J CPA is strongly committed to protecting personal information. This Statement explains what information we gather about you, what we use that information for, and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.
“J CPA”, “we”, “us” and “our” refer to J CPA Member Firms operating in Hong Kong SAR.
Here is the index
- Collection of personal information
- Use of personal information
- Third-party links
- Security of personal information
- Transfer of personal information
- Retention of personal information
- Access to data & Rights in relation to your information
- Contact us
The privacy of your personal information is important to us. This Statement describes how J CPA handles personal information collected through our websites, social media platforms, applications, products and/or services provided by J CPA Member Firms operating in Hong Kong SAR (referred to as “J CPA Services”).
Some J CPA Services provided by J CPA Member Firms may have Privacy Statements that differ from this one and/or contain additional information as required under local laws. Please refer to the relevant Privacy Statements in order to understand how they process your personal information.
Many of our J CPA Services require some personal data to be collected. If you choose not to provide us with the personal data necessary to enable us to provide such product/service, you may not be able to use that product/service.
In this Statement, your information is sometimes called “personal data” or “personal identifiable information” or “personal information”. We also sometimes collectively refer to handling, collecting, protecting or storing your personal information as “processing” such personal information.
This Statement applies to any personal data provided to us, and any personal data created in connection with our J CPA Services.
For personal data collected in OUT of Hong Kong: If you are providing personal data of other individuals, please make sure that
(i) the personal data is from a legitimate and lawful source;
(ii) the other individuals are aware of the purpose(s) for collecting his/her personal data and all other relevant arrangement described in this Statement relating to the processing and use of personal data, and that he/she has consented to such disclosure and data processing.
We may contact you to inquire and confirm with you in relation to (i) and (ii) above. If you receive such an enquiry from us, please kindly assist and provide us with prompt response. We may have to discontinue the J CPA Services if we are unable to obtain the verification needed.
By using our J CPA Services and providing personal information to us, you acknowledge that you have read this Statement, and subject to your explicit consent which we may separately seek from you as may be required by applicable law, you consent to the terms of this Statement (including international transfers as set out in this Statement to countries outside where you are located).
If you do not agree with the terms in this Statement and have concerns about the categories of personal data, we require from you, please do not provide any personal information to us without contacting us.
2. Collection of personal information
When you use our J CPA Services, we may collect information about you including through cookies and analytics tools. We may collect personally identifiable information about you either directly from you, or by combining information we collect and maintain through other means (such as client relationship management systems or identification and access management systems, including IP addresses) or as we may receive from publicly available sources such as social media or other third-party sites.
2.1 Categories of Personal Data
The personal information we collect may include:
- name, current job title, name of employer, email address, contact numbers, or your location (country / city) when you:
- subscribe to receive communications from us, create a user profile, or send an inquiry through our websites; or
- register for our webinars / webcast / events. At the time of your registration, you might also be asked for your postal address and whether or not you would like to be informed of upcoming webinars / webcasts via the contact information you provided and/or through your postal address. We use registration information for internal research and analysis purposes to help us understand who is viewing our webcasts, and become better equipped to serve your needs;
- your social network ID, such as WeChat ID and LinkedIn profile URL, when you register as an alumni. Any personal information that an alumnus submits to us will only be used to maintain contact with that alumnus, and will not be disclosed to any third-party without your express permission;
- name and email address, when you access our applications (such as when you respond to a survey or access specific content);
- name, correspondence address, email address, national identification details, for purpose of performing our pre-engagement acceptance checks (which may include conflicts, anti-money laundering or other regulatory-related checks) and these are necessary for us to fulfil such checks; and in the course of providing our products and/or services to you/your organisation/your employer when it is necessary for business purposes.
- information which you have made publicly available on your social networking account, such as your name and your interests in our products and services, when you interact with us on our pages at social networking sites. The social networking sites may provide statistics and insights to us which help us understand the types of actions that people take on our pages. Where applicable, we and the social media site(s) have entered into an arrangement which determines our respective responsibilities;
- content that you provide, including but not limited to postings on any blogs, forums, wikis and other social media applications and services that we may provide;
- certain personal identification information (e.g. your national ID number) may be requested for security purposes before you are granted access to our premises;
- any other additional information you choose to provide to us (e.g. your working history), for instance, when you use any “Contact Us” feature of our J CPA Services, as part of the registration process, register a user account, and/or create and update your user profile.
It is our policy that you are only required to supply us with the minimum scope of personal information that is necessary for us to complete your request and/or to provide you our J CPA Services (“Necessary Personal Information”). You may voluntarily provide us with additional personal information we ask for, which will help us to improve J CPA Services and to better serve your needs. Failure to provide us with such additional personal information will not negatively affect your use of J CPA Services.
2.2 Sensitive personal information
We do not usually seek personal sensitive information (e.g., data relating to personal ID, personal asset, race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation) from visitors to our websites. As indicated in 2.1 above, we may however collect certain categories of personal data, which may be regarded as sensitive personal data under relevant laws in Mainland China for purposes of conducting pre-engagement checks and for security purposes (granting access to our premises).
We will not collect and process your sensitive personal data unless we have obtained your explicit consent as may be required under applicable law.
3. Use of personal information
For Necessary Personal Information we collect, we will use it to complete your specific request and/or to provide you the J CPA Services, which may further include:
- to provide, administer, manage and develop different functions of our products/services, such as conducting pre-engagement acceptance checks prior to providing those products/services;
- to communicate with you, such as responding to your enquiry and/or request; confirming and authenticating your identity in order to prevent unauthorised access to restricted areas of the site, content, or other services; determining the organisation that you work for or with which you are otherwise associated and staying in touch with our business contacts;
- to manage our business, such as operating and maintaining our operations and quality of our services; conducting quality and risk management reviews; operating and maintaining our IT systems; maintaining the security of data and our services; sorting and analysing user data, conducting surveys, or for benchmarking and data analysis; maintaining our client relationship management systems; understanding how people use the features and functions of our J CPA Services in order to improve user experience and providing you with information about us and our range of products/services as explained in more detail in section 4 below; and
- to comply with any requirement of laws, regulation, or any government authority or agency, regulator, or a professional body of which we are a member; or to conduct any action to meet our obligations or those of any J CPA Member Firms.
For personal information that is not necessarily Personal Information we collect, we will use it to improve the J CPA Services, to develop different functions of our products/services and to better serve your needs.
We will only use the personal information collected for the above purposes where we have a lawful basis for such processing, including obtaining any prior consent as may be required under applicable law.
We may send you communications including publications from time to time, technical updates, upcoming events/seminars/webcasts, or surveys, J CPA‘s latest insights and activities in major business and industry areas which may be of interest to you, and products or services that you request from us.
Where we are legally required to obtain your consent to provide you with marketing materials, we will only send marketing materials if you have given consent for us to do so.
You may opt out of receiving marketing materials from us at any time by email us at info@Jcpa.com.hk.
5. Third-party links
6. Security of personal information
We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information collected via the J CPA Services; such individuals have agreed to maintain the confidentiality of this information.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
Where a personal information security incident arises, we shall respond to the incident, assess the likely impact of the incident, and take necessary actions to bring the incident under control. Where necessary, we will report to the appropriate authority, notify you of the incident and provide relevant information, as may be required under applicable laws and regulations.
Cookies may be placed on your computer or device whenever you visit us online for J CPA Services. Cookies are small text placed on our device that assist us in providing a more customised experience. If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, you can refuse a cookie, however some functionality may be impaired. You can always delete cookies if you wish via your browser’s setting.
8. Transfers of personal information
Your personal data may be transferred to, processed by and stored with, the following classes of transferees/categories of recipients for the purposes as described in this Statement:
8.1 Network Member Firms
As J CPA is a global network with Member Firms around the world, your personal information may be transferred to other J CPA Member Firms (and their respective subsidiaries and affiliates). Other J CPA Member Firms may process your personal information on behalf of the Data Controller for the same purposes as set out herein. In addition, each J CPA Member Firm whom you share your information may determine jointly with other J CPA Member Firms the means of processing of your personal information.
8.2 Third-party service providers
Your information may also be transferred to third-party service providers that are not members of the J CPA network to process on a J CPA Member Firm’s behalf. We may transfer or disclose the personal data we collect to third-party contractors or subcontractors of J CPA Member Firms (and their respective subsidiaries and affiliates), as well as other third parties, which may include providers of IT services, identity management, website hosting and management, data analysis, data back-up and archiving, security and storage services (including cloud service providers), event management, and other services with respect to the operation of our business. We use such third parties to support us in providing our J CPA Services.
When we transfer your personal data to third parties, we do so for the purposes stated under this Statement, for the administration and maintenance of websites and associated systems, and/or other internal or administrative purposes.
It is our policy to use only third-party service providers that are bound to maintain appropriate levels of security and confidentiality and process personal information only as instructed by us pursuant to the contract between us. Subject to the foregoing, third-party service providers may also use their respective subsidiaries and affiliates, and their own third-party subcontractors that have access to personal data (sub-processors) to meet purposes of disclosure and/or transfer.
8.3 Other disclosures
We may also disclose personal information to third parties under the following circumstances:
- when explicitly requested by you including delivering publications or reference materials as requested by you;
- when required to facilitate conferences or events hosted by a third-party or co-hosted with a third-party which you have registered for; personal information may be collected via event registration forms and the type of information collected will vary. We may share such information with third parties for purposes connected to the event;
- when J CPA is involved in a merger, acquisition, or sale of all or a portion of its assets; and/or
- as otherwise set out in this Statement.
We may also disclose your personal information to law enforcement, regulatory and other government agencies and authorities, professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation. This may include disclosures outside the country or region where you are located.
8.4 International transfers
As J CPA is a global network with Member Firms and third-party service providers located around the world, your personal information may be transferred to and stored outside the country or region where you are located. J CPA Member Firms, our service providers and sub-processors they engage may use servers and other resources in various countries and territories to process your information. Such jurisdictions may have different data protection laws. It is our policy to use only third-party service providers that are bound to maintain appropriate levels of security and confidentiality and process personal information only as instructed by J CPA. This may include confidentiality agreements with parties that we commission to handle personal information, requiring them to process personal information in accordance with our requirements, this Statement and any other relevant confidentiality and security measures.
We will take steps to ensure that your personal information is adequately protected within the territory of the People’s Republic of China. For example, we may ask for your consent to the transfer of personal information across borders, or to implement security measures such as data de-identification prior to cross-border data transfer.
Since we provide J CPA Services through resources and servers around the world, your personal information may be transferred to foreign jurisdictions outside Mainland China unless restricted under applicable laws and regulations or specifically agreed by agreement.
8.5 Transfer of business
This Statement discusses information practices of J CPA in the ordinary course of its business. J CPA reserves the right to transfer all data in its possession to a successor-in-interest to its business or assets.
We will require such successor-in-interest to continue to be bound by this Statement, otherwise they will be required to seek your consent.
9. Retention of personal information
It is our policy to retain personal data only for as long as is necessary for the fulfilment of the purposes for which the data are to be used, or as required by law, regulation or professional standards and in order to establish, exercise or defend our legal rights.
We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honour your request.
10. Access to data & Rights in relation to your information
You may have certain rights under applicable laws in relation to the personal information we hold about you, including:
- Right to enquire and request for copy of certain categories of personal information, including basic information, identification information, health information (if applicable) and education information;
- Right to update/correct your personal information which is inaccurate;
- Right to request deletion of your personal information;
- Right to request cancellation of your account; and
- Right to withdraw consent to processing your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing). Should your consent withdrawal be effective, we will no longer process the corresponding personal information. However, your decision to withdraw your consent will not affect the processing of personal information previously based on your authorization.
If you would like to exercise any of these rights, please contact our Privacy Team. We will treat your requests in accordance with applicable legal requirements.
We may charge a fee for your request to access your information, if permitted by applicable law.
We are committed to protecting children’s privacy. The J CPA Services are not intentionally designed for or directed at children, and we do not knowingly collect or store personal information about children. In the case of collecting personal information of a child in Mainland China under the age of 14 (i.e. a minor), we will only use or publicly disclose such information if we have obtained explicit consent of the minor’s parent or guardian. We will protect the confidentiality and security of children’s personal information in accordance with relevant applicable laws and regulations.
12. Contact us
If you wish to submit a request to exercise your rights, under applicable privacy law, or have questions about how your information is handled at any time, or to make complaints, please send your request to our email info@Jcpa.com.hk.
When requested, and provided that it is practical and commercially feasible to comply with the request, we will reply to your request within 30 days or such time as prescribed under applicable law.
Should you not be satisfied with the way J CPA has resolved your concern, you have the right to complain to the data protection authority in your territory.
13. Changes to this Statement
We may need to update this Statement from time to time to comply with applicable law and regulations or other legitimate purposes. We may also separately advise you about the change. Subject to obtaining your explicit consent as may be required by applicable law, the new modified privacy statement will apply from that revision date. Therefore, we encourage you to review this Statement periodically to be informed about how we are protecting your information.