��������Ƶ

A Privacy Notice tells people how an organization collects, uses, and protects their personal data. Under Hong Kong's Personal Data (Privacy) Ordinance, businesses must be transparent about their data handling practices and inform individuals about their privacy rights.

This essential document explains key details like what information gets collected, how it's stored, who can access it, and when it might be shared with others. It also outlines how customers can view their data, request corrections, or file complaints - rights that Hong Kong law specifically protects. Most companies display their Privacy Notice on their website or share it when first collecting someone's information.

Use a Privacy Notice before you start collecting personal data from customers, employees, or website visitors in Hong Kong. This includes launching new products, opening accounts, hiring staff, or adding data collection features to your website. Under Hong Kong's privacy laws, you need to inform people about your data practices before gathering their information.

Major business changes also trigger the need to update your Privacy Notice - like expanding into new services, changing how you handle data, or working with different third-party providers. During mergers or acquisitions, reviewing and updating Privacy Notices helps ensure continuous compliance and maintains trust with your stakeholders.

• Core Website Privacy Notice: Focuses on online data collection, cookie usage, and digital tracking methods - commonly used by e-commerce and digital service providers.
• Employee Privacy Notice: Details how organizations handle staff personal data, including recruitment information, payroll details, and workplace monitoring practices.
• Customer Service Privacy Notice: Explains data handling for physical stores, customer loyalty programs, and direct marketing activities.
• Mobile App Privacy Notice: Specifically addresses data collection through mobile applications, including device permissions and location tracking.
• Joint Data Processing Notice: Used when multiple organizations share responsibility for processing personal data in partnerships or shared services.

• Data Controllers: Companies, organizations, and government bodies that collect and process personal data must create and maintain Privacy Notices to comply with Hong Kong law.
• Legal Teams: In-house lawyers and external counsel draft and review Privacy Notices to ensure compliance with the Personal Data (Privacy) Ordinance.
• Privacy Officers: Dedicated data protection specialists oversee the implementation and updates of Privacy Notices.
• Website Operators: Technical teams implement Privacy Notices on digital platforms and manage cookie consent mechanisms.
• Data Subjects: Individuals whose personal data is collected have rights under the Privacy Notice and can exercise them through specified channels.

• Data Mapping: Document all personal data your organization collects, stores, and processes, including collection methods and purposes.
• Third-Party Relationships: List any external parties who receive or process data, including cloud services and marketing partners.
• Legal Requirements: Review Hong Kong's Personal Data (Privacy) Ordinance requirements and industry-specific regulations affecting your data handling.
• User Rights: Detail how individuals can access, correct, or delete their data, and your timeline for responding.
• Implementation Plan: Prepare your technical infrastructure and staff training for enforcing the privacy practices you'll describe.

• Data Collection Statement: Clear explanation of what personal data you collect and how you obtain it.
• Purpose Declaration: Specific reasons for collecting each type of personal data.
• Data Storage Details: Information about where and how long you keep personal data.
• Third-Party Sharing: List of organizations you share data with and why.
• Data Subject Rights: How individuals can access, correct, or delete their data.
• Security Measures: Description of safeguards protecting personal information.
• Contact Information: Details for your Data Protection Officer or privacy team.
• Updates Process: How you'll notify users about policy changes.

A Privacy Notice differs significantly from a Data Processing Notice in several key aspects, though both deal with personal data handling. Understanding these differences helps ensure compliance with Hong Kong's Personal Data (Privacy) Ordinance.

• Scope and Purpose: Privacy Notices provide a broad overview of all data handling practices, while Data Processing Notices focus specifically on how data is processed for particular activities or projects.
• Timing of Use: Privacy Notices are ongoing documents displayed publicly, whereas Data Processing Notices are typically issued for specific processing activities or when engaging new data processors.
• Legal Requirements: Privacy Notices must cover all six data protection principles under Hong Kong law, while Data Processing Notices primarily address the first principle of lawful and fair processing.
• Audience Focus: Privacy Notices target the general public and all data subjects, while Data Processing Notices are often directed at specific groups or business partners.