Privacy Policy (Effective March 10, 2025)

---

At HaoLam Limited ("we", "our", "us"), we are committed to protecting the privacy and personal data of our users and clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.

1. Introduction

1.1. This Data Protection Notice is issued in accordance Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong (“PDPO”).

1.2. This notice describes how we collect, use, store, disclose and otherwise process your Personal Data in accordance with the PDPO and other applicable data protection laws in the jurisdictions where we operate or where you reside, such as the EU General Data Protection Regulation (GDPR), if applicable.

1.3. We are committed to ensuring the protection of your Personal Data and compliance with applicable privacy and data protection laws across all relevant jurisdictions.

1.4. By providing your Personal Data to us, engaging with us, or interacting with us, you consent to the collection, processing, use, disclosure, and storage of your Personal Data as described in this Notice and as permitted by applicable laws.

2. Collection of Personal Data

2.1.  The Personal Data we collect may include, but is not limited to:

2.1.1. Full name, Identity Card Number/passport number, nationality;

2.1.2. Contact details including address, phone number, and email;

2.1.3. Employment information;

2.1.4. Financial and payment details;

2.1.5. IP address and device information (if interacting through digital platforms);

2.1.6. Any other information you provide to us directly or indirectly in connection with our business dealings or your engagement with us.

2.2. Depending on the nature of your relationship with us (e.g. customer, vendor, employee, job applicant), the method of collection may vary. We may obtain your Personal Data through:

2.2.1. Forms submitted by you (online or offline);

2.2.2. Communications (emails, messages, phone calls);

2.2.3. Job applications and employment processes;

2.2.4. Business transactions and contracts;

2.2.5. CCTV, website interactions, or third-party referrals.

3. Purpose of Collection and Processing

3.1. We may use your Personal Data for the following purposes:

3.1.1. To verify your identity;

3.1.2. To communicate with you;

3.1.3. To provide and improve our products and services;

3.1.4. To process payments and transactions;

3.1.5. To manage business relationships and contractual obligations;

3.1.6. For recruitment, employment, and HR administration;

3.1.7. For legal and regulatory compliance including anti-money laundering (AML), Know Your Customer (KYC), and tax reporting;

3.1.8. For internal audit and risk management;

3.1.9. To carry out direct marketing activities (where consented);

3.1.10. For dispute resolution or legal proceedings.

3.2. In Hong Kong, we rely on one or more lawful bases as permitted under the PDPO, including your voluntary consent, contractual necessity, legal obligations, or legitimate interest.

3.3.  Where processing is subject to foreign laws (e.g. GDPR, Singapore’s PDPA, Philippine Data Privacy Act), we will comply with the relevant lawful basis and principles required therein.

4. Disclosure of Personal Data

4.1. Your Personal Data may be disclosed to:

4.1.1. Our affiliates, subsidiaries, or related companies within or outside Hong Kong/Malaysia;

4.1.2. Our third-party service providers, consultants, and business partners;

4.1.3. Regulatory authorities, courts, enforcement agencies, and government bodies;

4.1.4. Any party to whom we are authorised or required to disclose under applicable laws;

4.1.5. In connection with a potential or actual business sale, transfer, merger, or acquisition.

4.2. All disclosures will be made on a need-to-know basis and with appropriate safeguards and confidentiality agreements where applicable.

5. Cross-border Transfers

5.1. Your Personal Data may be transferred to and stored in servers located outside your jurisdiction (e.g. from Malaysia or Hong Kong to other countries) for the purposes outlined above.

5.2. In such cases, we will take reasonable steps to ensure the recipient jurisdictions have adequate levels of data protection, and that such transfers comply with the PDPA, PDPO, or other relevant cross-border transfer requirements (e.g. standard contractual clauses under GDPR or binding corporate rules).

6. Retention of Personal Data

6.1. We retain Personal Data for as long as is necessary to fulfill the purpose for which it was collected and to comply with legal, regulatory, or operational requirements.

6.2. Once no longer needed, your Personal Data will be securely deleted, anonymized or destroyed in accordance with our internal retention policies and applicable laws.

7. Security of Personal Data

7.1. We implement appropriate organizational, technical, and physical safeguards to protect your Personal Data against unauthorized access, loss, misuse, modification, or disclosure.

7.2. While we strive to protect your data, no system is completely secure. We cannot guarantee the absolute security of your information transmitted or stored electronically.

8. Your Rights

8.1. You have the right to:

8.1.1. Access your Personal Data and request a copy;

8.1.2. Request correction of any inaccurate or outdated data;

8.1.3. Withdraw consent for data processing (subject to legal obligations);

8.1.4. Request deletion of your Personal Data under certain circumstances;

8.1.5. Object to direct marketing and unsubscribe from marketing materials;

8.1.6. Lodge complaints with the relevant data protection authorities.

8.2. For Hong Kong residents, you may exercise your rights under the PDPO, including the right to request:

8.2.1. Data access and correction under DPP;

8.2.2. Information on our data policies and practices;

8.2.3. Cease of use for direct marketing (if applicable).

9. Access and Contact Information

9.1. Any requests, questions or complaints regarding your Personal Data should be made in writing and addressed to:

HAOLAM LIMITED

Data Protection Officer / Legal   Department

RM 1601, 16/F, 

CHOW TAI FOOK CENTRE, 

NO. 580 A-F NATHAN ROAD,

MONG KOK, HONG KONG

9.2.  We reserve the right to charge a reasonable fee for access or correction requests as permitted by law.

10. Updates to this Notice

10.1. We may update or amend this Notice from time to time in line with changes to our business operations or legal obligations.

10.2. The updated version will be made available via our website or upon request, and your continued interaction with us constitutes your acceptance of the updated terms.

11. Language and Interpretation

11.1. This Privacy Policy may be translated into other languages for reference and convenience. In the event of any inconsistency or conflict between the English version and any translated version, the English version shall prevail.

隱私政策(生效日期：2025年3月10日）

在 昊霖有限公司（「我們」、「本公司」）致力於保障我們用戶與客戶的私隱及個人資料。此《隱私政策》說明我們如何根據《香港個人資料（私隱）條例》（第486章）收集、使用、披露及保障您的資料。

1. 簡介

1.1. 本資料保障通知依據《香港個人資料（私隱）條例》（第486章）（「私隱條例」）發出。

1.2. 本通知說明我們如何根據私隱條例及我們營運地或您所居住地的其他適用資料保障法律（例如歐盟《一般資料保障規例》（GDPR），如適用）收集、使用、儲存、披露及處理您的個人資料。

1.3. 我們承諾保障您的個人資料，並遵守所有相關司法管轄區的私隱及資料保障法律。

1.4. 向我們提供個人資料、與我們接觸或互動，即表示您同意我們依據本通知及適用法律收集、處理、使用、披露及儲存您的個人資料。

2. 個人資料的收集

2.1. 我們可能收集的個人資料包括但不限於：

2.1.1. 姓名、身份證號碼／護照號碼、國籍；

2.1.2. 聯絡資料，包括地址、電話號碼及電郵地址；

2.1.3.  就業資訊；

2.1.4.  財務與付款資料；

2.1.5. IP地址及裝置資訊（如透過數碼平台互動）；

2.1.6.  其他您直接或間接向我們提供、與我們業務往來或您參與本公司有關的任何資料。

2.2.  根據您與我們的關係性質（例如：客戶、供應商、員工、求職者），收集方式可能有所不同。我們可能透過以下方式獲取您的個人資料：

2.2.1. 您提交的表格（線上或線下）；

2.2.2. 通訊內容（如電郵、訊息、電話）；

2.2.3. 求職及就業程序；

2.2.4.  業務交易與合約；

2.2.5.  閉路電視、網站互動或第三方推薦。

3.  收集與處理的目的

3.1. 我們可能出於以下目的使用您的個人資料：

3.1.1. 驗證您的身份；

3.1.2. 與您聯繫；

3.1.3.  提供及改進我們的產品與服務；

3.1.4. 處理付款與交易；

3.1.5. 管理業務關係與合約責任；

3.1.6.  招聘、就業與人力資源管理；

3.1.7. 法律與監管合規，包括反洗黑錢（AML）、了解您的客戶（KYC）及稅務申報；

3.1.8.  內部審核與風險管理；

3.1.9. 進行直效行銷活動（經您同意）；

3.1.10. 處理爭議或法律程序。

3.2.  在香港，我們根據私隱條例允許的法律依據（例如您自願同意、合約所需、法律義務或合法利益）處理資料。

3.3. 若根據外國法律（如GDPR、新加坡PDPA、菲律賓資料私隱法）進行處理，我們將遵守該等法律所要求的合法依據與原則。

4. 個人資料的披露

4.1. 您的個人資料可能會披露予：

4.1.1. 我們於香港／馬來西亞境內或境外的附屬公司、子公司或關聯公司；

4.1.2. 我們的第三方服務供應商、顧問及業務合作夥伴；

4.1.3. 監管機構、法院、執法部門及政府機關；

4.1.4.  根據適用法律我們被授權或需披露的任何方；

4.1.5. 與潛在或實際的業務出售、轉讓、合併或收購有關者。

4.2. 所有披露將在必要知情的基礎上進行，並在適用情況下採取保密與安全措施。

5. 跨境資料轉移

5.1.  您的個人資料可能會被轉移並儲存於您所在司法管轄區以外的伺服器（例如從馬來西亞或香港轉移至其他國家），以實現上述目的。

5.2. 在此情況下，我們將採取合理措施確保接收方司法管轄區擁有足夠的資料保障水平，並確保該等轉移符合PDPA、私隱條例或其他適用的跨境轉移要求（例如GDPR下的標準合約條款或具約束力的公司規則）。

6. 個人資料的保存

6.1. 我們會在達成收集目的及符合法律、監管或營運要求的所需期間內保存個人資料。

6.2. 一旦資料不再需要，我們將根據內部保存政策及適用法律安全地刪除、匿名化或銷毀該等資料。

7. 個人資料的安全保障

7.1. 我們採取適當的組織性、技術性及實體性保安措施，以防止您的個人資料遭未經授權存取、遺失、濫用、變更或披露。

7.2.  儘管我們致力於保護您的資料，但任何系統皆無法保證絕對安全。我們無法保證經由電子傳輸或儲存的資料完全不受風險。

8.  您的權利

8.1. 您有以下權利：

8.1.1. 存取您的個人資料並要求副本；

8.1.2. 要求更正任何不準確或過時的資料；

8.1.3. . 在不違反法律義務的情況下，撤回對資料處理的同意；

8.1.4. 在特定情況下要求刪除您的個人資料；

8.1.5.  反對直效行銷並取消訂閱行銷資訊；

8.1.6. 向有關資料保障機構提出申訴。

8.2. 對於香港居民，您可根據私隱條例行使以下權利：

8.2.1. 根據保障資料原則（DPP）申請查閱及更正資料；

8.2.2. 瞭解我們的資料政策與實務；

8.2.3. 要求停止使用您的資料於直效行銷（如適用）。

9. 查閱與聯絡資訊

9.1. 有關您的個人資料之任何申請、查詢或投訴，請書面聯絡：

HAOLAM LIMITED

資料保障主任／法務部門

香港旺角彌敦道580A-F號

周大福中心16樓1601室

9.2. 根據法律允許，我們有權就查閱或更正申請收取合理費用。

10.  本通知的更新

10.1.  我們可能因應業務運作或法律義務變動而不時更新或修訂本通知。

10.2. 更新版本將透過我們的網站或應要求提供，而您持續與我們互動即表示您接受更新條款。

11. 語言與解釋

11.1. 本隱私政策可翻譯為其他語言以供參考或便利之用。如中英文版本有任何歧異或爭議，應以英文版本為準。