Privacy Policy and Data Processing Notice

Integrated Management Systems Hong Kong Limited (”We”) are committed to protecting and respecting your privacy.

Your privacy is important to us. This privacy statement explains what Personal Data we collect from you, through our interactions with you and through our products, and how we use that data.

Our Group means our ultimate holding company INTEGRATED MANAGEMENT SYSTEMS HONG KONG LIMITED and its subsidiary INTER BIZTECH SOLUTIONS LIMITED.

This notice sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us.

We respect your privacy rights about your Personal Data and do so in accordance with the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) (“Ordinance”) and the new General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

The GDPR is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018.

This statement applies to our interactions with you and any third-party software that we may use on your behalf as outlined below or agreed upon at time of contractual service agreement.

Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

We are not required to appoint a Data Protection Officer. However, correspondence on any data protection matters should be marked for the attention of Anastasios Papadopoulos at Integrated Management Systems, 36/F, 41 Heung Yip Road, Wong Chuk Hang, Hong Kong.

 

Who we are and what we do

We are a global management and digital consulting firm. We collect the personal data of the following types of data subjects to carry out our core business and to operate effectively and provide you the best experiences with our services:

  • Prospective and live client contacts, for digital initiatives;
  • Supplier contacts to support our services;
  • Employees, consultants, temporary workers.

 

Information you give to us, or we collect about you

You have choices about the data we collect. When you are asked to provide Personal Data, you may decline.

Information you provide us

This is information about you that you give us by filling in our forms or by corresponding with us by phone, email, Site live chat or otherwise. It includes information you provide when you register to use our Sites, subscribing to services, newsletters and alerts, register for or attend a conference or event, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, request a white paper or further information, and when you report a problem with our Site. Pages that collect this type of information may provide further information as to why your data is needed and how it will be used. It is completely up to you whether you want to provide it.

The information you give us, or we collect about you may include your name, address, private and corporate email address, phone number, and other similar contact data. We may collect links to your professional profiles available in the public domain (e.g. LinkedIn, Twitter, business Facebook or corporate website), gender, language preferences, and date of birth and other similar demographic data. For instance, by registering for IMS newsletters or alerts, you agree to receive the correspondence to which you have subscribed at the e-mail address that you provided at registration. Only IMS or its consultants will contact you using this e-mail address. We will send e-mails to this address related to your registration.

Information collected via website activity

We may also automatically collect device and usage data when you interact with our Sites. The information we automatically collect may include IP address, device identifier, operating system, web browser, regional and language settings, and browsing information collected through cookies, web beacons, pixels, clear gifs, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) on our Sites. We may also automatically collect information about how you use the Sites, such as your visit history, what you have searched for, viewed, and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data. Please see the Cookies section below for more information. 

The information automatically collected will be associated with any Personal Data you have provided and be used for system administration, to filter traffic, to look up user domains and to report on statistics. 

When this information relates to or identifies you, we will treat it as “Personal Data.” 

Information collected via mobile devices 

In connection with our mobile applications, we may use third-party service providers to analyse non-personally identifiable user activity to fix errors, monitor usage, and improve the performance of our mobile applications. For example, we receive reports on some of our mobile applications’ aggregate usage and browsing patterns, including information about the type of device used, pages and articles accessed, and other events occurring within our apps. We also receive reports on certain errors occurring within mobile applications. None of these third-party service providers gathers information in a manner intended to identify any particular user personally. 

When this information relates to or identifies you, we will treat it as “Personal Data.” 

What about sensitive Personal Data? 

We do not generally seek to collect sensitive personal data (also known as special categories) through this Site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with GDPR. If you choose to provide us with unsolicited Sensitive Personal Data, you consent to our using the data, subject to applicable law as described in this privacy policy. The term “Sensitive Personal Data” refers to the various categories of Personal Data identified by European and other data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent. These categories may include personal identity numbers, financial account information, racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union or profession or trade association, physical or mental health, biometric or genetic data, sexual life, or criminal record (including information about suspected criminal activities). 

 

Information we obtain from other sources

We may obtain information about you from other third-party sources such as LinkedIn, corporate websites, your business card and personal recommendations.

We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time, but have included: 

  • Data brokers from which we purchase demographic data to supplement the data we collect. 
  • Service providers that help us determine a location based on your IP address in order to customise certain products to your location. 
  • Partners with which we offer co-branded services or engage in joint marketing activities, and 
  • Publicly-available sources such as open government databases or other data in the public domain. 

We review data protection policies and consent processes of our suppliers to ensure they are compliant with GDPR and the Hong Kong Personal Data (Privacy) Ordinance. 

 

How we use personal data 

The core service we offer to our clients is the implementation of digital services, including digital transformation, advanced analytics, strategic planning, marketing, organisation and operations. 

Our legal basis for the processing of Personal Data is our legitimate business interests, described in more detail below, and also the performance of a contract, legal obligations and consent for some specific uses of data. 

We will rely on contract if we are negotiating or have entered into an agreement for consulting services with you or your organisation or any other contract to provide services to you or receive services from you or your organisation. 

We will rely on legal obligation if we are legally required to process information relating to you to fulfil our legal obligations. 

We will in some circumstances rely on consent for particular uses of your data, and you will be asked for your express consent if legally required. 

We use information held about you in the following ways: 

To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to you or your organisation. 

Providing and improving our services: We use data to provide and improve the services we offer and perform essential business operations. This includes providing service, maintaining and improving our services, conducting research, and providing customer support. Examples of such uses include the following: 

  • Providing services. We use data to carry out your interactions with us and to provide our services to you, which includes collection and (statistical) analysing of information for individual profiling; Often, those services include personalised content and recommendations that enhance your productivity and automatically tailor your experience with us based on the data we have about your activities, interests and location. 
  • Customer support. We use data to identify the services provided to you by us and provide other customer care and support services. The data we collect helps us to respond to customer service requests and support needs more effectively. 
  • Service Improvement. We use data to continually improve our services, including adding new offerings or capabilities. For example, we use error reports to improve security features, search queries and clicks on our Sites to improve the relevancy of search results. 
  • Security, Safety and Dispute Resolution. We use data to protect the security and safety of our customers, to detect and prevent fraud and enforce our agreements. 
  • Business Operations. We use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business. 
  • To administer a contest, promotion, survey or other Site feature. To send you the information you agreed to receive about topics we think will be of interest to you. 
  • To personalise User experience. We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
  • To process transactions. We may use the information you provide about yourself when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
  • To provide you with information about other services we offer that are similar to those that you have already purchased, been provided with or enquired about. 
  • To send periodic emails. The private or corporate email address you provide for order processing will only be used to send you or your company information and updates pertaining to your order. It may also be used to respond to your inquiries, and other requests or questions. If you decide to opt-in to our mailing list, you will receive emails that may include company news, updates, related product or service information, etc. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or you may contact us via our Site. 
  • Advertising: We do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you. We use data we collect through our interactions with you for legitimate interest-based advertising.

In carrying out these purposes, we may combine data we collect to give you a more seamless, consistent and personalised experience. However, to enhance privacy, we have built in technological and procedural safeguards designed to prevent certain data combinations.

In the course of our Services, we will analyse your information to build individual profiles. These profiles will be used to predict future interests and display targeted (online) advertisement. The aim is to provide you with offers that are relevant and interesting for you. The profiling is based on your (surfing)behaviour on the internet. This includes the viewing of advertisements, any interaction with it and the overlap between desktop and mobile usage. As your name is not collected in the course of our Services, we expect that our Services will have no further impact, other than providing you with a more pleasant user experience when surfing the Internet. 

We will obtain your prior consent before processing your information for its own purposes, unless we have a legitimate interest to process your information. If you have given your consent to the processing, you have the right to withdraw your consent at any time, by sending an email to that extent to: support@imanagesystems.com. We will discontinue the processing of your information upon receipt of your withdrawal. However, any processing performed prior to your withdrawal remains a legitimate processing based on a valid consent at the time. We will not be under the obligation to reverse the processing. 

 

Our Legitimate Business Interests 

“Legitimate Interests” means the interests of our company in conducting and managing our business, to enable us to give you the best service/products and the best and most secure experience. 

For example, we have an interest in making sure our marketing is relevant to you, so we may process your information to send you marketing that is tailored to your interests. 

It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our Site, and to ensure our Sites and systems are secure. 

When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). 

The table below sets out further detail on the ways we process your data for our legitimate interests. If you have any concerns about the processing below, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section below. 

PROCESSING PURPOSE
LEGITIMATE INTEREST
INDIVIDUAL RIGHTS
We may need to retain and continue processing your Personal Data after you have exercised your right to erasure/to be forgotten, in order to keep basic data to identify you as an individual, and retain it solely for suppression purposes to prevent further unwanted processing.
SUPPRESSION
We may hold Personal Data about you on a suppression file to ensure there is a record of your objection to direct marketing. We will hold a minimised amount of Personal Data in order to uphold this request.
PERSONALISATION
We may analyse non-sensitive Personal Data to inform our marketing strategy and to enable it to enhance and personalise the “consumer experience” we offer you.
MONITORING
Our customer support team use software solutions that utilise big data to identify recurring problems and analyse the patterns of behaviour of our customers. These solutions include the capturing and processing of customer support interactions by way of, LiveChat, Web Forms, and FAQ webpage activity and are used to enable our customer support centre to ensure optimum staff performance and to serve our customers better.
ARTIFICIAL INTELLIGENCE
Our customer support team puts in place algorithms that help us manage customer service requests. The system uses artificial intelligence methods to route customer contacts to the most appropriate part of our organisation. For example, these routes link individuals to specific agents who can handle specific requests for optimised customer service.
WEB ANALYTICS
We use online social platforms that use diagnostic analytics to assess the number of visitors, posts, page views, reviews and followers in order to optimise future marketing campaigns.
AUTOMATED PROCESSING BASED ON CUSTOMER HISTORY
We may conduct automated processing based on your transactional history, to predict what other products and services you may be interested in.
INFORMATION, SYSTEM, NETWORK AND CYBER SECURITY
We may process your Personal Data from online interactions to monitor, detect and protect our organisation, our systems, networks, infrastructure, and other rights from unwanted intrusion, unauthorised access, and data and system breaches.

PRODUCT DEVELOPMENT AND ENHANCEMENT

We may process your Personal Data to deliver and improve our products or services.
COMMUNICATION, MARKETING AND INTELLIGENCE
We may process your Personal Data to gather market intelligence, promote products and services, communicate with and tailor offer our services.

Consent

Should we want or need to rely on consent to lawfully process your Personal Data we will request your consent orally, by email, by signing a paper form or by an online process for the specific activity we require consent for and record your response in our systems. Where consent is the lawful basis for our processing, you have the right to withdraw your consent to this particular processing at any time.

Cookies and Other Tracking Technologies

Our website may use cookies and similar technologies for record-keeping purposes, to track information about you, and to enhance your User experience and distinguish you from other users of our Site. This helps us to provide you with an enjoyable experience when you browse our Site and allows us to improve our Site. You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, please note that some parts of our Site may not function properly.

Additional ways we use cookies and similar technologies:

  • Sign-in and Authentication: When you sign into a Site using your personal account with us, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the site without having to sign in again on each page. You can also save your sign-in information, so you do not have to sign in each time you return to the site.
  • Security: We use cookies to detect fraud and abuse of our Sites and services.
  • Storing Information, you Provide to a Website: When you provide information on our Sites, we store the data in a cookie to remember the information you have added.
  • Social Media: Some of our Sites include social media cookies, including those that enable users who are logged in to the social media service to share content via that service.
  • Feedback: We uses cookies to enable you to provide feedback on a website.
  • Interest-Based Advertising: We uses cookies to collect data about your online activity and identify your interests so that we can provide advertising that is most relevant to you. You can opt out of receiving interest-based advertising from us as described in the Access and Control section of this privacy statement.
  • Analytics: In order to provide our products, we use cookies and other identifiers to gather usage and performance data. For example, we use cookies to count the number of unique visitors to a web page or service and to develop other statistics about the operations of our services. This includes cookies from us and from third-party analytics providers.
  • Performance: We use cookies for load balancing to ensure our Sites remain up and running.

How to Control Cookies

Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. Instructions for blocking or deleting cookies in other browsers may be available in each browser’s privacy or help documentation.

Certain features of our products and services depend on cookies. Please be aware that if you choose to block cookies, you may not be able to sign in or use those features, and preferences that are dependent on cookies may be lost. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, will be deleted and may need to be recreated.

Disclosure of your information

We may share your personal information with:

  • Business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you;
  • Our auditors.
  • Banks and financial institutions. When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.

 

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets.
  • If Integrated Management Systems or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Integrated Management Systems, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

The lawful basis for the third-party processing will include:

  • Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
  • Satisfaction of their contractual obligations to us as our data processor;
  • For the purpose of a contract in place or in contemplation;
  • To fulfil their legal obligations.