Create a bespoke document in minutes, or upload and review your own.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Privacy Notice
I need a privacy notice for a mobile application that collects user data, including location and contact information, ensuring compliance with Hong Kong's Personal Data (Privacy) Ordinance. The notice should clearly explain data collection purposes, user consent, data retention policies, and third-party data sharing practices.
What is a Privacy Notice?
A Privacy Notice tells people how an organization collects, uses, and protects their personal data. Under Hong Kong's Personal Data (Privacy) Ordinance, businesses must be transparent about their data handling practices and inform individuals about their privacy rights.
This essential document explains key details like what information gets collected, how it's stored, who can access it, and when it might be shared with others. It also outlines how customers can view their data, request corrections, or file complaints - rights that Hong Kong law specifically protects. Most companies display their Privacy Notice on their website or share it when first collecting someone's information.
When should you use a Privacy Notice?
Use a Privacy Notice before you start collecting personal data from customers, employees, or website visitors in Hong Kong. This includes launching new products, opening accounts, hiring staff, or adding data collection features to your website. Under Hong Kong's privacy laws, you need to inform people about your data practices before gathering their information.
Major business changes also trigger the need to update your Privacy Notice - like expanding into new services, changing how you handle data, or working with different third-party providers. During mergers or acquisitions, reviewing and updating Privacy Notices helps ensure continuous compliance and maintains trust with your stakeholders.
What are the different types of Privacy Notice?
- Core Website Privacy Notice: Focuses on online data collection, cookie usage, and digital tracking methods - commonly used by e-commerce and digital service providers.
- Employee Privacy Notice: Details how organizations handle staff personal data, including recruitment information, payroll details, and workplace monitoring practices.
- Customer Service Privacy Notice: Explains data handling for physical stores, customer loyalty programs, and direct marketing activities.
- Mobile App Privacy Notice: Specifically addresses data collection through mobile applications, including device permissions and location tracking.
- Joint Data Processing Notice: Used when multiple organizations share responsibility for processing personal data in partnerships or shared services.
Who should typically use a Privacy Notice?
- Data Controllers: Companies, organizations, and government bodies that collect and process personal data must create and maintain Privacy Notices to comply with Hong Kong law.
- Legal Teams: In-house lawyers and external counsel draft and review Privacy Notices to ensure compliance with the Personal Data (Privacy) Ordinance.
- Privacy Officers: Dedicated data protection specialists oversee the implementation and updates of Privacy Notices.
- Website Operators: Technical teams implement Privacy Notices on digital platforms and manage cookie consent mechanisms.
- Data Subjects: Individuals whose personal data is collected have rights under the Privacy Notice and can exercise them through specified channels.
How do you write a Privacy Notice?
- Data Mapping: Document all personal data your organization collects, stores, and processes, including collection methods and purposes.
- Third-Party Relationships: List any external parties who receive or process data, including cloud services and marketing partners.
- Legal Requirements: Review Hong Kong's Personal Data (Privacy) Ordinance requirements and industry-specific regulations affecting your data handling.
- User Rights: Detail how individuals can access, correct, or delete their data, and your timeline for responding.
- Implementation Plan: Prepare your technical infrastructure and staff training for enforcing the privacy practices you'll describe.
What should be included in a Privacy Notice?
- Data Collection Statement: Clear explanation of what personal data you collect and how you obtain it.
- Purpose Declaration: Specific reasons for collecting each type of personal data.
- Data Storage Details: Information about where and how long you keep personal data.
- Third-Party Sharing: List of organizations you share data with and why.
- Data Subject Rights: How individuals can access, correct, or delete their data.
- Security Measures: Description of safeguards protecting personal information.
- Contact Information: Details for your Data Protection Officer or privacy team.
- Updates Process: How you'll notify users about policy changes.
What's the difference between a Privacy Notice and a Data Processing Notice?
A Privacy Notice differs significantly from a Data Processing Notice in several key aspects, though both deal with personal data handling. Understanding these differences helps ensure compliance with Hong Kong's Personal Data (Privacy) Ordinance.
- Scope and Purpose: Privacy Notices provide a broad overview of all data handling practices, while Data Processing Notices focus specifically on how data is processed for particular activities or projects.
- Timing of Use: Privacy Notices are ongoing documents displayed publicly, whereas Data Processing Notices are typically issued for specific processing activities or when engaging new data processors.
- Legal Requirements: Privacy Notices must cover all six data protection principles under Hong Kong law, while Data Processing Notices primarily address the first principle of lawful and fair processing.
- Audience Focus: Privacy Notices target the general public and all data subjects, while Data Processing Notices are often directed at specific groups or business partners.
Download our whitepaper on the future of AI in Legal
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.