Introduction

Bisdev Solutions (HK) Limited (“Bisdev Solutions“ or “the Company“), incorporated under the laws of Hong Kong with its principal place of business located at Room 701, 7/F, Lucky Centre, 165-171 Wanchai Road, Wan Chai, Hong Kong and registered with the number 3140239, is dedicated to the highest standards of privacy and data protection compliance. Our commitment extends to the meticulous handling of personal information across our diverse service offerings.

The scope of this privacy policy is to:
  • Detail the manner in which Bisdev Solutions amasses, manages, and utilizes personal data in the provision of its specialized IT services, ensuring adherence to the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) and other pertinent data protection regulations.
  • Present an illustrative outline of the rights afforded to individuals concerning their personal data and the practices of Bisdev Solutions in safeguarding these rights.
  • Elucidate the categories of personal data processed, the rationale for its processing, the conditions under which it may be disclosed to third parties, and the deployment of cookies on our digital platforms.

In the context of this policy:
  • “Personal data“ pertains to any information capable of identifying an individual, which may encompass, but is not limited to, names, contact details, identification numbers, birth dates, professional roles, and familial circumstances.
  • “Processing“ encapsulates all actions performed on personal data, from its collection to its secure storage and safeguarding.
  • The terms “Website“ or “Platform“ refer explicitly to the online domain operated by Bisdev Solutions, accessible via [https://bisdevsolutions.com/].


Data Protection Framework

At Bisdev Solutions (HK) Limited, we are resolute in our commitment to the principles of data protection, which we observe with the utmost rigour and discipline. Recognizing the critical nature of privacy in our operations, we adhere to a robust set of standards to govern the handling of personal data:
  • Adherenceto Legal Standards: We ensure all personal data is processed in strict compliance with relevant data protection legislation, upholding the principles of legality, fairness, and transparency.
  • Limitation of Purpose: Data is collected with clear and lawful objectives, and is not further processed in a manner incompatible with those purposes.
  • Data Economy: We employ a conservative approach to personal data collection, limiting it to what is absolutely necessary in the context of our operations.
  • Accuracy Maintenance: Continual efforts are made to keep personal data accurate, complete, and up-to-date, reflective of its importance to our activities.
  • Temporal Proportionality: We retain personal data only for the period necessary to fulfill the purposes for which it is processed.
  • Security Assurance: Personal data is protected against unauthorized or unlawful processing, accidental loss, destruction, or damage by implementing suitable technical and organizational measures.
  • International Data Transfer Compliance: Any international transfer of personal data is conducted with due observance of statutory protections and corporate policies to safeguard the data.
  • Empowerment of Data Subjects: The rights of data subjects are paramount, and we provide mechanisms for their exercise, including the right to access, rectify, erase, or restrict processing of their personal data.
  • Corporate Accountability: Responsibility for data protection is embedded at every level of our organization, ensuring ongoing compliance with our data protection obligations.
  • Transparency in Processing: We maintain an open dialogue with data subjects regarding the processing of their data, offering clarity and visibility into our data handling practices.
  • Proactive Risk Management: Regular data protection impact assessments are conducted to preemptively identify and mitigate risks to personal data integrity.
  • Ethical Data Management: Beyond legal compliance, we adhere to ethical standards that respect the privacy and autonomy of individuals whose data we handle.

These principles form the foundation of our data protection strategy, guaranteeing that our commitment to safeguarding personal data is unwavering and continually evolving to meet the highest standards of privacy and security.

1. Data Stewardship Authority

1.1 Within the framework of this privacy policy, Bisdev Solutions (HK) Limited functions as the Data Stewardship Authority, henceforth bearing the legal and ethical responsibility for the personal data gathered. This role bestows upon us the obligation to delineate the purposes for processing your personal data and to select the methods for such processing, in strict adherence to prevailing data protection regulations.

1.2 In our unwavering commitment to uphold data privacy, your informed consent will be solicited for the deployment of cookies during your inaugural visit to our Website, in accordance with our comprehensive cookie policy that respects your data preferences while optimizing your online experience.

1.3 Our Website is equipped with advanced user-centric privacy tools, designed to grant you control over your personal data. These tools empower you to manage your preferences related to marketing outreach, control your data's visibility, and influence the manner in which your information is utilized. To modify these preferences, please contact our Data Protection Officer at info@bisdevsolutions.com.

1.4 As the designated Data Stewardship Authority, Bisdev Solutions (HK) Limited is firmly dedicated to the conscientious management of your personal data, actively upholding the integrity and security of your information in line with industry best practices and regulatory requirements.

1.5 Our pledge to transparency encompasses informing you about any automated data processing activities we engage in, including the rationale and potential impacts of such processes on your privacy.

1.6 Reflecting our ethos of accountability, we meticulously document all data processing actions for which we are responsible and stand ready to furnish you with such records upon your request. Our objective extends beyond mere legal compliance to fostering a deep-seated trust in our stewardship of your personal data.

2. Methods of Personal Data Acquisition

2.1 Bisdev Solutions (HK) Limited acquires your personal data predominantly through the information you proffer directly to us or indirectly via third-party entities. Enumerated below are the primary channels through which we gather your personal data:

Personal data procured directly from you encompasses:
  • Instances of your engagement with our Website, whether by filling out forms for our services or through interactions necessitated by the fulfillment of our contractual commitments to you.
  • Every occasion you initiate communication with us, for a diverse array of reasons including but not limited to inquiries, feedback, or service-related issues.
Personal data assimilated from ancillary sources includes:
  • Collaborations with third parties such as business affiliates, service providers, and ancillary agents who are authorized under relevant data protection statutes to share such information.
  • The utilization of tags and similar tracking technologies on digital platforms that you operate or oversee, which adhere to acceptable privacy practices.
2.2 In addition to the aforesaid means, we may also receive personal data through:
  • Engagements and correspondences during industry events, conferences, and professional gatherings where business cards or contact details are exchanged.
  • Publicly accessible sources that provide data which assists us in maintaining the accuracy of our records and enhancing the services we render to you.
  • Subscription and registration to our newsletters, webinars, and other informational services that Bisdev Solutions (HK) Limited offers.
2.3 We underscore our commitment to processing your personal data with the utmost respect for your privacy. We only collect data that is pertinent and necessary for the services we provide and strive to ensure that such data is handled in strict accordance with our Data Stewardship Authority obligations and your express consent.

3. Personal Data Utilization, Objectives, and Lawful Justification

At Bisdev Solutions (HK) Limited, our collection and use of personal data are conducted with precision and purpose, strictly adhering to the principles of necessity and legality. The following delineates the nature of personal data we employ, the objectives guiding its use, and the legal justification for its processing:

We harness various types of personal data based on the services provided and in compliance with legal statutes. Predominantly, this includes:
  • Usage Data: This encompasses details about how you interact with our Website, such as your IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, as well as information about your visit like the full Uniform Resource Locators (URL), clickstream to, through, and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number. The purpose of processing this data lies in analyzing the operation of our Website and services, with the legal basis rooted in our legitimate interests to monitor and enhance the Website and services.
  • Content Data: Information that you provide for the purpose of subscribing to our publications, services, or submitting content on our Website is classified as content data. This may include articles, comments, or other contributions intended for publication. The processing of this data enables us to appropriately manage and administer our Website and services. The legal grounds for processing content data rest on our legitimate interests in effective website and business management, as well as performing the contracts we establish with you.
  • Inquiry and Transaction Data: When you raise inquiries or engage in transactions with us, we collect data pertinent to these interactions. Inquiry data is processed to fulfill our KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations and ensure the proper execution of payments and transactions. Transaction data encompasses all details of the transactions made, including contact details and card details. Both sets of data are vital for executing the contracts we have with you, and thus, the processing is based on the necessity of performing our contractual obligations.
  • Notification and Correspondence Data: We may process information contained in or relating to any communication that you send to us. The processing of this data is necessary for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our Website and business and communications with users.
  • Legal Claims and Insurance Data: In instances where we must exercise or defend legal claims, or when managing risks or obtaining professional advice, we process any relevant personal data. This processing is necessary for the protection and assertion of our legal rights, your legal rights, and the legal rights of others. The legal basis for this processing is our legitimate interests, particularly the protection and assertion of legal rights.

In processing personal data, Bisdev Solutions (HK) Limited commits to maintaining the highest standards of data protection and compliance with applicable laws. Our usage of personal data is guided by a framework that respects your privacy, with each category of data being treated with the specific care and purpose it necessitates.

4. Disclosure of Information to External Entities

Bisdev Solutions (HK) Limited exercises a policy of limited and judicious sharing of personal data with external parties, ensuring that such disclosures are safeguarded by stringent data protection measures and are carried out in accordance with applicable laws.

4.1 As Bisdev Solutions (HK) Limited does not possess any subsidiaries, there is no intra-company sharing of personal data for administrative purposes. All personal data remains within the purview of the company and is handled solely by Bisdev Solutions (HK) Limited, thereby eliminating the risks associated with broader data distribution.

4.2 For the effective management of risks, and to obtain professional advice or defend legal claims, we may disclose necessary data to insurance providers, legal advisors, and professional consultants. This is done under the strict condition that such disclosure is essential for the protection of our legal rights and will occur only within the bounds of legal proceedings or advisory requirements.

4.3 Our relationships with payment service providers for the facilitation of financial transactions on our Website are governed by a stringent protocol. Here, data exchange is restricted to what is necessary for processing payments, issuing refunds, and handling related inquiries or disputes. In instances where we utilize payment systems, such as Paypal, the personal data handled will be in accordance with the privacy policies and safeguards provided by the payment processors, ensuring that your information remains secure.

4.4 Should the need arise, we are prepared to disclose personal data to government and regulatory bodies or law enforcement agencies, but only to the extent required by law or to comply with our legal obligations, always maintaining the privacy and integrity of your personal information.

4.5 In our operations, we may partner with vendors, contractors, and third-party service providers to fulfill the contracts we hold with our clients. Such data sharing is conducted on a need-to-know basis, and all third parties are contractually bound to adhere to our data privacy standards, thereby ensuring the confidentiality and security of your data.

Bisdev Solutions (HK) Limited stands firmly on the principle of data protection by default and by design, maintaining the security of your personal data as our paramount concern and sharing information only when absolutely necessary and under full compliance with data protection regulations.

5. Your Data Protection Rights

At Bisdev Solutions (HK) Limited, we recognize and prioritize your rights regarding the personal data we collect and process. This section of our privacy policy is dedicated to informing you of these rights, as stipulated under applicable data protection laws.

The Right to be Informed: We are committed to ensuring that you are fully informed about the processing of your personal data. You may inquire about the specifics of the data we hold, including the categories of data processed, the purposes of processing, and the potential recipients of this data. We also provide information on the source of the data if it was not collected directly from you. You are entitled to request and obtain a copy of your personal data that we have on file, to verify the accuracy of the information we have collected. If you wish to receive additional copies, we may charge a reasonable fee based on administrative costs.

The Right to Correction (Rectification): Should you find that any personal data we hold is inaccurate or incomplete, you have the right to have it corrected. We will take all reasonable steps to update or rectify data that is found to be incorrect.

The Right to Erasure (The Right to be Forgotten): You may request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes it was collected, if you withdraw consent, or if the data has been unlawfully processed.

The Right to Restrict Processing: There are conditions under which you may request that we restrict the processing of your personal data, such as when you contest the accuracy of the data or when you have objected to processing, and we are considering your objection.

The Right to Object: You are allowed to object to the processing of your personal data on grounds relating to your particular situation, at any time, especially if the processing is based on our legitimate interests or for direct marketing purposes.

The Right to Withdraw Consent: If you have given consent to the processing of your personal data for one or more specific purposes, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

The Right to Lodge a Complaint: We take your rights seriously and encourage you to contact us if you have any concerns about how we process your personal data. If you believe that we have not addressed your concerns satisfactorily, you have the right to lodge a complaint with the appropriate data protection authority.

At Bisdev Solutions (HK) Limited, we are dedicated to upholding these rights and will respond to all requests in accordance with our policies and applicable laws. Our aim is to process all requests promptly and efficiently, respecting the trust you place in us as custodians of your personal data.

6. International Transfers of Your Personal Data

6.1 Bisdev Solutions (HK) Limited acknowledges the international dimension of our client base and the consequent necessity for the cross-border flow of personal data. Our operations are global, and while we are headquartered in Hong Kong, we provide services to clients within the European Economic Area (EEA) and beyond.

6.2 In compliance with the Personal Data (Privacy) Ordinance (Cap 486) of Hong Kong and the General Data Protection Regulation (GDPR), we affirm our commitment to the lawful and secure transfer of personal data across international borders. We ensure that all data transfers out of Hong Kong or the EEA are executed with rigorous adherence to the statutory requirements of these jurisdictions.

6.3 Should any transfer of personal data to a country outside of the EEA be required, we will do so under the protection of 'adequacy decisions', standard contractual clauses adopted by the European Commission, binding corporate rules, or other acceptable legal mechanisms that provide enforceable data subject rights and effective legal remedies for data subjects as per GDPR regulations.

6.4 Our commitment to protecting your personal data does not wane regardless of where your data is processed. We take all necessary measures to ensure that the same level of data protection is applied everywhere, including conducting thorough assessments to confirm that all external third-party service providers adhere to stringent data protection policies.

6.5 We remain transparent about our data transfer practices and will continue to monitor and adjust our strategies as needed to align with evolving legal standards and best practices in data privacy and protection, guaranteeing the safeguarding of your rights across all jurisdictions in which we operate.

7. Retention and Disposal of Personal Data

7.1 Bisdev Solutions (HK) Limited adheres to principled data management protocols, retaining personal data solely for durations that are necessitated by the purposes for which the data was collected or as mandated by law. Our retention periods are determined by a combination of operational needs and legal requirements, ensuring we hold data no longer than necessary. We have established retention policies that are consistent with the requirements of the Personal Data (Privacy) Ordinance (Cap 486) of Hong Kong, the General Data Protection Regulation (GDPR) for our clients within the EEA, and other applicable international data protection laws.

7.2 We conduct regular reviews of the data we hold, and upon the expiration of the applicable data retention period, we are committed to taking appropriate measures to either irreversibly anonymize or securely destroy the personal data in question. This ensures that your information is handled in a manner that respects your privacy and is consistent with Bisdev Solutions (HK) Limited’s data governance standards.

7.3 The secure deletion of personal data is a critical aspect of our data lifecycle management. When data is no longer required for the purposes of processing or has exceeded the statutory retention timeframe, we deploy methods of disposal that align with best practices in data security. This may involve the use of data destruction software for digital records or physical destruction for hard copies, executed in a manner that precludes data recovery and minimizes potential risks to data privacy.

7.4 Additionally, if legal proceedings or investigations are initiated that necessitate the retention of certain personal data, we will retain the relevant information until the conclusion of such matters. In such circumstances, the continued processing of this data will remain protected under the same security measures that we apply to all personal data.

7.5 In summary, Bisdev Solutions (HK) Limited’s approach to data retention and deletion is designed to ensure that we fulfill our legal obligations, safeguard our clients’ interests, and mitigate any risks associated with data retention and disposal. We remain dedicated to upholding the integrity of our data management processes, thereby reinforcing the trust placed in us by our clients.

8. Data Acquisition and Management for User Engagement

8.1 At Bisdev Solutions (HK) Limited, the acquisition of personal data from users is performed through advanced data collection methods, including the use of cookies in accordance with our clients' website policies. Such data, which encompasses website URLs where our ads are displayed, referral paths, IP addresses, geographic locales, browser specifics, and operating system details, is gathered to enhance user engagement and deliver targeted content.

8.2 Our processing of user data is specifically adapted to the services rendered to each of our clients. It is our legitimate interest to ensure that the content, particularly advertising, is relevant and tailored to users’ preferences. This process is integral to optimizing user experience, ensuring the relevance of content, and safeguarding against fraudulent activities within our advertising network.

8.3 The foundation of our data processing practices is consent — a core principle we uphold in accordance with prevailing data protection laws. This consent is secured via clear affirmative action from users through our clients, asserting our commitment to maintaining user privacy. We engage in thorough communication with our users, via our clients, about the specifics of data collection and the precise objectives behind its utilization, primarily to provide advertising that aligns with the users’ interests.

8.4 The stewardship of user data at Bisdev Solutions (HK) Limited is marked by a commitment to transparency, security, and compliance with the highest standards of data protection. We implement robust security measures to protect user data and continuously monitor our processes to ensure compliance with global data protection regulations. Our aim is to strike a balance between respecting user privacy and enabling clients to deliver significant and engaging content, thereby fostering a responsible and trust-centric advertising environment.

9. Assurance of Data Confidentiality and Security Protocols

9.1 Bisdev Solutions (HK) Limited is unwavering in its commitment to the protection of personal data. Our rigorous security infrastructure is designed to safeguard data against unauthorized access, disclosure, alteration, and destruction. We employ a multi-layered approach to security, incorporating state-of-the-art encryption and authentication mechanisms that align with international best practices and the stringent standards set by data protection laws.

9.2 Our data security strategy encompasses a series of defensive layers, including but not limited to advanced encryption techniques to secure data in transit and at rest, comprehensive access control protocols to ensure data is accessible only to authorized personnel, and ongoing security training for our staff to maintain awareness and vigilance.
  • Access Control: We enforce a strict policy wherein access to personal data is tightly regulated. Our access controls are designed to ensure that only authorized personnel who require the data to perform their job functions are granted access, and even then, such access is carefully monitored and logged for audit purposes.
  • Data Transmission Security: When personal data is transmitted across networks, we utilize secure channels that are protected by robust encryption. This minimizes the risk of interception, leakage, or unauthorized disclosure during data transfer operations.
  • Secure Data Storage: Our commitment to confidentiality extends to the secure storage of personal data. We utilize encrypted databases with state-of-the-art security features to prevent unauthorized access and ensure the resilience of our storage systems against potential breaches.
  • Network Security: We have implemented comprehensive network security measures, including firewalls, intrusion detection systems, and regular penetration testing, to detect and respond to threats proactively.
  • Continuous Monitoring: Our IT infrastructure is subject to continuous surveillance, with systems in place to promptly detect and respond to any signs of potential compromise. Regular security assessments and upgrades ensure that our defenses remain effective against evolving threats.

9.3 In maintaining the highest level of security, we acknowledge the role of the end users in safeguarding their personal data. We stress the importance of responsible password management and adherence to security advisories issued by us. Our users are urged to treat their credentials as sensitive information and to refrain from sharing them, as this could undermine the security measures we have in place.

9.4 Bisdev Solutions (HK) Limited also has in place incident response plans and protocols to deal with any potential data breaches. In the unlikely event of a security incident, we are prepared to act swiftly to mitigate any potential harm and to notify affected parties in accordance with legal obligations and best practice guidelines.

9.5 To encapsulate, our security philosophy is one of continuous improvement. We remain committed to investing in and evolving our security measures to not only comply with but exceed industry standards. We understand that the trust of our clients and their end users in our ability to protect personal data is fundamental to our operations, and we are dedicated to upholding that trust through meticulous and robust data protection and security practices.

10. Data Breach Notification Protocol

10.1 In the event of a data breach, Bisdev Solutions (HK) Limited is committed to promptly and effectively managing the situation in compliance with applicable data protection laws, including the Personal Data (Privacy) Ordinance (Cap 486) of Hong Kong and the General Data Protection Regulation (GDPR) for affected individuals within the EEA. Our data breach notification protocol is designed to assess the scope and impact of the breach, mitigate any potential harm to data subjects, and prevent further unauthorized access to personal data.

10.2 Upon detection of any data security breach, our incident response team will be activated to contain, assess, and manage the incident. Immediate steps will be taken to secure systems, identify the breach's nature and extent, and retrieve any compromised data. Our comprehensive response measures include, but are not limited to, forensic analysis, temporary suspension of related services if necessary, and coordination with cybersecurity experts.

10.3 We will notify the relevant data protection authorities without undue delay, no later than 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. When the breach is likely to result in a high risk to these rights and freedoms, we will also communicate the breach directly to the affected data subjects without undue delay, providing them with clear and specific information about the breach, its likely consequences, and the measures taken or proposed to be taken by the company.

10.4 The notification to data subjects will include guidance on protective measures to mitigate any potential adverse effects, contact details of our Data Protection Officer (DPO) or another relevant contact from whom more information can be obtained, and a description of how we intend to address the data breach, including efforts to mitigate possible adverse effects.

10.5 Bisdev Solutions (HK) Limited will document all data breaches, regardless of their nature or scale, maintaining an internal breach register and ensuring that we can account for the incidents and our responses. This documentation will enable us to provide necessary details to data protection authorities as required and will serve as a basis for reviewing and improving our data protection and breach management processes.

10.6 Our commitment to data protection extends to regular reviews and updates of our data breach response procedures, ensuring they remain effective and align with current best practices and legal requirements. We will also engage in staff training and conduct periodic audits to ensure that all team members are aware of and proficient in the breach notification protocol and associated response measures.

11. Vendor and Third-Party Data Management

11.1 Bisdev Solutions (HK) Limited recognizes the critical importance of managing and safeguarding personal data that may be shared with or handled by our vendors and third-party service providers. In recognition of our obligations under the Hong Kong Personal Data (Privacy) Ordinance (Cap 486), the GDPR, and other applicable international data protection regulations, we have instituted a stringent Vendor and Third-Party Data Management Protocol.

11.2 Our protocol mandates that all vendors and third parties engaging in the processing of personal data on our behalf enter into binding contractual agreements. These contracts unequivocally stipulate adherence to data protection principles, confidentiality obligations, and security requirements as stringent as those we abide by within our organization. They are required to demonstrate compliance with these standards through regular audits and security assessments.

11.3 We conduct meticulous due diligence before onboarding any third-party service providers to ensure that their data protection policies and practices are aligned with our high standards. This includes evaluating their data processing activities, security measures, data breach history, and compliance records with relevant data protection laws.

11.4 Each vendor and third-party service provider is expected to notify us immediately in the event of any breach or unauthorized access to personal data. Our contracts detail the protocols for such notifications, ensuring that they are prompt and that appropriate remedial actions are swiftly enacted.

11.5 We maintain an inventory of all vendors and third parties that process personal data on our behalf, including the specific data they access, the purposes for which they access it, and the duration for which the data is retained. This inventory is regularly reviewed and updated to ensure accuracy and to address any changes in our business operations or vendor relationships.

11.6 Regular training on data protection obligations is provided to relevant employees, especially those who are responsible for vendor and third-party management. This ensures that our internal standards for data protection are clearly communicated and understood by all stakeholders involved in the processing of personal data.

11.7 Bisdev Solutions (HK) Limited retains the right to conduct or request audits on the data protection practices of our vendors and third parties, to verify compliance with our data management protocols. Any deficiencies or non-compliance identified during such audits will be addressed with immediate corrective actions.

11.8 Our commitment to data protection extends to the responsible management of vendor and third-party relationships, ensuring that the privacy and security of personal data are preserved throughout our supply chain and business operations. Our Vendor and Third-Party Data Management Protocol is a testament to our dedication to maintaining the highest standards of data protection and privacy across all facets of our business engagements.

12. Data Protection by Design and by Default

12.1 Bisdev Solutions (HK) Limited is steadfast in its adherence to the principles of Data Protection by Design and by Default, as mandated by the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) and the General Data Protection Regulation (GDPR). This proactive approach to data protection is ingrained in the lifecycle of all our IT services and operations, ensuring that privacy and data protection considerations are integral from the inception of any project or process.

12.2 At the core of our approach is the early and ongoing incorporation of data protection principles into the design of our systems, products, and services. This includes implementing data minimization strategies, such as collecting only the data that is strictly necessary for the specified purposes and ensuring that personal data is not accessible without a legitimate need. By embedding these principles at the design stage, we aim to safeguard personal data effectively throughout its processing lifecycle.

12.3 Our commitment to Data Protection by Design and by Default extends to the selection and use of technologies and processes that inherently respect user privacy. We employ privacy-enhancing technologies (PETs) and encryption methodologies to ensure the confidentiality and integrity of personal data. Our systems are configured to automatically protect personal data by default, limiting the processing and accessibility of data to what is strictly necessary for achieving the intended purpose.

12.4 Regular training and awareness programs are conducted for our staff, emphasizing the importance of data protection in every aspect of their work. This ensures that our team is well-versed in the principles of Data Protection by Design and by Default and can effectively implement these in their respective roles.

12.5 We conduct periodic assessments and audits to evaluate the effectiveness of our data protection measures. These evaluations enable us to identify areas for improvement and ensure our systems and processes remain aligned with current best practices and legal requirements. We also engage with external data protection experts to review our practices and provide independent assurance of our compliance.

12.6 In the development of new products, services, or business practices, we conduct thorough Data Protection Impact Assessments (DPIAs) to identify and mitigate any potential privacy risks at an early stage. This approach not only ensures compliance with legal requirements but also demonstrates our commitment to protecting the privacy rights of our clients and their end users.

12.7 Bisdev Solutions (HK) Limited's dedication to Data Protection by Design and by Default is a testament to our holistic approach to data privacy. We recognize that effective data protection is not merely about compliance but is integral to building and maintaining trust with our clients and partners, and it forms a foundational aspect of our business ethos.

13. Cross-Border Data Transfer Safeguards

13.1 At Bisdev Solutions (HK) Limited, recognizing the global nature of our business operations, we are acutely aware of the complexities and responsibilities inherent in the cross-border transfer of personal data. In adherence to the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) and the General Data Protection Regulation (GDPR), we have instituted comprehensive safeguards to ensure the secure and lawful transfer of personal data across international boundaries.

13.2 Our commitment to robust cross-border data transfer safeguards involves ensuring that any such transfers comply with the strict data protection standards set forth in both local and international data protection laws. When transferring personal data outside of Hong Kong or the European Economic Area (EEA), we employ mechanisms such as adequacy decisions, standard contractual clauses approved by the European Commission, and binding corporate rules, among others, to ensure that the data is afforded a level of protection that is consistent with and not inferior to the protection it would receive in its country of origin.

13.3 Prior to initiating any cross-border data transfer, Bisdev Solutions (HK) Limited conducts a thorough assessment of the data protection laws and practices in the recipient country. This due diligence process includes evaluating the legal framework, enforcement mechanisms, and any relevant jurisprudence or regulatory guidance that may impact the security and privacy of the data being transferred.

13.4 We also require all international partners and third-party service providers who may receive or process this data on our behalf to contractually commit to uphold the same data protection standards as mandated by our policies. These contractual obligations include clauses pertaining to data security measures, data subject rights, and liabilities in case of data breaches, thus ensuring accountability and compliance across the data processing chain.

13.5 In the case of transfers to countries that have not been deemed to provide an adequate level of data protection by relevant authorities, Bisdev Solutions (HK) Limited implements additional protective measures. These measures could include enhanced encryption, anonymization of data before transfer, and ensuring the rights and remedies for data subjects remain enforceable and effective post-transfer.

13.6 Furthermore, we maintain detailed records of all cross-border data transfers, including the nature of the data, the purpose of the transfer, the identities of the recipients, and the legal basis for each transfer. This documentation aids in transparency and accountability, and it is regularly reviewed to ensure ongoing compliance with evolving data protection regulations.

13.7 Our strategy for managing cross-border data transfers is continuously reviewed and adapted to align with changes in international data protection landscapes. We are committed to upholding the highest standards of data protection for our clients, regardless of geographical boundaries, thus ensuring the integrity and confidentiality of personal data are preserved in every aspect of our global operations.

14. Employee Data Protection Training

14.1 Bisdev Solutions (HK) Limited acknowledges that effective data protection is contingent not only on robust systems and policies but also on the awareness and understanding of its employees. Therefore, we have established a comprehensive Employee Data Protection Training program, aligned with the Hong Kong Personal Data (Privacy) Ordinance (Cap 486), the General Data Protection Regulation (GDPR), and other relevant data protection regulations. This program is fundamental to fostering a culture of data privacy and security within our organization.

14.2 The training program is designed to educate our employees about the importance of data protection, the specifics of various data protection laws, and the role each employee plays in safeguarding personal data. It covers a wide range of topics, including but not limited to, the principles of data processing, rights of data subjects, proper handling of data breaches, and the secure management of personal information.

14.3 Participation in the data protection training program is mandatory for all employees, irrespective of their role or the level of their interaction with personal data. New employees undergo this training as part of their induction process, ensuring they understand their data protection responsibilities from the outset of their employment.

14.4 The training is conducted in various formats, including interactive online modules, workshops, and seminars led by data protection experts. We ensure that the training content is regularly updated to reflect the latest developments in data protection laws and practices. This is crucial in ensuring that our team remains abreast of evolving regulations and emerging data protection challenges.

14.5 Beyond foundational training, we also offer role-specific data protection training. This specialized training is tailored to the unique data handling responsibilities of different departments, such as IT, marketing, and customer service, providing more in-depth knowledge and skills relevant to their specific roles.

14.6 To reinforce the training and keep data protection at the forefront of our employees' minds, we also conduct regular refresher courses and disseminate updates on new data protection policies, emerging risks, and best practices through internal communications.

14.7 The effectiveness of the training program is evaluated through assessments, feedback surveys, and practical tests. Insights gained from these evaluations are used to continuously improve the program, ensuring it remains effective and engaging for all participants.

14.8 At Bisdev Solutions (HK) Limited, we recognize that our employees are vital to ensuring the integrity and confidentiality of the personal data we handle. Through our Employee Data Protection Training program, we empower them to become active participants in our data protection efforts, thereby enhancing our overall compliance and reinforcing our commitment to data privacy.

15. Data Protection Impact Assessment Procedures

15.1 Bisdev Solutions (HK) Limited, in its unwavering commitment to data privacy, has implemented a rigorous Data Protection Impact Assessment (DPIA) procedure as part of its compliance with the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) and the General Data Protection Regulation (GDPR). This procedure is an integral component of our privacy governance framework, ensuring that all new projects, processes, or technologies that involve the processing of personal data are evaluated for potential privacy impacts.

15.2 Our DPIA procedure is systematically applied to all new initiatives and significant changes to existing processes. It involves a thorough analysis of how personal data is collected, stored, used, and managed. The primary goal is to identify and assess privacy risks, evaluate the necessity and proportionality of the data processing activities, and implement measures to mitigate identified risks.

15.3 The DPIA process begins at the early planning stages of any project or process involving personal data. It encompasses a comprehensive assessment of the nature, scope, context, and purposes of the data processing, including consultations with relevant stakeholders, such as data subjects or their representatives, where applicable. This approach ensures that data protection considerations are integrated into project designs from the outset.

15.4 A key aspect of our DPIA procedure is the documentation of the assessment process and its outcomes. This documentation includes a detailed description of the processing operations, the purposes of processing, an assessment of the necessity and proportionality of the processing, and the risks to the rights and freedoms of data subjects. We also document the measures envisaged to address these risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data.

15.5 In cases where the DPIA indicates that the processing would result in a high risk in the absence of mitigating measures, we will consult with the relevant data protection authority prior to processing. This consultation provides an additional layer of scrutiny and guidance, ensuring the highest level of data protection compliance.

15.6 Bisdev Solutions (HK) Limited continuously monitors and updates its DPIA procedures to align with evolving data protection regulations, industry best practices, and technological advancements. This ongoing evaluation and adaptation are crucial to maintaining the effectiveness of our DPIAs in reducing privacy risks.

15.7 The implementation of DPIAs reflects our proactive stance in privacy risk management and demonstrates our commitment to maintaining the trust of our clients and end-users. Through these comprehensive assessments, we aim to enhance transparency, accountability, and compliance in all our data processing activities, thereby reinforcing our dedication to upholding the highest standards of data protection and privacy.

16. End User Consent Management

16.1 Bisdev Solutions (HK) Limited places paramount importance on the management of end user consent, in strict adherence to the Hong Kong Personal Data (Privacy) Ordinance (Cap 486), the General Data Protection Regulation (GDPR), and other applicable data protection regulations. Our End User Consent Management protocol is a cornerstone in our approach to ensuring that the collection, use, and processing of personal data are conducted with the explicit and informed consent of the individuals involved.

16.2 At the core of our consent management framework is the principle of informed consent. This means that before collecting personal data, we provide clear, concise, and comprehensive information about the data processing activities to our end users. This includes the nature of the data being collected, the specific purposes for which it will be used, the duration of its retention, and any third parties with whom it may be shared.

16.3 Our digital platforms and services are designed to ensure that obtaining consent is a user-friendly and transparent process. We employ easily accessible consent mechanisms such as tick boxes, preference settings, or similar tools that allow users to actively express their choices regarding their personal data. These mechanisms are designed to be as straightforward as possible, avoiding any overly complex or ambiguous language.

16.4 The consent provided by our end users is documented and stored securely, creating an auditable trail that demonstrates compliance with legal requirements. This documentation includes the date and time the consent was given, the specific details of the consent, and the identity of the consenting individual.

16.5 We acknowledge the dynamic nature of consent and provide our end users with the ongoing ability to withdraw their consent at any time. This withdrawal process is as easy and straightforward as the initial consent process. We ensure that withdrawing consent does not lead to any detriment or reduction in the quality of the services provided to the end user, unless such services are inextricably linked to the data processing for which consent has been withdrawn.

16.6 Regular reviews and updates of our consent mechanisms are conducted to ensure their continued compliance with evolving legal standards and best practices. These reviews also consider user feedback, technological advancements, and changes in our data processing activities.

16.7 In addition to consent management, we also educate our end users about their data protection rights, including the right to access, rectify, erase, or restrict the processing of their personal data. Our dedicated Data Protection Officer (DPO) plays a key role in managing inquiries and requests related to user consent and data rights.

16.8 Bisdev Solutions (HK) Limited's commitment to effective end user consent management is reflective of our dedication to respecting the autonomy and privacy preferences of our users. We recognize that user consent is not merely a regulatory requirement but a critical element in building and maintaining trust and transparency in our relationships with end users.

17. Data Anonymization and Pseudonymization Techniques

17.1 In alignment with our commitment to robust data privacy practices, Bisdev Solutions (HK) Limited rigorously implements data anonymization and pseudonymization techniques as part of our data handling processes. These techniques are integral to our compliance strategy with the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) and the General Data Protection Regulation (GDPR), enhancing the protection of personal data we process and manage.

17.2 Data anonymization involves altering personal data in such a way that the individual cannot be identified directly or indirectly by anyone, including Bisdev Solutions (HK) Limited. Once data is anonymized, it is no longer considered personal data under data protection laws, thereby reducing the associated privacy risks and legal obligations. Our anonymization processes utilize advanced algorithms and techniques to ensure that the anonymized data cannot be re-identified or linked back to any individual.

17.3 Pseudonymization, on the other hand, is a process where personal data is processed in such a way that it can no longer be attributed to a specific data subject without the use of additional information, which is kept separately and subject to technical and organizational measures to ensure non-attribution. Pseudonymization reduces the risks to data subjects and helps maintain the data's utility for analysis and processing while enhancing privacy safeguards.

17.4 Our approach to implementing these techniques involves a thorough evaluation of the data processing activities to determine the suitability and effectiveness of anonymization or pseudonymization. This assessment considers factors such as the purpose of data processing, the nature of the data, and the potential risks to data subjects.

17.5 Bisdev Solutions (HK) Limited ensures that all anonymization and pseudonymization processes are conducted in accordance with the highest standards of data security. We regularly review and update these processes to incorporate technological advancements and to address emerging privacy challenges.

17.6 The use of anonymization and pseudonymization is also integrated into our Data Protection by Design and by Default strategy. We proactively consider these techniques in the early stages of developing new systems, products, or services that involve personal data processing, thereby embedding privacy-enhancing mechanisms from the outset.

17.7 Our Data Protection Officer (DPO) oversees the application of anonymization and pseudonymization techniques, ensuring compliance with legal requirements and best practices. The DPO also plays a key role in training staff on the importance of these techniques and the correct methods of their implementation.

17.8 Through the employment of data anonymization and pseudonymization techniques, Bisdev Solutions (HK) Limited demonstrates a proactive and responsible approach to data privacy. These techniques are a testament to our commitment to protecting the privacy of individuals while enabling us to leverage data for legitimate business purposes.

18. User Data Profiling and Automated Decision-Making

18.1 Bisdev Solutions (HK) Limited, in its continuous pursuit of advanced and efficient service delivery, employs user data profiling and automated decision-making processes. These processes are meticulously designed and managed in strict conformity with the Hong Kong Personal Data (Privacy) Ordinance (Cap 486), the General Data Protection Regulation (GDPR), and other pertinent data protection legislations, ensuring the safeguarding of our users' rights and freedoms.

18.2 User data profiling at Bisdev Solutions (HK) Limited involves the automated processing of personal data to evaluate, analyze, or predict aspects concerning a user’s preferences, interests, behavior, location, or movements. This technology enables us to provide personalized experiences, targeted advertising, and enhance the overall efficiency of our services. However, we remain acutely aware of the potential privacy implications and ensure that these activities are conducted with the highest degree of transparency and respect for user privacy.

18.3 Our approach to automated decision-making, including profiling, is grounded in legal compliance and ethical responsibility. We ensure that decisions made through these processes do not produce legal effects concerning users or similarly significantly affect them, without human intervention. In instances where such decisions are made, users are provided with clear information about the logic involved, as well as the significance and the envisaged consequences of such processing.

18.4 We implement robust measures to safeguard the rights, freedoms, and legitimate interests of users subject to profiling and automated decision-making. This includes the right to obtain human intervention, to express their point of view, and to contest the decision. Additionally, we provide users with the opportunity to opt-out of such processes, thereby upholding their right to privacy and autonomy.

18.5 In line with our Data Protection by Design and by Default principles, Bisdev Solutions (HK) Limited ensures that appropriate technical and organizational measures are in place to secure user data involved in profiling and automated decision-making. This includes regular audits, rigorous data security practices, and continuous monitoring to prevent unauthorized access or data breaches.

18.6 Our Data Protection Officer (DPO) plays a critical role in overseeing our profiling and automated decision-making activities. The DPO ensures that these processes are in compliance with applicable laws, and that they are regularly reviewed for accuracy, fairness, and effectiveness. The DPO also addresses any concerns or inquiries from users regarding our profiling and automated decision-making practices.

18.7 Bisdev Solutions (HK) Limited is committed to maintaining an ethical balance in its use of user data profiling and automated decision-making. We strive to leverage the benefits of these technologies to enhance our service offerings while firmly upholding our commitment to user data protection and privacy rights. Our policies and practices in this area are reflective of our dedication to responsible data stewardship and user-centric service delivery.

19. Regular Data Protection Audits

19.1 Bisdev Solutions (HK) Limited rigorously adheres to a regime of regular data protection audits as part of its unwavering commitment to data security and compliance with the Hong Kong Personal Data (Privacy) Ordinance (Cap 486), the General Data Protection Regulation (GDPR), and other relevant data protection laws. These audits are a critical component of our ongoing effort to ensure the integrity, confidentiality, and availability of the personal data we handle.

19.2 The purpose of these audits is to systematically evaluate and assess our data processing activities, policies, and practices. This includes reviewing our compliance with data protection laws, assessing the effectiveness of our data security measures, and identifying any potential areas for improvement. Our audit process is thorough and encompasses all aspects of data handling, from data collection and storage to processing and transfer.

19.3 Conducted by independent, qualified external auditors or our internal audit team, these data protection audits involve a comprehensive examination of both the technical and organizational aspects of our data protection framework. This includes a review of our IT infrastructure, access controls, data encryption methods, incident response plans, staff training programs, and third-party data processor agreements.

19.4 The frequency of these audits is determined by various factors, including the sensitivity of the data we process, changes in data processing activities, emerging data protection risks, and legislative or regulatory updates. This ensures that our audits are timely and relevant, providing an accurate reflection of our current data protection posture.

19.5 Following each audit, a detailed report is generated, outlining the findings and providing recommendations for any identified gaps or weaknesses. Bisdev Solutions (HK) Limited takes these findings seriously and implements corrective actions promptly to address any issues. The implementation of these recommendations is closely monitored and re-assessed in subsequent audits to ensure continuous improvement.

19.6 Our Data Protection Officer (DPO) plays a pivotal role in overseeing the audit process. The DPO ensures that the audits are conducted in line with regulatory requirements and industry best practices, and that the findings are effectively communicated to the management and relevant stakeholders.

19.7 In addition to these regular audits, Bisdev Solutions (HK) Limited also conducts ad-hoc audits in response to specific incidents or emerging risks. This proactive approach allows us to address any potential vulnerabilities swiftly and reinforces our commitment to maintaining robust data protection standards.

19.8 Regular data protection audits are an essential element of our overall data governance strategy. They not only help ensure regulatory compliance but also demonstrate our commitment to protecting our clients' and users' data, thereby strengthening their trust in our services and enhancing our reputation as a responsible and reliable IT service provider.

20. Compliance with Specific Industry Regulations

20.1 Bisdev Solutions (HK) Limited is committed to maintaining compliance with specific industry regulations that govern the various sectors in which we operate. This adherence is in line with our overarching commitment to data protection as outlined by the Hong Kong Personal Data (Privacy) Ordinance (Cap 486), the General Data Protection Regulation (GDPR), and extends to encompass any sector-specific regulations that are pertinent to our services and client base.

20.2 Our compliance strategy involves a comprehensive analysis and integration of industry-specific legal and regulatory requirements into our data protection and privacy framework. This includes, but is not limited to, regulations pertaining to financial services, healthcare, telecommunications, e-commerce, and any other sectors where our IT services are utilized. Each of these sectors often comes with its unique set of regulatory demands regarding the handling, storage, and processing of personal and sensitive data.

20.3 To ensure we are abreast of the latest industry-specific regulations, we engage in continuous monitoring of the regulatory landscape. This involves collaboration with legal experts, regulatory bodies, and industry associations. Our proactive approach enables us to anticipate and adapt to changes in regulatory requirements, thereby safeguarding compliance and protecting our clients’ interests.

20.4 Regular training and awareness programs are conducted for our employees, particularly for those in roles that interact with or manage data in regulated sectors. These training programs are tailored to the specific regulatory requirements of each industry and are designed to ensure that all staff are knowledgeable about and can effectively comply with these requirements.

20.5 Bisdev Solutions (HK) Limited has established dedicated teams or assigned specific roles, such as compliance officers, for monitoring and managing compliance within each regulated sector we serve. These teams are responsible for implementing sector-specific data protection measures, conducting regular compliance audits, and serving as points of contact for regulatory inquiries or issues.

20.6 In our client engagements, we conduct thorough assessments to understand the regulatory obligations specific to each client’s industry. This enables us to tailor our IT services and data processing activities to meet these specific compliance requirements, thereby providing our clients with solutions that are not only technologically advanced but also regulatory compliant.

20.7 Any non-compliance identified, whether through internal audits, regulatory inspections, or client feedback, is addressed promptly with corrective actions. We maintain an open and transparent dialogue with regulatory authorities and clients about our compliance status and efforts.

20.8 Our commitment to compliance with specific industry regulations is a testament to our dedication to operating with integrity and responsibility in all sectors we serve. It underscores our promise to our clients that in choosing Bisdev Solutions (HK) Limited, they are partnering with a service provider that is not only committed to data protection and privacy but also to the meticulous observance of industry-specific regulatory requirements.

21. Handling of Sensitive Personal Data

21.1 At Bisdev Solutions (HK) Limited, we prioritize the careful handling of sensitive personal data to maintain compliance with relevant data protection regulations, including the Hong Kong Personal Data (Privacy) Ordinance (Cap 486), the General Data Protection Regulation (GDPR), and other applicable laws. Sensitive personal data, sometimes referred to as 'special category data' under GDPR, encompasses information related to factors such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sexual orientation, and other similar types of data that warrant heightened protection due to their sensitivity.

21.2 Our approach to managing sensitive personal data is built upon the principle of 'data protection by design and by default'. We implement the highest level of data protection from the initial stages of data collection and throughout the processing lifecycle. This includes employing advanced security measures such as encryption, access controls, and secure data storage solutions, ensuring that sensitive data is protected against unauthorized access, disclosure, alteration, and destruction.

21.3 The collection of sensitive personal data is strictly limited to what is necessary in relation to the purposes for which it is processed. We clearly communicate these purposes to the data subjects at the time of data collection, along with any additional information required under data protection laws, such as the legal basis for processing, data retention periods, and data subject rights.

21.4 Consent for processing sensitive personal data is obtained through explicit and affirmative action from the data subjects. This consent is documented and managed with utmost care, ensuring that data subjects are aware of their right to withdraw consent at any time and the procedures for doing so.

21.5 In instances where sensitive personal data is processed for purposes other than those for which it was originally collected, we conduct a Data Protection Impact Assessment (DPIA) to evaluate the risks and implement appropriate safeguards. This is in line with our commitment to proactive risk management and ensuring the ongoing protection of sensitive data.

21.6 Our Data Protection Officer (DPO) plays a crucial role in overseeing the processing of sensitive personal data. The DPO ensures that all such processing is in compliance with legal requirements, provides guidance on best practices, and addresses any concerns raised by data subjects regarding their sensitive data.

21.7 Regular training and awareness programs for our staff are conducted to emphasize the importance of handling sensitive personal data with extra care. These programs cover specific legal obligations, internal policies on sensitive data processing, and the potential consequences of non-compliance.

21.8 Bisdev Solutions (HK) Limited's policies and practices for the handling of sensitive personal data are reviewed and updated regularly to reflect any changes in legal requirements, technological advancements, or operational needs. This ensures that our handling of sensitive personal data remains compliant, secure, and respectful of the privacy rights of the individuals concerned.

22. Amendments to this Privacy Policy

22.1 Bisdev Solutions (HK) Limited reserves the right to make adjustments to this privacy policy as necessary. The evolving nature of our services, along with changes in legal requirements, may necessitate updates and modifications to this document. Any such changes will be reflected by the publication of an updated version on our Website.

22.2 We understand the importance of keeping you informed. To that end, we will provide notifications regarding any significant alterations to our privacy policy, detailing the changes and their implications. The revision date at the bottom of the policy will also be updated to indicate the last date of amendment. We encourage you to review our privacy policy regularly to stay informed about how we are protecting your personal information.

22.3 Our commitment to transparency extends to how we handle policy changes. In addition to direct notifications, we will also amend the privacy policy's revision date on our Website, serving as an immediate indicator of updates. While we will take proactive steps to ensure you are aware of any significant changes to the policy, we advise you to periodically review the document to stay abreast of how we collect, process, and protect your personal information.

22.4 The privacy of our clients and their end users is of utmost priority, and any modifications to our privacy policy will continue to be governed by our dedication to data protection and privacy compliance. Rest assured that all changes are made with the intention of strengthening your privacy and maintaining alignment with industry best practices and regulatory requirements.

23. Contact Information

23.1 Our commitment to your privacy extends to providing you with the necessary support to understand and exercise your data protection rights. We ensure that all communications regarding your privacy are addressed promptly and with the due diligence they deserve. Your trust in our data handling practices is of paramount importance to us, and as such, we are dedicated to ensuring transparency and accessibility in all our privacy-related interactions.

23.2 The contact channel provided is monitored by our trained data protection officers who are equipped to provide you with the guidance needed to navigate your data privacy queries effectively. They are tasked with upholding our high standards of data protection and privacy, ensuring that your interactions with Bisdev Solutions (HK) Limited are secure and in compliance with applicable laws. Please note that this privacy policy is subject to change, and we recommend reviewing it periodically. Our latest update was on 24 January 2024.