Statement of Policies and Practices in relation to Personal Data
Control of Personal Data
The Assistant Commissioner/Administration and Licensing is designated as the Personal Data Controlling Officer (PDCO), who is responsible for overseeing, assessing, authorising, monitoring and reviewing personal data protection measures to ensure compliance with the requirements of the Personal Data (Privacy) Ordinance within the Department. Any decision to refuse to comply with a data access/holding/correction request should be subject to the authorisation of the PDCO.
2. The Departmental Secretary is designated as the Personal Data Privacy Officer, who is responsible for the overall management of employment-related personal data. The Deputy Departmental Secretary/Administration is designated as the Data Protection Officer (DPO), who is responsible for dealing with matters relating to compliance with the Personal Data (Privacy) Ordinance and to assess, monitor and review the Department"s personal data privacy protection measures.
Personal Data Policies
3. The Department is committed to ensuring that all personal data are handled in accordance with the provisions of the Ordinance. The Department undertakes to –
(a) collect adequate, but not excessive, personal data by lawful and fair means only for lawful purposes related to the Department"s functions or activities;
(b) take all reasonably practicable steps to ensure that the personal data collected or retained are accurate, having regard to the purposes for which they are to be used;
(c) erase personal data which are no longer necessary for the purposes for which they are to be used;
(d) use the personal data collected only for purposes or directly related purposes for which the data were to be used at the time of collection, unless the individual concerned has given express consent for a change of use or such use is permitted by law;
(e) take all reasonably practicable steps to ensure that personal data are protected against unauthorized or accidental access, processing, erasure or other use;
(f) take all reasonably practicable steps to ensure that a person can be informed of the kinds of personal data that the Department holds and the purposes for which the data are to be used; and
(g) permit persons to access and correct personal data of which they are the data subject and process any such access/correction requests in a manner permitted or required by law.
Types and Purposes of Personal Data Held
4. The types of personal data held by the Department, and the main purposes for which the personal data are used, are set out at Annex.
Data Access/Correction Requests
5. Requests for access to or correction of personal data held by the Department may be made in writing either by letter or by completing the Data Access Request Form or the Personal Data Correction Request Form, as appropriate, and returning to the following address -
Data Protection Officer
10/F, SouthTower, West Kowloon Government Offices
11 Hoi Ting Road
Yau Ma Tei, Kowloon
Underpaid mail items will be rejected. For proper delivery of your mail items to the department, please ensure your mail items bear sufficient postage with return address.(Details)
6. A charge will be made to cover the cost of photocopying personal data at the rate of $1.3 per copy for A4 size paper or $1.5 per copy for A3 size paper or as otherwise provided for or approved by the Secretary for Financial Services and the Treasury.
7. The requirement to pay for fees currently charged or to be charged under other charging schemes for provision of Government records shall not be circumvented by way of a data access request.