Statement of Policy
It is our policy to meet fully recognized standards of personal data privacy protection in complying with the applicable requirements of the Personal Data (Privacy) Ordinance (PDPO), and we strive to ensure compliance by our staff with the standards of security and confidentiality prescribed by law.
Statement of Practice
Kinds of Personal Data Held (include but not limited to)
Your Personal information and contact information, such as your name, gender, date of birth, identity card number, telephone number, social media contact, email address, residential address, mailing address, and billing address.
Records collected on webservers, which include email addresses (whereas they constitute personal data under specific circumstances that the addresses can be used to identify an individual) collected for newsletter subscription. IP address, real-time geographic location data, browser settings, browsing records, and/or other Internet log information of your computer or mobile device.
Personnel records, which include job applications and KnitWarm staff personal details, job particulars, details of salary, payments, benefits, leave and training records, group medical and dental insurance records, mandatory provident schemes participation, performance appraisals, and disciplinary matters, etc.
Main Purposes of keeping Personal Data
Personal data held in:
Your Personal information and contact information are kept for identifying you and any accounts you hold with us, enabling the provision of the services to you, conducting identity verification and/or credit checks, determining and verifying your eligibility for discounts and promotions on products and services, processing of payment instructions or collection of amounts outstanding from you in relation to the provision of the services order processing, billing and fulfilment, handling your complaints and account enquiries, and handling any claim, action and/or proceedings against the Company or any party, fraud prevention and detection, auditing purposes, making such disclosures as required by applicable laws, rules and regulations, any other purposes directly related to the purpose for which the personal data were originally collected.
Records collected on webservers are kept for the purpose of sending newsletters to subscribers registered through the websites.
Personnel records of employees are kept for recruitment and human resource management purposes, relating to such matters as employees' appointment, employment benefits, termination, performance appraisal and discipline, etc.
Information collected when you visit our websites
Use of cookies - When you browse this website, cookies will be stored in your computer's hard drive. The purpose of using cookies is to facilitate the successful redirection to the correct page upon your clicking on the changing banner. We do not collect or store any personal data from you under this circumstance. To the extent that non-personal data is combined with personal data, we treat the combined data as personal data for the purposes of this Privacy Policy Statement. In certain circumstances we may collect personal data about you, but only where you voluntarily provide it by completing an online form, or where you purchase goods from our website or use the services.
You have a choice not to accept the cookies, but if you do, certain functionality, i.e. banner redirection, may not be available.
Statistics on visitors to our websites - When you visit our websites, we will record your visit only as a “hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/duration and the pages visited (webserver access log).
We use the webserver access log for the purpose of maintaining and improving our websites such as to determine the optimal screen resolution, which pages have been most frequently visited etc. We use such data only for website enhancement and optimisation purposes.
We do not use, and have no intention to use the visitor data to personally identify anyone.
Outsourcing arrangements
KnitWarm Limited’s internal IT systems are developed and maintained by in-house staff and a local third-party service provider. The third-party service provider does not have access to personal data stored in the IT system except when it is carrying out trouble-shooting on it at KnitWarm under the supervision of KnitWarm staff.
KnitWarm websites are developed and maintained by third-party service providers. All KnitWarm service providers are bound by contractual duty to keep confidential any data they come into contact with against unauthorized access, use and retention.
Protection measures
KnitWarm Limited takes appropriate steps to protect the personal data we hold against loss, unauthorised access, use, modification or disclosure.
Retention
This is important to ensure that your account information will not be accessed by a third party who may have acquired the right to use your discarded mobile number. You are solely responsible for securing your account in this particular way. We shall have no liability to you for any loss or damage in this regard. Unless there is a mandatory legal requirement for us to keep your personal data for a specified period, we will only retain your personal data for as long as is necessary to fulfill the purpose for which the personal data were originally collected.
Links
This Privacy Policy Statement only applies to our company’s website and app. Our website may contain links to other sites and pages. By activating a link, such as for example by clicking on the banner of an advertiser, you leave our website and we do not exercise control over any personal data or any other information you give to any other entity after you have left our website. Access to and use of such other websites is at your own risk.
Data access and correction
You have the right to request access to and correction of your personal data held by us in accordance with the provisions of the PDPO. Please note that all data access requests should be made using the form specified by the Privacy Commissioner for Personal Data which is accessible from the following link "Data Access Request Form".
When handling a data access or correction request, we will check the identity of the requestor to ensure that he/she is the person legally entitled to make the data access or correction request. We have the right to charge a fee for processing of any data access request.
We do not provide online facilities for you to delete or correct personal data held by us.
Any enquiries regarding personal data, or requests for access to or correction of personal data, can be made by email to info@knitwarm.com.