Operating Practices

Customer data privacy and security

Our employees will routinely handle or process personal data relating to the Group’s customers. Employees will only collect and use personal information or data for legitimate regulatory, customer service and the Group’s business purposes. They will:

  • take all reasonable steps to keep personal data confidential and will only disclose this information to personnel in the Group that need to have access to the information for the purposes for which it was collected; and
  • at all times respect any confidential and/or data protection obligations which may be in an agreement between the Group and a third party.

The Group has installed a cyber security framework consisting of multi-layered defense through People, Processes and Technology. The layers of defense, in sequential order, are:
  • People, processes, policy, practices
  • Physical security (data centres, office)
  • Network perimeter security (Internet facing)
  • Internal network security
  • PC and server security
  • Application security
  • Data security

The Group provides regular security awareness and technical trainings to all levels of staff. Reinforcement reminders and alerts are sent to all staff as necessary.

The Group deploys state-of-the-art technology to protect its data.

Product responsibility

As holder of telecommunications licenses in Hong Kong, the Group takes proper and adequate safety measures for the safeguarding of life and property in connection with all installations, equipment and apparatus operated or used, including safeguarding against exposure to any electrical or radiation hazard emanating from the installations, equipment or apparatus operated or used by the Group. The Group complies with the safety standards and specifications as may from time to time be prescribed by the Communications Authority and any directions of the Authority in relation to any safety matter.

The Group strictly adhere to the requirements of the Trade Description Ordinance when conducting its business. Internal training, delivered by legal practitioners, has been given to staff who are responsible for sales and marketing.


All employees are expected to conduct business lawfully and ethically and are prohibited from accepting, offering, promising or payment of bribes from or to any individuals, companies or government officials.

Employees are required to avoid any conflicts of interest, actual or potential, which will put the Group’s interests and reputation at stake. All employees must declare to the Group any interest, direct or indirect, that they or members of their immediate family may have in any business or other organizations that would conflict with the interest of the Group.

Download Environmental, Social & Governance Report 2020/21