The protection of privacy in relation to personal data is the concern of every person in the PCPD. We respect personal data privacy and are committed to fully implementing and complying with all relevant provisions under the Personal Data (Privacy) Ordinance (the “Ordinance”), including the Data Protection Principles stipulated in Schedule 1 thereto. The Privacy Commissioner for Personal Data monitors and supervises compliance with the Ordinance within the PCPD.
When we collect personal data from individuals, we will provide them with a Personal Information Collection Statement in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data, or by way of a notice displayed at the reception area of the PCPD) on or before the collection.
Four broad categories of personal data are held by the PCPD. They are personal data contained in:
Complaint, investigation and legal assistance records, which include records containing information provided by data subjects, data users, data processors and other parties concerned and collected in connection with complaints, investigations, legal assistance and related activities under the relevant provisions of the Ordinance;
Personnel records, which include job applications, employees’personal details, job particulars, details of salary, payments, benefits, leave, group medical and dental insurance records, training records, mandatory provident fund schemes participation, performance appraisals and disciplinary matters, etc.;
Other records, which include administrative and operational files, personal data provided to the PCPD from individuals for participating in promotional activities, records relating to educational and training activities organised by the PCPD, newsletters subscriptions, data relating to consultancy services, compliance check records, matching procedure applications, records of inspections of personal data systems and enquiries from the public, etc.; and
Records collected on webservers, which include email addresses collected for newsletter subscription (which may, in specified circumstances, be used to identify an individual and thus may constitute personal data).
Personal data held in:
Complaint and investigation records are kept for the purposes of responding to and taking follow-up action on complaints, including conciliation between the parties concerned, investigation, and, where appropriate, any enforcement or prosecution;
Legal assistance records are kept for purposes which are directly related to the handling of legal assistance applications and any subsequent legal proceedings;
Personnel records of employees are kept for recruitment and human resource management purposes, such as matters related to employees' appointment, benefits, termination, performance appraisals and discipline, etc.;
Other records are kept for various purposes depending on their nature, such as administration of office functions and activities, seeking advice on policy or operational matters, organising and delivering promotional, educational and training activities, acquisition of services, subscription of publications, carrying out of compliance checks, handling of matching procedure applications, enquiries from the public as well as conducting inspections of personal data systems, etc.; and
Records collected by webservers are kept for the purpose of sending newsletters to subscribers registered through the PCPD’s websites.
Use of cookies - When you browse our websites, cookies will be stored in your computer's browser. The purposes of using cookies in our websites are to remember the font size you have chosen in the site and to perform security checks for online forms (i.e. the test that asks you to enter the validation code displayed on screen). You may choose not to accept the cookies. However, if you do not accept the cookies, the site would not automatically display the font size you have chosen and you will not be able to make any online submission. Our websites do not use cookies to collect your personal data.
Statistics on visitors to our websites - When you visit our websites, we will record your visit only as a “hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, the time/duration and the pages visited (webserver access log).
We use the webserver access log for the purpose of maintaining and improving our website’s operation, such as to determine the optimal screen resolution and the most frequently visited pages, etc. We use such data only for website enhancement and optimisation purposes.
We do not use, and have no intention to use the visitor data for identification purposes.
The PCPD’s internal IT systems are developed and maintained by in-house staff and a local third-party service provider. The third-party service provider does not have access to personal data stored in the IT system except when it is carrying out trouble-shooting at the PCPD under the supervision of the PCPD staff.
Our websites are developed and maintained by local third-party service providers. All PCPD service providers are bound by contractual duty to keep any data they come into contact with confidential and against unauthorised access, use and retention.
The PCPD accepts payments for the course fee of professional workshops or membership fee through PayPal and Faster Payment System (“FPS”).
PayPal
In order to process the payment of course fee or membership fee via PayPal, participants are required to provide personal information including but not limited to their credit card and billing contact information to PayPal. PayPal is managed by PayPal Hong Kong Limited, which is a company registered under the laws of Hong Kong Special Administrative Region. PayPal Hong Kong Limited is a Stored Value Facility Licensee (license No. SVF0008) regulated by the Hong Kong Monetary Authority (the "HKMA"). As a licensee regulated by the HKMA, PayPal Hong Kong Limited is required to comply with and ensure its service providers comply with (1) the Personal Data (Privacy) Ordinance as well as other codes of practice, guidelines or best practice issued by the PCPD from time to time; and (2) the Payment Systems and Stored Value Facilities Ordinance and other regulatory requirements and guidelines prescribed by the HKMA from time to time.
The current Register of Stored Value Facility Licensees kept by the HKMA and the “Guideline on Supervision of Stored Value Facility Licensees” and “Practice Note on Supervision of Stored Value Facility Licensees” issued by the HKMA can be found at the website of the HKMA.
In selecting and agreeing to make payment via PayPal, participants will be bound by the Terms for Payments of PayPal Services which may be revised from time to time by PayPal Hong Kong Limited. Participants are also recommended to read the Privacy Statement of PayPal Hong Kong Limited before using the PayPal services.
PayPal's Privacy Statement can be found at https://www.paypal.com/hk/webapps/mpp/ua/privacy-full.
FPS
In order to process the payment of course fee or membership fee via FPS, participants are required to provide personal information including but not limited to their name, organisation’s name and/or reference number under the “Message to payee” section for payment. Upon completion of the payment transfer, participants are required to to download the payment details (which should include the payment date, payer’s bank, transaction reference number and the amount paid) and send the payment details* to the PCPD.
* For membership fee, participants are required to also send the completed form to the PCPD.
FPS is a payment financial infrastructure introduced by the HKMA and operated by Hong Kong Interbank Clearing Limited to enable instant payments in Hong Kong. All banks and e-wallet operators in Hong Kong can participate in the FPS. In selecting and agreeing to make payment via FPS, participants are recommended to read the terms for payment of the relevant banks and e-wallet operators which may be revised from time to time. Participants are also recommended to read the Privacy Statement provided by the relevant banks and e-wallet operators.
The PCPD takes appropriate steps to protect the personal data we hold against unauthorised or accidental access, processing, erasure, loss or use (which includes disclosure or transfer).
The PCPD maintains and executes retention policies of records containing personal data to ensure personal data is not kept longer than is necessary for the fulfilment of the purpose for which the data is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by the PCPD in accordance with the policies set out in the PCPD’s standing instructions and administration manuals.
The personal data collected for complaint, investigation, compliance check and enquiry purposes is used only for purposes directly related to the discharge of our statutory and administrative functions and activities. In so doing, such personal data may be transferred to individuals or organisations contacted by the PCPD during the handling of the case, including the party being complained against and/or other relevant individuals or organisations. The personal data collected by the PCPD in the performance of its statutory functions may be disclosed to individuals or organisations who are authorised to receive information relating to law enforcement, prosecution or review of decisions.
The personal data collected for handling legal assistance applications may be disclosed to individuals or organisations contacted by the PCPD during the handling of legal assistance applications. Such individuals or organisations include the applicant’s legal representative (if any), the respondent (including his legal representatives, if any), the courts, and other relevant individuals or organisations concerned. The personal data collected may also be disclosed to agencies or organisations who are authorised to receive such data relating to law enforcement, prosecution or challenge against the PCPD’s decisions.
If you wish to make a data access request to the PCPD, please complete the Data Access Request Form (OPS003)(www.pcpd.org.hk/english/resources_centre/publications/forms/files/Dforme.pdf) and submit the same directly to the Data Protection Officer by fax (2877 7026), by email at communications@pcpd.org.hk, in person or by mail to: -
Office of the Privacy Commissioner for Personal Data, Hong Kong
Unit 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East,
Wanchai, Hong Kong.
Please note that the PCPD shall or may refuse to comply with a data access request under the circumstances specified in section 20 of the Ordinance, for example, where the requested data relates to information obtained by the PCPD in the course of handling a complaint. The disclosure of such data would constitute a contravention of the secrecy provision under section 46(1) of the Ordinance.
When handling a data access or correction request, the PCPD will check the identity of the requester to ensure that he/she is legally entitled to make the data access or correction request. A fee is chargeable by the PCPD for complying with a data access request. The PCPD will maintain a log book in accordance with section 27 of the Ordinance.
Any enquiries regarding the PCPD’s personal data privacy policy and practice may be addressed to the Data Protection Officer at the above correspondence address, via email at communications@pcpd.org.hk or on telephone number 2827 2827 during office hours.
We keep our privacy policy statement under regular review. This statement was last updated on 23 February 2026.