Privacy Policy

Privacy Policy and Data Processing Notice

Integrated Management Systems Hong Kong Limited (”We”) are committed to protecting and respecting your privacy.

Your privacy is important to us. This privacy statement explains what Personal Data we collect from you, through our interactions with you and through our products, and how we use that data.

Our Group means our ultimate holding company INTEGRATED MANAGEMENT SYSTEMS HONG KONG LIMITED and its subsidiary INTER BIZTECH SOLUTIONS LIMITED.

This notice sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us.

We respect your privacy rights about your Personal Data and do so in accordance with the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) (“Ordinance”) and the new General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

The GDPR is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018.

This statement applies to our interactions with you and any third-party software that we may use on your behalf as outlined below or agreed upon at time of contractual service agreement.

Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

We are not required to appoint a Data Protection Officer. However, correspondence on any data protection matters should be marked for the attention of Anastasios Papadopoulos at Integrated Management Systems, 36/F, 41 Heung Yip Road, Wong Chuk Hang, Hong Kong.

Who we are and what we do

We are a global management and digital consulting firm. We collect the personal data of the following types of data subjects to carry out our core business and to operate effectively and provide you the best experiences with our services:

• Prospective and live client contacts, for digital initiatives;
• Supplier contacts to support our services;
• Employees, consultants, temporary workers.

Information you give to us, or we collect about you

You have choices about the data we collect. When you are asked to provide Personal Data, you may decline.

Information you provide us

This is information about you that you give us by filling in our forms or by corresponding with us by phone, email, Site live chat or otherwise. It includes information you provide when you register to use our Sites, subscribing to services, newsletters and alerts, register for or attend a conference or event, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, request a white paper or further information, and when you report a problem with our Site. Pages that collect this type of information may provide further information as to why your data is needed and how it will be used. It is completely up to you whether you want to provide it.

The information you give us, or we collect about you may include your name, address, private and corporate email address, phone number, and other similar contact data. We may collect links to your professional profiles available in the public domain (e.g. LinkedIn, Twitter, business Facebook or corporate website), gender, language preferences, and date of birth and other similar demographic data. For instance, by registering for IMS newsletters or alerts, you agree to receive the correspondence to which you have subscribed at the e-mail address that you provided at registration. Only IMS or its consultants will contact you using this e-mail address. We will send e-mails to this address related to your registration.

Information collected via website activity

We may also automatically collect device and usage data when you interact with our Sites. The information we automatically collect may include IP address, device identifier, operating system, web browser, regional and language settings, and browsing information collected through cookies, web beacons, pixels, clear gifs, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) on our Sites. We may also automatically collect information about how you use the Sites, such as your visit history, what you have searched for, viewed, and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data. Please see the Cookies section below for more information. 

The information automatically collected will be associated with any Personal Data you have provided and be used for system administration, to filter traffic, to look up user domains and to report on statistics. 

When this information relates to or identifies you, we will treat it as “Personal Data.” 

Information collected via mobile devices 

In connection with our mobile applications, we may use third-party service providers to analyse non-personally identifiable user activity to fix errors, monitor usage, and improve the performance of our mobile applications. For example, we receive reports on some of our mobile applications’ aggregate usage and browsing patterns, including information about the type of device used, pages and articles accessed, and other events occurring within our apps. We also receive reports on certain errors occurring within mobile applications. None of these third-party service providers gathers information in a manner intended to identify any particular user personally. 

When this information relates to or identifies you, we will treat it as “Personal Data.” 

What about sensitive Personal Data? 

We do not generally seek to collect sensitive personal data (also known as special categories) through this Site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with GDPR. If you choose to provide us with unsolicited Sensitive Personal Data, you consent to our using the data, subject to applicable law as described in this privacy policy. The term “Sensitive Personal Data” refers to the various categories of Personal Data identified by European and other data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent. These categories may include personal identity numbers, financial account information, racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union or profession or trade association, physical or mental health, biometric or genetic data, sexual life, or criminal record (including information about suspected criminal activities). 

Information we obtain from other sources

We may obtain information about you from other third-party sources such as LinkedIn, corporate websites, your business card and personal recommendations.

We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time, but have included: 

• Data brokers from which we purchase demographic data to supplement the data we collect. 
• Service providers that help us determine a location based on your IP address in order to customise certain products to your location. 
• Partners with which we offer co-branded services or engage in joint marketing activities, and 
• Publicly-available sources such as open government databases or other data in the public domain. 

We review data protection policies and consent processes of our suppliers to ensure they are compliant with GDPR and the Hong Kong Personal Data (Privacy) Ordinance. 

How we use personal data 

The core service we offer to our clients is the implementation of digital services, including digital transformation, advanced analytics, strategic planning, marketing, organisation and operations. 

Our legal basis for the processing of Personal Data is our legitimate business interests, described in more detail below, and also the performance of a contract, legal obligations and consent for some specific uses of data. 

We will rely on contract if we are negotiating or have entered into an agreement for consulting services with you or your organisation or any other contract to provide services to you or receive services from you or your organisation. 

We will rely on legal obligation if we are legally required to process information relating to you to fulfil our legal obligations. 

We will in some circumstances rely on consent for particular uses of your data, and you will be asked for your express consent if legally required. 

We use information held about you in the following ways: 

To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to you or your organisation. 

Providing and improving our services: We use data to provide and improve the services we offer and perform essential business operations. This includes providing service, maintaining and improving our services, conducting research, and providing customer support. Examples of such uses include the following: 

• Providing services. We use data to carry out your interactions with us and to provide our services to you, which includes collection and (statistical) analysing of information for individual profiling; Often, those services include personalised content and recommendations that enhance your productivity and automatically tailor your experience with us based on the data we have about your activities, interests and location. 
• Customer support. We use data to identify the services provided to you by us and provide other customer care and support services. The data we collect helps us to respond to customer service requests and support needs more effectively. 
• Service Improvement. We use data to continually improve our services, including adding new offerings or capabilities. For example, we use error reports to improve security features, search queries and clicks on our Sites to improve the relevancy of search results. 
• Security, Safety and Dispute Resolution. We use data to protect the security and safety of our customers, to detect and prevent fraud and enforce our agreements. 
• Business Operations. We use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business. 
• To administer a contest, promotion, survey or other Site feature. To send you the information you agreed to receive about topics we think will be of interest to you. 
• To personalise User experience. We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
• To process transactions. We may use the information you provide about yourself when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
• To provide you with information about other services we offer that are similar to those that you have already purchased, been provided with or enquired about. 
• To send periodic emails. The private or corporate email address you provide for order processing will only be used to send you or your company information and updates pertaining to your order. It may also be used to respond to your inquiries, and other requests or questions. If you decide to opt-in to our mailing list, you will receive emails that may include company news, updates, related product or service information, etc. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or you may contact us via our Site. 
• Advertising: We do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you. We use data we collect through our interactions with you for legitimate interest-based advertising.

In carrying out these purposes, we may combine data we collect to give you a more seamless, consistent and personalised experience. However, to enhance privacy, we have built in technological and procedural safeguards designed to prevent certain data combinations.

In the course of our Services, we will analyse your information to build individual profiles. These profiles will be used to predict future interests and display targeted (online) advertisement. The aim is to provide you with offers that are relevant and interesting for you. The profiling is based on your (surfing)behaviour on the internet. This includes the viewing of advertisements, any interaction with it and the overlap between desktop and mobile usage. As your name is not collected in the course of our Services, we expect that our Services will have no further impact, other than providing you with a more pleasant user experience when surfing the Internet. 

We will obtain your prior consent before processing your information for its own purposes, unless we have a legitimate interest to process your information. If you have given your consent to the processing, you have the right to withdraw your consent at any time, by sending an email to that extent to: support@imanagesystems.com. We will discontinue the processing of your information upon receipt of your withdrawal. However, any processing performed prior to your withdrawal remains a legitimate processing based on a valid consent at the time. We will not be under the obligation to reverse the processing. 

Our Legitimate Business Interests 

“Legitimate Interests” means the interests of our company in conducting and managing our business, to enable us to give you the best service/products and the best and most secure experience. 

For example, we have an interest in making sure our marketing is relevant to you, so we may process your information to send you marketing that is tailored to your interests. 

It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our Site, and to ensure our Sites and systems are secure. 

When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). 

The table below sets out further detail on the ways we process your data for our legitimate interests. If you have any concerns about the processing below, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section below.