Sustainability Reports 2022/23

Securing Customers’ Data Privacy To maintain the integrity of our business, we adhere to strict cybersecurity policies and protect the privacy of our customers. The Board, via the Executive Committee, oversees our cybersecurity strategy: identifying, monitoring, mitigating and managing risks. Our IT Governance Steering Committee, led by executive management, assists the Executive Committee in overseeing our information security, including that of our IT infrastructure. The committee also supports the Executive Committee in overseeing the implementation of our cybersecurity strategy, and works closely with the IT department to embed security into the daily operations of every business unit. This year, we published a new Cybersecurity Policy , to manage risks and define responsibilities. To protect the data of our customers, and to ensure compliance with the Personal Data (Privacy) Ordinance and other relevant laws and regulations, we have adopted several policies along with relevant measures. Our policies and procedures are reviewed and revised regularly. Our Customer Data (Privacy) Policy informs customers how their information is collected, handled and used. Prior to purchasing our properties, all homebuyers must sign a Personal Information Collection Statement that specifies the purposes of data collection and handling. As a precautionary measure for data breaching, all staff are required to adhere to the latest data-handling procedures. We regularly train frontline staff on privacy, cybersecurity and customer data-handling developments. During the reporting year, our online training covered cybersecurity trends, policies and tools, the Personal Data (Privacy) Ordinance, our data security measures and case-sharing. To raise awareness among staff, our intranet features cybersecurity alerts and tips. Staff are reminded to use only endorsed and registered removable drives and to be alert to fraudulent emails. Business units must follow our detailed internet guidelines that cover website design, footers, language usage, content and data collection. Specific obligations for data collection are highlighted in the guidelines. Webpages that collect customer data must include the Customer Data (Privacy) Policy. We also formulated the Data Backup, Restore, and DRILL test policy as well as password change and management policy. We study feedback from hotel guests, customers and tenants to identify training needs and room for improvement: • Alva Hotel by Royal and The Royal Garden obtain feedback via loyalty programmes, birthday programmes, daily courtesy calls and guest engagement • We generate monthly, quarterly and annual reports based on online comments • For residential properties, Management Service Brainstorming Sessions collect opinions from residents. We hold monthly tea time meetings with owners’ committees to communicate with owners’ representatives, discuss estate issues and negotiate estate policies and external issues We treat every customer with equal care and aim to provide all customers with quality services. Immediate response 48 hours 10 minutes 10 working days All complaints Emergency complaints Verbal complaints Written complaints Hotels Property Management Response within Verbal response within Written response within Sun Hung Kai Properties Limited Sustainability Report 2022/23 52 Our Reporting Approach Message from the Sustainability Steering Committee Our Business Our Approach to Sustainability Value Created for People Value Created for Customers Value Created for Supply Chain Value Created for Community Appendices Value Created for the Environment