This website is not intended for children (individuals under 18 years old) and we do not knowingly collect data relating to children.
XHK LTD (“XHK”) and any of its dependent and fully-controlled affiliates and subsidiaries (“XHK Entities”), are strongly committed towards international compliance with data protection laws. Ensuring data protection is the foundation of trustworthy business relationships and is the cornerstone of XHK’s reputation. The success of our business depends on our ability to maintain the trust of our clients. We would like to inform you about the type of information we gather, what we do with it and how you can correct or modify the information you entrust us with.
This Policy applies to XHK, XHK Entities and their employees and extends to all processing of personal data, relating to an identified or identifiable person. Anonymised or pseudonymised data is not subject to this Policy.
This Policy comprises the accepted international and European data privacy principles without replacing existing national laws. It supplements national data privacy laws in each jurisdiction where XHK operates. The relevant national law will take precedence in the event of conflict with this Policy or where it has stricter requirements. The Policy must also be observed in the absence of corresponding national legislation.
All processing carried out by XHK or its employees shall be carried out in accordance with the principles enshrined in the GDPR, being the following:
Processing personal data is permitted only under the following legal bases. One of these legal bases is also required if the purpose of processing personal data is to be changed from the original purpose.
XHK’s employees, directors, officers and representatives treat personal data as confidential and may not pass on or use any such data without valid legal grounds; as indicated under Section IV.
Transmission of personal data to recipients by XHK, both internally or externally, is subject to the authorisation requirements and pursuant to defined purposes. Personal data transmitted to a recipient outside the EEA must be subject to protection at least equivalent to that sought by the GDPR. Intragroup transfers of personal data to third countries are subject to the safeguards provided by XHK’s Binding Corporate Rules (the “BCRs”).
Every data subject has the following rights in relation to the processing of their personal data:
A client who has any questions or concerns in this regard can contact the DPO as indicated in Section X
Personal data is safeguarded from unauthorised access and unlawful processing or disclosure, as well as accidental loss, modification or destruction; through state-of-the-art technical and organisational measures. These are adjusted and updated continuously in tandem with technical developments and organizational changes. Additionally, data protection audits and other controls are carried out on a regular basis.
Data subjects may contact the XHK Data Protection Officer (the “DPO”) at [email protected] regarding any queries relating to issues of data protection, to exercise any of their rights indicated under Section VIII or to request a copy of the full XHK Data Protection Policy.