Commitment to Our Business
- Our Business
- Service & Product Responsibility
- Data Privacy and Information Security
- Supply Chain Management
HTHKH is a leading mobile telecommunications operator providing diverse mobile telecommunications and data solutions in Hong Kong and Macau. With more than 30 years of industry experience and proven success, HTHKH channels the latest technologies into innovations that set market trends and steer industry development. Together with a range of strategies, this enables the Group to capture new business opportunities, enhance customer experience, deepen engagement, and deliver profitable growth to the business.
Service & Product Responsibility
Commitment and Service Accessibility
The telecommunications industry is rapidly changing and is facing significant pressure with technological advancement and increased consumer expectations. Operators have to build trust and meet customers’ evolving demands for higher speeds and wider coverage. Sustaining customer trust and loyalty is not merely about providing the latest handsets and digital devices, but also providing customers with flexibility and choices in services which complement and enrich their lifestyles. The various service awards the Group has received in past years were evidence of its success in delivering quality products and services that foster excellent customer experience. The Group endeavours to deliver sustainable value to its customers through digital connectivity. The Group is committed to providing reliable, safe and high-quality products and network services that meet customer expectations.
For more information, please refer to the Group's Sustainability Report .
Enhanced Customer Engagement and Experience
Customer engagement is crucial to building brand loyalty. Through interactions with its customers, the Group identifies areas of improvement for its long-term sustainability. The Group connects with its customers through a wide range of communication channels such as customer service centres, social networking platforms, service hotlines, live webchat, online enquiry, email, websites and mobile applications.
The Group values customer feedback to guide improvements to the customer experience and to empower positive change in its businesses. The Group has established guidelines to ensure consistency in handling customer enquiries and complaints. Customer service representatives are trained to professionally address customer concerns. Complaints received are acknowledged, investigated, and duly followed up. Reviews and analyses of complaints are conducted periodically for continuous improvement. Details of the Group’s service performance targets and actual performance on areas such as service hotline performance and complaints handling are available on the website at three.com.hk.
For more information, please refer to the Group's Sustainability Report.
Data Privacy and Information Security
The rapid development of regulations on data privacy and security is increasingly affecting the telecommunications industry, posing a growing challenge for operators in maintaining customer relationships. As such, the protection of personal data is fundamental to preserving customer trust.
The Group is committed to protecting customers’ personal data. Employees must collect and use personal data only in accordance with applicable data protection laws, the Group policies, procedures and guidelines pertaining to data privacy and security. Employees must not disclose any confidential information on the operation of the Group, nor that of its customers, suppliers, business partners or shareholders, except when disclosure is authorised in accordance with the Information Security Policy.
Enhancement of Data Privacy Policies and Control Systems
The Regulatory Advisory Committee, supported by the Data Protection Committee, is responsible for the Group’s data governance structure and oversees personal data protection. The Group’s Policy on Personal Data Privacy Compliance and Information Security Policy together with the Code of Ethics and other related policies, procedures and guidelines, set out the governance framework for safeguarding customers’ personal data. These policies are reviewed and updated periodically to allow timely communication with employees. Employees are required to submit a self-declaration annually to acknowledge and confirm compliance with all applicable Group policies.
The Group is also committed to ensuring effective customer data management. Legislative and regulatory requirements concerning personal data processing are embedded in all business activities. Appropriate technical and organisational measures have also been implemented. These measures are designed to implement data privacy principles effectively.
Data Privacy Principles
- Collect only necessary and relevant personal data for specified, clear and legitimate purposes
- Use personal data in a lawful, fair and transparent manner
- Provide a clear, transparent, understandable and updated Privacy Notice
- Ensure the use of personal data in compliance with applicable data protection laws
- Restrict employee access to personal data on a need-to-know basis only
- Take appropriate steps to ensure personal data held are accurate and up-to-date
- Use encryption techniques to retain, use and transmit personal data
- Maintain stringent and adequate security measures to protect personal data from unauthorised or unlawful access
- Review security measures regularly to ensure protection level is appropriate
- Keep only personal data that are necessary for the fulfilment of the purposes for which they are being used,
and in accordance with internal guidelines for document retention periods
- Erase personal data from the system that are no longer required for the purpose for which they were
- Process personal data in accordance with the rights of individuals under applicable data protection laws
- Handle requests from customers to access, amend or delete their personal data in a manner compliant with
applicable data protection laws
Data Privacy Guidelines and Awareness Campaign
All employees are required to fully adhere to the Policy on Personal Data Privacy Compliance, Internal Guidelines on Record Retention and Access to Personal Data as well as other relevant policies, procedures and guidelines of the Group. Access to physical or computer records containing personal data is strictly controlled and requires management approval granted only on a “need-to-know” basis. Regular trainings are organised to ensure that employees staying up-to-date on the latest requirements and developments of the relevant rules and regulations. The Group issues operational guidelines, handbooks and periodic internal communications and conducts workshops to reinforce the importance of customer data protection among its customer-facing employees. The Group also conducts regular privacy risk assessments to evaluate prevailing privacy risks and the adequacy of mitigating controls.
Data Security and Incident Management
Data Security Incidents (“DSIs”) have increased in frequency, scale and severity in recent years globally. Loss or leakage of data, including customers’ or employees’ personal data as well as technical and trade information, could have significant consequences on the operations of the Group and could result in third-party claims and regulatory investigations. The Cyber Security Working Group, chaired by the Chief Financial Officer, comprises relevant technical specialists from the Information Technology department and the Business Assurance & Compliance function. It oversees the cyber security defences of the Group to ensure that its efforts are effective, coherent and well-coordinated. The Cyber Security Working Group also monitors the cyber threat landscape to gain insights into emerging and existing attacks and their implications.
In the event of a DSI involving personal data, the Group will respond immediately according to applicable procedures to mitigate the potential consequences and secure personal data from further unauthorised access, use or damage. The Group’s Legal Department will be alerted and the relevant authorities and affected individuals will be notified if required. Guidance on handling DSIs and the notification process is reviewed and updated periodically.
The Group organised periodic training workshops to raise the awareness on cyber security among employees. To raise cyber security awareness among employees, periodic training workshops are held. These equip them with adequate skills in handling customer and company information, as well as knowledge relating to the development of relevant cyber security rules and regulations. Through issuing security alerts, the Group also keeps its employees up-to-date and vigilant against fraudulent and phishing emails. Internal measures and policies are in place to minimise the risks associated with data exfiltration by restricting the use of mobile devices and removable drives.
The Group has zero-tolerance for bribery, corruption and fraud in any form. Stringent policies, guidelines and procedures are in place to uphold high standards of business ethics and integrity. All business partners, suppliers and third-party representatives are also encouraged to adopt the standards.
Anti-Fraud & Anti-Bribery (“AFAB”) Policy and Code of Ethics
All employees must comply with the ethical standards and legal requirements set out in the AFAB policy, the Code of Ethics, and other relevant policies and guidelines of the Group. All employees are required to annually declare their acknowledgement and compliance with the Code of Ethics and related policies. The Code of Ethics, AFAB and other relevant policies are available on the Company’s website and intranet.
Confidential Whistleblowing Mechanism
The Group has monitoring measures and procedures in place to detect bribery, fraud or other acts of malpractice. Employees and all other relevant stakeholders are encouraged to raise their concerns of suspected acts of misconduct, malpractice or fraud through the Group’s whistleblowing mechanisms. All cases will be investigated and followed up independently and reported by the internal audit function of the Group to the Audit Committee and senior management. All cases will be treated in a highly confidential manner and whistleblowers will be protected from unfair treatment.
The Group is committed to ensuring that it operates in compliance with all applicable local laws, rules and regulations of the jurisdictions in which it operates. Regulatory frameworks within which the Group operates are scrutinised and monitored, whereby relevant internal policies are prepared and updated accordingly. Periodic trainings and workshops are conducted to strengthen employee awareness and understanding of the internal controls and compliance procedures of the Group.
For more information, please refer to the Group's Corporate Governance Report.
Supply Chain Management
The Group engages a broad range of business partners and suppliers in its operations. The Group is committed to maintaining the integrity of its supply chain by managing associated complex legal, social, ethical and environmental risks. Through regular dialogue and cooperation, the Group extends its high level of business ethics and integrity standards to its business partners and suppliers. As a responsible industry leader, the Group is a proponent of sound environmental performance, social well-being and sustainable practices.
Sourcing Responsibly and Engaging Suppliers
The Group recognises its far-reaching influence on its supply chain. The Supplier Code of Conduct sets out the standards expected of its business partners and suppliers, encompassing specific criteria and standards in terms of quality, environmental performance, ethics, health and safety, and regulatory compliance. The Supplier Code of Conduct is also addressed in the Human Rights Policy and Modern Slavery and Human Trafficking Statement of the Group. Suppliers are required to acknowledge compliance with the Supplier Code of Conduct in the course of their business activities with the Group. Regular assessments and thorough evaluations are also conducted on the business partners and suppliers of the Group.
Supply Chain Management
The Group follows international best practices and employs a fair, unbiased and transparent tendering process. All tenderers are required to declare any conflicts of interest and be vigilant against fault, bribery and misconduct. Supplier relationships will be suspended or terminated if breaches are discovered.
The Group encourages business partners and suppliers to consider the risks posed to their operations by climate change, and be proactive in mitigating the environmental impact of their activities. The Group also invites business partners and suppliers to emulate the standards, practices and principles outlined below, as well as those contained in the Environmental Policy of the Group:
- Abiding by relevant environmental legislation and ensuring environmental preservation;
- Minimising energy consumption and carbon footprint through implementation of environmental policies and management systems;
- Encouraging use of environmentally–friendly technology to reduce energy consumption; Minimising business travel, reducing reliance on resources such as paper;
- Advocating use of environmentally–friendly, recycled and/or sustainably sourced products; and
- Promoting recycling and ensuring compliance with legislation on the handling or disposal of hazardous materials.
Group policies including but not limited to the Purchasing Policy, Business Partner Evaluation Policy and AFAB Policy, in conjunction with various controls and procedures, provide direction and guidelines on evaluating and engaging with business partners and suppliers. The procurement teams of the Group are trained to apply these policies and procedures with due care and diligence when engaging with business partners and suppliers.
For more information, please refer to the Group's Sustainability Report.