what personal data do we collect about you

We process the following personal data about you:

  • Business contact information – we may process your name and other business contact information (including email address, landline phone number and mobile phone number), digital signature and languages spoken.
  • Professional information – we may process information related to your work including (without limitation) your job title, your location and your department.
  • Photographs and video footage – when participating in our events, meetings, conferences etc., we may process photographs or videos of you.
  • Survey results – we may process your responses to questions in surveys.
  • Visitor information – when accessing our buildings, we may collect your name, contact details, car plate number, identification, etc. for security reasons. Where we are legally permitted to do so we may also ask you to disclose information about your health (including information related to viral infections, flu, etc.) for health and safety reasons.
  • Information you choose to share with us – we may process additional information if you choose to share that with us.
  • Trade sanctions information relating to you - we may verify whether you are a politically exposed person, a specially designated national or otherwise subject to sanctions under applicable laws or regulations.

if you do not give us the information we seek

You can refuse to provide us with your personal data. However if you do not give us this information, we may not be able to provide our services to you. For example, we may be limited in our ability to provide services to the company you work for.

why do we need your personal data

Randstad processes your personal data only for the purposes specified below:

  • To administer and manage the contractual relationship between Randstad and our clients and suppliers: Necessary for the performance of the contract between Randstad and the client or supplier;
  • Business development (including sending direct marketing and offers): Depending on the circumstances this may be based either on your consent or on our legitimate interest to maintain good relations with our current or prospective clients and suppliers. You can always choose not to receive direct marketing and offers from us; see the section “Your data protection rights” below;
  • Facilities, security and contingency planning purposes: For the purpose of the legitimate interests pursued by Ransdstad, which include safeguarding and securing our assets, our facilities, our information systems and our people;
  • Health and safety management: Processing is necessary for the purpose of the legitimate interests pursued by Randstad, which include the protection of its employees, company assets, protecting its legal interests and managing legal claims/disputes; and/or protection of the vital interests of the Data Subjects;
  • To conduct corporate transactions (including mergers, acquisitions and divestments): Processing is necessary for the purpose of the legitimate interests pursued by Randstad, which include Randstad’s interest in developing its business through mergers, acquisitions and divestments;
  • Events: Based on our legitimate interest to organise events so as to better build and maintain a good relationship with our clients and our suppliers;
  • Preventing, detecting and investigating fraud: To comply with our legal obligations when some authorities or administrations ask information about our contact as a client; and/or Processing is necessary for the purpose of the legitimate interests pursued by Randstad, which include the protection of company assets, protecting its legal interests and managing legal claims/disputes;
  • IT support: Processing is necessary for the purpose of the legitimate interests pursued by Randstad, which include safeguarding our assets and ensuring security of our information systems;
  • Surveys (including satisfaction surveys): Based on our legitimate interest to survey our clients so as to better understand their needs, to improve our services and to build and maintain a good relationship with our clients;
  • Dispute management and litigation: Processing is necessary for the purpose of the legitimate interests pursued by Randstad, which include the protection of company assets, protecting its legal interests and managing legal claims/disputes with our clients and suppliers;
  • Compliance with legal or regulatory requirements: Processing is necessary for compliance with our legal or regulatory obligations (e.g. obligations under tax laws to keep certain information including personal data);
  • Preventing, detecting and investigating fraud: To comply with our legal obligations when some authorities or administrations ask information including personal data; and;or Processing is necessary for the purpose of the legitimate interests pursued by Randstad, which include the protection of company assets, protecting its legal interests and managing legal claims/disputes;
  • To monitor and enforce compliance with Randstad policies and procedures: For the purpose of the legitimate interests pursued by Randstad, which include safeguarding our assets and ensuring security of our information systems; and
  • To perform internal and external audits: For the purpose of the legitimate interests pursued by Randstad, which include the proper conduct of its business and accuracy of financial reporting.

with whom do we share your personal data

related purpose disclosures (relevant for candidates, business relations and referees)

We outsource a number of services to contracted service suppliers (CSPs) from time to time. Such CSPs may be located overseas. As part of the outsourcing arrangement with a CSP, they may need access to some of your personal data.



Typically our CSPs would include:

  • software solutions providers;
  • I.T. contractors and database designers and Internet service suppliers;
  • legal and other professional advisors;
  • insurance brokers, loss assessors and underwriters;
  • background checking and screening agents; and
  • talent marketplace platforms.

We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations under the PDPO to protect the privacy of your personal data and that they will not do anything that would cause us to breach those obligations.

Once we establish and maintain an employment, staffing or placement relationship with you, we use the data you provided to us, to comply with laws and regulations, including but not limited to employment law, tax and social security and national and international sanctions regulation compliance. For the purposes mentioned above, Randstad may transfer your personal data to other Randstad entities that provide services on behalf of Randstad.

We may also disclose your personal data to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
  • if all or a substantial part of our assets are acquired by a third party, in which case the personal data that we hold about you may be one of the transferred assets.

When we share your personal data as described above, your personal data may be transferred to, stored, used and processed in a jurisdiction other than Hong Kong. You understand and consent to the transfer of your Personal Data out of Hong Kong as described herein. Where we transfer your personal data to a country outside of Hong Kong, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPO.

direct marketing

We will only send direct marketing materials to you if you have consented or if you have indicated no objection to receive such direct marketing materials. We cannot use your personal data for direct marketing unless we have received your consent or indication of no objection. In all direct marketing materials, we will give you the option to unsubscribe from receiving further marketing communications.

access & correction

If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible. If we are unable to respond to your request within forty (40) days after receiving your request, we will inform you in writing days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the Personal Data (Privacy) Ordinance).