Privacy Policy Statement

Privacy Policy Statement

Statement of Policy

H.K.S.K.H. Lady MacLehose Centre ("The Organization”) respects personal data privacy and is committed to fully implementing and complying with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance ("Ordinance”) so as to ensure the privacy, confidentiality and safety of the personal data held by us. We are also committed to ensuring that our employees and agents adhere to these responsibilities.

 

When we collect personal data from individuals, we will provide them with a Personal Information Collection Statement on or before the collection in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data, or in a notice posted up at the reception area of The Organization service units). If you are under the age of 18, you should obtain consent from your parent or guardian before providing the Organization with your data.

 

Statement of Practice

Kinds of Personal Data Held

 

Four broad categories of personal data are held by The Organization. They are personal data contained in:

 

Service records, which include information supplied by service users and data transferred from other organisations;

 

Personnel records, which include job application forms and The Organization staff personal details, job particulars, details of salary, payments, benefits, leave and training records, group medical and insurance records, mandatory provident fund schemes participation, performance appraisals and disciplinary matters;

 

Other records, which include administration and operational files, personal data provided to The Organization from participants and volunteers participating in The Organization’s activities, payment records, online meetings records, records relating to educational and training activities organised by The Organization, compliance check records, donation records and enquiries from the public;

 

Records collected on webservers, which include email addresses (whereas they constitute personal data under specific circumstances that the addresses can be used to identify an individual) collected for newsletter subscription (if applicable).

 

Main Purposes of Keeping Personal Data

Personal data are held for the following purposes:

 

Service records are kept for making appropriate arrangements and follow-up work according to the situation of service users, including adjusting the mode and frequency of services, and making referrals where appropriate.

 

Personnel records of employees are kept for recruitment and human resource management purposes, relating to matters such as employees’ appointment, employment benefits, termination, performance appraisal and discipline.

 

Other records are kept for various purposes which vary according to the nature of the record, such as administration of office functions and activities, seeking advice on policy or operational matters, organising and delivering promotional, educational and training activities, acquisition of services, handling of compliance checks and enquiries from the public.

 

Records collected on webservers are kept for the purpose of sending newsletters to subscribers registered through the websites (if applicable).

 

If the Organization wishes to use your personal data for a new purpose (other than the purposes (or any directly related purpose) outlined above), the Organization will obtain your consent in advance.

 

Information Collected When You Visit Our Websites

Use of cookies (if applicable): When you browse this website, cookies will be stored in your computer's browser. The purposes of using cookies in this site are to remember the different font size you have chosen in the site and also to facilitate the security checking (the test that asks you to enter the validation code displayed on screen) in online forms. You have a choice not to accept the cookies. If you do not accept the cookie, the site may not be able to remember the font size you have chosen and you may not be able to make any online submission. This website does not use cookies to collect your personal data.

 

Statistics on visitors to our websites (if applicable): When you visit our websites, we will record your visit only as a "hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/duration and the pages visited (webserver access log).

 

We use the webserver access log for the purpose of maintaining and improving our websites such as to determine the optimal screen resolution and which pages have been most frequently visited. We use such data only for website enhancement and optimisation purposes.

 

We do not use, and have no intention to use the visitor data to personally identify anyone.

 

Outsourcing Arrangements

The Organization’s internal IT systems are developed and maintained by our in-house staff and third-party service provider. The third-party service provider does not have access to personal data stored in the IT system except when it is carrying out trouble-shooting on it at The Organization under the supervision of The Organization staff.

 

The Organization websites are developed and maintained by third-party service providers. All The Organization service providers are bound by contractual duty to keep confidential any data they come into contact with against unauthorised access, use and retention.

 

Protection Measures

The Organization takes appropriate steps to protect the personal data we hold against loss, unauthorised access, use, modification or disclosure.

 

Retention

The Organization maintains and executes retention policies of records containing personal data to ensure personal data is not kept longer than is necessary for the fulfilment of the purpose for which the data is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by The Organization in accordance with internal policies.

 

Disclosure of Personal Data

The personal data collected for service purposes is used only for purposes directly related to the discharge of our functions, service and activities. In so doing, such personal data may be transferred to parties who will be contacted by us during the handling of the case, including government departments, institutions and/or other relevant persons authorised or having statutory power to receive relevant information.

 

Data Access and Correction

You should make your data access request by completing the Data Access Request Form and sending the completed Form directly to our Administrative Unit by fax at 2481 5671, by email at skhlmcad@skhmaclehose.org.hk, in person or by post to Room 301, 22 Wo Yi Hop Road, Kwai Chung, N.T..

 

When handling a data access or correction request, The Organization will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request. A fee is chargeable by The Organization for complying with a data access request. Please note that The Organization shall or may refuse to comply with a data access request in the circumstances specified in section 20 of the Ordinance. A Data Protection Log Book is maintained as required under section 27 of the Ordinance.

 

Enquiries

Any enquiries regarding personal data privacy policy and practice may be addressed to our Administrative Unit at the above correspondence address, via email at skhlmcad@skhmaclehose.org.hk or on telephone number 2423 5265 during office hours.

 

[This Statement was last updated in August 2022.]