Privacy Policy
1823 sees the protection of personal data privacy as of vital importance in maintaining public trust in the public service. We are committed to implementing and complying with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance (Cap. 486) ("PD(P)O").
Kinds of personal data held
1823 holds the following three broad categories of personal data –
Case records received by phone, electronic form, email, SMS, fax, letter, mobile app and Facebook, which may contain personal particulars of the enquirer / complainant, including name, HKID number, address and contact number.
Employment-related records, which include job applications, employee personal particulars, education and qualifications, employment history, salary, terms and conditions of service, leave, training, outside employment, performance appraisals, accidents and personal injuries, conduct and discipline, etc.
Other records, which include administration and operational files, minutes of meetings, quotations and prices of purchased stores and services, and requests made under the Code on Access to Information and the Privacy Ordinance, etc. of which the personal identity of individuals can be ascertained.
Main purposes of keeping personal data
Personal data held in –
- Case records received by phone, electronic form, email, SMS, fax, letter, mobile app and Facebook are kept for case handling purposes.
- Employment-related records are kept for recruitment and human resource management purposes, relating to such matters as employees' appointment, employment terms, termination, performance appraisal and discipline, etc.
- Other records are kept for various purposes which vary according to the nature of the record, such as administration of the office functions and activities, seeking advice on policy or operational matters, procurement of stores and equipment, and acquisition of services, etc., and such records contain personal identifiers.
Information collected when you visit this website
The Government will record visits to and usage of this website by using cookies and page tagging without collecting any personal identifiable information of users. Such general information is only collected for reviewing and improving 1823 service.
Cookies
A cookie is a small amount of data created in a computer when a person visits a website on the computer. It often includes an anonymous unique identifier. A cookie can be used to identify a computer. It, however, is not used to collect any personal information. In other words, it does not have the function of identifying an individual user of the website. Cookies are used by the Government to collect data including the number of visits to this website.
Page tagging
Javascript and pixel tags are used to collect statistics on customer usage patterns of this website and Government online services offered on this website; and for tracking the performance of our online advertisements. A pixel tag is a transparent image placed on certain webpages to collect data on user activities. The collected data are aggregated and analysed for measuring the effectiveness, improving the usability of this website and the services provided on this website. No personal or identifiable information about a visitor would be collected.
You may disable JavaScript on your computer. Disabling JavaScript should not affect your access to this website, but you will not be able to use some of the functions of this website, such as the animation effect of the website.
IP address
When you visit this website or use any service of this website, our network servers will automatically record and verify your domain name and IP address and record the pages you visit. This information does not identify you as an individual.
Search Service
The search service on our website does not collect personal identifiable information. The anonymous data collected through the search service is for the purposes of traffic analysis and service enhancement. The Government will not match the data obtained from any such search activity with any personal data possibly held by the Government.
Chatbot function
The Chatbot function will not proactively collect and/or request you to provide any personal identifiable information. To ensure the protection of your personal information and privacy, you should not provide any personal identifiable information when using the Chatbot function.
Practices
The Principal Executive Officer (EffO) [PEO(EffO)] is the Data Protection Officer [DPO] who is responsible for overseeing compliance with the Privacy Ordinance in EffO. The Chief Executive Officer (Projects) [CEO(Projects)] will render assistance to DPO on privacy management matters in respect of 1823.
Collection of personal data
When collecting personal data, 1823 will satisfy itself that the purposes for which the data is collected are lawful and directly related to a function or activity of 1823; the means of collection are lawful and fair in the circumstances of the case; and the personal data collected is necessary and adequate, but not excessive, for the purpose(s) for which it is collected. This website and the mobile app uses TLS protocol to encrypt data during network transmission to protect your personal data. All personal data you provide to 1823 via this website and the mobile app are secured, and access to them is restricted to authorised personnel only.
Accuracy and retention of personal data
Practicable steps will be taken to ensure that personal data are accurate and up-to-date. Personal data will not be kept longer than is necessary for the fulfillment of the purpose (including any directly-related purpose) for which the data is or is to be used.
Use of personal data
All personal data collected will be used only for the purpose for which the data is collected or a directly related purpose that is made known to the data subject before the data is provided. In so doing, the personal data collected may be transferred to parties who will be contacted by us during the handling of the case. Unless permitted or required by law, the Government will not disclose your personal data to any third parties without your prior consent.
Security
Practical steps are taken to ensure that personal data are protected against unauthorized or accidental access, processing, erasure, loss or use.
Transparency of policy
Our privacy policy and practices can be found on this website.
Breach handling
A mechanism is set up for incident reporting and breach handling in case there is loss or leak of personal data, or there is a reason to believe that such data has been compromised. In the event of a suspected breach, the data subject concerned can write to the Data Protection Officer (contact details at below) to provide the relevant details for investigation.
Ongoing review and monitoring
A Data Protection Log Book is kept for registering refusal of data holding/access/correction requests as required under section 27 of the Privacy Ordinance. We keep our privacy policy statement under regular review.
Data Access and Correction Requests
Procedure
Any request for access to personal data and correction should be made by completing the Data Access Request Form (OPS003) specified by the Office of the Privacy Commissioner for Personal Data and sending the completed Form to the Data Protection Officer by fax (fax number 2783 9014) or by mail to the following address –
Data Protection Officer
1823, Efficiency Office
13/F, Treasury Building,
3 Tonkin Street West,
Cheung Sha Wan, Kowloon
When handling a data access or correction request, we will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request.
Charges
A charge will be imposed to cover the cost of photocopying personal data to be supplied in response to data access requests at the current standard charges or as otherwise provided for or approved by the Secretary for Financial Services and the Treasury.