At Heinbro Group, protecting your personal data is important to us. We are committed to protecting the privacy, confidentiality, and security of the personal data we hold by complying with the Personal Data (Privacy) Ordinance (“PDPO”) with respect to the management of personal data. We are equally committed to ensuring that all our employees and agents uphold these obligations.

This privacy policy statement explains how Heinbro Group collects personal data and how we maintain, use and disclose that information. It also provides details about your rights with respect to data protection laws, along with our general rights and obligations in relation to the personal data we keep on record (“Privacy Statement”).

For the purposes of this Privacy Statement, “personal data” refers to any information relating directly or indirectly to a living individual from which it is practicable for the identity of the individual to be directly or indirectly ascertained and in a form which access to or processing is practicable. The following are some examples of personal data: name, address, telephone number, passport/ID number and e-mail address.

Types of Information Held and Collected

We collect the personal data of the following types of people in order to undertake our core business.

• Prospective and placed candidates
• Prospective and live client contacts
• Supplier contacts to support our services
• Employees and Consultants

We may collect the following information:

• Name and address
• Current job title, salary, earnings and benefits
• Contact information including email addresses and telephone numbers
• Demographic information such as postcode, preferences and interests
• Compliance documentation and references
• Other information relevant to customer surveys and/or offers
• As we are not an agency or umbrella company, it is very unlikely that we will need to obtain payment information such as bank details from individuals, however on rare occasion this may happen if we need to act as an intermediary between the client and candidate.

Personal data about you may also be collected from third parties that Heinbro Group contacts for verification or vetting purposes. For example, when Heinbro Group receives:

• any reference about you;
• results of enquiries of former employers or engagers, work colleagues, professional associations or registration bodies;
• the results of any psychometric, competency or medical test;
• performance feedback (whether positive or negative);
• any complaint from or about you in the workplace;
• any information about a workplace accident in which you are involved;
• any information about any insurance investigation, litigation, registration or professional disciplinary matter, criminal matter, inquest or inquiry in which you are involved.

Heinbro Group will normally require you to provide signed consent to enable us to obtain personal data from third parties (unless you have indicated your consent in some other way) but, if Heinbro Group does not have your prior consent, it will take reasonable steps to inform you as soon as possible that it has collected personal data from a third party and ensure you are aware of the purposes for which Heinbro Group has collected your personal data.

Why we Collect Personal Data/Use of Personal Data

Your personal data may be used for the following purposes:

• to assess your application for the job offered and to communicate with you within the recruitment process;
• to carry out background and reference checks, where applicable;
• to contact you in case of an alternative career opportunity with Heinbro Group
• based on your consent to ask you about your experience within the recruitment process;
• to contact you following your unsolicited application;  
• based on your consent to send you personalised information on current open job posts;
• keep records related to our hiring processes; and
• comply with legal or regulatory requirements.

It is in our legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business to appoint a suitable candidate to that role.

We also need to process your personal data to decide whether to enter into a contract with you.

Having received your CV and cover letter and the results from any tests you took, we will then process that data to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is suitable to invite you for an interview. If we decide to call you for an interview, we will use the data you provide us at the interview to decide whether to offer you the role. If we decide to offer you the role, we may then take up references and/or any other check before confirming your appointment.  

How is your Personal Data Collected

Generally, Heinbro Group collects personal data directly from you. For example, it collects personal data when you:

• Deal with Heinbro Group in person, by telephone, letter, fax, email or via our website;
• Supply a CV or application form;
• Fill out and submit a registration form;
• Subscribe to job alert emails;
• Submit any other information in connection with your application for registration;
• Complete psychometric assessments.

Personal data may also be collected from third parties that Heinbro Group contacts for verification or vetting purposes.

• Any reference about you;
• Results of enquiries of former employers or engagers, work colleagues, professional associations or registration bodies;
• The results of any psychometric, competency or medical test;
• Performance feedback (whether positive or negative);
• Any complaint from or about you in the workplace;
• Any information about a workplace accident in which you are involved;
• Any information about insurance investigation, litigation, registration or professional disciplinary matter, criminal matter, inquest or inquiry in which you are involved.

Heinbro Group will normally require you to provide signed consent to enable us to obtain personal data from third parties (unless you have indicated your consent in some other way) but, if Heinbro Group does not have your prior consent, it will take reasonable steps to inform you as soon as possible that it has collected personal data from a third party and ensure you are aware of the purposes for which Heinbro Group has collected your personal data.

If you fail to provide personal data when requested, which is necessary for us to consider your application, we may not be able to process your application further.

Where the Personal Data is Stored and Processed 

We keep your information on our electronic database that is stored on our on-site servers. We access our servers daily for our day to day business activities from a secure platform which is password protected and has strict user restrictions.

All information you provide to us is stored on our secure servers. Unfortunately the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.

As an environmentally conscious business, we try to limit any printed materials especially any that contains personal information. In the event that we do have any printed personal information e.g. a CV, it is company policy that documents are not left on desks and are locked away each evening. We shred all confidential paperwork on a daily and weekly basis.

Senior management oversees ensuring that data records are kept confidential and secure.  To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect verbally and electronically and all of our employees are aware of this through our company policies and their contracts of employment.

Disclosure of Information

Your personal data may be disclosed to third parties if they have a proper interest in the disclosure, such as:

• a member of the Heinbro Group;
• prospective employers or engagers;
• other recruitment companies or intermediaries involved in managing the supply of personnel;
• sub-contractors of recruitment services;
• external vetting bodies;
• third parties who perform functions on Heinbro Group’s behalf and who also provide services to Heinbro Group, such as professional advisors, IT consultants carrying out testing and development work on Heinbro Group’s business technology systems, research and mailing houses and function co-ordinators;
• Heinbro Group’s insurers;
• A professional association or registration body or regulatory or law enforcement agencies if Heinbro Group is required to do so by law.

If Heinbro Group engages a third party contractor to perform services which involve handling or processing personal data, it takes reasonable steps to prohibit the contractor from using personal data except for the purposes for which it was supplied or for processing it other than in accordance with Heinbro Group’s instructions.

If Heinbro Group enters into a joint venture with, is sold to or merged with another business entity, your personal data may be disclosed to Heinbro Group’s new, or potential, business partners or owners. By providing Heinbro Group with your personal data, you consent to Heinbro Group disclosing your data to its new, or potential, business partners or owners if one of these situations arises.

Unless required or permitted to do so by law, Heinbro Group will not otherwise share, sell or distribute any of your personal data without your consent.

Data Retention and Security 

Heinbro Group holds personal data in a combination of secure computer storage facilities and paper-based files.

Heinbro Group has security procedures in place to protect the personal data it holds from misuse, loss, unauthorised access, modification or disclosure. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our specific instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our website privacy notice. In addition, we have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Heinbro Group uses a number of processes to protect your personal data including:

• locks and security systems;
• computer passwords and limited access to shared network drives to authorised staff;
• virus checking;
• auditing procedures and data integrity checks;
• recording of file movements;
• security classification to identify data needing special protection.

Heinbro Group will keep your personal data no longer than necessary. Heinbro Group will appropriately dispose of your personal data when it is no longer required or if you ask to be removed from our systems so that it is protected from unauthorised use or disclosure.

However, please note that Heinbro Group is obliged under the Conduct Regulations (where applicable) to keep a record of your personal data and other information for a period of at least one year from the date of creation of the record or, if later, at least one year after the date on which Heinbro Group last provides services to you.

Rights of Access, Correction, Erasure and Restriction 

Under certain circumstances, by law you have the right to:

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.

Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not.

A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

External Websites

Our website or communications may contain links to or from other websites. External sites that are linked to or from the Heinbro Group web site are not under our control and you are advised to review their privacy statement. Users should note there are inherent risks associated with the transmission of information via the Internet and you should therefore make your own assessment of the potential risk to the security of your information.

Changes to this Privacy Statement

This privacy policy may be altered or updated by Heinbro Group at any time, in which case Heinbro Group will advise you of any such alterations or updates by notice on its website.

Contact

If you would like to make any inquiries or complaints or requests to access, correct or limit our processing of your personal data, please contact:

Mr. Mitchell Brown (Managing Director of Heinbro Group)

Email: mbrown@heinbro.com

Address: 18/A, Heng Shan Centre, 145 Queen’s Road East, Wan Chai, Hong Kong

By continuing to use our services via our website or by providing personal data to us, you agree to the collection, use and disclosure of your personal data in the manner set out in this Privacy Statement.