Requests to unsubscribe must be honoured within ten working days.
Official forms and contact details. According to guidance issued by the PCPD, privacy impact assessments are encouraged under certain circumstances e.
One significant difference is that the Ordinance does not protect information concerning a deceased individual.
However, the Privacy Commissioner has issued Codes of Practice setting out specific requirements in respect of certain types of personal data such as identity card numbers, personal identifiers and consumer credit data. DPP5 - Openness Principle A data user must take practicable steps to make personal data policies and practices known to the public regarding the types of personal data it holds and how the data is used.
Not conceal caller identification information for telephone and fax messages.
The classes of marketing subjects to which the proposed direct marketing will relate. The Privacy Commissioner is not empowered to impose administrative fines or penalties. However, your data will be used and disclosed to third parties for the purposes for which they were collected.
Except with our express permission, you are not allowed to upload, post, publish, reproduce, transmit or distribute in any way any component of the Website itself or create derivative works with respect thereto, as the Website is copyrighted under applicable laws.
You are responsible to ensure that your use of the Information complies with all applicable legal requirements. Data processors or controllers: Rights to access information Under DPP6, data subjects are entitled to request access to personal data within 40 days for a fee which must not be excessive.
Ensure that the data processor does not retain personal data for longer than is necessary for the processing of the personal data. One significant difference is that the Ordinance does not protect information concerning a deceased individual.
Breaching a Code of Practice does not, of itself, render a data user liable to any proceedings but evidence of such a breach is admissible in proceedings under the PDPO. The Privacy Commissioner may approve and issue code of practice after consultation. The PCPD has no power to directly levy administrative fines or penalties.
The Ordinance covers much of the same ground as the Data Protection Directive, although with some significant limitations. A Q&A guide to data protection in Hong Kong.
This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements.
Hong Kong’s PDPO was drafted based on this directive.
The GDPR now applies directly to all EU member states, but individual EU member states can have supplemental legislation with exceptions and. We anticipate that the Hong Kong courts will start to take a more hard-line approach to offenders under the PDPO, not only in respect of Section 50B(1)(b)(i), but also other provisions, for example Section 35E (which makes it an offence to use an individual’s personal data for direct marketing without their consent), Section 50A (which makes.
DPP3 - Data Use Principle. Personal data must be used for the purpose for which the data is collected or for a directly related purpose, unless voluntary and explicit.
27 PDPO (Hong Kong), caps 4; PDPO (Hong Kong), capsch 1. The six DPPs are the data collection principle, the accuracy and retention principle, the data use EAP 7 Journal of Law, Information and Science Vol 25 DPP3, the data use principle, requires that personal data collected about a.
persons (whether within or outside of Hong Kong) for the purposes set out in sub-paragraph (4) of this Statement: (i) any nominees in whose name securities or other assets may be registered; Any such request must be made in accordance with the PDPO and shall be addressed to the /.Pdpo in hong kong