Privacy Notice for Suppliers and Related Persons
Nets Up (as listed in the annex and hereinafter collectively referred to as "we") respects the rights to privacy of our individual suppliers,
directors of our corporate suppliers, and operators and staff of suppliers (hereinafter referred to as "you"). We have created this privacy notice
to inform the details regarding the collection, use, disclosure, deletion, and destruction (collectively, the "processing ") of your personal data,
both online and other channels, to ensure that your personal data is protected in accordance with the personal data protection law.
1. Why We Process Your Personal Data
1.1 We process your personal data because it is necessary for the performance of the contracts between us and our suppliers.
1.2 We process your personal data because it is necessary for the purposes of the legitimate interests pursued by us or by a third party.
Examples of what your personal data is processed in this regard are as follows:
(1) To perform the contract with our suppliers. We process your personal data for procurement, inspection, payment of goods and services,
relationship management, evaluate the work according to the agreements specified in the purchase order, contract, or other documents relevant
to the procurement process;
(2) To manage, develop, and conduct our business operations which include administration and development of websites and applications,
research (e.g. interviews, questionnaires), fraud prevention and detection, crime prevention, maintenance of information technology (IT) systems;
(3) To protect your security such as provision of security measures, protection of your personal data, access control and identity authentication when you log in to your user account;
(4) To conduct marketing research and data analysis which include to send news and privileges to you via emails, SMS, applications, social media, telephone, and direct mails, and to conduct questionnaires and interviews with you; and
(5) To establish, exercise, or defend your or our legal claims.
1.3 We process your personal data because it is necessary in order to protect vital interests of you or of another person. We process your personal data to, for instance, make contact in case of emergency and control and prevent disease.
1.4 We process your personal data because it is necessary for compliance with a legal obligation to which we are subject.
1.5 We process your personal data because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
1.6 With your consent, we process your personal data to:
(1) Conduct other activities which we might have to collect additional personal data about you in which case we will inform and request your new consent from time to time. You can find out more about consent in item 4 of this privacy notice.
2. Personal Data We Collect
2.1 When you contact us or you (or your corporate supplier) supply products or services to us; we collect the following personal data:
(1) Contact information, especially the information available on your business card, such as email address, telephone number, office address,
social media account, instant messaging account;
(2) Information used to verify your identity such as ID cards, ID number, title, name, date of birth, mobile number, email, photograph,
identification information;
(3) Information related to your work such as employment, information related to the management of your work safety, hygiene, and environment,
bank account (for payment), remuneration, occupation, position and other personal data you have given to us when you contact us or supply
products or services to us;
(4) Signature.
2.2 When you visit our premises; we collect, monitor, and process your images and video recorded by CCTV (we do not record audio) in these areas
and this information can be used to identify you. However, we will display signage to notice you about the areas where CCTV are in operation.
2.3 When you contact us or participate in any activity with us, we collect the following personal data:
(1) Personal information, such as name, date of birth, photograph, identification card number, passport number;
(2) Contact information such as telephone number, email, address, instant messaging account;
(3) Information regarding your complaint
(4) Information about your participation in our activities, such as previous history of activities, photographs taken during your participation.
2.4 We may need to collect and process special categories of personal data, as defined by personal data protection law, to fulfill the objectives
we set out in this privacy notice such as
(1) When we have to use certain information for our security purposes e.g. facial recognition, finger print to verify your identity;
(2) In some cases, we may collect your special categories of personal data. For instance, we do not intend to collect information about your
religious belief but we obtain such information when we collect an image of your identification card, which we process to verify your identity
and this information is required by law; and
(3) We might have to collect your health information, e.g. food allergies, when we organize a customer relationship activity for you.
2.5 Where necessary, we will process your special categories personal data only when you give us explicit consent or for other purposes as
required by law. We will ensure that we will try our best to provide adequate security measures to protect your special categories personal data.
3. Cookies and Other Similar Technologies
We use cookies and similar technology to collect personal data as specified in our Cookies Notice.
4. Consent, Withdrawal, and Consequences
4.1 You are entitled to withdraw your consent at any time but such withdrawal will not affect the validity of the processing made prior to the
withdrawal of consent.
4.2 Your withdrawal of consent or refusal to provide certain information may result in us being unable to fulfill some or all of the objectives
stated in this privacy notice.
4.3 If you are under 20 years of age, you shall, prior to giving the consent, inform us of your parent or guardian so that we shall also be able
to ask consent from them.
5. Retention Period
5.1 We will retain your personal data for the period necessary to meet the objectives unless the law requires longer retention periods.
In the event that such period is unclear, we will retain the data for a customary expected period in accordance with retention standards
(e.g. the prescriptive period of 10 years for general legal claims).
5.2 We have established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant
or unnecessary for the purposes of collecting that personal data.
5.3 If your personal data is processed based on consent, we will stop the processing when you have withdrawn the consent. However, we may
keep your personal data to record your withdrawn so we can respond to your request in the future.
6. Disclosure of Your Personal Data
6.1 We disclose and share your personal data with:
(1) Companies in our group (“affiliates”) and partners who provide services and sell products relating to construction materials and home
appliances and
(2) Individuals and entities which are not our affiliates ("third parties") for the purpose of collecting and processing personal information
as described in this privacy notice such as our dealers, transport and logistics service providers, postal service providers, data processing
service providers, marketing service providers (who might send messages to you to promote our products and services), contractors
(who might perform tasks on our behalf), financial service providers (such as banks, payment companies, electronic payment service providers,
credit providers), IT service providers (such as providers of cloud services, blockchain systems, data analytics, SMS, or emails), IT developers,
programmers, auditors, consultants, advisors, government agencies (e.g. the Revenue Department, the Anti-Money Laundering Office), insurers,
and other persons to the extent necessary to enable us to conduct business, provide products and services, and meet the purposes for the
collection and processing of personal data as described in this privacy notice.
6.2 We will require persons receiving your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent unauthorized use or disclosure of your personal data.
7. Transferring Personal Data Overseas
7.1 We may send or transfer your personal data to our affiliates or other persons in a foreign country if it is necessary in order for us to
perform our obligations in the contract to which you are the counterparty or contract between us and third party for your benefit, to respond
to your pre-contractual request; to protect your and third party’s life, body and health, to comply with laws or to the extent necessary for the
public interest activities.
7.2 We may store your information on a computer, server, or cloud provided by a third party. And may use third-party programs, applications and
platforms in processing your personal data. However, we will not allow unrelated parties to access to your personal data and will require such
parties to have appropriate security protection measures.
7.3 In the event that your personal data is transferred to a foreign country, we will comply with applicable personal data protection laws and
take appropriate measures to ensure that your personal data is protected and you can exercise your rights in accordance with the laws. Moreover,
we will require those who receive the data to have appropriate protection measures for your personal data, to process such personal data only as
necessary, and to take steps to prevent unauthorized use or disclosure of your personal data.
8. Security Measures
8.1 We have implemented appropriate technical and administrative standards to protect your personal data from loss, misuse, and unauthorized
access use, disclose, or destruction. We use technology and security procedures such as encryption and access restriction to ensure that only
authorized people shall have access to your personal data, and that they are trained about the importance of protecting personal data.
8.2 We provide appropriate security measures to prevent the loss, access, use, change, disclosure of personal data from those who do not have
rights or duties related to that personal data. We will review the above-mentioned measures when necessary or when the technology changes to
ensure effective security.
9. Your Rights as a Data Subject
9.1 You have the rights under the personal data protection law summarized as follows:
(1) Withdraw the consent you have given to us;
(2) Request to view and copy your personal data or disclose the source where we obtain your personal data;
(3) Send or transfer personal data that is in an electronic form as required by personal data protection laws to other data controllers;
(4) Oppose the collection, use, or disclosure of personal information about you
(5) Delete or destroy or make your personal data non-personally identifiable (anonymous) information;
(6) Suspend the use of your personal data;
(7) Correct your personal information to be current, complete, and not cause misunderstanding.
(8) Complain to the Personal Data Protection Committee in the event that we, our data processors, our employees, or our contractors
violate or do not comply with personal data protection laws.
9.2 In this regard, we will consider your request, notify the result of the consideration, and execute it (if appropriate) within 30 days
from the date we receive the request. Your rights mentioned above will be in accordance with the personal data protection law.
9.3 You can exercise your legal rights by going to https://rb.gy/cvbdh1
10. Information about Data Controller and Data Protection Officer
10.1 The company in Nets Up that determines the purposes and means of the processing of your personal data is the data controller.
Details of these data controllers are available in the Annex as link.
10.2 In the event that you have a question regarding personal data protection, please send your message to data.privacy@scg.com
In the event that this privacy notice is amended, we will announce a new privacy notice on this website, which you should periodically
review the privacy notice. The new privacy notice will be effective immediately on the date of announcement.
Privacy Notice for Visitors and Event Participants
Nets Up (as listed in the annex and hereinafter collectively referred to as "we") respects the rights to privacy of our individual suppliers,
directors of our corporate suppliers, and operators and staff of suppliers (hereinafter referred to as "you"). We have created this privacy notice
to inform the details regarding the collection, use, disclosure, deletion, and destruction (collectively, the "processing ") of your personal data,
both online and other channels, to ensure that your personal data is protected in accordance with the personal data protection law.
1. Why We Process Your Personal Data
1.1 We process your personal data because it is necessary for the performance of the contracts between us and our suppliers.
1.2 We process your personal data because it is necessary for the purposes of the legitimate interests pursued by us or by a third party.
Examples of what your personal data is processed in this regard are as follows:
(1) To perform the contract with our suppliers. We process your personal data for procurement, inspection, payment of goods and services,
relationship management, evaluate the work according to the agreements specified in the purchase order, contract, or other documents relevant
to the procurement process;
(2) To manage, develop, and conduct our business operations which include administration and development of websites and applications,
research (e.g. interviews, questionnaires), fraud prevention and detection, crime prevention, maintenance of information technology (IT) systems;
(3) To protect your security such as provision of security measures, protection of your personal data, access control and identity authentication when you log in to your user account;
(4) To conduct marketing research and data analysis which include to send news and privileges to you via emails, SMS, applications, social media, telephone, and direct mails, and to conduct questionnaires and interviews with you; and
(5) To establish, exercise, or defend your or our legal claims.
1.3 We process your personal data because it is necessary in order to protect vital interests of you or of another person. We process your personal data to, for instance, make contact in case of emergency and control and prevent disease.
1.4 We process your personal data because it is necessary for compliance with a legal obligation to which we are subject.
1.5 We process your personal data because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
1.6 With your consent, we process your personal data to:
(1) Conduct other activities which we might have to collect additional personal data about you in which case we will inform and request your new consent from time to time. You can find out more about consent in item 4 of this privacy notice.
2. Personal Data We Collect
2.1 When you contact us or you (or your corporate supplier) supply products or services to us; we collect the following personal data:
(1) Contact information, especially the information available on your business card, such as email address, telephone number, office address,
social media account, instant messaging account;
(2) Information used to verify your identity such as ID cards, ID number, title, name, date of birth, mobile number, email, photograph,
identification information;
(3) Information related to your work such as employment, information related to the management of your work safety, hygiene, and environment,
bank account (for payment), remuneration, occupation, position and other personal data you have given to us when you contact us or supply
products or services to us;
(4) Signature.
2.2 When you visit our premises; we collect, monitor, and process your images and video recorded by CCTV (we do not record audio) in these areas
and this information can be used to identify you. However, we will display signage to notice you about the areas where CCTV are in operation.
2.3 When you contact us or participate in any activity with us, we collect the following personal data:
(1) Personal information, such as name, date of birth, photograph, identification card number, passport number;
(2) Contact information such as telephone number, email, address, instant messaging account;
(3) Information regarding your complaint
(4) Information about your participation in our activities, such as previous history of activities, photographs taken during your participation.
2.4 We may need to collect and process special categories of personal data, as defined by personal data protection law, to fulfill the objectives
we set out in this privacy notice such as
(1) When we have to use certain information for our security purposes e.g. facial recognition, finger print to verify your identity;
(2) In some cases, we may collect your special categories of personal data. For instance, we do not intend to collect information about your
religious belief but we obtain such information when we collect an image of your identification card, which we process to verify your identity
and this information is required by law; and
(3) We might have to collect your health information, e.g. food allergies, when we organize a customer relationship activity for you.
2.5 Where necessary, we will process your special categories personal data only when you give us explicit consent or for other purposes as
required by law. We will ensure that we will try our best to provide adequate security measures to protect your special categories personal data.
3. Cookies and Other Similar Technologies
We use cookies and similar technology to collect personal data as specified in our Cookies Notice.
4. Consent, Withdrawal, and Consequences
4.1 You are entitled to withdraw your consent at any time but such withdrawal will not affect the validity of the processing made prior to the
withdrawal of consent.
4.2 Your withdrawal of consent or refusal to provide certain information may result in us being unable to fulfill some or all of the objectives
stated in this privacy notice.
4.3 If you are under 20 years of age, you shall, prior to giving the consent, inform us of your parent or guardian so that we shall also be able
to ask consent from them.
5. Retention Period
5.1 We will retain your personal data for the period necessary to meet the objectives unless the law requires longer retention periods.
In the event that such period is unclear, we will retain the data for a customary expected period in accordance with retention standards
(e.g. the prescriptive period of 10 years for general legal claims).
5.2 We have established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant
or unnecessary for the purposes of collecting that personal data.
5.3 If your personal data is processed based on consent, we will stop the processing when you have withdrawn the consent. However, we may
keep your personal data to record your withdrawn so we can respond to your request in the future.
6. Disclosure of Your Personal Data
6.1 We disclose and share your personal data with:
(1) Companies in our group (“affiliates”) and partners who provide services and sell products relating to construction materials and home
appliances and
(2) Individuals and entities which are not our affiliates ("third parties") for the purpose of collecting and processing personal information
as described in this privacy notice such as our dealers, transport and logistics service providers, postal service providers, data processing
service providers, marketing service providers (who might send messages to you to promote our products and services), contractors
(who might perform tasks on our behalf), financial service providers (such as banks, payment companies, electronic payment service providers,
credit providers), IT service providers (such as providers of cloud services, blockchain systems, data analytics, SMS, or emails), IT developers,
programmers, auditors, consultants, advisors, government agencies (e.g. the Revenue Department, the Anti-Money Laundering Office), insurers,
and other persons to the extent necessary to enable us to conduct business, provide products and services, and meet the purposes for the
collection and processing of personal data as described in this privacy notice.
6.2 We will require persons receiving your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent unauthorized use or disclosure of your personal data.
7. Transferring Personal Data Overseas
7.1 We may send or transfer your personal data to our affiliates or other persons in a foreign country if it is necessary in order for us to
perform our obligations in the contract to which you are the counterparty or contract between us and third party for your benefit, to respond
to your pre-contractual request; to protect your and third party’s life, body and health, to comply with laws or to the extent necessary for the
public interest activities.
7.2 We may store your information on a computer, server, or cloud provided by a third party. And may use third-party programs, applications and
platforms in processing your personal data. However, we will not allow unrelated parties to access to your personal data and will require such
parties to have appropriate security protection measures.
7.3 In the event that your personal data is transferred to a foreign country, we will comply with applicable personal data protection laws and
take appropriate measures to ensure that your personal data is protected and you can exercise your rights in accordance with the laws. Moreover,
we will require those who receive the data to have appropriate protection measures for your personal data, to process such personal data only as
necessary, and to take steps to prevent unauthorized use or disclosure of your personal data.
8. Security Measures
8.1 We have implemented appropriate technical and administrative standards to protect your personal data from loss, misuse, and unauthorized
access use, disclose, or destruction. We use technology and security procedures such as encryption and access restriction to ensure that only
authorized people shall have access to your personal data, and that they are trained about the importance of protecting personal data.
8.2 We provide appropriate security measures to prevent the loss, access, use, change, disclosure of personal data from those who do not have
rights or duties related to that personal data. We will review the above-mentioned measures when necessary or when the technology changes to
ensure effective security.
9. Your Rights as a Data Subject
9.1 You have the rights under the personal data protection law summarized as follows:
(1) Withdraw the consent you have given to us;
(2) Request to view and copy your personal data or disclose the source where we obtain your personal data;
(3) Send or transfer personal data that is in an electronic form as required by personal data protection laws to other data controllers;
(4) Oppose the collection, use, or disclosure of personal information about you
(5) Delete or destroy or make your personal data non-personally identifiable (anonymous) information;
(6) Suspend the use of your personal data;
(7) Correct your personal information to be current, complete, and not cause misunderstanding.
(8) Complain to the Personal Data Protection Committee in the event that we, our data processors, our employees, or our contractors
violate or do not comply with personal data protection laws.
9.2 In this regard, we will consider your request, notify the result of the consideration, and execute it (if appropriate) within 30 days
from the date we receive the request. Your rights mentioned above will be in accordance with the personal data protection law.
9.3 You can exercise your legal rights by going to https://rb.gy/cvbdh1
10. Information about Data Controller and Data Protection Officer
10.1 The company in Nets Up that determines the purposes and means of the processing of your personal data is the data controller.
Details of these data controllers are available in the Annex as link.
10.2 In the event that you have a question regarding personal data protection, please send your message to data.privacy@scg.com
In the event that this privacy notice is amended, we will announce a new privacy notice on this website, which you should periodically
review the privacy notice. The new privacy notice will be effective immediately on the date of announcement.