Data Privacy Terms and Conditions
- TrainerUni pledges to meet the recognized standards of personal data privacy protection, in complying with the requirements of the Personal Data (Privacy) Ordinance (the "Ordinance"). In doing so, TrainerUni also pledges to take reasonably practicable steps to ensure its agents comply with the standards of security and confidentiality required by the law.
- The following is the standard of security and confidentiality adopted by TrainerUni in its service contract with its clients:
- Security measures - TrainerUni must at all times employ reasonable organisational, operational and technological processes and procedures to keep the Personal Data safe from any unauthorised, accidental or unlawful use, access, alteration, loss, destruction, erasure, theft or disclosure.
- The organisational, operational and technological processes and procedures adopted by the TrainerUni must at all times comply with: (a) the requirements under the Ordinance; (b) the relevant guidelines and best practices recommended by the Office of the Privacy Commissioner from time to time.
- Restricting access by employees - TrainerUni should ensure that: (a) only those employees required to carry out the services under the service agreement with TrainerUni and the Client may have access to the Personal Data; and (b) such employees: (i) are only provided with as much Personal Data as they need to perform the services under the service agreement with the Client; (ii) are informed of the confidential nature of the Personal Data; (iii) have undergone adequate training with respect to data protection procedures and policies; and (iv) agree to comply with the obligations set out in this document.
- Restricting use of Personal Data - TrainerUni must: (a) only use the Personal Data for the purpose(s) set out in the service agreement with the Client; (b) process the Personal Data in accordance with the instructions of TrainerUni or the Client; and (c) process the Personal Data only to the extent, and in such manner, as is necessary for the proper provision of the services set out in the service agreement with the Client.
- Transfer or disclosure of Personal Data - TrainerUni must not disclose or transfer any of the Personal Data to a third party, except with the express consent of the Client or where required by law. TrainerUni must not publish, disclose, divulge or transfer any of the Personal Data to any third party (whether within or outside Hong Kong) without the prior written consent of the Client.
- Deletion or retention of data - TrainerUni must destroy all Personal Data promptly: (a) When it is no longer needed for it to perform the services for which it was retained; or (b) at the instruction of the Client. In complying with the clause above, TrainerUni must ensure that all electronic copies of the Personal Data are removed from its systems by either destruction of the storage device or using appropriate electronic deletion software
- Notification of data security breach - Where there has been any unauthorised, accidental or unlawful use, access, alteration, loss, destruction, erasure, theft or disclosure of the Personal Data ("Security Breach"), TrainerUni must report this to the Client as soon as it becomes aware of the incident of: (a) the Personal Data involved; (b) how the incident occurred; (c) those who were involved; and (d) anticipated impact. TrainerUni must provide any assistance as required by the Client to rectify such Security Breach.