The Data Protection Policy is in compliance with the stated obligations under the Personal Data (Privacy) Ordinance. The main points of the privacy policy and general practices are summarized as follows:
- Personal data should be collected by lawful and fair means and can only be used for lawful purposes directly related to the services and activities.
- The data collected should be necessary, adequate but not excessive in relation to its purposes.
- Before collecting the data, as far as reasonably practicable, we will inform the data subject about the purpose(s) for collecting the data and the classes of persons to whom the data may be transferred to.
- The data subject should be informed of his/her rights to request access to and the correction of the personal data, and also the ways for making such request.
- All reasonably practicable steps should be taken to ensure that personal data collected or retained are accurate for the purposes for which they are to be used.
- Personal data should not be kept longer than is necessary for the purposes for which they are to be used.
- Unless prior consent has been obtained from the data subject, the personal data should only be used, disclosed or transferred for the purposes or a directly related purpose(s) for which they were collected or where they are allowed under the Ordinance.
- All reasonably practicable steps should be taken to ensure that personal data held are protected against unauthorized or accidental access, processing, erasure or other use.
- Information about the policy and general practices of us in relation to the personal data, the types of personal data held and the main purposes for which personal data are used, should generally be available for inspection upon request.
- The data subject will be allowed to access to and correct his/her personal data. However, we may refuse such request subject to the provisions and exemptions of the Ordinance.