Statement of Policy
Hong Kong Sheng Kung Hui Welfare Council Limited (“Welfare Council”) respects personal data privacy and is committed to fully implementing and complying with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance (“Ordinance”) so as to ensure the privacy, confidentiality and safety of the personal data held by us. We are also committed to ensuring that our employees and agents adhere to these responsibilities.
When we collect personal data from individuals, we will provide them with a Personal Information Collection Statement on or before the collection in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data, or in a notice posted up at the reception area of Welfare Council service units).
Statement of Practice
Kinds of Personal Data Held
Four broad categories of personal data are held by the Welfare Council. They are personal data contained in:
Service records, which include information supplied by service users and data transferred from other organisations;
Personnel records, which include job application forms and Welfare Council staff personal details, job particulars, details of salary, payments, benefits, leave and training records, group medical and insurance records, mandatory provident fund schemes participation, performance appraisals and disciplinary matters;
Other records, which include administration and operational files, personal data provided to the Welfare Council from participants and volunteers participating in Welfare Council’s activities, payment records, online meetings records, records relating to educational and training activities organised by the Welfare Council, compliance check records, donation records and enquiries from the public;
Records collected on webservers, which include email addresses (whereas they constitute personal data under specific circumstances that the addresses can be used to identify an individual) collected for newsletter subscription (if applicable).
Main Purposes of Keeping Personal Data
Personal data are held for the following purposes:
Service records are kept for making appropriate arrangements and follow-up work according to the situation of service users, including adjusting the mode and frequency of services, and making referrals where appropriate.
Personnel records of employees are kept for recruitment and human resource management purposes, relating to matters such as employees’ appointment, employment benefits, termination, performance appraisal and discipline.
Other records are kept for various purposes which vary according to the nature of the record, such as administration of office functions and activities, seeking advice on policy or operational matters, organising and delivering promotional, educational and training activities, acquisition of services, handling of compliance checks and enquiries from the public.
Records collected on webservers are kept for the purpose of sending newsletters to subscribers registered through the websites (if applicable).
Information Collected When You Visit Our Websites
Statistics on visitors to our websites: When you visit our websites, we will record your visit only as a “hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/duration and the pages visited (webserver access log).
We use the webserver access log for the purpose of maintaining and improving our websites such as to determine the optimal screen resolution and which pages have been most frequently visited. We use such data only for website enhancement and optimisation purposes.
We do not use, and have no intention to use the visitor data to personally identify anyone.
The Welfare Council’s internal IT systems are developed and maintained by our in-house staff and third-party service provider. The third-party service provider does not have access to personal data stored in the IT system except when it is carrying out trouble-shooting on it at Welfare Council under the supervision of Welfare Council staff.
The Welfare Council websites are developed and maintained by third-party service providers. All Welfare Council service providers are bound by contractual duty to keep confidential any data they come into contact with against unauthorised access, use and retention.
The Welfare Council takes appropriate steps to protect the personal data we hold against loss, unauthorised access, use, modification or disclosure.
The Welfare Council maintains and executes retention policies of records containing personal data to ensure personal data is not kept longer than is necessary for the fulfilment of the purpose for which the data is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by the Welfare Council in accordance with internal policies.
Disclosure of Personal Data
The personal data collected for service purposes is used only for purposes directly related to the discharge of our functions, service and activities. In so doing, such personal data may be transferred to parties who will be contacted by us during the handling of the case, including government departments, institutions and/or other relevant persons authorised or having statutory power to receive relevant information.
Data Access and Correction
You should make your data access request by completing the Data Access Request Form and sending the completed Form directly to our Resources Development Department by fax at 2523 4921, by email at email@example.com, in person or by post to 12/F, 112 Kennedy Road, Wanchai, Hong Kong.
When handling a data access or correction request, the Welfare Council will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request. A fee is chargeable by the Welfare Council for complying with a data access request. Please note that the Welfare Council shall or may refuse to comply with a data access request in the circumstances specified in section 20 of the Ordinance. A Data Protection Log Book is maintained as required under section 27 of the Ordinance.
[This statement was last updated in July 2021.]