We will take all practicable steps to ensure the security of the personal data and to avoid unauthorised or accidental access, erasure or other use. This includes physical, technical and procedural security methods, where appropriate, to ensure that the personal data may only be accessed by authorised personnel.
From time to time we may collect your personal data including but not limited to your name, mailing address, telephone number, email address, date of birth and login name for the following purposes:
1. to process your applications, subscriptions and registration for our products and services;
2. to provide you with our products and services and administer your account in relation to such products and services;
3. to process your application for reviewing the medical report or laboratory report requested by you;
4. to conduct research and statistical analysis; and
5. other purposes directly relating to any of the above.
Kinds of Personal Data Held
Four broad categories of personal data are held in the Sanomics. They are personal data contained in:
For the use in medical records, which include records containing information supplied by data subjects and data users and collected in connection with providing the medical report or laboratory report requested by the data subjects (the patients) or his/her doctor;
Personnel records, which include job applications and Sanomics staff personal details, job particulars, details of salary, payments, benefits, leave and training records, group medical and dental insurance records, mandatory provident schemes participation, performance appraisals, and disciplinary matters, etc;
Other records, which include administration and operational files, customer support, personal data provided to the Sanomics from individuals for participating in promotional activities, newsletters subscriptions, data relating to consultancy services and records of inspections of personal data systems, etc.
Records collected on webservers, which include email addresses (whereas they constitute personal data under specific circumstances that the addresses can be used to identify an individual) collected for newsletter subscription.
Where you have given your consent and have not subsequently opted out, we may also use your name, mailing address, telephone number and email address to send promotional materials to you and conduct direct marketing activities in relation to Sanomics services and information services offered by other members of the Group.
If you do not wish to receive any promotional and direct marketing materials from us or do not wish to receive particular types of promotional and direct marketing materials or do not wish to receive such materials through any particular means of communication, please contact us through one of the communication channels set out in the "Contact Us" section below. To ensure that your request can be processed quickly please provide your full name, email address, log in name and details of the product and/or service you have subscribed.
Identity Card Number
We may also collect your identity card number and process this as required under applicable law or regulation, as required by any regulator having authority over us and, subject to the PDPO, for the purpose of identifying you where it is reasonable for your identity card number to be used for this purpose.
Transfers of personal data
Supply to any agent, contractor or third party who provides administrative, telecommunications, computer, payment, debt collection, data processing or other services to Sanomics and/or any of other member of the Group in Hong Kong or elsewhere; and
Other parties as notified to you at the time of collection.
We may need to access or disclose your personal information to comply with the law or legal process and to exercise our legal rights or defend against legal claims. We may share personal information and any additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or as otherwise required by law, such as for public safety purposes. We do not use personal data for profiling or other automated decision purposes.
Information collected when you visit our websites
Statistics on visitors to our websites - When you visit our websites, we will record your visit only as a “hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/duration and the pages visited (webserver access log).
We use the webserver access log for the purpose of maintaining and improving our websites such as to determine the optimal screen resolution, which pages have been most frequently visited etc. We use such data only for website enhancement and optimisation purposes.
We do not use, and have no intention to use the visitor data to personally identify anyone.
The Sanomics’ internal IT systems are developed and maintained by in-house staff. We have implemented administrative and technical safeguards to protect the confidentiality, integrity and availability of personal data residing on, processed by or transmitted by our servers. These safeguards include, among other things, facility and data access control, password protection, encryption of data at rest and in transit, security monitoring tools and protocols and the appointment of a Security Officer, a Privacy Officer and a Data Protection Officer who oversee and manage privacy and security.
Sanomics uses certain third-party services and analytics providers to send you customized notifications if you have provided us your email address, analyze trends, administer the Services, improve the design of our Services, and otherwise enhance, monitor, and troubleshoot the Services we provide.
Sanomics does not transmit the medical data provided by the data subjects to its third-party service providers and does not directly display advertisements in our applications or services.
Aggregate Data Collection
Sanomics tracks visits to our Services using visitor logs and tracking-codes to compile anonymous aggregate statistics. This aggregate information is collected service-wide, and includes anonymous website, application, and device statistics. When you browse our websites and access our applications our system automatically collects information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, domain names, referring and exit pages, Uniform Resource Locator (URL), platform type, location, unique device identifier, pages viewed and the order of these page views, the amount of time spent on particular pages, the date and time of your request and one or more cookies that may uniquely identify your browser.
When you access our Services through a mobile device, we may receive or collect and store a unique identification numbers associated with your device or our mobile application (including, for example a Unique ID for Advertisers (“IDFA”), Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data or similar information regarding the location of your mobile device.
Certain elements of our Services and/or html email correspondence may use session cookies, persistent cookies or web beacons to anonymously track unique visitors, save website preferences, and to allow us to recognize visits from the same computer and browser. You have the option to reject some or all Website cookies on your computer and still use the Services. If you choose to reject all cookies, your access to the Website may be limited.
The Sanomics takes appropriate steps to protect the personal data we hold against loss, unauthorised access, use, modification or disclosure.
Sanomics may provide links to websites operated by third parties that are not covered by this Policy. Sanomics does not maintain these sites and is not responsible for the privacy practices of sites it does not operate. We encourage you to review the privacy policies posted on those websites.
The Sanomics maintains and executes retention policies of records containing personal data to ensure personal data is not kept longer than is necessary for the fulfilment of the purpose for which the data is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by Sanomics in accordance with policies in standing instructions and administration manuals.
Compliance with laws and regulations
Sanomics and other members of the Group may be required to retain, process and/or disclose your personal data in order to comply with applicable laws and regulations or in order to comply with a court order, subpoena or other legal process (whether in Hong Kong or elsewhere), or to comply with a request by a government authority, law enforcement agency or similar body (whether situated in Hong Kong or elsewhere) or to perform or discharge the Regulatory Functions. Sanomics and other members of the Group may need to disclose your personal data in order to enforce any agreement with you, protect our rights, property or safety, or the rights, property or safety of our employees.
Our Services are located in Hong Kong. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from the laws of HKSAR then please note that you are transferring your information outside of those regions to Hong Kong for storage and processing. By continuing providing your information to us, you consent to any transfer and processing in accordance with this Policy.
Access and correction of personal data
Under the PDPO, you have the right to ascertain whether we hold your personal data, to obtain a copy of the data, and to correct any data that is inaccurate. You may also request us to inform you of the type of personal data held by us. Requests for access and correction of personal data or for information regarding policies and practices and kinds of data held by us should be addressed in writing and sent by post to us (see the "Contact Us" section below). A reasonable fee may be charged to offset our administrative and actual costs incurred in complying with your data access requests.
You may choose to provide information to Sanomics by completing the contact form, sending us an email, engaging with our customer service team or otherwise contacting us. If you are a Sanomics Portal user, you may have an opportunity to elect to receive certain communications from us. Sanomics email correspondence will include instructions on how to update certain personal information and how to unsubscribe from our emails, newsletters, and postal mail correspondence.
You may “opt out” of receiving communications from us related to our products and services and/or to request the removal of your contact information from our database by writing to us at the email address set forth below. However, Sanomics cannot withdraw any previous disclosures made with your authorization, and we reserve the right to retain and disclose your information as permitted or required by law or regulation. You may also request access to your personal data by writing to us using the contact information below.
Address: Unit 306, 3/F, No.12 Science Park West Avenue, Phase 3, Hong Kong Science Park, Hong Kong
Tel: (+852) 3990 0720
Fax: (+852) 3618 4830
Effective Date: 8th April 2019