Fundamental Principles Data Privacy Law is based on six fundamental principles. We will strictly follow these principles. The principles are summarized below. The full text of the principles may be obtained from Mr. Danny Tse, who is Emigra's Data Manager until further notice. * Principle 1 - Purpose and Manner of Collection of Personal Data (1) Personal data shall not be collected unless the data are collected for a lawful purpose directly related to a function or activity of Emigra and the collection of the data is necessary for or directly related to that purpose. (2) Personal data shall be collected by means which are lawful and fair. (3) Where the person from whom personal data are to be collected is the data subject, all practicable steps shall be taken to ensure that - (a) he is informed, on or before collecting the data, of - (i) whether it is obligatory or voluntary for him to supply the data; and (ii) where it is obligatory for him to supply the data, the consequences for him if he fails to supply the data; and (b) he is informed - (i) on or before collecting the data, of - (A) the purpose for which the data are to be used; and (B) the classes of personnel to whom the data may be transferred; and (ii) on or before first use of the data for the purpose for which they were collected, of his rights to request access to and to request the correction of the data from the Data Manager. Any incorrect data will be amended within 40 days of receipt of a request. * Principle 2 - Accuracy and Duration of Retention of Personal Data (1) All practicable steps shall be taken to ensure that - (a) personal data are accurate. (b) where there are reasonable grounds for believing that personal data are inaccurate - (i) the data are not used for that purpose unless and until those grounds cease to be applicable to the data; or (ii) the data are erased. (c) any third party who receives inaccurate data is informed that it is inaccurate and that person is provided with correct data. (2) Personal data shall not be kept longer than is necessary for the fulfillment of the purpose (including any directly related purpose) for which the data are to be used. * Principle 3 - Use of Personal Data Personal data shall not, without the consent of the data subject, be used for any purpose other than - (a) the purpose for which the data were to be used at the time of the collection of the data; or (b) a purpose directly related to the purpose referred to in paragraph (a). * Principle 4 - Security of Personal Data All practicable steps shall be taken to ensure that personal data held by Emigra are protected against unauthorized or accidental access, processing, erasure or other use. * Principle 5 - Information to be Generally Available All practicable steps shall be taken to ensure that a person can - (a) ascertain Emigra's policies and practices in relation to personal data. (b) be informed of the kind of personal data held by Emigra. (c) be informed of the main purposes for which personal data held by Emigra are to be used. * Principle 6 - Access to Personal Data A data subject shall be entitled to - (a) ascertain whether Emigra holds personal data on him. (b) request access to personal data - (i) within a reasonable time. (ii) at a fee, if any, that is not excessive. (iii) in a reasonable manner; and (iv) in a form that is intelligible. (c) be given reasons if a request referred to in paragraph (b) is refused. (d) object to a refusal referred to in paragraph (c). (e) request the correction of personal data. (f) be given reasons if a request referred to in paragraph (e) is refused; and (g) object to a refusal referred to in paragraph (f). We shall comply with a data access request not later than 40 days after receiving the request. If Emigra is unable to comply with the request we will inform the requester no later than 40 days of receipt of the request. Exempt Data The following categories of information are exempt from Principle 6 (access to personal data) and need not be supplied to the data subject: 1. Personal data relevant to staff planning proposals to fill any series of positions of employment or cease any group of individuals' employment with Emigra. This exemption only applies to proposals which relate to more than one employee. A proposal involving only one employee may fall under the exemption relating to the evaluation of personnel. 2. Personal references given by an individual other than in the ordinary course of his occupation and relevant to another individuals suitability or otherwise to fill a position of employment or office with Emigra. 3. Personal data held by or on behalf of the Government for the purposes of security, defence or international relations. 4. Personal data held for the purposes of prevention or detection of crime; the apprehension, prosecution or detection of offenders, or the assessment or collection of any tax or duty. Some of this data may also be exempt from Principle 3. 5. Personal data which could be subject of a claim to legal professional privilege. Recording of Data We will keep a log book which sets out: 1. Details of why an application for access to data was refused. 2. Particulars of the prejudice caused if a view is taken that the data fell into an exempt class; and 3. Why Emigra did not comply with an obligation to correct data. Matching Procedures We will not carry out matching procedures. A matching procedure is any procedure whereby personal data collected for one or more purposes in relation to 10 or more data subjects is mechanically compared with data collected for another purpose where the comparison is for the purpose of producing or verifying data which may be used for the purpose of taking action that may adversely affect any of the data subject's rights, benefits, privileges or obligations. Transfer of Data We will not transfer data outside of the jurisdiction in which it was collected unless: 1. It is to a place where Data Privacy Law prevails. 2. We have reasonable grounds for believing that there exist laws which accord with Data Privacy Law. 3. The data subject has agreed to the transfer; or 4. Emigra has reasonable grounds for believing that the transfer is for the benefit of the data subject; it was not practicable to obtain the written consent of the data subject but if it were practicable to obtain such consent the data user would give it. Please contact Mr. Danny Tse if you have any questions regarding this policy. Danny may be contacted at +852 2783 7183, fax +852 2359 7542 or data@emigra.com Emigra Group Use of Data Statement International data privacy law ("Data Privacy Law") is designed to protect the privacy of individuals by regulating the manner in which data can be collected, stored or used. As an existing or prospective client of any Emigra Group company ("Emigra") you will or might already have supplied us with information relating to yourself. This information would have included your name, address, financial information, passport details, national identification number, your employment details and perhaps similar information relating to your employer, immigration sponsor, spouse or other family members. It may be necessary for you to supply additional or updated information to us in future. The data is used for the purpose of: Informing you about the services we offer The daily operation of the services provided to you by Emigra. Designing package services or related products for your use. Marketing services and related products. Meeting the requirements applicable to Emigra to make disclosure under any legal, regulatory or governmental obligation or requirement applying to Emigra or pursuant to the request of any legal, governmental or regulatory body authority. Forming part of the records of Emigra. Purposes relating thereto. This might also involve sending to you, on occasion, informational materials. Of course if you do not wish to receive such materials we shall stop sending you such information immediately upon notification by you accordingly. Data held by Emigra may be provided to: Any of the Emigra Group companies. Any Government agency but only so far as being for or on behalf of you or otherwise at your behest. Any person having a duty of confidentiality to Emigra. Any entity which acts as your attorney. Emigra does not share any client data with third parties except to the extent needed to provide immigration services as directed. However data may, from time to time, be shared with subcontractors and government entities but only in so far as to provide the immigration services requested. Under no circumstances does Emigra provide personal information to third parties for direct marketing purposes. Client data is stored only on secure Emigra servers and never downloaded to laptops. Occasionally, however, client data is stored on removable media but only for the sole purpose of backups under the direct supervision of our Director of Information Technology and at al times protected with industry standard security codes. Under no circumstances is client data taken off site for operational or service delivery purposes. You are entitled to request details of the data we hold on you. This will be provided upon payment of a reasonable administrative fee. You may also inform us if you wish us to amend any inaccurate data. We shall carry out such amendments within 40 days of receipt of your request. Emigra will not be liable for any loss or damages which may result from the provision of any incorrect or misleading information provided by you. All material changes to this policy shall be posted conspicuously on our website www.emigra.com for the benefit of non clients of Emigra or shall be notified individually, by email, if a confirmed paying client of Emigra. Updated December 10, 2007 |