Home
Operating Practices

Customer data privacy and security

Our employees will routinely handle or process personal data relating to the Group’s customers. Employees will only collect and use personal information or data for legitimate regulatory, customer service and the Group’s business purposes. They will:

  • take all reasonable steps to keep personal data confidential and will only disclose this information to personnel in the Group that need to have access to the information for the purposes for which it was collected; and
  • at all times respect any confidential and/or data protection obligations which may be in an agreement between the Group and a third party.

The Group has installed a cyber security framework consisting of multi-layered defense through People, Processes and Technology. The layers of defense, in sequential order, are:

  • People, processes, policy, practices
  • Physical security (data centers, office)
  • Network perimeter security (Internet facing)
  • Internal network security
  • Endpoint security including workstations, servers, mobile devices, etc.
  • Application security
  • Data security

The Group provides regular security awareness and technical training to all levels of staff. Reinforcement reminders and alerts are sent to all staff as necessary.

The Group continuously keeps track of the local and global cyberthreat trend, steps out to uplift staff cybersecurity awareness as well as deploys state-of-the-art technology to protect its data.

Product responsibility

As holder of telecommunications licenses in Hong Kong, the Group takes proper and adequate safety measures for the safeguarding of life and property in connection with all installations, equipment and apparatus operated or used, including safeguarding against exposure to any electrical or radiation hazard emanating from the installations, equipment or apparatus operated or used by the Group.


The Group strictly adheres to the requirements of the Trade Description Ordinance when conducting its business. Internal training, delivered by legal practitioners, has been given to staff who are responsible for sales and marketing.


Anti-corruption and whistle blowing

All employees are expected to conduct business lawfully and ethically and are prohibited from accepting, offering, promising or payment of bribes from or to any individuals, companies or government officials.

Employees are required to avoid any conflicts of interest, actual or potential, which will put the Group’s interests and reputation at stake. All employees must declare to the Group any interest, direct or indirect, that they or members of their immediate family may have in any business or other organizations that would conflict with the interest of the Group.

Employees may spot malpractice and wrongdoing within the Group during the course of employment. It is the obligation of all employees, including contractual, part-time and temporary employees, to report it in accordance with the reporting procedures set out in the Whistle Blowing Policy, which aims to provide a secured and confidential channel for employees to report such cases directly to the CEO and the Audit Committee via a designated Whistle Blowing Officer. We provide whistle blowing channels not only for our employees but also for external parties such as customers and suppliers, allowing them to confidentially and anonymously report any concerns about potential improprieties related to the Group.

All new SmarTone employees are required to attend anti-corruption training conducted by the Independent Commission Against Corruption (“ICAC”) upon joining SmarTone. In addition, all employees are invited to participate in ICAC’s business ethics seminars organized by Sun Hung Kai Properties Group from time to time.

Please refer to the Environmental, Social & Governance section of the 2023/24 Annual Report