Data Privacy and Security Policy
As being a provider of industry-leading carrier and cloud-neutral data centre services, SUNeVision Holdings Limited (SUNeVision) attaches the greatest importance to protecting personal data privacy and preventing data leakage or loss by adopting an array of security measures and good industry practices. This Policy, which governs all subsidiaries of SUNeVision, is established to ensure a safe customer data handling practice.
SUNeVision is committed to comply with data protection laws applicable to its business, including the requirements of the Personal Data (Privacy) Ordinance (Cap. 486), to ensure personal data are securely kept and used only for the purpose for which they have been collected. In doing so, we will ensure compliance by our staff with the applicable standards of security and confidentiality.
Commitment to Personal Data Protection
If Personal Data are collected in the process of making enquires or submitting applications for services provided by different operations within our Group, Users will be informed via the respective Personal Information Collection Statements of such purposes and uses, including the extent of their transfer and disclosure; and the right of access to, correction of and deletion of the collected Personal Data.
Once we have obtained User's Personal Data, it will be maintained securely in our system. We shall retain Users' Personal Data for so long as he or she is a registered user of our company web site, business partner and customer. Only the authorized staff, who is granted the access privilege based on his/her job nature, will be able to read/change/delete to such Personal Data, and we shall not release such Personal Data to any external parties except those parties set out in our Personal Information Collection Statement without User's consent.
Accredited with ISO 27001 Information Security Management System, SUNeVision adopts strict security measures to ensure around-the-clock security. ensures only authorized individuals and technicians can access data centers and visit logs are being properly maintained on a regular basis. Secure data disposal procedures are also implemented and monitored to ensure the proper destruction of data and minimize the risk of sensitive information leakage.
SUNeVision will establish a cybersecurity strategy which governs the protection baseline of our entire IT infrastructure. The cybersecurity strategy shall direct how SUNeVision safeguard data by encryption at the application level, adoption of security solutions includes Anti-Virus, Anti-Spyware, Advanced Persistent Threat Prevention (APT), Intrusion Prevention and Mobile Application Management.
Development and Training
SUNeVision recognizes the importance of raising employees’ and contractors’ awareness on data privacy and protection. In this regard, data protection training will be provided to all employees. Our development and training programmes on data protection shall serve the following objectives:
- To raise awareness on data protection;
- To provide a basic understanding of data protection rights and responsibilities in line with the Personal Data (Privacy) Ordinance. (Cap. 486)
Implementation & Review
The Company’s CEO will be responsible for the oversight of the implementation of this Policy, with the assistance of Technology Department and Facility Management Department, who regularly review data privacy policies and procedures, and submit monitoring reports. The Policy implementation progress and compliance status will be reported in our Environmental, Social and Governance Report annually. The company’s CEO will conduct regular review of this Policy and update the content if necessary, with the assistance of Internal Audit and Risk Management Department.