The protection of privacy in relation to personal data is the concern of every person in the PCPD. We respect personal data privacy and are committed to fully implementing and complying with the data protection principles and all relevant provisions under the Ordinance. The Deputy Privacy Commissioner for Personal Data monitors and supervises compliance with the Ordinance within the PCPD.
When we collect personal data from individuals, we will provide them with a Personal Information Collection Statement ("PICS") on or before the collection in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data, or in a notice posted up at the reception area of PCPD for reference).
Four broad categories of personal data are held in the PCPD. They are personal data contained in:
Complaint, investigation and legal assistance records, which include records containing information supplied by data subjects and data users and collected in connection with complaints, investigations, legal assistance and related activities under the relevant provisions of the Ordinance;
Personnel records, which include job applications and PCPD staff personal details, job particulars, details of salary, payments, benefits, leave and training records, group medical and dental insurance records, mandatory provident schemes participation, performance appraisals, and disciplinary matters, etc;
Other records, which include administration and operational files, personal data provided to the PCPD from individuals for participating in promotional activities, records relating to educational and training activities organised by the PCPD, newsletters subscriptions, data relating to consultancy services, compliance check records, matching procedure applications, records of inspections of personal data systems and enquiries from the public, etc.
Records collected on webservers, which include email addresses (whereas they constitute personal data under specific circumstances that the addresses can be used to identify an individual) collected for newsletter subscription.
Personal data held in:
Complaint and investigation records are kept for the purposes of responding to and taking follow-up action on complaints, including conciliation between the parties concerned, investigation, if appropriate, and any enforcement or prosecution; legal assistance records are kept for the purposes which are directly related to the processing of the legal assistance applications and any subsequent legal proceedings;
Personnel records of employees are kept for recruitment and human resource management purposes, relating to such matters as employees' appointment, employment benefits, termination, performance appraisal and discipline, etc.
Other records are kept for various purposes which vary according to the nature of the record, such as administration of office functions and activities, seeking advice on policy or operational matters, organising and delivering promotional, educational and training activities, acquisition of services, subscription of publications, handling of compliance checks, data matching procedure applications, carrying out of inspections of personal data systems and enquiries from the public, etc.
Records collected on webservers are kept for the purpose of sending newsletters to subscribers registered through the websites.
Statistics on visitors to our websites - When you visit our websites, we will record your visit only as a “hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/duration and the pages visited (webserver access log).
We use the webserver access log for the purpose of maintaining and improving our websites such as to determine the optimal screen resolution, which pages have been most frequently visited etc. We use such data only for website enhancement and optimisation purposes.
We do not use, and have no intention to use the visitor data to personally identify anyone.
The PCPD’s internal IT systems are developed and maintained by in-house staff and a local third-party service provider. The third-party service provider does not have access to personal data stored in the IT system except when it is carrying out trouble-shooting on it at PCPD under the supervision of PCPD staff.
The PCPD websites are developed and maintained by local third-party service providers. All PCPD service providers are bound by contractual duty to keep confidential any data they come into contact with against unauthorised access, use and retention.
The PCPD takes appropriate steps to protect the personal data we hold against loss, unauthorised access, use, modification or disclosure.
The PCPD maintains and executes retention policies of records containing personal data to ensure personal data is not kept longer than is necessary for the fulfilment of the purpose for which the data is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by the PCPD in accordance with policies in standing instructions and administration manuals.
The personal data collected for complaint, investigation, compliance check and enquiry purposes is used only for purposes directly related to the discharge of our statutory and administrative functions and activities. In so doing, such personal data may be transferred to parties who will be contacted by us during the handling of the case including the party being complained against and/or other parties concerned. The personal data collected by the PCPD in the performance of its statutory functions may be disclosed to agencies who are authorised to receive information relating to law enforcement, prosecution or review of decisions.
The personal data collected for processing legal assistance applications may be disclosed to parties who will be contacted by the PCPD during the handling of the applications including the applicant’s legal representative (if any), the prospective defendant (including his legal representatives, if any), the courts or other parties concerned. The information provided may also be disclosed to agencies or organisations who are authorised to receive information relating to law enforcement, prosecution or review of decisions.
You should make your data access request by completing the Data Access Request Form (OPS003)(www.pcpd.org.hk/english/resources_centre/publications/forms/files/Dforme.pdf) and sending the completed Form directly to the Data Protection Officer by fax (2877 7026), by email at email@example.com, or in person or by mail to: -:
Office of the Privacy Commissioner for Personal Data, Hong Kong
12/F, Sunlight Tower, 248 Queen's Road East, Wanchai
Please note that the PCPD shall or may refuse to comply with a data access request in the circumstances specified in section 20 of the Ordinance, for example, where the requested data relates to information obtained in the course of handling a complaint by the PCPD the disclosure of which would constitute a contravention of the requirements under the secrecy provision of section 46(1) of the Ordinance.
When handling a data access or correction request, the PCPD will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request. A fee is chargeable by the PCPD for complying with a data access request. A Data Protection Log Book is maintained as required under section 27 of the Ordinance.