We, NashTech Limited (“NashTech”), considers the protection and confidentiality of your personal data (“Personal Data”) to be very important and are committed to protecting and respecting your Personal Data in accordance with the provisions of Information technology laws and regulations. This Policy explains how we collect, process, manage and protect the Personal Data of our customers.
This policy applies to all Harvey Nash Group plc business activities and operations.
- Abbreviation: PII
- Acronym: Personal Identifiable information
- Definition: Information that can be used to identify a person
Collection of Personal Information
During the course of your dealings with us, you may provide us your Personal Data to enable us to enter into transactions with you or to communicate with you on the services and/or products related to our business. These may be done through various means, including:
(a) directly from you or indirectly from your representatives, agents and/or employer when you, your representatives, agents and/or employer send us a completed enquiry, application and/or registration forms via various means, including online and physical hardcopies at public venues or in any of our premises;
(b) directly from you or indirectly from your employer or credit reference agencies when tendering for projects, when you send us completed enquiry and/or credit application forms via various means, including online and physical hardcopies;
(c) our forms (i.e. invoice, delivery order, statement of accounts, credit application form etc.) whether in electronic or hardcopy format;
(d) any correspondence that we have received from you requesting for information or making any inquiries;
(e) business cards or other information provided to us or that were dropped at our premises or given to our employees or sales and marketing or other agents; and/or
(f) collected from cookies through the use of our website. Information systems audit considerations
Types of Personal Information
Such Personal Identifiable Information (PII) may include, but is not limited to, information concerning your name, age, identity card number, passport number, driver’s license number, address, email address, user ID’s and passwords, gender, date of birth, marital status, occupation, income range, bank account details and credit card information, financial information, contact information such as telephone, mobile and facsimile number, race, nationality, personal website usage information and information of third parties such as your emergency contact person, authorised representatives, contractors, lawyers, and financiers, which may be subject to applicable data protection and other similar laws.
The list of Personal Data stated above is not exhaustive and may include other personal data depending on the nature of dealings or works.
Purpose of Collection and Processing of Personal Information
Your Personal Data is collected and further processed by us as required or permitted by law and to give effect to your requested commercial transaction, including the following: (collectively, “Purpose”):
(a) with your consent for the collect, process, store, transfer by the mean of delivery to you of our services and/or products, notices, information in connection with our current and future services or products and the marketing of such services or products as well as new product launches, events, promotional events and contests;
(b) preparing and executing all necessary documents and agreements with you to carry out the obligations under the agreement, for our products and/or services necessary for purposes of conducting and administering our business including but not limited to sales and administration;
(c) general business operations which include but are not limited to:
(i) collection of outstanding payments;
(ii) those purposes provided for in any particular service or product offered by us or our business partners;
(iii) to administer and carry out our customer and prospective customer relationship management procedures;
(iv) maintaining our records of our customers and prospective customers and our internal record keeping;
(v) conducting marketing, client profiling and business development activities as well as market research and statistical analysis and customer surveys regarding our projects, products and/or services;
(vi) complying with any legal or regulatory requirements and to make the necessary disclosures under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular and/or code which are applicable to us and for the prevention of crime.
By providing your Personal Data to us, you have agreed to give your consent to the processing of your Personal Data by us for the stated lawful purposes when your Personal Data was collected. “Processing” means collecting, processing, storing and transferring your Personal Data or carrying out any operation or set of operations on your Personal Data.
Disclosure of Personal Information
Your Personal Data provided to us is processed by NashTech. We will ensure that;
(i) access to your Personal Data is restricted to staff who are contractually required to process your Personal Data in accordance with their respective job requirements, and
(ii) only necessary information is released to the relevant employees.
Your Personal Data may be disclosed to relevant third parties as required by law. In such event, you consent to the following disclosures of the Personal Data by us to these classes of third parties for reasons relating to the Purpose:
(a) third parties appointed by us to provide services to us or on our behalf (such as auditors, lawyers, company secretaries, consultants, contractors, professional advisors, service providers, printing companies, contractors, advisers);
(b) our business partners or affiliates who may jointly provide the service requested for;
(c) government agencies, statutory authorities, local councils and/or industry regulators including but not limited to the ministries, as well as to any other third party pursuant to any court order; and/or
(d) such other third parties that are necessary to carry out the purposes stated herein.
In the event of a potential, proposed or actual sale of business, disposal, acquisition, merger or re-organisation (“Transaction”), your Personal Data may be required to be disclosed or transferred to a third party as a result of the Transaction. You hereby acknowledge that such disclosure and transfer may occur and permit us to release your personal information to the other party and its advisers/representatives.
Use and Provide Personal Information on Websites
- Links to other sites
A cookie (small text files that store information on your hard drive) may be used in the processing of your Personal Data. A copy of this text file is sent by your computer and/or device whenever it communicates with our server. Cookies help us to understand which sections of our websites are frequently visited. With this information, we are able to adapt our website to suit your demands and to provide you with a more customised and personalised user experience. We may collect the following information during your visit to our website and/or the fully qualified domain name from which you accessed our site, or alternatively, your IP address:
(i) the date and time you accessed each page on our web site;
(ii) the URL of any webpage from which you accessed our site (the referrer); and
(iii) the web browser that you are using and the pages you accessed. Some web pages may require you to provide a limited amount of personal information in order to enjoy certain services on our websites (system login credentials, email address and contact, etc.). This personal information will only be used for its intended purposes only, i.e. to respond to your message or deliver the requested services. You may configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent.
Right to Review, Ensure Accuracy and Correction of Personal Information
We understand that it is your right to ask for the review of your Personal Information that store and process by us, and we take all reasonable steps to accommodate the request. You may request for a copy of your Personal Data which you have provided to us by submitting your request in writing specifying the personal information you wish to access.
If any of your Personal Data is incorrect or incomplete, the correction will be done by submit your request in writing specifying the incorrect information and the correct information for us to replace it with. We will take appropriated actions to ensure that your Personal Data provided to us is accurate and relevant only to the lawful purposes to which it was obtained for and is kept in the manner whereby the accuracy and completeness of your Personal Data is not affected and your Personal Data is up-to-date.
You have the right to limit in part or wholly any of the processes by which your Personal Data is subjected to in terms of the operations allowed to be performed upon it, the period of time allowed or alternatively the date line of the consent given. You may at any time withdraw or amend, in full or in part, your processing consent given previously, in each case subject to any applicable legal restrictions, contractual conditions and a reasonable time period.
Protection of Personal Information
Your Personal Data will be kept and processed in a secured manner. The appropriate administrative and security safeguards, policies and procedures will be implemented, as far as practicable, in accordance to the applicable laws and regulations. We will, as far as practicable, aim to prevent any unauthorised and/or unlawful processing of, and the accidental loss, destruction or damage to your Personal Data.
Retention of Personal Information
We will retain your personal data for the period necessary to fulfil the many different purposes outlined in this Policy or for such period as may be necessary to protect the interests of the company and/or its customers as may be deemed necessary, or where otherwise required by the law and/or where required by the Company’s relevant policies.
Exclusion of Liability
We shall not be liable for any purported violation, breach or non-compliance with any precepts of privacy or the protection of Personal Data in the following instances:
(a) Where an act of nature or event outside our control results in the damage or malfunction or destruction in any equipment or machinery used to secure, store or process Personal Data;
(b) Where the Personal Data is readily available or able to be found in the public domain; and
(c) Where despite our best efforts, there is unauthorised access, modification, alteration, misuse, tampering or abuse of Personal Data caused by the malicious or fraudulent or criminal acts or conduct of a third party not being under our control or direction.Information will be protected against unauthorised access
- The required level of confidentiality for information is always maintained
- The integrity of the information is always ensured
- The proper information is always available to the authorized users
- All staff and contractors receive sufficient Information Security training
The Information Security Management System is applied for all employees, contractors, consultants, interested parties, information and information assets for all of its operations.