Please read this Privacy Policy with care before using this website. Mirae Asset Securities(HK) Limited (hereinafter “Mirae Asset”) may collect personal data from you, which may be processed, while you use this website. Mirae Asset will comply with the applicable laws and regulations in regard to the processing of personal data to protect your privacy.
1. Our Pledge for Privacy Policy
Mirae Asset respects the spirit of the rule of law including Privacy Law that is essential to all. Under this trust, Mirae Asset is decidedly loyal to protect your privacy with respect that we shall comply to the Hong Kong’s Personal Data (Privacy) Ordinance Cap.486 (the "PDPO") and correspondence with Privacy Regulator, the Office of the Privacy Commissioner for Personal Data (“PCPD”).
As matter stands, this Policy guides how Mirae Asset collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information.
2. What is personal information?
“Personal Data” means information which relates to a living individual and can be used to identify that individual. It must also exist in a form which access to or processing of is practicable. “Data Subject” is the individual who is the subject of the personal data. “Data User” is a person who, either alone or jointly with other persons, controls the collection, holding, processing or use of personal data. “Data Processor” is a person who processes personal data on behalf of another person (a data user), instead of for his/her own purpose(s). Data processors are not directly regulated under the PDPO. Instead, data users are required to, by contractual or other means, ensure that their data processors meet the applicable requirements of the PDPO.
3. What personal information do we collect?
Mirae Asset follows the Data Protection Principles ("DPPs" or "DPP"), which are welly defined in PDPO Schedule 1 which summarized how data users should collect, handle and use personal data, complemented by other provisions imposing further compliance requirements.
Below are the summary of the principle understanding of DDP extracted from PCPD website:
- Purpose and Manner of Collection
Provided that personal data shall only be collected for a lawful purpose directly related to a function or activity of the data user. The data collected should be necessary and adequate but not excessive for such purpose. The means of collection should be lawful and fair.
If you collect personal data from data subjects directly, you should inform the data subjects whether it is obligatory or voluntary to supply the data, the purpose of using their data and the classes of person to whom their data may be transferred. You should also inform them of the right and means to request access to and correction of their data.
- Accuracy and Duration of Retention
Requires data users to take all practicable steps to ensure that personal data is accurate and is not kept longer than is necessary for the fulfilment of the purpose for which the data is used. If you engage a data processor for handling personal data of other persons, you should adopt contractual or other means to ensure that the data processor comply with the mentioned retention requirement.
Section 26 of PDPO requires data users to take all practicable steps to erase personal data that is no longer required for the purpose for which the data is used, unless erasure is prohibited by law or is not in the public interest. Section 26 could be engaged when a data user fails to respond to a complaint or request from a data subject for erasure of personal data. This situation attracts a heavier criminal gravity than just keeping the data longer than is necessary under DPP2.
- Use of Data
Prohibits the use of personal data for any new purpose which is not or is unrelated to the original purpose when collecting the data, unless with the data subject’s express and voluntary consent. A data subject can withdraw his/her consent previously given by written notice.
Regarding restrictions on use of personal data, Part 6A of the PDPO further requires that data users must obtain informed consent before using a data subject’s personal data for direct marketing or transferring the data to a third party for direct marketing. The consent must be an explicit indication by the data subject and broadly covers an indication of no objection. In other words, silence cannot constitute consent.
Besides, the consent must be an informed one. The data user must inform the data subject of the intention to use his/her personal data for direct marketing, the fact that the data user cannot so use the data unless with consent of the data subject, the kinds of personal data to be used, the classes of marketing subjects to be involved. The data user must also notify the data subject of the right to opt out. If the data user intends to transfer the data to a third party for direct marketing, he/she should inform the data subject of such intention, the classes of transferees, the classes of marketing subjects to be involved and the fact that the transfer is for a gain, etc.
- Data Security
Requires that data users take all practicable steps to protect the personal data they hold against unauthorised or accidental access, processing, erasure, loss or use. Data users should have particular regard to the nature of the data, the potential harm if those events happen, measures taken for ensuring the integrity, prudence and competence of persons having access to the data, etc. If you engage a data processor to process the personal data held, you must adopt contractual or other means to ensure that the data processor comply with the mentioned data security requirement.
- Openness and Transparency
Obliges data users to take all practicable steps to ensure openness of their personal data policies and practices, the kind of personal data held and the main purposes for holding it.
- Access and Correction
Provides data subjects with the right to request access to and correction of their own personal data. A data user should give reasons when refusing a data subject’s request to access to or correction of his/her personal data. This is supplemented by detailed provisions in Part 5 of the PDPO which cover the manner and timeframe for compliance with data access requests and data correction requests, the circumstances in which a data user may refuse such requests, etc. Data users are also required to maintain a logbook to record all refusals made.
4. Exemptions
While data privacy is an important right, the interests protected under PDPO must be balanced against other important rights or public interest. PDPO provides several exemptions from some compliance requirements under special circumstances. Examples include crime prevention or prosecution, security and defence, statistics and research, news activity, protecting a data subject’s health etc. There is also an exemption if the use of personal data is required or authorised by law or court order or is required for exercising or defending legal rights in Hong Kong. A table summarising the exemption provisions can be found here.
5. Transfer of personal information to overseas subsidiaries
The personal information you consent us to use may transfer to our subsidiaries based outside of Hong Kong jurisdiction. When we must disclose your information to overseas third parties, we shall take reasonable steps to ensure that data security and appropriate privacy practices are maintained. We will only disclose to overseas third parties if:
- you have given us your consent to disclose personal information to that third party; or
- we reasonably believe that;
- the overseas recipient is subject to a law or binding scheme
- the law or binding scheme can be enforced; or
- the disclosure is required or authorised by a Hong Kong’s law or court / tribunal order.
- Links to third party sites
Mirae Asset website may contain links to websites operated by third parties. If you access a third party website through our website(s), personal information may be collected by that third party website. We make no representations or warranties in relation to the privacy practices of any third party provider or website and we are not responsible for the privacy policies or the content of any third party provider or website. Third party providers / websites are responsible for informing you about their own privacy practices and we encourage you to read their privacy policies.