2. Collection of Customer’s Personal Information
2.1 For the purpose of carrying on our business, including to provide you with our products and services and to provide our investors with information about us, we may directly collect your personal information through a number of ways, including when you:
- 2.1.1 enquire information about a product or service from us;
- 2.1.2 contact us with an enquiry or complaint; or
- 2.1.3 visit or browse our websites.
2.2 We may also collect information about you from other organizations where there are legitimate business reasons for doing so.
3. Types of Personal Data Collected
3.1 For the purpose of carrying on our business, including to provide you with our products and services and to provide our investors with information about us, the information that we may collect includes but is not limited to the following:
- 3.1.1 your name
- 3.1.2 contact details, including contact name and mobile telephone number and email address;
- 3.1.3 a note or recording of a call that you made to our hotlines; and
- 3.1.4 any correspondence between you and us, and other records of any contact you have with us;
3.3 If you choose not to provide your personal data, we may not be able to provide you with our products or services or carry out the activities mentioned in this policy.
4. Use of Customers’ Personal Information
4.1 We may use and analyse your information for all purposes permitted under applicable law, including (but not limited to) the Personal Data (Privacy) Ordinance (“PDPO”) of the Hong Kong Special Administrative Region (“Hong Kong”) and all other laws of other jurisdictions that may be applicable to us.
4.2 Without limiting the generality of the foregoing, we may use and analyse your information for the following purposes:
- 4.2.1 the daily operation of our business;
- 4.2.2 keeping you updated of any latest information that is relevant to or involves CBL International and its subsidiaries (including information that we are legally obligated to convey to our investors);
- 4.2.3 assisting you with any enquiries;
- 4.2.4 analysing usage of our website by you and other customers so that we can further improve our website and/or better tailor the way our website is presented to visitors to our website; and
- 4.2.5 contacting you if necessary.
5. Disclosure and Sharing of Personal Data
5.1 All personal data held by us will be kept confidential but we may disclose information about you to third parties as permitted under applicable law, including (but not limited to) the PDPO.
5.2 Without limiting the generality of the foregoing, we may disclose your personal data to the following parties to use, disclose, process or retain for the purposes mentioned above and any other purposes indicated in this paragraph below:
- 5.2.1 professional advisers (which shall include lawyers and auditors);
- 5.2.2 any agent, contractor or third party service provider who provides administrative, computer, payment, data analytics or other services to us in connection with the operation of our business;
- 5.2.3 law-enforcement or government bodies, regulatory bodies, courts or as required by law; and
- 5.2.4 any person to whom we are under an obligation to make disclosure under the requirements of any law binding on us or under and for the purposes of any guidelines issued by regulatory or other authorities with which we are expected to comply.
6. Retention of Personal Data
We will destroy any personal data we may hold in accordance with our internal policy. Personal data will only be retained for as long as we need it for the purposes of use stated in this policy (and directly related purposes) unless the personal data is also retained to satisfy any applicable statutory, regulatory or contractual obligations or for the purpose of investigation, detection and prosecution of crime.
7. Security of Personal Data
7.1 We have adequate measures to protect your personal information from unauthorized access, accidental loss or destruction.
7.2 If we have a contract with another third party organization to provide a service on its behalf, we will ensure they have appropriate security measures and only process your information as we have authorized. Those organizations will not be entitled to use your personal information for their own purposes. We will take reasonable steps to check these organizations to make sure that they are meeting the security requirements set by us.
8. Cross-Border Transfer of Personal
8.1 As an organization with offices and operations in a number of different countries, we will transfer personal data collected by us to various subsidiaries and affiliated companies of CBL International around the world for the purposes stated above and in accordance with applicable laws and regulations, as well as to our contractors and sub-contractors for storage and service purposes. Unless you are otherwise notified, any transfers of your personal data will be based on applicable local data privacy laws, which among others, includes appropriate international data transfer mechanisms and safeguards.
8.2 Your Personal Data will not be disclosed outside of CBL International, and its various subsidiaries and affiliated companies, unless permitted or required under applicable legislations and regulations and where necessary. Additionally, this is subject to appropriate written assurances from third parties who have access to your personal data, in which they must guarantee that they will protect the data with security measures designed to provide an adequate level of protection.
9. Your Privacy Rights
9.1 In accordance with applicable data protection laws (including but not limited to the PDPO), you may have the right to:
- 9.1.1 check whether we hold personal data about you and to receive copies of such data;
- 9.1.2 require us to correct any personal data relating to you which is inaccurate; and
- 9.1.3 ascertain our policies and practices in relation to personal data and to be informed of the kind of personal data held by us.
9.2 Unless otherwise prohibited under applicable data protection laws, we have the right to charge a reasonable fee for processing a data access request.
9.3 Any requests made in accordance with your data protection rights may be made in writing by email to: email@example.com