Privacy Statement

This Privacy Statement applies to all contracts, services and websites offered by PCCW Global (“PCCW Global”, “we”, “us” or “our”). It sets out how we collect, use, manage and protect the personal data or information (“Data”) that we collect from or about you. It also explains your rights regarding our use of your information, how long we keep your information and how to contact us.

“PCCW Global” means PCCW Global Limited and its group companies. For details on our group companies, please contact us. For details on the PCCW Global group company with whom you have a contractual relationship, please refer to your service agreement with us, the appropriate order form, invoices or other documentation that we issue to you. PCCW Global is a subsidiary of the wider HKT Group, which is based in Hong Kong. The HKT’s privacy statement is available here.

Your Data

We collect the following information about you where applicable in order that we may provide our “Services” to you:

  1. your name, date of birth and other details documented on your legal identity card, travel document, student card and/or driver’s licence;
  2. contact details including name, address, phone number, mobile telephone number and/or email address;
  3. Data that you have shared with third party social media platform operators (e.g. account login name, profile picture, contact details);
  4. payment details including credit card, debit card and other electronic banking Data (such as truncated credit card number, cardholder name, and expiration date);
  5. account details or Data relating to Services registered with us including the relevant PIN, username or password, account numbers and/or service numbers;
  6. device specific information such as hardware model, operating system, version, unique device identifier, serial numbers, setting configurations and software and mobile network configuration;
  7. information about how you use our Services such as network usage, how you use our network, and your location when you are using our Services as well as information collected using cookies stored on your device(s);
  8. your credit and service history to enable us to assess your eligibility to our offers of Services or to accommodate your request for transfer of Services or your account with us;
  9. all Data in order to comply with our legal obligations; and
  10. other Data, from time to time, to help us provide you with improved Services.

How we collect Data

We collect Data in a number of ways, including from:

  1. you directly, for example, when you provide Data by phone or via email, attend our functions, complete an application form or agreement for one of our Services, or when you submit your Data through our websites, mobile or TV apps, or over any customer service hotlines or online chat sessions; or when you contact us with a query or request; or during the ordinary course of the continuation of our business relationship with you; or when we are legally required to do so;
  2. third parties such as related entities, business partners, or other customers, or your representatives with appropriate consent from you;
  3. publicly available sources;
  4. our own records of how you use our Services;
  5. your visits on our websites, or mobile or TV apps; and/or
  6. your participation in surveys or marketing promotions organised by us or on our behalf.

How we use your Data

We may collect, retain and use your Data for the following purposes:

  1. to verify your identity;
  2. to process your application to subscribe to our Services and loyalty programs;
  3. to verify your eligibility to our offers of Services, games and/or promotions or other events;
  4. to provide, activate and/or renew Services and loyalty programs that you may have subscribed for;
  5. to provide you with rewards, promotional benefits, updates, offers and invitation to events;
  6. to promote and market our Services to you;
  7. to conduct credit checks and detect fraudulent activities as required by law;
  8. to perform research or analyses so that we may improve and optimise the Services and/or loyalty programs that can be made available to you; 
  9. to conduct surveys and marketing, promotional, behavioural scoring for business operations and/or planning purposes;
  10. to carry out market and product analyses in order to generate statistical or actuarial reports (containing aggregated data that does not relate to any identified or identifiable individual);
  11. to enforce our contractual rights;
  12. to process any payment instructions, direct debit facilities and/or credit facilities in relation to our supply of Services to you;
  13. to maintain and develop our business systems and infrastructure, including testing and upgrading of these systems;
  14. to maintain, enhance and develop our products and service offerings;
  15. to comply with our telecommunications licence obligations in respect of interconnection arrangements with other telecommunications operators and related industry practices;
  16. to comply with applicable laws, rules, guidelines, regulations and/or requests issued by applicable government authorities, courts, law enforcement, or regulatory or investigation bodies, in relation to the supply of Services and/or loyalty programs to you, including to assist in the prevention, detection of crime or possible criminal activities;
  17. to distribute our publications and research materials as well as those of our business partners and counterparties;
  18. in order to deliver the service(s) under the contractual agreement to you directly, or via a third party to whom you gave consent;
  19. to notify you of maintenance work taking place which might affect you; and
  20. to process a job application.

Use of cookies

Like many other websites, our websites sometimes uses cookies. Cookies are small pieces of information sent by an organisation to your device(s) and stored on your device(s) to allow that website to recognise you when you visit. They help us to improve our website and deliver better more personalised Services.

It is possible to switch off cookies by setting your browser preferences.  You can find more information about cookies at: https://www.allaboutcookies.org/ and www.youronlinechoices.eu. You may refuse to accept cookies by altering the settings on your internet browser. Find out how to disable/enable browser cookies by referring to the ‘help’ section of your browser or by clicking on the “Manage Cookies” section of the Interactive Advertising Bureau website on the following link https://www.allaboutcookies.org/. Please note that if you adjust your internet browser settings to refuse the setting of all cookies, you may be unable to access or use fully certain parts or functionality of our websites.

Our legal basis for using your Data including how we disclose your Data

We have a legitimate interest in collecting your Data so that we can provide you with the best possible Services. Our use of your personal data may be necessary for the performance of a contract between us to provide the Services that you have requested. If the law requires us to, we may need to collect and process your personal data (for example in relation to the detection of fraud and other criminal activity). In specific situations, we may collect and process your Data with your consent. In any event, we will only pass on your Data if your interests or your fundamental rights and freedoms do not carry more weight, and you will always be informed accordingly in a transparent manner (for example through revisions to this Privacy Statement), except for when there are exceptions stipulated by law.

In order to provide the Services that you have requested, we may, to the extent permissible under applicable laws and regulations, disclose your Data to the following third parties:

  1. data processors, who are service providers and suppliers who provide: (i) services relates to customer enquiries; (ii) courier, delivery, logistic and warehouse services; (iii) mailing operations; (iv) billing and debt-recovery functions; (v) information technology services; (vi) installation, maintenance and repair services; (vii) marketing, advertising and telemarketing services; (viii) market research; (ix) customer usage and behavioural analysis; (x) process management; (xi) after sale services; (xii) surveys; (xiii) website usage analysis; (xiv) cloud storage services; and (xv) network connectivity services, including international and local connectivity service of any technology types such as IP, DWDM, IPLC, satellite, microwave etc.
  2. your authorised representatives and/or your legal advisers when requested by you to do so;
  3. for the purposes of providing administrative, payment, collection, business, legal and/or operational support to the following parties: (i) credit-reporting and fraud-checking agencies; (ii) financial institutions, charge or credit card issuing companies, credit providers, credit bureau, collection agencies or security agencies; (iii) telecommunications network operators; and (iv) our professional advisers, including our accountants, auditors, lawyers and insurers;
  4. organisations who manage our business and corporate strategies, including those involved in a transfer or sale of all or part of our assets or business and those involved in managing our corporate risk and funding functions;
  5. to any proposed or actual participant, assignee or transferee of all or any part of the relevant member of our operations or business;
  6. companies in the same group as us;
  7. local and foreign regulators, governments, law enforcement authorities, advisors, courts and tribunals; and
  8. other third parties, with your consent.
 

Some of these third parties are based outside the European Economic Area (the “EEA”). If we do transfer your information outside the EEA we will take appropriate steps to protect that information which include one of the following: (i) transferring to third parties in jurisdictions that the EU Commission has determined offers adequate protection for your information’ (and information relating to Adequacy Decisions made by the European Commission are available; (ii) entering into an agreement with the third party, which includes clauses that the EU Commission has determined offers adequate protection for your information; or (iii) transferring to third parties that have agreed to comply with schemes approved by the European Commission to protect your information.

Retention of your Data

We will retain your Data in accordance with our internal policies. Our policies cover the following principles:

  1. Data will only be retained for as long as is necessary to fulfil the original or directly related purposes for which it was collected, unless the Data is also retained to satisfy any applicable legal, regulatory or contractual obligations; and
  2. Data is purged from our electronic, manual and other filing systems based on the above criteria and our internal procedures.

Your rights

We take all reasonable precautions to ensure that the Data we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of that Data depends to a large extent on the Data you provide. You have rights under data protection law in relation to our use of your Data, including to:

  1. request access to your Data, which you can do using the form available by clicking on this link;
  2. update or amend your Data if it is inaccurate or incomplete;
  3. object to certain uses of Data (which includes direct marketing, and processing based on legitimate interests);
  4. request access to your Data, please email  [email protected] for the Data Access Request Form;
  5. update or amend your Data if it is inaccurate or incomplete;
  6. object to certain uses of Data (which includes direct marketing, and processing based on legitimate interests);
  7. request the deletion of your Data, or restrict its use, in certain circumstances (for example you can request that we erase your information where the information is no longer necessary for the purpose for which it was collected (unless certain exceptions apply);
  8. withdraw any consents you have provided in respect of our use of your Data;
  9. to the return of Data you have provided to us, to use for your own purposes where the processing is based on your consent or for the performance of a contract; and the processing is carried out by automated means; and
  10. to lodge a complaint with the appropriate supervisory authority.

If you have any questions about these rights, or you would like to exercise them, please contact us by emailing [email protected]. Additional details of how to get in touch are set out below.

To protect the confidentiality of your Data, we will ask you to verify your identity before proceeding with any request you make under this Privacy Statement. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act. If we choose not to action your request, we will explain the reasons why.

Under the age of 18

We do not intend to collect Data related to children aged 17 or under. If you are aged 17 or under, please do not use this website or sign up to any of our Services.

Your responsibilities with regard to end users

If you, as our customer, allow end users (e.g. family members, friends, visitors etc.) to make use of the Services that fall under the application of this Privacy Statement, you will have the following responsibilities:

  1. you must adequately inform the end users that we will process their Data as a result of their use of the Services;
  2. you must obtain all the legally required consents from the end users before their Data is communicated to us for processing in connection with the Services that you allow them to use;
  3. you must adequately inform the end users about the applicability of this Privacy Statement, in particular with regard to privacy rights and how they can be exercised;
  4. you may not use the Services to collect Data that is in conflict with the applicable privacy legislation, nor to unlawfully gain access to any Data of the end users;
  5. you must take all reasonable measures to ensure the trustworthiness of the end users who have access to the Data; and
  6. you may not do, cause or permit anything that could in any way whatsoever result in any violation of applicable privacy laws.

Notices with regard to services provided by third parties

Through the Services, you can also use services provided by other parties, such as chat, websites from third parties, forums, Facebook, Twitter, news groups and/or apps. We have no control over the information you provide to such third parties, or how this is processed, and we also have no responsibility in this respect. It is up to you to handle this wisely, and to carefully read through the privacy policy of these third parties.

Our websites may contain links to websites run by third parties, the contents of which are not our responsibility. This Privacy Statement applies only to our websites and not those of third parties.

How to contact us

Any questions regarding this Privacy Statement should be sent to our Privacy Compliance Officer by email to [email protected]

We keep this Privacy Statement under regular review and any changes we make to our Privacy Statement in the future will be posted on this page. This Privacy Statement was reviewed in September 2021.

Additional Information for Certain Jurisdictions

We provide additional information about the privacy laws applicable to your jurisdiction in the annexes to this Privacy Statement.

South Africa

In South Africa, the processing of personal information is governed by the Protection of Personal Information Act, 4 of 2013 (“POPIA“).
The content of the Privacy Statement will apply to the processing of personal information carried out by Gateway Communications (Pty) Ltd (“Gateway“), a PCCW Global group company in South Africa. The purpose of this Annex A is to supplement the Privacy Statement. However, to the extent that any provision of the Privacy Statement conflicts with any provision in this Annex A in relation to the processing of personal information in South Africa, the provisions of this Annex A shall prevail.

Definitions

Information Officer – means the person appointed by or on behalf of Gateway as the information officer, who is required to assist with (i) the implementation of the Privacy Statement; and (ii) the compliance requirements of the Privacy Statement.
Operators – all references to processors in the Privacy Statement shall have the meaning given to “operators” in POPIA. POPIA defines an “operator” as a person who processes Personal Information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.
Personal Information – all references to “Data” in the Privacy Statement is a reference to “Personal Information” as defined under POPIA. POPIA defines Personal Information as information about an identifiable living natural person, and in so far as it is applicable, an identifiable existing juristic person. A juristic person is a separate legal entity capable of acquiring rights and incurring liabilities, which allows it to sue and be sued in its own name, for example, a company or a trust. Personal Information includes but is not limited to:

  • information relating to the race gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of a person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private and confidential nature or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person; and
  • the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person.

Personal information does not include information that does not identify a person (such as information that has been anonymised).
Processing – shall have the meaning given to it in POPIA, which includes, among other things, activities such as collecting, storing, using, disseminating, marking, restriction, erasing or destroying Personal Information.

Information Officer

We have appointed an Information Officer who is responsible for overseeing questions in relation to the Privacy Statement. You may contact our Information Officer at [email protected] to discuss the Privacy Statement or your rights under Personal Information protection laws that are applicable to you.

Your Personal Information

Gateway may process, collect, store and/or use aggregated data, which may include historical or statistical data (“Aggregated Data“) for any purpose. Aggregated Data may be derived from your Personal Information but is not considered Personal Information, as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Information in a manner that has the result that it can directly or indirectly identify you, we will treat the combined data as Personal Information, which will be managed in accordance with this Privacy Policy.

Our legal basis for using your Personal Information including how we disclose your Personal Information

Where Gateway is required to process your Personal Information by law, or in terms of a contract that we have with you, and you fail to provide such Personal Information when requested to do so, Gateway may be unable to perform in terms of the contract we have in place or are trying to enter into with you. In this case, Gateway may be required to terminate the contract and/or relationship, upon notification to you, which termination will be done in accordance with the terms of the contract and all applicable legislation.

Gateway will restrict its processing of your Personal Information to the original purpose for which it was collected, unless Gateway reasonably considers that it is necessary to process it for another purpose that is compatible with the original purpose.

Gateway may, where permitted or required to do so by applicable legislation, process your Personal Information without your knowledge or consent, and will do so in accordance with the further provisions of this Privacy Statement.

We will not intentionally disclose your Personal Information, whether for commercial gain or otherwise, other than with your permission, as permitted by applicable law or in the manner as set out in this Privacy Statement.

In order to provide the Services you have requested, we may disclose your Personal Information to third parties, to the extent permissible under applicable laws and regulations. Where we disclose your Personal Information to third parties, we will only disclose your Personal Information to third parties who have agreed to be bound by the Privacy Statement or similar terms, which offer the same level as protection as this Privacy Statement.

Storage and transfer of your Personal Information

We store your Personal Information on our servers or those of our service providers and in hard copy format at our offices and at the storage facilities of our third-party record storage and management providers.

We reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected, or outside of South Africa in a jurisdiction that may not have comparable data protection legislation. If the location to which Personal Information is transferred and/or is stored does not have substantially similar laws to those of South Africa, which provide for the protection of Personal Information, we will take reasonably practicable steps, including the imposition of appropriate contractual terms to ensure that your Personal Information is adequately protected in that jurisdiction.

Please contact us if you require further information as to the specific mechanisms used by us when transferring your Personal Information outside of South Africa or to a jurisdiction that is different to the one in which we collected your Personal Information.

Security

We take reasonable technical and organisational measures to secure the integrity of retained information and protect it from misuse, loss, alteration and destruction through the use of accepted technological standards that prevent unauthorised access to or disclosure of your Personal Information.

We also create a back-up of your information for operational and safety purposes.

We review our information collection, storage and processing practices, including physical security measures periodically, to ensure that we keep abreast of good practice.
Gateway has implemented procedures to address actual and suspected data breaches and undertakes to notify you and the relevant regulatory authorities of breaches in instances in which Gateway is legally required to do so and within the period in which such notification is necessary.

Retention of your Personal Information

In addition to the grounds on which we retain your Personal Information as set out in the Privacy Statement, we will only retain your Personal Information for a specified further period, where you agree to us retaining your Personal Information for such further period.

To determine the appropriate retention period for Personal Information, Gateway will consider, among other things, the nature and sensitivity of the Personal Information, the potential risks or harm that may result from its unauthorised use or disclosure, the purposes for which we process it and whether those purposes may be achieved through other means. Gateway will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.

Your rights

It is your responsibility to advise Gateway or the persons responsible for the maintenance of your Personal Information should any of Personal Information we have about you be incorrect, incomplete, misleading or out of date, by notifying us.

Children

Gateway products and services are not targeted at children (a natural person under the age of 18 years). We will not knowingly collect Personal Information in respect of children without express permission to do so from a competent person (any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child).

Direct Marketing

When you register to use Gateway’s services, you will be required to provide your consent to agree to receive marketing communication from us.
You may refuse to accept, require us to discontinue, or pre-emptively block any approach or communication from us if that approach or communication is primarily for the purpose of direct marketing (“direct marketing communications”).
You may opt out of receiving direct marketing communication from us at any time by requesting us to stop providing any direct marketing communication to you.
If you have chosen to opt out, we may send you written confirmation of receipt of your opt out request (which may be in electronic form), and will thereafter not send any further direct marketing communication to you. Please note that you may continue to receive communication from Gateway that is not marketing related.

How to contact us

Should you feel that your rights in respect of your Personal Information have been infringed, please address your concerns to the Information Officer by email at [email protected].

If you feel that the attempts by Gateway to resolve the matter have been inadequate, you may lodge a complaint with the South African Information Regulator by accessing their website at https://www.justice.gov.za/inforeg/.

PAIA Manual

Should you wish to access Gateway’s PAIA Manual, you may do so at PAIA Manual