At The Hong Kong Forum for Responsible Drinking Association (collectively “FReD”), we respect the privacy and confidentiality of the personal data of our Board Members, Regular Members and others whom we interact with in the course of providing a forum for companies active in the beverage alcohol industry to promote responsible use of beverage alcohol and discourage alcohol misuse. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Personal Data (Privacy) Ordinance (Cap.486) (“PDPO”) in Hong Kong SAR.
How We Collect Your Personal Data
We collect your personal data when you:
- Enter into an agreement or contract with FReD for provision of services to FReD.
- Submit your online registration for and to further enroll in any of the FReD training courses and certification programmes that we conduct (including processing of your applications under any government funding programs).
- Respond to our electronic messages sent by us as part of our FReD campaigns through a third-party service provider.
- Are referred to us for our membership by one of our existing members.
- Enquire about our training and certification courses, and other information about FReD.
- Visit our FReD website (including our social media platforms) and leave behind your contact information.
- Communicate with us via emails or written correspondences
Types of Personal Data We Collect About You
The types of personal data we collect about you include:
- Your contact information (name, address, phone number, email address).
- Your personal details (name, HK ID card number, passport number and issuing country).
- Your profession and your industry section
- The registered company name of your current employer and their phone number and email address.
How We Use Your Personal Data
We use the personal data you provide us for one or more of the following purposes:
- Analyze your visit to our website, social media platforms.
- Conduct training courses and certification programs that you have signed up for.
- Process account payables/receivables.
- Process billing, payment and other payment activities.
- Conduct promotion activities, and distribute electronic messages on our events, trainings, conferences, seminars and workshops.
- Share with the third-party agencies for facilitation of the training courses and certification programs.
- Communicate with members, associates and website visitors.
- Respond to your inquiries and provide you feedback.
- Carry out our obligations arising from any contracts entered into between you and us.
- Comply with or fulfil legal obligations and regulatory requirements.
Who We Disclose Your Personal Data To
We disclose some of the personal data you provide us to the following entities or organizations outside FReD in order to fulfil the objectives of FReD:
- External professional service providers and external service vendors.
- Government Agency (Department of Health).
- Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
How We Manage the Collection, Use and Disclosure of Your Personal Data
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.
We may rely on exceptions to the need for consent under the PDPO for the collection, use or disclosure of your personal data under the following circumstances (only those relevant to FReD are included):
- The personal data is publicly available
- The personal data is disclosed by a public agency or disclosed to a public agency
- The personal data is necessary for any investigation or proceedings
- The personal data is necessary for a business asset transaction
Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you about any update or future events organized by us. Your request for withdrawal of consent can take the form of an email or letter to us.
We use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognize you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or in filling electronic forms.
Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session. You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.
How We Ensure the Accuracy of Your Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date. From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If you are a Member of FReD and have an ongoing relationship with us, it is important that you update us of any changes to your personal data (such as a change in your phone number or mailing address).
How We Protect Your Personal Data
We have implemented appropriate information security and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks. We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.
When we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us to have implemented the necessary organisational and technical security measures, and have taken reasonable steps to comply with these measures.
How We Retain Your Personal Data
We have a data retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.
How You Can Access and Make Correction to Your Personal Data
You may write to us to find out how we have been using or disclosing your personal data. Before we accede to your request, we may need to verify your identity by checking your HKID or other legal identification document. We will respond to your request as soon as possible, or within 40 days from the date we receive your request. If we are unable to do so within the 40 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.
If you find that the personal data we hold about you is inaccurate, incomplete, misleading or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 40 days from the date we receive your request.
Transfer of Personal Data
Where there is a need to transfer your personal data to another country outside Hong Kong SAR, we will ensure that the standard of data protection in the recipient country is comparable to that of the PDPO in Hong Kong SAR. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as those in Hong Kong SAR.
If you have any query or feedback regarding this Notice, or any complaint you have relating to how we manage your personal data, you may send us an email at email@example.com.
Any query or complaint should include, at least, the following details:
Your full name and contact information
Brief description of your query or complaint
We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.
Last updated: June 2023