Emigra Asia Ltd: Your Privacy

The Personal Data (Privacy) Ordinance ("the Ordinance") came into operation in Hong Kong on 20 December 1996. The Ordinance regulates the collection, storage and use of data relating to individuals and applies to all data users. Data is any representation of information including an expression of opinion in any document and includes a personal identifier. A personal identifier is an identifier that is assigned to an individual by a data user for the purposes of operations of the user and that uniquely identifies that individual for the data user.

The Ordinance was introduced because the Hong Kong Government felt it was necessary to protect individuals from the abuse of personal data collected on them and to bring Hong Kong into line with developed countries which already had data protection laws. Emigra Asia Ltd ("the Firm") has obligations under the Ordinance and we have set out the following policy, effective from January 1, 1997 to meet those obligations.

Fundamental Principles

The Ordinance is based on six fundamental principles. Our Firm will strictly follow these principles. The principles are summarized below. The full text of the principles may be obtained from Mr. Martyn Penny, who is the Firm's Data Manager until further notice.

* Principle 1 - Purpose and Manner of Collection of Personal Data

(1) Personal data shall not be collected unless the data are collected for a lawful purpose directly related to a function or activity of the Firm and the collection of the data is necessary for or directly related to that purpose.

(2) Personal data shall be collected by means which are lawful and fair.

(3) Where the person from whom personal data are to be collected is the data subject, all practicable steps shall be taken to ensure that -

(a) he is informed, on or before collecting the data, of -

(i) whether it is obligatory or voluntary for him to supply the data; and

(ii) where it is obligatory for him to supply the data, the consequences for him if he fails to supply the data; and

(b) he is informed -

(i) on or before collecting the data, of -

(A) the purpose for which the data are to be used; and

(B) the classes of personnel to whom the data may be transferred; and

(ii) on or before first use of the data for the purpose for which they were collected, of his rights to request access to and to request the correction of the data from the Data Manager. Any incorrect data will be amended within 40 days of receipt of a request.

* Principle 2 - Accuracy and Duration of Retention of Personal Data

(1) All practicable steps shall be taken to ensure that-

(a) personal data are accurate.

(b) where there are reasonable grounds for believing that personal data are inaccurate -

(i) the data are not used for that purpose unless and until those grounds cease to be applicable to the data; or

(ii) the data are erased.

(c) any third party who receives inaccurate data is informed that it is inaccurate and that person is provided with correct data.

(2) Personal data shall not be kept longer than is necessary for the fulfillment of the purpose (including any directly related purpose) for which the data are to be used.

* Principle 3 - Use of Personal Data

Personal data shall not, without the consent of the data subject, be used for any purpose other than -

(a) the purpose for which the data were to be used at the time of the collection of the data; or

(b) a purpose directly related to the purpose referred to in paragraph (a).

* Principle 4 - Security of Personal Data

All practicable steps shall be taken to ensure that personal data held by the Firm are protected against unauthorized or accidental access, processing, erasure or other use.

* Principle 5 - Information to be Generally Available

All practicable steps shall be taken to ensure that a person can -

(a) ascertain the Firm's policies and practices in relation to personal data.

(b) be informed of the kind of personal data held by the Firm.

(c) be informed of the main purposes for which personal data held by the Firm are to be used.

* Principle 6 - Access to Personal Data

A data subject shall be entitled to -

(a) ascertain whether the Firm holds personal data on him.

(b) request access to personal data -

(i) within a reasonable time.

(ii) at a fee, if any, that is not excessive.

(iii) in a reasonable manner; and

(iv) in a form that is intelligible.

(c) be given reasons if a request referred to in paragraph (b) is refused.

(d) object to a refusal referred to in paragraph (c).

(e) request the correction of personal data.

(f) be given reasons if a request referred to in paragraph (e) is refused; and

(g) object to a refusal referred to in paragraph (f).

The firm shall comply with a data access request not later than 40 days after receiving the request. If the firm is unable to comply with the request we will inform the requester no later than 40 days of receipt of the request.

Exempt Data

The following categories of information are exempt from Principle 6 (access to personal data) and need not be supplied to the data subject:

1. Personal data relevant to staff planning proposals to fill any series of positions of employment or cease any group of individuals' employment with the Firm. This exemption only applies to proposals which relate to more than one employee. A proposal involving only one employee may fall under the exemption relating to the evaluation of personnel.

2. Personal references given by an individual other than in the ordinary course of his occupation and relevant to another individuals suitability or otherwise to fill a position of employment or office with the Firm.

3. Personal data held by or on behalf of the Government for the purposes of security, defense or international relations.

4. Personal data held for the purposes of prevention or detection of crime; the apprehension, prosecution or detection of offenders, or the assessment or collection of any tax or duty. Some of this data may also be exempt from Principle 3.

5. Personal data which could be subject of a claim to legal professional privilege.

Recording of Data

The Firm will keep a log book which sets out:

1. Details of why an application for access to data was refused.

2. Particulars of the prejudice caused if a view is taken that the data fell into an exempt class; and

3. Why the Firm did not comply with an obligation to correct data.

Matching Procedures

The Firm will not carry out matching procedures. A matching procedure is any procedure whereby personal data collected for one or more purposes in relation to 10 or more data subjects is mechanically compared with data collected for another purpose where the comparison is for the purpose of producing or verifying data which may be used for the purpose of taking action that may adversely affect any of the data subject's rights, benefits, privileges or obligations.

Transfer of Data

The Firm will not transfer data outside of Hong Kong unless:

1. It is to a place designated by the Commissioner as being one where there is a law similar to that provided for in the Ordinance.

2. The Firm has reasonable grounds for believing that there exists laws similar to that in the Ordinance.

3. The data subject has agreed to the transfer; or

4. The Firm has reasonable grounds for believing that the transfer is for the benefit of the data subject; it was not practicable to obtain the written consent of the data subject but if it were practicable to obtain such consent the data user would give it.

Please contact Mr. Martyn Penny if you have any questions regarding this policy.

Martyn may be contacted at +852 2783 7183 or fax +852 2359 7542.

Use of Data Statement

The Personal Data (Privacy) Ordinance (“the Ordinance”) became effective in Hong Kong in December 1996. The Ordinance was designed to protect the privacy of individuals by regulating the manner in which data can be collected, stored or used.

As an existing or prospective client of any Emigra Group company (“Emigra”) you will or might already have supplied us with information relating to yourself. This information would have included your name, address, financial information, passport details, national identification number, your employment details and perhaps similar information relating to your immigration sponsor, spouse or other family members.

It may be necessary for you to supply additional or updated information to us in future.

The data is used for the purpose of:

Informing you about the services we offer
The daily operation of the services provided to you by Emigra and/or by any of Emigra Group companies (“the Group companies”).

Designing package services or related products for your use.

Marketing services and related products.

Meeting the requirements applicable to Emigra (or any other Group company) to make disclosure under any legal, regulatory or governmental obligation or requirement applying to Emigra (or any Group companies) or pursuant to the request of any legal, governmental or regulatory body authority.

Forming part of the records of Emigra.

Purposes relating thereto.

This might also involve sending to you, on occasion, informational materials. Of course if you do not wish to receive such materials we shall stop sending you such information immediately upon notification by you accordingly.

Data held by Emigra may be provided to:

Any of the Group companies.

Any Government agency but only so far as being for or on behalf of you or otherwise at your behest.

Any person having a duty of confidentiality to Emigra.

Any entity which acts as your attorney.

Emigra does not share any client data with third parties except to the extent needed to provide immigration services as requested. However data may, from time to time, be shared with subcontractors and government entities but only in so far as to provide the immigration services requested. Under no circumstances does Emigra provide personal information to third parties for direct marketing purposes.

You are entitled to request details of the data we hold on you. This will be provided upon payment of a reasonable administrative fee. You may also inform us if you wish us to amend any inaccurate data. We shall carry out such amendments within 40 days of receipt of your request.

Neither Emigra nor any Group company will be liable for any loss or damages which may result from the provision of any incorrect or misleading information provided by you.

All material changes to this policy shall be posted conspicuously on our website www.emigra.com for the benefit of non clients of Emigra or shall be notified individually, by email, if a confirmed paying client of Emigra.

Finally, You may direct your requests for access to data, to correct data, a copy of our Emigra Group Data (Privacy) Policy or for further information to:

The Data Protection Officer
Emigra Asia Ltd
7th Floor,
80 Gloucester Rd,
Wanchai, Hong Kong.

T: +852 2783 7183
F: +852 2359 7542
E: data@emigra.com

Back to top