私隱政策
政策聲明
香港聖公會麥理浩夫人中心(下稱「本機構」)尊重個人資料私隱,並致力執行及遵守保障資料原則,以及《個人資料(私隱)條例》(「條例」)的各項有關規定,保障我們所持有的個人資料的私隱、保密性及安全。我們同樣承諾致力確保我們的僱員及代理人堅守這些責任。
我們向個別人士收集個人資料前會以適當的形式及方法向他們提供《收集個人資料聲明》(例如在收集個人資料的表格或網頁上提供聲明,或在本機構各單位之接待處張貼相關告示)。閣下如未滿18歲,在向本機構提供閣下的個人資料前應取得閣下父母或監護人的同意。
實務聲明
本機構持有的個人資料類別
本機構持有的個人資料大致分為四大類,分別記載在下列記錄內:
服務紀錄:當中包括服務使用者提供的資料,以及由其他機構轉介的資料;
人事紀錄:當中包括職位申請表、受僱職員的個人資料、工作詳情、薪金資料、付款紀錄、福利、放假及培訓紀錄、團體醫療及保險紀錄、強積金供款、工作表現評估及紀律事宜等;
其他紀錄:當中包括行政及運作方面的檔案、參加者及義工因參與本機構舉辦的活動而提供的個人資料、繳費記錄、參與視像會議、本機構舉辦的教育及培訓活動紀錄、循規查察紀錄、捐款紀錄及公眾查詢等;
網站伺服器所收集的紀錄:當中包括為處理訂閱通訊(如適用)而收集的電郵地址(在特定情況下可用來識別個人人士,因而個别資料可能構成個人資料)。
保存個人資料的主要目的
保存下列紀錄內的個人資料的目的為:
服務紀錄:保存資料的目的是要按服務使用者的情況作出合適安排及採取跟進工作,包括為調整服務形式、次數,以及在適當情況下作出轉介;
人事紀錄:保存僱員人事資料的目的,是要作招聘及人力資源管理用途,例如有關僱員的聘任、福利、解僱、工作表現評估、紀律等事宜;
其他紀錄:保存這些紀錄的目的各有不同,須視乎紀錄的性質而定,例如關於本機構的職能及活動方面的行政工作、就政策或運作事宜尋求意見、舉辦推廣、教育及培訓活動、獲取服務、處理循規查察及公眾查詢等;
網站伺服器所收集的紀錄:保存這些紀錄是向透過網站進行登記的訂閱戶發送通訊(如適用)。
如需要使用閣下的個人資料於新的目的(即除上述目的(或任何其他直接相關目的)),本機構會先獲得閣下同意。
瀏覽本機構網站時被收集的資料
關於使用cookies檔案(如適用):當你瀏覽本網站時,一些cookies檔案將會儲存於你電腦的瀏覽器內,以便記錄你已選擇的字體大小,及進行網上表格的安全檢查(即輸入螢幕顯示的驗證碼測試)。你可以選擇不接受cookies檔案;但你若不接受的話,網站便可能無法自動顯示你已選擇的字體大小,你亦有可能無法遞交任何網上表格。本網站並非透過cookies檔案收集你的個人資料。
到訪本機構網站的訪客統計數字(如適用):當你瀏覽本網站時,我們會紀錄到訪的人次。網站伺服器亦會紀錄你的到訪資料,包括你的IP地址(及域名)、瀏覽器類別及設置、語言設定、地理位置、操作系統、之前瀏覽網站,以及瀏覽時間/期間及網頁(網站伺服器訪客紀錄)。
我們使用這些網站伺服器訪客紀錄作維持及改善網站運作,例如判斷最佳網站解像度、得知最多人瀏覽的網頁等。這些資料只用於提升及優化網站用途。
我們不會並無意使用到訪人士的資料作識辨身份的用途。
外判安排
本機構的內部資訊科技系統是由內部職員及第三方服務供應商開發及維修的。該第三方服務供應商不能讀取該資訊科技系統內的個人資料,但在本機構職員監督下於本機構進行故障檢修時則除外。
本機構網站是由第三方服務供應商開發及維修的。本機構的所有服務供應商均受合約約束,須將接觸到的任何資料保密,以保障資料免受未經准許的查閱、使用及保留。
保障措施
本機構採取適當步驟以保障所持有的個人資料免受遺失、未經准許的查閱、使用、修改或披露。
保留資料
本機構維持及執行載有個人資料的紀錄的保留政策,以確保個人資料的保存時間不會超過將其保存以貫徹該資料被使用於或會被使用於的目的而所需的時間。根據本機構內部政策,本機構所收集及持有的各類個人資料是有不同的保留時間。
披露個人資料
本機構為服務而收集的個人資料只會用於與本機構履行相關職能、服務和活動直接有關的目的。因此,有關個人資料可能會轉移予本機構因處理個案而接觸的人士或機構,包括獲授權或有法定權力收取有關資料的政府部門、機構及/或其他有關人士。
查閱及改正資料
如要向本機構提出查閱資料要求,請填妥查閱資料要求表格,然後以傳真(2481 5671)、電郵(skhlmcad@skhmaclehose.org.hk)、親自遞交或郵寄(新界葵涌和宜合道22號301室)方式送交本機構的行政部。
本機構在處理查閱或改正資料要求時,會查核提出要求者的身份,以確保他/她在法律上有權作出這項要求。本機構可就查閱資料要求而收取費用。請注意,本機構須在或可在條例第20條指明的情況下拒絕依從查閱資料要求。本機構會按條例第27條保存《保障資料紀錄簿》。
查詢
任何有關個人資料私隱政策及實務的查詢可透過上述通訊地址、電郵(skhlmcad@skhmaclehose.org.hk)或於辦公時間致電2423 5265向本機構的行政部提出。
【本《私隱政策》的最近更新日期為2022年8月。】
Privacy Policy Statement
Statement of Policy
H.K.S.K.H. Lady MacLehose Centre (“The Organization”) respects personal data privacy and is committed to fully implementing and complying with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance (“Ordinance”) so as to ensure the privacy, confidentiality and safety of the personal data held by us. We are also committed to ensuring that our employees and agents adhere to these responsibilities.
When we collect personal data from individuals, we will provide them with a Personal Information Collection Statement on or before the collection in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data, or in a notice posted up at the reception area of The Organization service units). If you are under the age of 18, you should obtain consent from your parent or guardian before providing the Organization with your data.
Statement of Practice
Kinds of Personal Data Held
Four broad categories of personal data are held by The Organization. They are personal data contained in:
Service records, which include information supplied by service users and data transferred from other organisations;
Personnel records, which include job application forms and The Organization staff personal details, job particulars, details of salary, payments, benefits, leave and training records, group medical and insurance records, mandatory provident fund schemes participation, performance appraisals and disciplinary matters;
Other records, which include administration and operational files, personal data provided to The Organization from participants and volunteers participating in The Organization’s activities, payment records, online meetings records, records relating to educational and training activities organised by The Organization, compliance check records, donation records and enquiries from the public;
Records collected on webservers, which include email addresses (whereas they constitute personal data under specific circumstances that the addresses can be used to identify an individual) collected for newsletter subscription (if applicable).
Main Purposes of Keeping Personal Data
Personal data are held for the following purposes:
Service records are kept for making appropriate arrangements and follow-up work according to the situation of service users, including adjusting the mode and frequency of services, and making referrals where appropriate.
Personnel records of employees are kept for recruitment and human resource management purposes, relating to matters such as employees’ appointment, employment benefits, termination, performance appraisal and discipline.
Other records are kept for various purposes which vary according to the nature of the record, such as administration of office functions and activities, seeking advice on policy or operational matters, organising and delivering promotional, educational and training activities, acquisition of services, handling of compliance checks and enquiries from the public.
Records collected on webservers are kept for the purpose of sending newsletters to subscribers registered through the websites (if applicable).
If the Organization wishes to use your personal data for a new purpose (other than the purposes (or any directly related purpose) outlined above), the Organization will obtain your consent in advance.
Information Collected When You Visit Our Websites
Use of cookies (if applicable): When you browse this website, cookies will be stored in your computer's browser. The purposes of using cookies in this site are to remember the different font size you have chosen in the site and also to facilitate the security checking (the test that asks you to enter the validation code displayed on screen) in online forms. You have a choice not to accept the cookies. If you do not accept the cookie, the site may not be able to remember the font size you have chosen and you may not be able to make any online submission. This website does not use cookies to collect your personal data.
Statistics on visitors to our websites (if applicable): When you visit our websites, we will record your visit only as a “hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/duration and the pages visited (webserver access log).
We use the webserver access log for the purpose of maintaining and improving our websites such as to determine the optimal screen resolution and which pages have been most frequently visited. We use such data only for website enhancement and optimisation purposes.
We do not use, and have no intention to use the visitor data to personally identify anyone.
Outsourcing Arrangements
The Organization’s internal IT systems are developed and maintained by our in-house staff and third-party service provider. The third-party service provider does not have access to personal data stored in the IT system except when it is carrying out trouble-shooting on it at The Organization under the supervision of The Organization staff.
The Organization websites are developed and maintained by third-party service providers. All The Organization service providers are bound by contractual duty to keep confidential any data they come into contact with against unauthorised access, use and retention.
Protection Measures
The Organization takes appropriate steps to protect the personal data we hold against loss, unauthorised access, use, modification or disclosure.
Retention
The Organization maintains and executes retention policies of records containing personal data to ensure personal data is not kept longer than is necessary for the fulfilment of the purpose for which the data is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by The Organization in accordance with internal policies.
Disclosure of Personal Data
The personal data collected for service purposes is used only for purposes directly related to the discharge of our functions, service and activities. In so doing, such personal data may be transferred to parties who will be contacted by us during the handling of the case, including government departments, institutions and/or other relevant persons authorised or having statutory power to receive relevant information.
Data Access and Correction
You should make your data access request by completing the Data Access Request Form and sending the completed Form directly to our Administrative Unit by fax at 2481 5671, by email at skhlmcad@skhmaclehose.org.hk, in person or by post to Room 301, 22 Wo Yi Hop Road, Kwai Chung, N.T..
When handling a data access or correction request, The Organization will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request. A fee is chargeable by The Organization for complying with a data access request. Please note that The Organization shall or may refuse to comply with a data access request in the circumstances specified in section 20 of the Ordinance. A Data Protection Log Book is maintained as required under section 27 of the Ordinance.
Enquiries
Any enquiries regarding personal data privacy policy and practice may be addressed to our Administrative Unit at the above correspondence address, via email at skhlmcad@skhmaclehose.org.hk or on telephone number 2423 5265 during office hours.
[This Statement was last updated in August 2022.]