1823 sees the protection of personal data privacy as of vital importance in maintaining public trust in the public service. We are committed to implementing and complying with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance (Cap. 486) ("PD(P)O").
Kinds of Personal Data Held
1823 holds the following three broad categories of personal data –
- Case records received by phone, electronic form, email, SMS, fax, letter, mobile apps, Facebook / Google+, which may contain personal particulars of the enquirer / complainant, including name, HKID number, address and contact number.
- Employment-related records, which include job applications, employee personal particulars, education and qualifications, employment history, salary, terms and conditions of service, leave, training, outside employment, performance appraisals, accidents and personal injuries, conduct and discipline, etc.
- Other records, which include administration and operational files, minutes of meetings, quotations and prices of purchased stores and services, and requests made under the Code on Access to Information and the Privacy Ordinance, etc. of which the personal identity of individuals can be ascertained.
Main Purposes of keeping Personal Data
Personal data held in –
- Case records received by phone, electronic form, email, SMS, fax, letter, mobile apps, Facebook / Google+ are kept for case handling purposes.
- Employment-related records are kept for recruitment and human resource management purposes, relating to such matters as employees' appointment, employment terms, termination, performance appraisal and discipline, etc.
- Other records are kept for various purposes which vary according to the nature of the record, such as administration of the office functions and activities, seeking advice on policy or operational matters, procurement of stores and equipment, and acquisition of services, etc., and such records contain personal identifiers.
Information collected when you visit our websites
The Government will record visits to our websites without collecting any personal identifiable information of users. Such general statistics are collected for the compilation of statistical reports and the diagnosis of problems with or concerning computer systems to help the Government improve our websites.
Search service on our websites is provided by an independent contractor of the Government. We are advised by the independent contractor that it does not collect personal identifiable information while serving search results through our websites. The independent contractor will share the anonymous data it collects through the search service with the Government for compiling traffic analysis on government websites. The Government will not match the data obtained from any such search activity with any personal data possibly held by the Government.
The Principal Executive Officer (EU) [PEO(EU)] is the Data Protection Officer [DPO] who is responsible for overseeing compliance with the Privacy Ordinance in EU. The Chief Executive Officer (Projects) [CEO(Projects)] will render assistance to DPO on privacy management matters in respect of 1823.
Collection of Personal Data
When collecting personal data, 1823 will satisfy itself that the purposes for which the data is collected are lawful and directly related to a function or activity of 1823; the means of collection are lawful and fair in the circumstances of the case; and the personal data collected is necessary and adequate, but not excessive, for the purpose(s) for which it is collected.
Accuracy and Retention of Personal Data
Practicable steps will be taken to ensure that personal data are accurate and up-to-date. Personal data will not be kept longer than is necessary for the fulfillment of the purpose (including any directly-related purpose) for which the data is or is to be used.
Use of Personal Data
All personal data collected will be used only for the purpose for which the data is collected or a directly related purpose that is made known to the data subject before the data is provided. In so doing, the personal data collected may be transferred to parties who will be contacted by us during the handling of the case.
Practical steps are taken to ensure that personal data are protected against unauthorized or accidental access, processing, erasure, loss or use.
Transparency of policy
A mechanism is set up for incident reporting and breach handling in case there is loss or leak of personal data, or there is a reason to believe that such data has been compromised. In the event of a suspected breach, the data subject concerned can write to the Data Protection Officer (contact details at below) to provide the relevant details for investigation.
Ongoing Review and Monitoring
Data Access and Correction Requests
Any request for access to personal data and correction should be made by completing the Data Access Request Form (OPS003) specified by the Office of the Privacy Commissioner for Personal Data and sending the completed Form to the Data Protection Officer by fax (fax number 2783 9014) or by mail to the following address –
Data Protection Officer
1823, Efficiency Unit
10/F, Tower I, Ever Gain Plaza
88 Container Port Road
Kwai Chung, N.T.
When handling a data access or correction request, we will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request.
A charge will be imposed to cover the cost of photocopying personal data to be supplied in response to data access requests at the current standard charges or as otherwise provided for or approved by the Secretary for Financial Services and the Treasury.
Last revision date: February 2015