective of whether we are remunerated for such marketing activities) relating to us, our affiliated companies, business partners and Morgan Stanley’s group of companies and any of its subsidiaries and/or affiliates and any company in which it has a direct or indirect interest or with which it is in joint venture or co-operation or their successors and assigns (the "Morgan Stanley Group"). We may dispatch to you the promotional information via direct marketing telephone calls, e-mail, e-message1, facsimile, direct mailings etc. We will enquire your preference on nature of services and/or products before we provide you with the direct marketing promotional materials.
Processing of any benefits for you arising out the services and/or products;
Analyzing, verifying and/or checking of your credit, payment and/or account status in relation to the provision of the services and/or products;
Processing of any payment instructions, direct debit facilities and/or credit facilities requested by you;
Facilitating the daily operation of your account, provisioning of customer services and/or the collection of overdue amounts in your account in relation to the services and/or products;
Enabling us to conform with other industry practices, or to comply with any requests stipulated by governmental or regulatory authorities; and
Enabling us in prevention of crime.
1 E-message means electronic messages delivered via the following means: mobile short messaging service (SMS) / multimedia messaging services (MMS) / cross-platform mobile messaging application (e.g. smartphone messaging application).

We may disclose and transfer (whether in Hong Kong or overseas) your personal data to the following parties to use, disclose, process or retain such personal data for the purposes mentioned above:

Our agents and contractors (including IT, network, customer service, sales agents, mailing houses, telecommunication service providers, telemarketing and direct sales agents, call centers, data processing service providers, third party reward, loyalty and privilege programme providers, co-branding partners and contractors), telecommunications operators, and service providers for the provision of our services and/or products;
Our affiliated companies, business partners and affiliated companies and business partners of the Morgan Stanley Group;
Banks, financial institutions and credit providers;
Debt collection agencies, credit reference agencies and security agencies;
Regulatory bodies, law enforcement agencies and courts;
Our professional advisers, and any other persons under a duty of confidentiality to us; and
Any of our actual or proposed assignees or transferees of our rights with respect to you.
In addition, in accordance with your agreement with us or consent given to us (as the case may be), we may disclose and transfer your personal data (whether in Hong Kong or overseas) to our affiliated companies, business partners and/or the Morgan Stanley Group for the purposes of carrying out market research and credit assessments and ensuring such personal data provided by you to us fulfills the aforesaid or other purposes as shall be agreed between you and us or as required by law from time to time.

If you do not wish to receive direct marketing promotional information from us with respect to the services and/or products we provide and/or other categories of services and/or products mentioned above, or do not wish us to disclose, transfer or use your personal data for the aforesaid direct marketing purposes, please contact our Customer Service Hotline 3163 3260 or click here, download the "Marketing Message Opt-out Request Form", by returning the form to our Customer Service Department either by post: Suite 1308, 13/F AIA Central, 1 Connaught Road Central, Hong Kong or by fax: 3163 3493 after completion.

III. Security Statement

While internet is not an inherently secure environment for communications, security of internet communications can be enhanced by the application of appropriate technology. However, internet security is not solely a technical issue, knowledge on security of personal and transaction data as well as general measure are equally important. "Hackers" could only attack a system through a "door" . However, in most cases imprudent transmission and handling of sensitive data such as confidential documents, password, personal identifiers etc. would facilitate unauthorized access to such a "door" by "hackers". Hence, internet users should be cautious when handling such kind of sensitive documents and data.

In order to prudently preserve all personal data obtained from users of our websites, apart from firewalls and other sophisticated technical facilities, we also provide and maintain other stringent security measures so as to protect our system as well as the information and data retained therein from accidental or malicious destruction or damage.

IV. Enquiries

Should you have any enquiries concerning this Statement, please feel free to contact our Data Protection Officer in writing at:

Data Protection Officer
Suite 1308, 13/F AIA Central, 1 Connaught Road Central, Hong Kong.

Note:
Important: By accessing this website and any of its pages, you are agreeing to the terms set out above.