Privacy & Cookies

Details

Contacts & Related Articles

Statement of Policy

1. Savills (Taiwan) Limited, Savills Valuation and Professional Services and Savills Residential Services (Taiwan) Limited (“Savills”) respects personal data privacy and is committed to implement and comply with the data protection principles and provisions under Personal Data Protection Act (“PDPA”).

Statement of Practices

Categories of Personal Data Held

2. Savills holds the following categories of personal data –

Employment-related records which include data on job applications, personal particulars, education and qualifications, employment history, salary and allowances, terms and conditions of service, housing and medical benefits, leave records, training and development, appraisal reports, conduct and discipline, etc.;

General administrative records which include personal data collected in connection with the office administration functions, records containing information supplied by data subjects and collected in connection with the handling of enquiries and complaints made to Savills, etc.;

Customers records which include personal data collected in the course of handling customers’ membership applications, transactions, complaints and enquiries, etc.; and

Other records which include administrative and program records containing personal data.

Main Purposes of Keeping Personal Data

3. The main purposes of keeping the personal data are as follows:

Employment-related records are kept for a range of appointments and human resource management purposes, including postings and transfers, training and career development, performance appraisal and promotion, discipline, offer of benefits, etc.;

General administrative records are kept for the purposes of carrying out various office administration functions, responding to and taking follow-up actions on enquiries and complaints, etc.;

Customer records are kept for the purposes of handling customers’ membership applications, transactions, complaints and enquiries, etc.; and

Other records are kept for various purposes, which vary according to the nature of the records, such as procurement of stores and equipment, organization of activities, etc.

Practices of Personal Data Handling

4. The practices at (a) to (f) below are implemented to ensure that personal data held by Savills is handled in accordance with the data protection principles enshrined in the PDPA.

(a) Collection of personal data

5. When collecting personal data, Savills will satisfy the following:

i.the purposes for which the data is collected are lawful and directly related to a function or activity of Savills;

ii.the manner of collection is lawful and fair in the circumstances of the case; and

iii.the personal data collected is necessary but not excessive for the purpose(s) for which it is collected.

6. When Savills collects personal data from an individual, the individual will be provided with a Personal Information Collection Statement on or before the collection in an appropriate format and manner. Practicable steps will be taken to ensure that –

i.the data subject is informed of whether it is obligatory or voluntary for him/her to supply the data and, if obligatory, the consequences for him/her if he/she fails to do so; and

ii.the data subject is explicitly informed of the purpose for which his/her personal data is to be used, the classes of persons to whom the data may be transferred or disclosed, the rights of the data subject to request access to and correction of the data, and the contact details of the individual to whom any such request may be made.

(b) Accuracy and retention of personal data

7. Personal data collected and maintained by Savills shall be as accurate, complete, and up-to-date as is necessary for the purpose for which it is to be used.

8. Savills maintains a personal data inventory, which contains the kinds of personal data that Savills holds; the purposes for which the personal data is collected, used and disclosed; and how the personal data is stored. The personal data inventory will be reviewed on an annual basis to ensure that it is accurate and up-to-date.

9. Personal data will not be kept longer than necessary for the fulfilment of the purpose for which the data is collected or used. Personal data that is no longer required should be erased unless such erasure of personal data is prohibited under any law or it is in the public interest for the data not to be erased. Should there be a need to retain the personal data for statistical purposes, such data will be anonymised so that the individuals concerned can no longer be identified.

10. A destruction exercise on records containing personal data will be conducted as and when necessary and in accordance with Savills records management guidelines and procedures. Destruction of paper records would be carried out by irreversible means and electronic records would be cleared or destroyed from storage media before disposal by means of sanitisation or physical destruction.

(c) Use of personal data

11. All personal data collected will be used only for purposes, which are directly related to the discharge of Savills’ duties and responsibilities. Personal data collected may be transferred to third parties during the discharge of Savills’ functions when necessary. Relevant personal data may also be disclosed to other entities which are authorised to receive information for the purposes of law enforcement, prosecution or review of decisions. Data subjects would be informed of the possible transferees of their personal data when their personal data is collected.

12. If personal data is to be used for a purpose other than the purposes for which the data is collected, express prior consent preferred in writing would be sought from the data subject concerned. In seeking the data subject’s consent, all practicable steps would be taken to ensure that (i) information provided to the data subject is clearly understandable and readable; and (ii) the data subject is informed that he/she is entitled to withhold his/her consent or withdraw his/her consent subsequently by giving notice in writing.

(d) Security of personal data

13. Savills observes strictly relevant security standards and regulations. Security arrangements will also be reviewed regularly to ensure that personal data is protected against loss and unauthorised or accidental access, use, disclosure, modification and erasure. The security arrangements adopted include but not limited to the following:

i. restriction of access to personal data on a “need-to-know” basis;

ii. regular review and enhancement of security measures for protection of personal data in the servers, user computers, transmission of electronic messages, etc.;

iii. regular change of passwords for IT facilities, accounting and personnel systems, etc.;

iv. encryption of all backup storage devices that are to be transported to offsite storage;

v. limited staff access rights to office areas storing confidential information; and

vi. provision of clear guidelines to staff as to the types of data that may or may not be disclosed to a phone enquirer and implementation of appropriate identity verification procedures to confirm the enquirer’s identity.

(e) Transparency of the personal data policy and practices

14. privacy policy and practices can be found on Savills website.

(f) Access to and correction of personal data

15. Savills recognizes an individual’s rights of access to and correction of his/her own personal data in accordance with the PDPA. To make a data access request, an individual should submit the request to Savills in any one of the following ways –

By email: [email protected]

By post: 21F, No.68, Sec. 5, Zhongxiao E. Rd., Xinyi Dist, Taipei City 110, Taiwan

16. When handling a data access or correction request, Savills will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request.

17. Savills may impose a fee for the direct and necessary cost of complying with a data access request. Savills will clearly inform the requestor the amount to be charged.

18. Savills maintains a Register on Requests for Access to Personal Data recording the data access or correction requests received.

International Data Transfer

19. Your Personal Data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not offer the same protection).

20. Our Website servers are located at Amazon Web Services all over the world, and our group companies, affiliated companies and third-party service providers operate globally. This means that when we collect your Personal Data, we may process it in any of these countries.

21. However, we take steps to safeguard your Personal Data in accordance with this Privacy Policy Statement. Further details about the protection given to your Personal Data can be provided upon request by contacting us using the details herein.

Incident Reporting and Breach Handling

22. A mechanism is set up for incident reporting and breach handling in case there is loss or leakage of personal data, or there is a reason to believe that the personal data held by Savills has been compromised.

Ongoing Monitoring and Review

23. Savills will keep the Privacy Policy and Practices under regular review. Officers responsible for handling personal data will attend relevant training courses and keep up to date with personal data policies.