Corporate
Shareholder Information  

​​​​​Privacy Statement for Shareholders


The main provisions of the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) (the “Ordinance") came into effect in Hong Kong on 20 December 1996.  On 25 May 2018, the EU General Data Protection Regulation 2016/679 (“GDPR") that protects the Personal Data of individuals and governs how Personal Data can be processed came into effect across the European Economic Area ('EEA"). 

Orient Overseas (International) Limited (“OOIL") is committed to being transparent about how it collects Personal Data, process Personal Data and meets its data protection obligations under the Ordinance, GDPR and applicable laws, rules and regulations.  This Privacy Statement is to address our mutual rights, duties and obligations arising as a result of the Ordinance, GDPR and applicable laws, rules and regulations and to inform you of the policies and practices of the OOIL and in relation to Personal Data.  References to this Privacy Statement includes Schedule A.

1. How OOIL collect your Personal Data

OOIL collects your Personal Data in a number of ways including:

  • ​​(1) directly from you as you provide to us and/or our Registrars;   
  • (2) as communicated to us over the telephone, fax, email or other forms of electronic communication, as such communication may be recorded and stored;
  • (3) from your agents, advisers, intermediaries, custodians and executor of your assets; or
  • (4) from publicly available sources.

2. What information does OOIL collect?

OOIL collects and processes your Personal Data as set out in Paragraphs 2 and 3 of Schedule A.  The Data Subjects, Categories of Personal Data, Processing Operations and Duration of Processing are defined in ​Schedule A.

3. Purposes for the collection and processing of Personal Data

As you authorize and instruct OOIL to process the Personal Data provided to OOIL or as it is made available to us for the purposes of complying with all applicable laws, rules and regulations including the Companies Ordinance of Hong Kong, Bermuda Companies Act, Listing Rules, Securities and Futures Ordinance, the Ordinance and the GDPR, fulfillment of the contractual obligations under OOIL's Memorandum of Associations and Bye-Laws and for any other purposes as set out in Paragraph 4 of Schedule A (“Purposes").

4. Data Controller/ Processor

In respect of the Personal Data you have provided to OOIL for the Purposes, you shall be the “Data Controller" and OOIL shall be a “Data Processor" for the purposes of GDPR and applicable laws, rules and regulations. 

As the Data Controller, you are required to take appropriate measures to protect and to ensure the lawful processing of the Personal Data. OOIL is reliant upon you as the Data Controller for instructions as to the extent to which OOIL process the Personal Data for the Purposes. 

5. Transfer of Personal Data

The Personal Data provided by you will be kept confidential but OOIL may, to the extent necessary for achieving the Purposes or any of them, make such enquiries as they consider necessary to confirm the accuracy of the Personal Data and, in particular, they may disclose, obtain, transfer (whether within or outside Hong Kong or EEA as the case may be) the Personal Data to, from or with any and all of the following persons and entities:

  1. (1) OOIL’s Registrars so that they can manage your shareholdings on our behalf and/or offering shareholder and investor services;
  2. (2) OOIL’s Affiliates, and any of its employees, agents, delegates and/or Data Sub-Processors;
  3. (3) any regulatory or governmental bodies or agencies or courts;
  4. (4) any agent, contractor or third party service provider who offer administrative, telecommunications, computer, payment, printing or other services whom OOIL engages to assist in delivering services or the Purpose to you;
  5. (5) professional advisers where it is necessary for OOIL to obtain their advice or assistance, including lawyers, accountants, IT or public relation advisers;
  6. (6) any other persons or institutions with which you have or propose to have dealings, such as your bankers, solicitors, accountants or licensed securities dealers or registered institution in securities; and
  7. (7) any other persons or institutions whom OOIL and/or the Registrars consider(s) to be necessary or desirable in the circumstances.

You acknowledge and authorize OOIL to perform any or all of your Personal Data processing obligations through its Affiliates and subcontractors, or continue to use sub-contractors engaged by OOIL. OOIL shall remain liable to you for such performance of Personal Data processing obligations by any Affiliate or subcontractor. All Affiliates or subcontractors engaged by OOIL shall be bound by the same or equivalent obligations with respect to Personal Data processing as are imposed on OOIL.

You acknowledge and authorize OOIL to transfer the Personal Data to a country outside of the EEA in accordance with the “Model Clauses" at http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en  or “Ad hoc Clauses" at http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp214_en.pdf  and/or other available data transfer solutions.  You consent to such transfers and agree to be bound by the Model Clauses or Ad Hoc Clauses (as the case may be).

6. Notification and Assistance

OOIL shall promptly notify you:

  1. (1) any legal requirement to process or disclose Personal Data for purposes other than the Purposes;
  2. (2) any instruction given to OOIL that would breach the Ordinance, GDPR and/or any applicable laws, rules and regulations;
  3. (3) if OOIL becomes aware of any breach of the Ordinance, GDPR and applicable laws, rules and regulations, and will provide you with reasonable assistance in responding to and mitigating it;
  4. (4) any request for the disclosure of the Personal Data by a law enforcement authority;
  5. (5) any incident which gives rise to a risk of unauthorized access, disclosure, loss, destruction, misuse or alternation of the Personal Data;
  6. (6) any notice, inquiry or investigation by a supervisory authority; and
  7. (7) any complaint or request (in particular, requests for access to, rectification or blocking, erasure and destruction of the Personal Data) received directly from the Data Subjects.

OOIL will provide reasonable assistance to you to enable you to comply with (i) the rights of Data Subjects; (ii) the security requirements; and (iii) any privacy assessment procedure or consultation, as required under the GDPR and/or any applicable laws, rules and regulations.

7. Sensitive Personal Data

OOIL will always require you to obtain from the Data Subjects’ express consent before processing any Sensitive Personal Data including those set out in Paragraph 3 of the Schedule A. You confirm that, to the extent required by laws, rules and regulations, all relevant Data Subjects have consented to the disclosure to and processing by OOIL of those categories of Personal Data in accordance with this Privacy Statement.  You have the right to withdraw that consent at any time subject to clause 10 of this Privacy Statement. 

8. Protection of Personal Data

OOIL takes reasonable technical and organizational measures against unauthorised or unlawful processing, accidental loss or destruction of, or damage to, the Personal Data, and ensure that all persons who have access to process Personal Data have committed themselves to appropriate obligations of confidentiality in accordance with the Ordinance, GDPR, applicable laws, rules and regulations and this Privacy Statement.

You acknowledge that notwithstanding the steps OOIL takes to ensure security, there can be no guarantee of security on the Internet.  OOIL does not represent or warrant that your Personal Data will be protected against loss, misuse, attacks, or alteration by third parties.

9. Retention of Personal Data

OOIL will keep the Personal Data provided by you for as long as necessary to fulfil the Purposes for which you have authorized OOIL to process the Personal Data.  Personal Data which is no longer required will be destroyed, returned to you if so instructed, or dealt with in accordance with the Ordinance, the GDPR and applicable laws, rules and regulations.

10. Access, Correction and Erasure of Personal Data

According to the Ordinance, GDPR and applicable laws, rules and regulations, you or the Data Subjects of the Personal Data have the rights to obtain a copy of the Personal Data, to correct any Personal data that is incorrect and to erase any Personal Data.  All requests for access to data, correction of data, erasure of data or for information regarding policies and practices and the kinds of data held should be addressed to the Group Privacy Officer via our Hong Kong branch share registrar at [email protected].

Whilst you or the Data Subjects have the right to request OOIL not to use or retain Personal Data collected from you, OOIL shall not be required to destroy or return the Personal Data process as agreed in this Privacy Statement which OOIL is required to retain in accordance with any laws, rules and regulations, regulatory guidance applicable to OOIL or any of its Affiliates, orders imposed on OOIL or an Affiliate of OOIL. Further, such prior Personal Data is never completely removed from our databases due to technical constraints and the fact that OOIL backs up its systems. Therefore, you should not expect that all of your Personal Data would be completely removed from our databases in response to your requests.

11.  Effective Date

This Privacy Statement is effective as of 25 May 2018.

12.  Attachments

The following Definitions and Schedule A form parts of this Privacy Statement:

Definitions

Schedule A

DEFINITIONS

“Affiliate" means any subsidiary or holding company of OOIL and any subsidiary of such holding company and for these purposes the terms “subsidiary" and “holding company" are defined as follows:

(i) a company is a “subsidiary" of another company only if—

​​(a) it is controlled by—

i. that other company; or

ii. that other company and one or more companies each of which is controlled by that other company; or

iii. two or more companies each of which is controlled by that other company; or

(b) it is a subsidiary of a subsidiary of that other company.

(ii) a company is the “holding company" of another only if that other company is its subsidiary; 

“Data Controller" means you who determine the purposes and means of the processing of Personal Data; 

 “Data Processor" means OOIL which processes Personal Data on behalf of the Data Controller; 

“Data Sub-Processor" means a third party engaged by OOIL or by any Sub-Processor of OOIL who agrees to receive from OOIL or from any other Sub-Processor of the OOIL, Personal Data exclusively for processing activities to be carried out on behalf of the Data Controller; 

“Data Subjects" means an individual or a natural person (i.e. a human being) who is providing his/ her Personal Data and as defined in Paragraph 1 of Schedule A; 

“Personal Data" means any information relating to an identified or identifiable natural person (human being). This widely includes any detail that identifies a person directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual, including Sensitive Personal Data and further includes the categories of Personal Data set out in Paragraphs 2 and 3 of Schedule A; 

“processing (and its derivatives)" means carrying out any operation on Personal Data, including collecting, obtaining, recording, holding, storing, organising, adapting, structuring, altering, retrieving, transferring, consulting, using, disclosing, disseminating or otherwise making available, aligning, combining, restricting, blocking, erasing or destroying it; 

“Registrars" means the share registrars of OOIL, which are the principal share registrar Appleby Global Corporate Services (Bermuda) Limited, and the branch share registrar Computershare Hong Kong Investor Services Limited; and 

 “Sensitive Personal Data" means any Personal Data relating to an individual’s place of origin, race, color, national or ethnic origin, sex, sexual orientation, sexual life, marital status, physical or mental disability, physical or mental health, family status, religious beliefs, political opinions, trade union membership, biometric information or genetic information.

S​CHEDULE A

This Schedule describes the categories of Personal Data, Data Subjects and the processing operations to be carried out by OOIL. 

  1. 1.       Data Subjects

​The Personal Data (that are subject to the GDPR) to be processed by OOIL concerns but is not limited to the following categories of Data Subjects:

  1. (1) Direct or indirect investors, shareholders or interest holders of OOIL;
  2. (2) Agents, representatives,  proxies or executors of item (1) above; or
  3. (3) Any individual notified by shareholders including family members, buyer or transferee.   

2.       Categories of Personal Data

The Personal Data (that are subject to the Ordinance or GDPR) to be processed by OOIL includes but is not limited to:

  1. (1) Personal identification data including name (Chinese and English)/ Alias / Former name/ Chinses charterer code as printed on HK identity card, passport number and issuing country
  2. (2) Shareholding details
  3. (3) Address (residential, work and correspondence addresses as appropriate)
  4. (4) Telephone and fax numbers
  5. (5) Email addresses
  6. (6) Signature
  7. (7) Publicly available information
  8. (8) Any other information of Data Subjects provided by you for the purpose of complying with applicable laws, rules and regulations                  

3.       Categories of Sensitive Personal Data

​The Categories of Sensitive Personal Data are:

    1. ​(1) Identity card or other personal identification documents
  1. (2) Bank account details
  2. (3) Proxy particulars
  3. (4) Information contained in Probate or court documents on estate administration
  4. (5) Any other information of Data Subjects provided by you for the purpose of complying with applicable laws, rules and regulations 

4.       Processing Operations

The Personal Data will be processed for purposes including, but not limited to compliance with legal, professional and regulatory obligations, including:

  1. (1) Statutory filing and disclosures as required by laws, rules and regulations
  2. (2) Production and distribution of company documents including but not limited to announcements, circulars and annual/interim reports
  3. (3) Convening shareholdings' meetings
  4. (4) Complying with legislation and requirements on anti-money laundering, fraud prevention, investigation and detection of any unlawful act, etc.
  5. (5) Compliance with request or demand from competent authorities, including company registries, tax authorities, courts and law enforcement agencies
  6. (6) Protection of OOIL's legal position in the event of legal proceedings
  7. (7) Fulfillment of obligations under Memorandum of Associations and Bye-laws of OOIL including allowing you to exercise your rights as a shareholder; soliciting voting proxies in relation to resolutions being put to members at shareholders' meetings; paying you a dividend, interest or any other moneys payable where relevant; determining your entitlements to any equity offerings such as rights offerings, etc.; processing acceptance of your purchase or sale of OOIL shares; registration of transfer or assignment of shares
  8. (8) Maintaining and updating registers
  9. (9) Complying with OOIL's internal policy requirements
  10. (10) Dealing with notifications of the death of a shareholder
  11. (11) Identity verification
  12. (12) Maintaining and facilitating shareholder/investor relationship and communication
  13. (13) Fulfillment of “know your ownership/Interest" requirements
  14. (14) Reviewing and responding to any enquiries and complaints you submit to us or our Registrars
  15. (15) Conducting data analytics studies, register analysis and shareholder profiles for better investor relations as promoted in corporate governance requirement
  16. (16) Proper record keeping purpose relating to OOIL's business and shareholdings, votes and proxies
  17. (17) Facilitating or implementing a business re-organisation or a transfer/sale of all or part of our assets or business of OOIL or a general investment
  18. (18) Audit and compliance activities related to the above
  19. (19) Complying with any obligations imposed on OOIL by applicable laws

5.       Duration

Personal Data will be processed by OOIL for as long as they are required for fulfilling the Purposes unless otherwise required by and/or justified under the Ordinance, the GDPR and applicable laws and regulations.​