The protection of privacy in relation to personal data is the concern of every person in the PCPD. We respect personal data privacy and are committed to fully implementing and complying with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance (“the Ordinance”). The Privacy Commissioner for Personal Data monitors and supervises compliance with the Ordinance within the PCPD.
When we collect personal data from individuals, we will provide them with a Personal Information Collection Statement ("PICS") on or before the collection in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data, or by way of a notice displayed at the reception area of PCPD).
Four broad categories of personal data are held by the PCPD. They are personal data contained in:
Complaint, investigation and legal assistance records, which include records containing information supplied by data subjects, data users and data processors and collected in connection with complaints, investigations, legal assistance and related activities under the relevant provisions of the Ordinance;
Personnel records, which include job applications, PCPD staff personal details, job particulars, details of salary, payments, benefits, leave and training records, group medical and dental insurance records, mandatory provident schemes participation, performance appraisals, and disciplinary matters, etc;
Other records, which include administration and operational files, personal data provided to the PCPD from individuals for participating in promotional activities, records relating to educational and training activities organised by the PCPD, newsletters subscriptions, data relating to consultancy services, compliance check records, matching procedure applications, records of inspections of personal data systems and enquiries from the public, etc.
Records collected on webservers, which include email addresses (whereas they can be used to identify an individual under specific circumstances thus may constitute personal data) collected for newsletter subscription.
Personal data held in:
Complaint and investigation records are kept for the purposes of responding to and taking follow-up action on complaints, including conciliation between the parties concerned, investigation, if appropriate, and any enforcement or prosecution; legal assistance records are kept for purposes which are directly related to the processing of legal assistance applications and any subsequent legal proceedings;
Personnel records of employees are kept for recruitment and human resource management purposes, relating to such matters as employees' appointment, employment benefits, termination, performance appraisal and discipline, etc.
Other records are kept for various purposes which vary according to the nature of the record, such as administration of office functions and activities, seeking advice on policy or operational matters, organising and delivering promotional, educational and training activities, acquisition of services, subscription of publications, handling of compliance checks, matching procedure applications, enquiries from the public and conduct of inspections of personal data systems, etc.
Records collected on webservers are kept for the purpose of sending newsletters to subscribers registered through the websites.
Statistics on visitors to our websites - When you visit our websites, we will record your visit only as a “hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, the time/duration and the pages visited (webserver access log).
We use the webserver access log for the purpose of maintaining and improving our websites such as to determine the optimal screen resolution, which pages have been most frequently visited, etc. We use such data only for website enhancement and optimisation purposes.
We do not use, and have no intention to use the visitor data to personally identify anyone.
The PCPD’s internal IT systems are developed and maintained by in-house staff and a local third-party service provider. The third-party service provider does not have access to personal data stored in the IT system except when it is carrying out trouble-shooting on it at PCPD under the supervision of PCPD staff.
The PCPD websites are developed and maintained by local third-party service providers. All PCPD service providers are bound by contractual duty to keep any data they come into contact with confidential and against unauthorised access, use and retention.
The PCPD accepts payments for the course fee of professional workshops through PayPal. In order to process the payment of course fee via PayPal, participants are required to provide personal information including but not limited to their credit card and billing contact information to PayPal which is managed by PayPal Hong Kong Limited, a company registered under the laws of Hong Kong Special Administrative Region. PayPal Hong Kong Limited is a Stored Value Facility Licensee (license No. SVF0008) regulated by the Hong Kong Monetary Authority ("HKMA"). As regulated by the HKMA, PayPal Hong Kong Limited is required to comply with and ensure its service providers comply with (1) the Personal Data (Privacy) Ordinance as well as any relevant codes of practice, guidelines or best practice issued by the PCPD from time to time; and (2) the Payment Systems and Stored Value Facilities Ordinance and other regulatory requirements and guidelines prescribed by the HKMA from time to time.
The current Register of Stored Value Facility Licensees kept by HKMA and the Guideline and Practice Note on Supervision of Stored Value Facility Licensees issued by the HKMA can be found at the website of the HKMA.
In selecting and agreeing to make payment via PayPal, participants will be bound by the Terms for Payments of PayPal Services which may be revised from time to time by PayPal Hong Kong Limited. Participants are also recommended to read the Privacy Statement of PayPal Hong Kong Limited before selecting the PayPal services.
PayPal's Privacy Statement can be found at https://www.paypal.com/hk/webapps/mpp/ua/privacy-full.
The PCPD takes appropriate steps to protect the personal data we hold against unauthorised or accidental access, processing, erasure, loss or use (which includes disclosure or transfer).
The PCPD maintains and executes retention policies of records containing personal data to ensure personal data is not kept longer than is necessary for the fulfilment of the purpose for which the data is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by the PCPD in accordance with the policies set out in standing instructions and administration manuals.
The personal data collected for complaint, investigation, compliance check and enquiry purposes is used only for purposes directly related to the discharge of our statutory and administrative functions and activities. In so doing, such personal data may be transferred to parties contacted by the PCPD during the handling of the case, including the party being complained against and/or other parties concerned. The personal data collected by the PCPD in the performance of its statutory functions may be disclosed to agencies who are authorised to receive information relating to law enforcement, prosecution or review of decisions.
The personal data collected for processing legal assistance applications may be disclosed to parties contacted by the PCPD during the processing of legal assistance applications. The parties include the applicant’s legal representative (if any), the respondent (including his legal representatives, if any), the courts and other parties concerned. The personal data collected may also be disclosed to agencies or organisations who are authorised to receive such data relating to law enforcement, prosecution or challenge against the PCPD’s decisions.
You should make your data access request by completing the Data Access Request Form (OPS003)(www.pcpd.org.hk/english/resources_centre/publications/forms/files/Dforme.pdf) and sending the completed Form directly to the Data Protection Officer by fax (2877 7026), by email at email@example.com, or in person or by mail to: -:
Office of the Privacy Commissioner for Personal Data, Hong Kong
Room 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East,
Wanchai, Hong Kong.
Please note that the PCPD shall or may refuse to comply with a data access request in the circumstances specified in section 20 of the Ordinance, for example, where the requested data relates to information obtained in the course of handling a complaint by the PCPD the disclosure of which would constitute a contravention of the requirements under the secrecy provision of section 46(1) of the Ordinance.
When handling a data access or correction request, the PCPD will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request. A fee is chargeable by the PCPD for complying with a data access request. A Data Protection Log Book is maintained as required under section 27 of the Ordinance.