B.Braun Medical (HK) Ltd (“BBHK) is subject to data protection principles under the Personal Data (Privacy) Ordinance as amended in 2012 (Cap. 486) (“PDPO”) and this notice is intended to outline how we intend to keep secure the personal data of individuals (“data subjects” as defined under Section 2(1) of the PDPO) and to ensure that the rights of data subjects are protected.
All staff members of BBHK are required to comply with all relevant provisions of the PDPO and observe the following six Data Protection Princ
iples under the PDPO in the collection, use, disclosure and retention of personal data :-
Data Protection Principles
Principle 1 - Purpose and Manner of Collection
This provides for the lawful and fair collection of personal data and sets out the information a data user must give to a data subject when collecting personal data from that subject. Further, personal data may only be collected if it is necessary but not excessive.
Principle 2 - Accuracy and Duration of Retention
This provides that personal data should be accurate, up-to-date and kept no longer than necessary.
Principle 3 - Use of Personal Data
This provides that unless the data subject gives consent otherwise personal data should be used for the purposes for which they were collected or a directly related purpose.
Principle 4 - Security of Personal Data
This requires appropriate security measures to be applied to personal data (including data in a form in which access to or processing of the data is not practicable).
Principle 5 - Information to be Generally Available
This provides for openness by data users about the kinds of personal data they hold and the main purposes for which personal data are used.
Principle 6 - Access to Personal Data
This provides for data subjects to have rights of access to and correction of their personal data.
In this policy, we seek to inform data subjects of the purpose for which their personal data is collected and processed and the data subject’s right to access or refuse to provide such personal data. We will use the personal data which we may collect from time to time in accordance with this policy.
Personal data will be collected only for lawful and relevant purposes and all practical steps will be taken to ensure that personal data held by us is accurate.
This privacy statement is in addition to any other agreements between the data subject and BBHK, including any customer or account agreements, and any other agreements that govern the data subject’s use of our products, services, contents, tools and information available on our website,
Amendment of this privacy statement may become necessary in the course of further development if our website and the implementation of new legal requirements or new technologies, or in order to improve our service for you. Therefore, the processing and collection of personal data will be in accordance with the privacy statement as applicable from time to time.
Notice and Choice and Rights as a Data Subject
Please be aware that you have the right to make a choice not to provide your personal data and may revoke your consent to the collection and processing of personal data. Please however be aware that certain services we provide and the continuation thereof may require the processing of such data.
You always have a right to access your personal data, the origin and recipients and the purpose of data processing free of charge as well as a right to seek rectification, erasure or restrict the processing of such personal data. The information, if requested shall be provided in a machine-readable format.
All queries are to be directed to the Compliance Officer of BBHK.
General Information on Processing of Personal Data
This data protection statement applies to personal data as defined under Section 2(1) of the PDPO which BBHK collects about a data subject. Personal data may be data relating directly to an individual, data from which it is practicable for the identity of the individual can be directly/ indirectly ascertained and which is in a form which access to and processing of such data is practicable.
The process by which we gather, process and use the personal data of a data subject is in compliance with the PDPO as well as the data protection regulations of the Federal Republic and Germany and also of the European Union. Under no circumstances will BBHK pass on the personal data of a data subject to third parties outside of the B. Braun Group of companies (being B. Braun Melsungen AG and its subsidiaries worldwide) without the data subjects consent.
Within the B. Braun Group, compliance with legal requirements including this PDPO and with this Policy is monitored.
Categories of personal data we collect and hold
The nature and type of data we collect and the source of such data varies depending on the nature of the relationship we have with the data subject and may include:
- personal data which we collect from our website (as more particularly detailed in subsequent paragraphs), if such data has been voluntarily provided or where such data is required for the purposes of providing the service which a data subject requires
- personal data which we collect on application forms or other information forms such as name, address, email, telephone, occupation, income
- personal data from credit bureau reports and credit reporting agencies
- personal data from governmental agencies.
Purpose of collecting personal data
Personal data is used to provide products and services and to inform about products and services offered by BBHK and may include:
- for the purposes of technical administration of our website
- statistical analysis
- developing new products and services
- registration for programs or offers upon your request
- providing services offered to you
- payment processing for purchases
- protection against or identifying possible fraudulent transactions,
- where permitted by law, to supply customized, unsolicited offers and information about BBHK and services
- developing and providing advertising adapted to our customers
- profiling and determining service preferences
- finance and marketing operations and/or as required by the terms and conditions of business and other business administration purposes including credit monitoring and control purposes
- to meet regulatory and legal requirements
- for risk management
- for all other purposes incidental and associated with the above.
Unless you agree otherwise, your personal data will only be used by us to provide you with the products and/or services you have agreed and/or requested.
Disclosure of Personal Data
Personal Data will be kept confidential and will not be forwarded to third parties outside of the B. Braun Group of companies without your prior consent.
We will not sell, rent, lease, or make available your personal data to others or to any unaffiliated parties. Information may however be disclosed to the following categories of parties for the purposes who are service providers and for the purposes as set out:
- to any B. Braun Group companies in and outside of Hong Kong
- to our advisers, including consultants, advocates and solicitors for purposes of determining our rights and enforcing any agreement with data subjects
- any agent, contractor or service provider to whom we may have outsourced services to, subject always that such parties acknowledge the confidentiality and rights of the data user and to comply with the provisions of the PDPO
- to regulatory authorities or notified bodies including bodies providing quality certification of our products upon their request
- to such other parties as may be permitted under Hong Kong law.
Data Subject’s Rights
Under the PDPO, a data subject has the right to access personal data which an organization holds about the data subject. At a data user’s request, we will inform you in writing and in accordance with applicable law, whether we have stored any personal data and if so, the data.
Data users have a right to correct and block such personal data and to require a deletion of personal data. Data users may also withdraw consent to the processing and storage of personal data, if not needed for legal reasons or for processing and existing contractual relationship. Data may also be deleted if such data is no longer subject to retention policies.
In order to assist us in validating the identity of any person requiring access, we will ask for verification documents to substantiate identity.
Protection of minors
As a general rule, children and persons under the age of 18 years should not disclose personal data to us without the consent of their parents or guardians. We do not solicit personal data from children and we do not knowingly collect personal data from children, use said data in any way or disclose said data to third parties without authorization.
Transmission of data over the Internet
The Internet is a global platform. By using our websites, or communicating with us electronically via contact forms, you agree to the unencrypted transfer of all data that you want to send us. Due to the nature of operations on the Internet, and the inherent systemic risks, all data transfers initiated by you occur at your own risk. The only exception to this is if we offer you an encrypted transmission path.
Security measures
We have taken extensive precautions to ensure the security of your data. Your personal data, as stored by us, which you for example have entered on HTML pages (contact forms), are transferred in an encrypted format (SSL – Secure Socket Layer) over the public data network to our Internet service provider, from there to the respective data processing systems of the B. Braun companies responsible for the triggered transactions, or to the appropriate contractual partners of the B. Braun companies and are placed into storage.
Data Collection and Processing from Internet Access
Access via our website, social media pages and plugins as well as queries on various platforms may result in the collection and processing of data. Following are details of specific policy measures which relate to such collection and processing:
- Anonymized IP address of the requesting computer
- Date and time of the access
- Name and URL of the called data
- Report whether the call was successful
- Identification data of the used browser and operating system
- Website, from which the access is carried out
- Name of your Internet access provide
Data collection and processing in case of access from the Internet
When you visit our website, our web servers save each access temporarily to a log file. The following data are entered and saved until automated deletion:
- Anonymized IP address of the requesting computer
- Date and time of the access
- Name and URL of the called data
- Report whether the call was successful
- Identification data of the used browser and operating system
- Website, from which the access is carried out
- Name of your Internet access provide
The lawful processing of these data occurs for the purposes of enabling use of the website (establishing connection), for system security, for technical administration of the network infrastructure and for optimization of the Internet offering. By agreeing to this privacy policy, you give your consent to our collection of these data. You may refuse this data processing. Insofar as you refuse the use of the data, we hereby inform you that our services may only be usable to limited degree.
These personal data are not processed beyond the cases indicated above, unless you explicitly consent to further processing.
Processing of your communication inquiries - Salesforce Marketing Cloud
If you send us inquiries by using the contact form your details from the inquiry form including the contact details entered by you there will be saved by us for the purpose of processing the inquiry and for the event of follow-up questions. We will not forward these data without your consent.
Use of the Salesforce Marketing Cloud
We use the remarketing functions of the Salesforce Marketing Cloud of the service provider salesforce.com, Inc. The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA (“Salesforce”). If you have consented to the receipt of our newsletter and visit our Website via a newsletter, web beacons are used. This way it is possible for us to track the effectiveness of our newsletter, e.g. whether you have opened an e-mail or which part of the newsletter was particularly interesting.
For this purpose we use e.g. the tracking methods “Email Open Tracking” and “Email-Link Tracking”.
Email Open Tracking: Here we track whether you have opened the newsletter via the 1x1 pixel in the HTML template described below.
Email-Link Tracking: It is tracked here whether a link was clicked within the e-mail (Click-Trough). For this purpose the links are converted by the Marketing Cloud into trackable links.
Salesforce uses so-called “web beacons” in the majority of the used e-mails. Web beacons (also called “ClearGIFs” or “tracking pixels”) are small graphics (GIF files with a size of approx. 1×1) that are used among others on websites or in HTML e-mails. Web beacons fulfill similar functions as cookies, can however not be noticed by the user. Via web beacons information can, in particular, be obtained whether the e-mail was opened and whether the system of the user is capable of receiving HTML e-mails. No personal data are collected via the web beacon.
If you would not like to receive any e-mail notifications with web beacons, you can alternatively also receive your e-mails in a text form (not in the HTML format) by changing the corresponding settings to this extent within your e-mail client and by blocking the receipt of HTML formated e-mails.
Consent to the transmission of data within the scope of the services
Within the use of Salesforce, the scope of the use of this portal data from a user can be transmitted to the USA to a contractually bound and carefully selected service provider. The data protection existing in the USA is however not comparable with European standards and may also differ from Hong Kong standards. Appropriate data protection cannot be guaranteed continuously but in order to provide security of your data as far as possible, our company takes necessary protective measures and transmits data to the USA according to the principle of purpose limitation and data economy so that only the absolutely essential information that is provided by you is retained.
Privacy policy for the use of Webanalytics
Adobe Analytics, a web analysis service of Adobe Systems Software Ireland Limited ("Adobe"), is used on this website. Adobe Analytics uses cookies. If the information regarding use of the website that is generated by the cookie is transmitted to an Adobe server, then the settings ensure that the IP address is anonymized before geolocalization and replaced by a generic IP address before saving. Adobe utilizes this information on behalf of the operator of this website in order to evaluate usage of this website by the user, to compile reports on website activity for the website operator and to perform additional services connected with use of the website and the Internet in respect of the website operator. The IP address transmitted by your browser in connection with Adobe Analytics is not combined with other data from Adobe. You can prevent the saving of cookies by a corresponding setting in your browser software. Note that in this case, you may not be able to fully utilize all functions of this website. You can furthermore prevent the entry of the data generated by the cookie and referring to your usage of the website (incl. your IP address) to Adobe as well as the processing of these data by Adobe by downloading and installing the available browser plugin here.
The contract concluded with Adobe for the contract data processing concluded by the B. Braun Group for use of Adobe Analytics allow for the implementation of the strict stipulations of the German data protection.
Customer Journey Tracking
On this website through technologies of Pixelpark GmbH (https://www.publicispixelpark.de/) data is collected in an anonymized form (Marketing Cookies) and sent to Pixelpark GmbH. These cookies are set for the design in line with the needs, as well as to optimize this website and for the determination of statistical analyses and for cross-medial use. Pixelpark GmbH uses so-called “cookies” for this purpose. Text files that are saved on the computer and which enable an analysis of the use of the website (cf. “8. Cookies”).
The data is not used to personally identify the visitor of this website.
These anonymized usage data can be used both by website operators as well as by other advertisers and partners of Pixelpark GmbH in order to identify usage interests without it being possible to draw a conclusion about your identity as a visitor of a website.
Links
This data protection policy applies to all data gathered and processed by BBHK. In rare cases, the B. Braun Internet sites link directly to the websites of another party, for which the respective party itself is then responsible. However, any switching of this kind to external websites will be clearly announced to you in advance. We accept no responsibility for the handling of your data by the operators of other websites. When you exit BBHK Internet sites, we therefore recommend that you ask all operators of the linked websites for their data protection policies.
Cookies
Cookies, which collect and store data exclusively in pseudonymous form, may be utilized for this website. Based on this data, usage profiles are creased under a pseudonym. The data are not used to personally identify any visitor to this website and are not merged with the data relating to the holder of the pseudonym. You can object to this data being collected and stored at any time; this objection will then continue to apply in the future.
Social Media Plug-ins
As part of BBHK's internet presence, third-party content may sometimes be used (plug-ins). This can take the form of Youtube videos, RSS feeds or graphics of other pages, or social media buttons, such as the Facebook Share button. Some data may be transmitted to and collected by the social networks, such as IP address, browser information and operating systems.
BBHK has no influence on the amount of data collected by the social networks. The nature, scope and purpose of the data collection, information on the further processing of the data, your rights in relation to these and setting options for protecting your privacy are explained in the data protection policies of the respective social network.
Accessing the data protection policy
B. Braun Melsungen and its subsidiaries worldwide are governed by the laws of the respective jurisdiction in which they operate in. You can view and print out the privacy policy of B.Braun Melsungen AG and each of its subsidiaries worldwide by clicking on the "Privacy Policy" link on the respective website.
Governing law
The validity and interpretation of this privacy statement shall be governed and construed in all respects by the laws of the Hong Kong Special Administrative Region (“Hong Kong”) and the parties shall submit to the non-exclusive jurisdiction of the courts of Hong Kong in the event of dispute.
Severance
If any provisions in this privacy statement shall be construed to be illegal, invalid or unenforceable, it or they shall not affect the legality, validity and enforceability of the other provisions of this statement. The illegal, invalid or unenforceable provisions shall be deemed to be deleted from this statement and no longer incorporated as a term of this statement but all other provisions of this statement shall continue to be effective.
Disclaimers and limitation of liability
We endeavor to ensure proper collection, use and retention of your personal information. However, we shall not be liable for any loss or damages including without limitation, indirect or consequential loss or damages, or any loss or damages whatsoever arising from or in connection with the collection, use and retention of personal information unless we are in material breach of or gross negligence in our obligations under this privacy policy or in breach of any privacy laws applicable in Hong Kong. In any event, any claim against us by a data subject shall be limited to HK$10,000.
Contact person in data protection matters
If you have any questions regarding the processing of your personal data, please contact us via the following:
E-mail to our Compliance Officer ivan_chan@bbraun.com
or write to us:
B. Braun Medical (HK) Ltd.
Unit Nos. 13-18, Level 35, Tower 1,
Millennium City 1, No. 388 Kwun Tong Rd.,
Kwun Tong, Hong Kong
Attn: Compliance Officer / Mr. Ivan Chan