- Brilliant Guard pledges to meet the recognized standards of personal data privacy protection, in complying with the requirements of the Personal Data (Privacy) Ordinance (the “Ordinance”). In doing so, Brilliant Guard also pledges to take reasonably
practicable steps to ensure its agents comply with the standards of security and confidentiality required by the law.
- The following is the standard of security and confidentiality adopted by Brilliant Guard in its service contract with its clients:
- Security measures – Brilliant Guard must at all times employ reasonable organisational, operational and technological processes and procedures to keep the Personal Data safe from any unauthorised, accidental or unlawful use, access, alteration,
loss, destruction, erasure, theft or disclosure.
- The organisational, operational and technological processes and procedures adopted by the Brilliant Guard must at all times comply with: (a) the requirements under the Ordinance; (b) the relevant guidelines and best practices recommended by the
Office of the Privacy Commissioner from time to time.
- Restricting access by employees – Brilliant Guard should ensure that: (a) only those employees required to carry out the services under the service agreement with Brilliant Guard and the Client may have access to the Personal Data; and (b) such
employees: (i) are only provided with as much Personal Data as they need to perform the services under the service agreement with the Client; (ii) are informed of the confidential nature of the Personal Data; (iii) have undergone adequate
training with respect to data protection procedures and policies; and (iv) agree to comply with the obligations set out in this document.
- Restricting use of Personal Data – Brilliant Guard must: (a) only use the Personal Data for the purpose(s) set out in the service agreement with the Client; (b) process the Personal Data in accordance with the instructions of Brilliant Guard or
the Client; and (c) process the Personal Data only to the extent, and in such manner, as is necessary for the proper provision of the services set out in the service agreement with the Client.
- Transfer or disclosure of Personal Data – Brilliant Guard must not disclose or transfer any of the Personal Data to a third party, except with the express consent of the Client or where required by law. Brilliant Guard must not publish, disclose,
divulge or transfer any of the Personal Data to any third party (whether within or outside Hong Kong) without the prior written consent of the Client.
- Deletion or retention of data – Brilliant Guard must destroy all Personal Data promptly: (a) When it is no longer needed for it to perform the services for which it was retained; or (b) at the instruction of the Client. In complying with the clause
above, Brilliant Guard must ensure that all electronic copies of the Personal Data are removed from its systems by either destruction of the storage device or using appropriate electronic deletion software
- Notification of data security breach – Where there has been any unauthorised, accidental or unlawful use, access, alteration, loss, destruction, erasure, theft or disclosure of the Personal Data (“Security Breach”), Brilliant Guard must report
this to the Client as soon as it becomes aware of the incident of: (a) the Personal Data involved; (b) how the incident occurred; (c) those who were involved; and (d) anticipated impact. Brilliant Guard must provide any assistance as required
by the Client to rectify such Security Breach.
Scroll To Top