HIGH IMPACT CAPITAL ADVISORS LIMITED
How Your Information is Used
In accordance with Hong Kong data protection laws (as amended, updated or replaced from time to time), the General Data Protection Regulation (EU) 2016/679 and laws applicable to the processing of personal data (together, the “Data Protection Laws”), the High Impact Capital Advisors Limited (“the Company”), acting as “data controller” within the meaning of the Data Protection Laws, hereby informs prospective investors and clients of the Company (together, “the Customers”) that personal data provided by each Customer to the Company (“Personal Data”, as defined in paragraph (b), below) will be collected, recorded, stored, adapted, disclosed, transferred or otherwise processed, by electronic means or otherwise, for the following purposes (each a “Processing Purpose”):
- to enable and deliver the Company’s services, including (without limitation) the facilitation, communication and payment by and to the Company, and generally to enable and give advice to the Customers of the Company;
- to carry out or to facilitate the carrying out with respect to the Customers’ credit, money laundering, due diligence and conflict checks for the purposes of fraud, money laundering, financial crime prevention and tax identification laws (including FATCA and the international Common Reporting Standard, and applicable antimoney laundering laws), and generally to enable the Company to comply with its legal obligations arising in connection therewith;
- to facilitate the provision to the Company of services by its service providers, including (without limitation) the authorization or confirmation of billing transactions and payments by and to the Company;
- to facilitate the operational support and development necessary to the Company’s investment advisory objectives and strategies with respect to its advisory services, including (without limitation) the Company’s risk management processes, and the services provided to the Company by third-party service providers;
- in relation to any litigation, disputes or contentious matter in which the Company is involved;
- to comply with legal and regulatory requests made to the Company anywhere in the world;
- to facilitate reporting, including (without limitation) transaction reporting to, and audits by, national and international regulatory, enforcement or exchange bodies, and tax authorities, and the compliance by the Company with court orders associated therewith;
- for the Monitoring Purposes defined and specified in paragraph (e) below; and
- for direct marketing purposes specified in paragraph (f) below. The Company will not collect Personal Data without a valid legal ground. Accordingly, the Company will only process and use Personal Data:
- if necessary, to enter into, to execute or to carry out a contract with each Customer for the services required by the Customers (as described in Processing Purposes 1 above);
- if necessary, for the Company’s legitimate interests, provided in each case that such interests are not overridden by the privacy interests of impacted individuals. The Company’s legitimate interests are described in the Processing Purposes 2, 3, 4, 5, 6 and 7, above;
- to exercise and defend the Company’s legal rights anywhere in the world as described in Processing Purpose 5 above;
- if necessary, to comply with legal obligations, (including any legal or regulatory guidance, codes or opinions), applicable to the Company anywhere in the world as described in Processing Purposes 2, 5 and 6 above; and
- if necessary, for the performance of a task carried out in the public interest as described in Processing Purposes 2, 3, 4, 5 and 6.
Your Rights
“Personal Data” includes data that is personal to a Customer (whether a Customer is a natural or a legal person) and which the Company obtains directly from a Customer and/or indirectly from a third party, such as personal details (including, at a minimum, a Customer’s name, legal organization, country of residence, address and contact details) and financial account information. Some of this information will be publicly accessible.Under certain conditions set out under the Data Protection Laws, a Customer shall have the right:
- to access to his/her/its Personal Data;
- to correct or amend his/her/its Personal Data when such Personal Data is inaccurate or incomplete;
- to object to the processing of his/her/its Personal Data;
- to restrict the processing of his/her/its Personal Data;
- to refuse at his/her/its discretion to provide his/her/its Personal Data to the Company;
- to request the erasure of his/her/its Personal Data; and
- to request the portability of his/her/its Personal Data in accordance with the Data Protection Laws.
The Customers should note in particular that a refusal to provide Personal Data to the Company may result in the Company being required to reject the Customer for the services.
Recipients of Personal Data
For any Processing Purpose, the Company will delegate the processing of Personal Data, in accordance with the Data Protection Laws, to other parties, including the Accountants, Lawyers, the Administrators, and the Registrar, as well as other parties, together with parties to which the Company, in addition to national and international regulatory, enforcement or exchange bodies or courts as required by applicable laws or at their request.Any such party processing Personal Data in this way may, subject to the approval of the Company. All parties processing Personal Data are located in Hong Kong.
Retention of Personal Data
In compliance with the Data Protection Laws, the Company will retain Personal Data in an identifiable form in accordance with the Company’s information management policy which establishes general standards and procedures regarding the retention, handling and disposal of Personal Data. Personal Data shall not be retained for longer than is necessary with regard to the Processing Purposes, subject to any limitation periods imposed by law. Upon request, the Company will provide a Customer with more information on the exact retention periods applying to its Personal Data. The retention period may be extended in the sole discretion of the Company if the Company is required to preserve Personal Data in connection with litigation, regulatory investigations and legal proceedings.
Monitoring
To the extent permitted by the Data Protection Laws, the Company and its affiliates will access, review, disclose, intercept, monitor and record (together, “Monitoring”) (i) verbal and electronic messaging and communications (for example, and without limitation, telephone, sms, instant message, email, and any other electronic or recordable communications) with a Customer (together, “Communications”), and (ii) a Customer’s use of technology owned, provided or made accessible by the Company and its affiliates, including (without limitation) systems that facilitate Communications with the Customers, information processing, transmission, storage and access, including remote access (together, “Systems”).
Purposes of Monitoring
To the extent permitted by the Data Protection Laws, the Company and its affiliates will subject Communications and Systems to Monitoring only for the following purposes (together, “Monitoring Purposes”):
- to establish the existence of facts (e.g., keeping records of transactions);
- to ascertain compliance with regulatory or self-regulatory practices or procedures which are applicable to the Company and/or its affiliates;
- to ascertain or demonstrate standards which are achieved or ought to be achieved by persons using Systems, including compliance with any terms of use associated with Systems;
- to prevent, detect or investigate crime, money laundering, fraud, financial crime and/or other breaches of applicable law;
- to comply with applicable laws and regulations, any material contract and any applicable policies and procedures;
- to safeguard against the loss, theft, unauthorised and unlawful collection, use, disclosure, destruction or other processing or misuse of confidential and proprietary information;
- to prevent, detect or investigate unauthorised use of Systems and/or data (e.g., Monitoring to ensure compliance with the policies and procedures of the Company and/or its affiliates, including without limitation those relating to information security and cyber security);
- to ensure the effective operation of Systems (including telephones, email and internet) systems;
- for support and administration purposes;
- to assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or requests from individuals; and
- in particular, in the course of the operational support and development of the business of the Company and/or its affiliates, for example to evaluate the quality of customer service, and efficiency, cost and risk management purposes. Ways in which Monitoring may be conducted by the Company and/or its affiliates using various methods, including: (i) the use of “intelligent” automated monitoring tools; (ii) IT filtering tools which randomly review Systems; (iii) random monitoring of Systems, e.g. by authorised supervisors randomly joining on-going telephone calls; (iv) specific monitoring of Systems, e.g. in relation to investigations, regulatory requests, subject access requests, litigation, arbitration or mediation; (v) data tracking, aggregation and analysis tools that collect data from various sources to extrapolate linkages and/or detect behavioural patterns, interactions or preferences for analysis (including predictive analysis); and/or (vi) using other similar Monitoring technology that may become available from time to time.
Use of Cookies
The Company and/or its affiliates also use cookies and similar technologies to collect information about the Customers as part of and/or in connection with services provided by them or in connection with any System owned or provided by them. By accessing or using services or a System, a Customer signifies his/her/its understanding that the Company and/or its affiliates will use such cookies and similar technologies as detailed in the Company’s privacy policy, and that if the Customer chooses to reject such cookies, some or all parts of the services or the relevant System may not function properly or may not be accessible. To find out more about how the Company and/or its affiliates uses cookies and similar technologies, how the Company and/or its affiliates processes the information obtained through cookies, please read the Company’s privacy policy.
Evidence of Communications
Any documentation or records relating to the Monitoring of Systems shall be prima facie evidence of any instructions, orders or communications that have been subjected to Monitoring, and the Customers agree that such records shall be admissible as such in any legal proceedings.Furthermore, the Customers confirm that they will not use, file, or cite as a reason for objecting to the admission of such records as evidence in any legal proceedings either that the records are not originals, or are not in writing, or are documents produced by a computer. The Company and/or its affiliates will retain such records in accordance with its operational procedures which may change from time to time in its absolute discretion; however, such records shall not be held by the Company for longer than is necessary with regard to the Monitoring Purposes, subject to any limitation periods imposed by law. The Customers are hereby informed that this record keeping should not be deemed to be a substitute for his/her/its own keeping of adequate records in accordance with any applicable rules or regulations to which he/she/it is subject.
Direct Marketing
If there are any products or services that the Company and/or its affiliates believes may be of particular interest to a Customer, whether provided or sponsored by the Company and/or its affiliates, or by third party services providers (for example, a fund manager, a currency trader or an insurance service provider not affiliated with the Company and/or its affiliates), the Company and/or its affiliates may contact that the Customers (by means which may include mail, email, sms and telephone), including outside of standard working hours. When required by the Data Protection Laws, a Customer’s prior consent will be requested before its Personal Data is used to make or facilitate direct marketing of this nature. If a Customer does not wish the Company and/or its affiliates to use its Personal Data in this way, or does not wish to provide Personal Data for such direct marketing purposes, the Customers may notify the Company and/or its affiliates at any time or as directed in any marketing materials that may be received by the Customers. Please note that if a Customer does not wish to be contacted for such purposes, the Company and/or its affiliates may need or be required to limit the range of services which they will offer or be able to offer to that Customer, or continue their relationship with that Customer.
Third Persons
Before providing the Company and/or its affiliates with access to, or permitting any access to, or permitting the processing of, Personal Data which contains any data regarding a third person, a Customer should ensure that: (i) that person understands that the Customer will be providing their Personal Data to the Company and/or its affiliates; (ii) that person has been provided with the information set out herein regarding the collection, use, processing, disclosure and transfer of Personal Data, the use of Personal Data for direct marketing purposes, and the possibility of monitoring or recording of their or their agent’s communications by the Company and/or its affiliates (in each case if permitted by the Data Protection Laws); (iii) if required, that person has provided their consent to the processing by the Company and/or its affiliates of their Personal Data or that another legal basis to process Personal Data is satisfied; and (iv) that person is aware of their data protection rights and how to exercise them.
Objections and Complaints
A Customer may:
Use of Cookies
The Company and/or its affiliates also use cookies and similar technologies to collect information about the Customers as part of and/or in connection with services provided by them or in connection with any System owned or provided by them. By accessing or using services or a System, a Customer signifies his/her/its understanding that the Company and/or its affiliates will use such cookies and similar technologies as detailed in the Company’s privacy policy, and that if the Customer chooses to reject such cookies, some or all parts of the services or the relevant System may not function properly or may not be accessible. To find out more about how the Company and/or its affiliates uses cookies and similar technologies, how the Company and/or its affiliates processes the information obtained through cookies, please read the Company’s privacy policy.
Evidence of Communications
Any documentation or records relating to the Monitoring of Systems shall be prima facie evidence of any instructions, orders or communications that have been subjected to Monitoring, and the Customers agree that such records shall be admissible as such in any legal proceedings.Furthermore, the Customers confirm that they will not use, file, or cite as a reason for objecting to the admission of such records as evidence in any legal proceedings either that the records are not originals, or are not in writing, or are documents produced by a computer. The Company and/or its affiliates will retain such records in accordance with its operational procedures which may change from time to time in its absolute discretion; however, such records shall not be held by the Company for longer than is necessary with regard to the Monitoring Purposes, subject to any limitation periods imposed by law. The Customers are hereby informed that this record keeping should not be deemed to be a substitute for his/her/its own keeping of adequate records in accordance with any applicable rules or regulations to which he/she/it is subject.
Direct Marketing
If there are any products or services that the Company and/or its affiliates believes may be of particular interest to a Customer, whether provided or sponsored by the Company and/or its affiliates, or by third party services providers (for example, a fund manager, a currency trader or an insurance service provider not affiliated with the Company and/or its affiliates), the Company and/or its affiliates may contact that the Customers (by means which may include mail, email, sms and telephone), including outside of standard working hours. When required by the Data Protection Laws, a Customer’s prior consent will be requested before its Personal Data is used to make or facilitate direct marketing of this nature. If a Customer does not wish the Company and/or its affiliates to use its Personal Data in this way, or does not wish to provide Personal Data for such direct marketing purposes, the Customers may notify the Company and/or its affiliates at any time or as directed in any marketing materials that may be received by the Customers. Please note that if a Customer does not wish to be contacted for such purposes, the Company and/or its affiliates may need or be required to limit the range of services which they will offer or be able to offer to that Customer, or continue their relationship with that Customer.
Third Persons
Before providing the Company and/or its affiliates with access to, or permitting any access to, or permitting the processing of, Personal Data which contains any data regarding a third person, a Customer should ensure that: (i) that person understands that the Customer will be providing their Personal Data to the Company and/or its affiliates; (ii) that person has been provided with the information set out herein regarding the collection, use, processing, disclosure and transfer of Personal Data, the use of Personal Data for direct marketing purposes, and the possibility of monitoring or recording of their or their agent’s communications by the Company and/or its affiliates (in each case if permitted by the Data Protection Laws); (iii) if required, that person has provided their consent to the processing by the Company and/or its affiliates of their Personal Data or that another legal basis to process Personal Data is satisfied; and (iv) that person is aware of their data protection rights and how to exercise them.
Objections and Complaints
A Customer may:
- exercise his/her/its rights; and
- and object to the use of his/her/its Personal Data for the marketing purposes, by writing to the Company at 1103/F Space Sun House, 181 Des Voeux Road Central, Sheung Wan, Hong Kong or by sending an email to [email protected]. In alternative or in addition to writing to the Company, the Customers may submit a complaint in connection with any matter concerning the processing and protection of its Personal Data to the Data Privacy Protection Office of Hong Kong