OCTOPUS CARDS LIMITED
Privacy Policy Statement

中文版

GENERAL

  1. Octopus Cards Limited, the issuer of the Octopus, issuer of the stored value facility under Octopus Wallet Service, and issuer of various mobile applications respects the privacy of its customers and understands the importance of privacy for visitors to its website. Octopus Cards Limited (the “Company", "we", "our" or "us") collects and retains information so that we can efficiently provide services to our customers. This Privacy Policy Statement is designed to help you understand what information the Company gathers and what we do with the information.

DEFINITIONS AND INTERPRETATION

  1. In this Privacy Policy Statement, unless the context otherwise requires,
    "Application Form" means any form containing an application by the Holder of the Octopus; Octopus Wallet Holder; user of the Automatic Add Value Service; and/or Service Provider/Authorised Partner;
    "Authorised Mobile Payment Service Provider" is a mobile payment service provider that we have authorised to offer Smart Octopus;
    “Authorised Partner” is a bank or financial services company or a FPS Participant or a corporate entity that we have authorised to offer their services in respect of your Octopus Wallet;
    "Automatic Add Value Service" or “AAVS” means the service whereby we or our Service Providers, on our behalf, will automatically add a certain amount of value (as determined by us from time to time) to the Float on the Octopus if the Float stored on the Octopus has reached a certain minimum level as determined by us from time to time;
    “Card Funds” means the SVF Deposits and Float from time to time;
    “Card Association” is a payment association that licenses card programmes to banks or financial services companies or corporate entities under its specific brand(s) or scheme;
    “Card Association Merchant” means designated merchant that accepts payment products or services licensed by the relevant Card Association for the goods and services offered by such designated merchants;
    “Client Funds Company” shall mean Octopus Cards Client Funds Limited, whose Articles of Association provide that its function is to hold and deal with Card Funds in accordance with the Conditions of Issue and Payment Systems and Stored Value Facilities Ordinance (“PSSVFO”);
    "Conditions" means the Conditions of Issue of Octopus and the Octopus Automatic Add Value Agreement published by the Company as amended from time to time;
    "Converted Octopus" means selective Octopus that can be converted into a Smart Octopus and once converted, cannot be re-activated. Upon conversion, the SVF Deposit, if applicable, and the Float, if any, stored on such Octopus shall be added to the SVF Deposit and the Float, if any, of your Smart Octopus;
    "Faster Payment System" or "FPS" means the financial infrastructure launched by the Hong Kong Monetary Authority and operated by Hong Kong Interbank Clearing Limited to facilitate payment services and other related services amongst FPS Participants;
    "FPS Participant" means a participant of FPS which may be a bank or financial services company or a licensee of the stored value facility licence granted under PSSVFO or a corporate entity as approved by Hong Kong Interbank Clearing Limited;
    "Float" shall mean the stored value remaining (1) on an Octopus, excluding SVF Deposit, and (2) in your Octopus Wallet;
    "Friend” means another Octopus Wallet Holder who has established a linkage between his/her Octopus Wallet and your Octopus Wallet for the purpose of performing P2P Payment;
    "Holder" means the bearer of the Octopus for the time being but in the case of the Personalised Octopus, the expression "Holder" means the person identified in the electronic data stored in the Octopus. The expression "Holders" shall be construed accordingly;
    “Hong Kong” means the Hong Kong Special Administrative Region of the People’s Republic of China;
    "Mobile Device" means any eligible mobile or wearable technology device or any other device as we may announce from time to time;
    “Mobile Network Operator” is a company that provides mobile telecommunication services in Hong Kong that we have authorised to offer Octopus.
    "Octopus" means device- and non-device-based stored value facility cards and products provided by us as described in the Conditions;
    "Octopus Mobile App" means mobile applications developed and operated by us for Octopus services and/or the Octopus Wallet Service;
    "Octopus Wallet" means a network-based stored value account applied for by an Octopus Wallet Holder with and approved by us in respect of the Octopus Wallet Service;
    "Octopus Wallet Holder" means a holder of the Octopus Wallet;
    "Octopus Wallet Service" means the network-based stored value service offered by us in association with Authorised Partners as described in the Conditions of Issue;
    "Octopus Wallet Payment Card" means a branded network-based card or product issued by us for the Octopus Wallet Service under the specific brand of the relevant Card Association as described in the Conditions of Issue;
    "Octopus payment system" means the payment system maintained and operated by the Company;
    "Ordinance" means the Personal Data (Privacy) Ordinance (Cap. 486) of the Laws of the Hong Kong Special Administrative Region;
    "Personal Data" means any personal data held by the Company including all information provided by Holder; Octopus Wallet Holder; user of the Automatic Add Value Service; and/or persons linked to a Service Provider/Authorised Partner applicant that is not an individual, including the beneficial owners and officers of that customer or applicant, or in the case of a trust, including the trustees, settlors, protectors and beneficiaries of the trust; in the Application Forms, and all the information (a) relating to the use of the Octopus by which we receive during from our Octopus readers and/or from other channels in respect of the use of your Octopus and (b) during the operation of the Octopus Wallet Service and/or from other channels in respect of the use of your Octopus Wallet), to the extent that those transactional records are “personal data” under section 2(1) of the Ordinance;
    "P2P Payment" means the person-to-person payment from one Octopus Wallet to another Octopus Wallet (including his/her Friend’s Octopus Wallet);
    "Service Providers" means any transport operators, retailers (including without limitation supermarkets, convenience stores, restaurants and fast food shops, food, other consumer goods e.g. medicines and cosmetics, books, newspapers, stationery and gifts, accessories shops, shopping malls, wearing apparel, telecommunications), entertainment / recreation / sports facilities providers, educational establishments, government related entities, building access control providers, unattended services (such as vending machines / kiosks / photo booths / telephone booths), online and/or mobile payment platform providers, online and/or mobile payment service providers or other parties which offer their services when the Holders present their Octopus and are approved by us. These Service Providers should display the Octopus acceptance logo clearly;
    “SVF Deposit” shall have the meaning ascribed to it in the Conditions of Issue;
    “Third Party Operator” is an entity, whether in Hong Kong or elsewhere, with which we have entered into a formal business relationship to provide you with Cross Border Octopus, and some other functionalities, if any. Third Party Operators do not include any bank or financial services company with whom we offer the Bank Co-Brand Octopus, or any Mobile Network Operator with whom we offer the Octopus Mobile SIM or any Authorised Mobile Payment Service Provider with whom we offer the Smart Octopus;

OUR COMPANY POLICY

  1. We pledge to meet fully, and where possible exceed, internationally recognised standards of personal data privacy protection in complying with the requirements of the Ordinance. In doing so, we promise to:
    1. collect adequate, but not excessive, Personal Data by lawful and fair means for lawful purposes directly related to our functions and activities;
    2. take all reasonably practicable steps to ensure that all Personal Data collected or retained are accurate, having regard to the purposes for which they are to be used;
    3. ensure that Personal Data are not used where there are reasonable grounds for believing that they are inaccurate, having regard to the purposes for which they are to be used;
    4. erase Personal Data which are no longer necessary for the fulfillment of the purposes for which they are to be used;
    5. use Personal Data only for purposes for which the data were to be used at the time of the collection of the data, unless you have given your express consent for a change of use or such use is required or permitted by the Ordinance or the law of Hong Kong Special Administrative Region (“Hong Kong”);
    6. take all reasonably practicable steps to ensure that Personal Data are protected against unauthorized or accidental access, processing, erasure or other use;
    7. take all practicable steps to ensure that you can be informed of the kinds of personal data we hold and the main purposes for which the data are to be used; and
    8. allow you to access and request correction of your Personal Data held by us in a manner prescribed by the Ordinance. We may charge you a fee as permitted by the Ordinance in complying with your data access request.

STATEMENT OF PRACTICES
TYPES OF PERSONAL DATA COLLECTED AND HELD

  1. For the purpose of conducting the Company's business (including relevant online services), we may collect from you and hold some or all of the Personal Data such as, but not limited to, any or all of the following (according to the product or service you select) to enable us to provide the Octopus, Octopus Wallet Service; or other related service to you:
    1. Your name;
    2. Your Gender;
    3. Your photographs;
    4. Your bank/credit card account information;
    5. Your preferred language for communications;
    6. Contact details, including contact name, telephone number, email address and residential or permanent address;
    7. Information for the verification of identity, including identification document type, identification number and proof of identity and address;
    8. Your age and date of birth;
    9. Your Nationality;
    10. Your Octopus number and/or Octopus Wallet number (only applicable when your identity can be directly or indirectly ascertained from the Octopus number and/or Octopus Wallet number);
    11. Your Octopus usage data (only applicable when your identity can be directly or indirectly ascertained from the Octopus usage data);
    12. Your mobile device ID (identification number) of which the Octopus Mobile App is installed thereon;
    13. Your vehicle license plate number (for the use of Octopus Easy Park Service) (only applicable when your identity can be directly or indirectly ascertained from the vehicle license plate number); and;
    14. The location information sent from your Mobile Device for locating Service Providers around you.
  2. We use cookies, pixels, and similar technologies (together “cookies”) on OCL websites and apps. Please see our separate Cookie Policy.

PURPOSES OF KEEPING PERSONAL DATA

  1. Personal Data held by us may be used for the following purposes (as the case may be):
    1. processing an application for the services offered to you from time to time;
    2. providing you with customer notifications and direct marketing materials as set out in paragraph 7;
    3. conducting customer due diligence as required by law, rules, regulations, codes or guidelines;
    4. management, operation and maintenance of the Octopus payment system and/or Octopus Wallet Service and Card Fund, including audit, and exercising our and your rights under the Conditions;
    5. collecting money due from AAVS Account Holder (as defined in the Octopus Automatic Add Value Agreement) and/or Octopus Holder, whether from the AAVS Account (as defined in the Octopus Automatic Add Value Agreement) or otherwise;
    6. verifying any information and records relating to the Automatic Add Value Service Account Holder and/or the Octopus Holder;
    7. designing new or improving existing services provided by us, our subsidiaries and our affiliates (that is, our direct holding company and its subsidiaries);
    8. communication by us to you;
    9. investigation of complaints, suspected suspicious transactions and research for service improvement;
    10. prevention or detection of crime; and
    11. disclosure as required by laws, rules, regulations, codes or guidelines.

USE OF PERSONAL DATA IN DIRECT MARKETING

  1. We intend to use your below information of your Data in the form of SMS (short messaging service), push notification via the Octopus Mobile App and/or email in sending direct marketing materials relating to our products and services (including use of Octopus at our Service Providers and use of Octopus Wallet Services at our Authorised Partners) to you from time to time:
    1. name;
    2. email address (for email only);
    3. contact number (for SMS (short messaging service) only);
    4. Octopus Wallet number and/or Octopus number, as the case may be; and/or
    5. your mobile device ID (identification number) of which the Octopus Mobile App is installed thereon.
    We may not so use your Data unless we have received your consent. You may provide us with your objection to use your personal data through such channels as we may announce from time to time at no cost to you.
  2. Only with your consent as aforesaid, we will use your Data in providing you with carefully selected direct marketing materials in relation to our products and services (including use of Octopus at our Service Providers and use of Octopus Wallet Services at our Authorised Partners). We may need to carry out internal operational procedures to enable us:
    1. to better understand your characteristics and to provide other services better tailored to your needs (such as offering special promotions to you);
    2. to assist us in selecting products and services that are likely to be of interest to you; and
    3. to arrange marketing offers and benefits.

DISCLOSURE OF PERSONAL DATA

  1. All Personal Data will be kept confidential by us but in accordance with the Conditions, we may, for the purpose(s) set out in paragraph 6 above, transfer or disclose such Personal Data to the following parties within Hong Kong (except that the parties set out in paragraphs 9(a), (b),(c),(d),(e) and owners or service providers of Client Funds Company in 9(g) below may be located outside Hong Kong):
    1. issuers of Bank Co-Brand Octopus (as defined in the Conditions) and participating banks and financial services companies for Automatic Add Value Service which owe a duty of confidentiality to us and with which you have selected to register;
    2. Card Association, Card Association Merchant and/or their respective agents or contractors in relation to Octopus Wallet Payment Card;
    3. Third party Operator(s) under duty of confidentiality to us;
    4. Authorised Mobile Payment Service Provider under a duty of confidentiality to us;
    5. our agents or contractors under a duty of confidentiality to us who provide administrative, telecommunications, computer, anti-money laundering and counter terrorist financing intelligence, payment, data processing or other services to us in connection with the operation of our business (such as professional advisors, call centre service providers, debt collection agencies (in the event you owe us any money), courier, gift redemption centres or data entry companies);
    6. our subsidiaries and/or our affiliates which owe a duty of confidentiality to us;
    7. Client Funds Company, its owners and its third party service provider involved in (i) ensuring that Card Funds are handled in accordance with these Conditions of Issue and PSSVFO, and (ii) managing Card Funds in case of our insolvency;
    8. Friend(s) as selected by you; and
    9. any law enforcement agencies and/or regulatory bodies for compliance with applicable laws, rules, regulations, codes and/or guidelines and/or any person or entity to whom we, our subsidiaries, and/or our affiliates are under a binding obligation to satisfy a legally enforceable demand for disclosure under the requirements of any law, rule, regulation, code and/or guideline and/or order of any competent court of law, law enforcement agencies and/or regulatory bodies, but such disclosure will only be made under proper authority.
  2. For the avoidance of doubt, we will not transfer or disclose your personal data to any third party including our subsidiaries and/or our affiliates for use by such third party in direct marketing unless we have received your consent.

ACCURACY AND RETENTION OF PERSONAL DATA

  1. Personal data collected and maintained by the Company shall be as accurate, complete, and up-to-date as is necessary for the purpose for which it is to be used.
  2. Personal data will not be kept longer than necessary for the fulfilment of the purpose for which the personal data is collected or used. Personal data that is no longer required would be erased unless such erasure of personal data is prohibited under any law or it is in the public interest for the data not be erased. Should there be a need to retain the personal data for statistical purposes, such data would be anonymized so that the individuals concerned could no longer be identified.
  3. We will destruct/destroy records containing personal data as and when necessary and in accordance with the Company’s policies and procedures. Destruction of paper records would be carried out by irreversible means and electronic records would be cleared or destroyed from storage media before disposal by means of sanitization or physical destruction.

SECURITY OF PERSONAL DATA

  1. We treat security as our top priority. We will strive to ensure that Personal Data will be protected against unauthorized or accidental access, processing or erasure. In doing so, we have implemented appropriate physical, electronic and managerial measures and controls to safeguard and secure the Personal Data.
  2. Our web servers are protected by appropriate firewalls which will be kept up-to-date. However, as the security of ordinary email cannot be guaranteed, you should not send to us any email containing any Personal Data.
  3. We will not keep Personal Data longer than is necessary for the fulfillment of the purposes (including any directly related purpose) for which they are, or are to be, used. We will purge unnecessary Personal Data from our system in accordance with our internal procedures.

ACCESS AND CORRECTION OF PERSONAL DATA

  1. You have the right to ask us if we hold any Personal Data about you and if so, to request a copy of some or all of your Personal Data. If you would like to make such a request, please submit the "Data Access Request Form" (the prescribed form (form:OPS003) can be downloaded from the following link http://www.pcpd.org.hk/english/publications/files/Dforme.pdf or obtained by fax through our Interactive Voice Response System on 2266-2222), along with appropriate proof of identity (a copy of the applicant's Hong Kong Identity Card or Passport) to our Data Protection Officer at the address below. We may charge you a fee at a level permitted by the Ordinance for this service.
  2. You have the right to request us not to use your Data for direct marketing purposes as described in paragraphs 7 and 8, in which case we will cease to do so at no cost to you. If at any time you do not want to receive direct marketing materials from us through specific channel(s) or all channels in the future, or if you want us to cease using any of your Data in direct marketing, you may contact us through such channel(s) as we may announce from time to time.
  3. You also have the right to ask us to correct your Personal Data which you consider as inaccurate by writing to our Data Protection Officer at the address below.
  4. We will allow your data access request or correction request unless we consider that there is a sound reason under the Ordinance or other relevant law to reject the request.
  5. The address of our Data Protection Officer is 46/F., Manhattan Place, 23 Wang Tai Road, Kowloon Bay, Kowloon, Hong Kong. Our Data Protection Officer’s email address is dpo@octopus.com.hk

LINKS TO OTHER WEBSITES

  1. Our website may, from time to time, contain links to other websites. This Privacy Policy Statement only applies to this website so when you link to other websites you should read their own privacy policies.

CHANGE OF OUR PRIVACY POLICY

  1. We keep our privacy policy under regular review and we will place any update on this webpage. Any change, update or modification will be effective immediately upon posting on this webpage. This Privacy Policy Statement was last updated on 20 March 2023.

INTERNAL PRACTICES

  1. Our Data Protection Officer is responsible for monitoring and supervising compliance with the Ordinance within the Company. We maintain the following measures to ensure compliance with the Ordinance:
    1. log books are kept to record all refusal of data access and correction requests and the reasons for their refusal;
    2. a “Personal Information Collection Statement” is included as far as practicable in the application forms for services provided by the Company;
    3. internal privacy policies, guidelines and manuals are provided for use by staff of the Company. Such polices, guidelines and manuals will be reviewed and revised in a timely manner to meet up-to-date privacy protection developments and standards.

ENGLISH VERSION

  1. If there is any inconsistency or conflict between the English and Chinese versions, the English version shall prevail.

CONDITIONS

  1. Nothing in this Privacy Policy Statement shall affect the rights and obligations of the Company under the Conditions.
 

八達通卡有限公司
私隱政策

English Version

總覽

  1. 八達通卡有限公司,即八達通、儲值支付工具八達通銀包服務的發行商及各手機應用程式的發行商,尊重客戶的私隱及明白到瀏覽其網站的訪客的私隱的重要性。八達通卡有限公司(「本公司」或「我們」)會收集及儲存這些資料以便向客戶更有效地提供服務。本私隱政策聲明是為使閣下更了解我們收集的個人資料的類型及處理個人資料的方法而制訂。

定義及釋義

  1. 在本私隱的政策聲明中,除文另有所指外,否則:
    “申請表” 即八達通;八達通銀包服務;自動增值服務及/或服務供應商/認可夥伴申請表;
    “認可流動支付服務供應商”指一間提供流動支付服務並獲 本公司認可提供Smart Octopus 的公司;
    “認可夥伴” 指獲本公司認可就閣下八達通銀包提供服務的銀行或金融服務公司或快速支付系統參與者或企業;
    “自動增值服務” 指在八達通的儲值金額達到本公司不時釐定的若干最低款額時, 本公司或代表本公司的服務供應商將會在八達通上增加某個金額的儲值金額的服務(該增值金額將由本公司不時釐定);
    “認可增值服務供應商”指獲本公司認可,以現金或其他代價為閣下八達通提供增值的服務供應商、銀行或金融服務公司;
    “卡內資金” 指工具按金及儲值金額;
    “發卡組織”指支付組織可授權銀行、金融服務公司或 企業為其品牌發卡;
    “發卡組織商戶”指該指定商戶接受客戶以相關發卡組織之授權會員發行之支付產品或服務,以繳付該指定商戶所 提供的產品及服務;
    “客戶款項公司” 指八達通卡客戶款項有限公司,該公司的組織章程規定,其職能乃根據八達通發卡條款及《支付系統及儲值支付工具條例》持有和處理卡內資金;
    “條款” 即本公司所公佈及不時修訂之「八達通發卡條款」及「八達通自動增值協議」。
    “經轉換的八達通 ”指可被轉換為Smart Octopus 的特定八達通,一經轉換,該八達通不可重新啟動。轉換後,在 該八達通 內儲存的工具按金(如適用)及儲值金額(如 有)會被轉存入閣下的Smart Octopus的工具按金及儲值金額(如有);
    “快速支付系統”或(“FPS”)指由香港金融管理局推出並由香港銀行同業結算有限公司所運作的金融系統,方便快速支付系統參與者提供付款服務及其他相關服務;
    “快速支付系統參與者”指快速支付系統的參與者,該參與者可為銀行或其他金融機構或根據《支付系統及儲值支付工具條例》獲授予儲值支付工具牌照的持牌人,又或經香港銀行同業結算有限公司認可的企業;
    “儲值金額” 指 (1) 八達通 (不包括工具按金) 及 (2) 閣下八達通銀包內的剩餘儲值;
    “朋友” 指與閣下的八達通銀包已連結以進行 P2P 付款的另一名八達通銀包持有人;
    “持有人” 即當時持有「八達通」之人士;但屬個人八達通,即個人八達通內所記錄之登記持有人。
    “香港”指中華人民共和國香港特別行政區;
    “流動裝置”指任何合資格的流動或可穿戴式技術裝置或本公司不時公佈的任何其他裝置;
    “流動網絡營運商”指獲本公司認可提供八達通的香港流動通訊服務公司;
    八達通指本公司所提供在條款所述之實體或非實體形式的儲值支付工具卡及產品;
    “八達通手機應用程式”指由本公司就八達通服務及/或八達通銀包服務開發及營運的手機應用程式;
    “八達通銀包” 指由 八達通銀包持有人就八達通銀包服務所申請及經本公司批准的網絡形式儲值支付賬戶;
    “八達通銀包持有人” 指持有八達通銀包的人士;
    “八達通銀包服務” 指條款所訂明的網絡儲值支付服務;
    「八達通銀包付款卡」指條款所訂明之就八達通銀包服務向閣下發出相關發卡組織品牌以網絡形式運作的卡或產品;
    “八達通收費系統” 即由本公司維持及運作之收費系統;
    “條例” 即香港特別行政區法例第 486 章《個人資料(私隱) 條例》;
    “個人資料” 指本公司於申請表中持有之任何關乎持有人;八達通銀包持有人;自動增值服務用戶及/或與非個人的服務供應商/認可夥伴服務申請人有關的人士,包括該客戶或申請人的實益擁有人和管理人員,或者在信託的情況下,包括信托的受託人、委託人、保護人和受益人之資料,該資料應包括(a) 本公司八達通讀寫器及/或從其他渠道取得閣下在使用八達通時的交易資料,及(b) 八達通銀包服務運作及/或從其他渠道取得閣下在使用八達通銀包時的交易資料,而此等交易資料記錄根據該條例第2(1) 條的定義,構成「個人資料」;
    “P2P 付款” 指一個八達通銀包向另一個八達通銀包 (包括其朋友的八達通銀包)作出的個人對個人付款;
    “服務供應商” 指會在持有人出示其的八達通時提供服務,並經本公司批准的任何交通營運商、零售商(包括但不限於:超級市場、便利店、食肆及快餐店、食品店、其他消費品商店如藥物及化妝品店、書店、報攤、文具及禮品店、配飾店、商場、服裝店、電訊公司)、娛樂/康樂/運動設施供應商、教育機構、政府相關業務實體、建築物門禁系統服務供應商、自助服務(例如自動售賣機/自助服務站/照相亭/電話亭) 、網上付款及/或流動支付平台供應商、網上及/或流動支付服務供應商或其他經本公司批准在持有人出示其的八達通時提供服務者。有關服務供應商須清楚展示八達通標誌;
    “工具按金” 具有八達通發卡條款賦予的涵義;
    “第三方營運者” 指一間在香港或任何地方的實體,與本公司訂立正式商業關係, 藉以向閣下提供跨境八達通以及某些其他功能(如有)。第三方營運者並不包括本公司與其合作提供銀行聯營八達通的任何銀行或金融服務公司或本公司與其合作提供八達通流動電話卡的任何流動網絡營運商或本公司與其合作提供Smart Octopus的任何認可流動支付服務供應商。

本公司政策

  1. 我們承諾會全面遵守條例規定,並且在可能情況下超越國際認可的個人資料保障水平。為履行此承諾,我們會確保:
    1. 以合法和公平的方法收集足夠但不超乎適度的個人資料,而該等個人資料是為了與本公司職能或活動直接有關的合法目的而收集;
    2. 採取所有合理切實可行的步驟,以確保所收集或保留的個人資料,就其用途而言,均屬準確無誤;
    3. 在有合理理由相信供作有關用途的個人資料並不準確時,確保該等資料不被使用;
    4. 刪除無須再供作有關用途的個人資料;
    5. 個人資料只供作有關資料收集時擬作的用途,除非閣下已明確表示同意閣下的個人資料可改作其他用途,又或此等用途是香港特別行政區(“香港”)的法例或法律所容許或要求的,則當別論;
    6. 採取所有合理切實可行的步驟,以確保個人資料受到保障,不會在未經許可或意外的情況下被查閱、處理、刪除或作其他用途;
    7. 採取所有切實可行的步驟,以確保閣下可獲悉我們所持有的個人資料的種類,以及該等個人資料的主要用途;以及
    8. 准許閣下查閱及要求改正你的個人資料,並按照法律容許或規定的方式來處理該等查閱或改正資料的要求。我們可為依從閣下查閱要求而向閣下收取條例容許的收費。

運作聲明
所收集及持有的個人資料類別

  1. 以營運本公司的的業務(包括有關網上服務)為目的,本公司或會從閣下收集及保存某部份或所有,包括但不限於下列所述(根據閣下所選擇的產品或服務)任何或全部的個人資料,為使本公司向閣下提供八達通、八達通銀包服務或其他相關服務:
    1. 閣下的姓名;
    2. 閣下的性別;
    3. 閣下的照片;
    4. 閣下的銀行/信用卡戶口資料;
    5. 閣下挑選的通訊語言;
    6. 聯絡詳情,包括聯絡人姓名、電話號碼、電郵地址、居住地址或永久地址;
    7. 用以核對身份資料,包括身份證明文件類別、身份證明文件號碼與及身份和地址證明;
    8. 閣下的年齡及出生日期;
    9. 閣下的國籍;
    10. 閣下的八達通的號碼及/或八達通銀包號碼(僅在能從閣下的八達通的號碼及/或八達通銀包直接或間接地確定閣下的個人身份的情況下適用);
    11. 閣下的八達通的使用資料(僅在能從閣下的八達通的使用資料直接或間接地 確定閣下的個人身份的情況下適用);
    12. 閣下已安裝的八達通手機應用程式的流動裝置識別編號;
    13. 閣下的車牌號碼(當閣下選擇八達通Easy Park自動付款服務)(僅在能從使用閣下的車牌號碼直接或間接地確定閣下的個人身份的情況下適用);及
    14. 閣下的流動裝置所提供的位置資料以尋找附近之服務供應商。
  2. 我們會於網站及/ 或應用程式使用cookies 、 pixels 和類似技術(統稱「cookies」)。請參閱我們的Cookie 政策。

持有個人資料的目的

  1. 我們所保存的個人資料可作下列用途(視情況而定):
    1. 處理不時向閣下提供之服務的申請;
    2. 根據第7條向閣下提供通知訊息及提供直接促銷推廣資料;
    3. 根據法例、規例、守則或指引,進行所需的客戶盡職審查;
    4. 八達通收費系統及/或八達通銀包服務及卡內資金的管理、運作及保養,包括審計及根據條款行使本公司與閣下的權利;
    5. 收取自動增值服務賬戶持有人及/或八達通持有人(八達通自動增值協議條款釋義所界定)所欠款項,不論是否從自動增值服務賬戶(八達通自動增值協議條款釋義所界定)收取;
    6. 進行任何有關自動增值服務賬戶持有人及/或八達通持有人的資料及紀錄的核實工作;
    7. 為本公司、其附屬公司及聯屬公司(即本公司的直接控股公司及其附屬公司) 設計新服務或改善現有服務;
    8. 本公司與閣下進行通訊;
    9. 調查投訴、備受懷疑的可疑交易及研究服務改善措施;
    10. 防止及偵測罪行;及
    11. 根據法例、規則、規例、守則或指引作出披露。

使用個人資料作直接促銷推廣

  1. 本公司希望使用閣下以下個人資料,透過短訊(SMS)、八達通手機應用程式推播通知及/或電郵,向閣下不時傳送有關我們的產品或服務(包括於服務供應商使用八達通及於認可夥伴使用八達通銀包服務)的最新推廣優惠及資訊:
    1. 姓名;
    2. 電郵地址 (以傳送電郵)
    3. 聯絡電話號碼 (以傳送短訊(SMS))
    4. 八達通銀包號碼及/或八達通號碼,視乎情況;及/或
    5. 已安裝八達通手機應用程式的流動裝置識別編號。
    除非獲得閣下同意,否則本公司不會就此使用閣下的資料。閣下可於我們不時公佈的渠道表示拒絕本公司在直接促銷推廣上使用閣下的資料並毋須承擔任何費用。
  2. 本公司只會如前述獲得閣下同意後,使用閣下的資料向閣下提供有關我們的產品或服務(包括於服務供應商使用八達通及於認可夥伴使用八達通銀包服務)的直接促銷推廣資料。本公司或會執行內部運作程序以確保本公司能夠:
    1. 加深了解閣下的特點,以向閣下提供其他更適切的服務(如特別推廣活動);
    2. 協助本公司挑選閣下應感興趣的產品及服務;
    3. 安排推廣優惠及獎賞。

個人資料的披露

  1. 所有個人資料將予以保密,然而根據條款,基於第 6 條列出的目的,本公司可於香港境內 將有關資料轉移或披露予下述各方(第 9(a)、(b) (c)、(d)、(e)列出的有關方或9(g)中列出的客戶資金公司的擁有人或服務供應商可能位於香港境外):
    1. 閣下已經選擇登記並對本公司有保密責任的銀行聯營八達通(條款釋義所界定)發行商與參予自動增值服務的銀行及金融服務公司;
    2. 八達通銀包付款卡相關的發卡組織、發卡組織商戶及/或其相關的代理人或承辦商;
    3. 對本公司有保密責任的第三方營運者;
    4. 與本公司有保密責任的認可流動支付服務供應商;
    5. 對本公司有保密責任的本公司代理人或向本公司提供與本公司業務運作有關的行政、電訊、電腦、打擊洗錢及恐佈份子籌資情報、付款、數據處理或其他服務的代理人或承辦商(例如專業顧問、電話中心服務供應商、追討欠債公司(當閣下拖欠下本公司款項)、速遞公司、禮品換領中心或資料輸入公司);
    6. 對本公司有保密責任的本公司之附屬公司及/或聯屬公司;
    7. 參與(i) 確保根據條款及《支付系統及儲值支付工具條例》處理卡內資金及(ii) 在本公司於清盤時管理卡內資金的客戶資金公司、其擁有人及其第三方服務供應商;
    8. 閣下指定的朋友;及
    9. 本公司、其附屬公司及 / 或聯屬公司,根據任何法例、規則、規例、守則及 / 或指引規定及 / 或履行任何具管轄權力的法院、執法機關及/ 或監管機構所發出的命令、按照適用之法例、規則、規例、守則及 / 或指引,有具約束力責任履行在法律上可強制執行向任何執法機關及 / 或監管機構作出披露的要求,但此類披露須有適當授權方可作出。
  2. 為免存疑,除非獲得閣下同意,本公司將不會向第三方,包括本公司的附屬公司及 / 或聯屬公司,轉移或披露閣下的資料以作第三方的直接促銷推廣用途。

個人資料的準確性及保存

  1. 本公司收集及保存的個人資料為準確、完整、最新及對該目的是必須的。
  2. 個人資料的保留時間不會超過達致原來目的實際所需。除非刪除是受任何法律禁止或不合乎公共利益,否則本公司會刪除已不再為使用目的而需要的個人資料。如資料需要保存作統計用途,該等資料將會被匿名化,其個人身份不會被辨識。
  3. 有需要時,我們會按本公司政策及程序銷毀包含個人資料之紀錄。紙張紀錄將會以不可復原之方法銷毀,電子紀錄將會於該儲存媒體被處理掉前清除及銷毀。\

個人資料的保安

  1. 本公司以安全為首要事情。我們致力確保閣下的個人資料受安全保護,不會在未經授權或意外情況下被他人取得、處理或清除。為致力保障資料安全,我們在設施、電子系統及管理方面實施適當措施,以保障閣下的個人資料安全。
  2. 本公司網站的伺服器設有合適而保持更新的「防火牆」作保護。由於無法保證普通電郵的安全性,閣下不應向本公司傳送任何具有閣下個人資料的電郵。
  3. 我們不會保留客戶的個人資料超過用以貫徹資料被使用的目的(包括任何直接有關的目的) 所必需的時間。我們會依照內部程序清除系統現存的不必要的個人資料。

查閱及改正個人資料

  1. 閣下有權向我們作出查詢是否持有閣下的個人資料,如有的話,可向我們要求提供閣下全部或部份個人資料的複本。如閣下希望作出上述要求,請把「查閱資料要求表格 」 ( 有關指定的表格 (表格 :OPS003) 可從以下的連結下載 http://www.pcpd.org.hk/chinese/publications/files/Dformc.pdf 或致電2266-2266 透過互動話音回應系統以圖文傳真索取) 連同相關的身份證明文件(申請人的身份證或護照副本)遞交至下述地址給我們的保障資料主任。我們在提供這項服務時,可能向閣下收取條例所容許水平的費用。
  2. 按第7及8條所述,閣下有權要求我們不要使用閣下的個人資料作直接促銷推廣並毋須承擔任何費用。若將來任何時間閣下不再希望收到本公司透過指定或所有途徑所發出的直接促銷推廣資料,或若閣下希望本公司停止使用閣下的資料作直接促銷用途,閣下可透過本公司不時公佈的途徑聯絡我們。
  3. 閣下亦有權要求我們改正閣下認為不準確的個人資料,有關要求請以書面提出並交往下述地址予我們的保障資料主任。
  4. 我們將接受閣下的資料查閱或改正的要求,除非我們認為根據條例或其他相關法律有合理理由拒絕有關的要求。
  5. 我們的保障資料主任的地址為香港九龍九龍灣宏泰道 23號 Manhattan Place 46 樓。電郵地址是dpo@octopus.com.hk

其他網站的連結

  1. 我們的網站可能不時載有其他網站的連結。本私隱政策祇適用於本網站,如閣下透過該等連結瀏覽其他網站,閣下應閱讀該等網站本身的私隱政策。

私隱政策的更改

  1. 我們將定期檢討本私隱政策並不時更新本網頁。任何對本私隱政策聲明的更改、更新或修訂會在登載於本網站後即時生效。本私隱政策最後於 2023 年 3 月 20 日更新。

內部制度

  1. 我們的保障資料主任負責監察及監管本公司各人員依從條例的規定。為確保 各人員依從條例所載規定,我們備有:
    1. 保障資料記錄簿,記錄所有被拒絕的查閱資料及改正資料要求以及拒絕的理由;
    2. 盡量在本公司所提供各項的申請表格內,載列「收集個人資料聲明」;
    3. 內部私隱政策、指引及手冊供本公司各人員使用,這些私隱政策、指引及手冊將適時檢討及修訂,以符合最新保障私隱的發展及標準。

英文版本

  1. 若中、英文版本有歧異之處,應以英文版本為準。

條款

  1. 本私隱政策聲明不會影響本公司於發卡條款下的權利及義務。