The Efficiency Unit (EU) sees the protection of personal data privacy as of vital importance in maintaining public trust in the public service. We are committed to implementing and complying with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance (Cap. 486) ("PD(P)O").
Kinds of Personal Data Held
EU holds the following five broad categories of personal data -
- Consultancy records, which include personal particulars of personnel of consultancy firms, records of company representatives of consultancy firms listed on the General Management Consultancy Portal (GMC) maintained by EU, and personal particulars of participants of user research for consultancy projects.
- Youth Portal (YP) records, which include email addresses of the subscribers of YP newsletter, and personal particulars of individuals and personnel employed by organisations who provide content input or participate in the surveys / events organized by YP.
- Social Innovation and Entrepreneurship Development Fund (SIE Fund) records, which include personal particulars of the Chairman and Members of the SIE Fund Task Force, as well as individuals and personnel employed by organisations who participate in the activities organized by the SIE Fund Secretariat, show interest or make enquiries, suggestions or complaints related to the fund.
- Employment-related records, which include job applications, employee personal particulars, education and qualifications, employment history, salary and allowances, terms and conditions of service, housing benefits, medical records, leave and passages, training, investments, outside employment, performance appraisals, promotion board assessments, conduct and discipline, and retirement and pension, etc.
- Other records, which include administration and operational files, minutes of meetings, quotations and prices of purchased stores and services, requests made under the Code on Access to Information and the Privacy Ordinance, and enquiries and complaints made to the Unit, through which the personal identity of individuals can be ascertained.
Main Purposes of keeping Personal Data
Personal data held in -
- Consultancy records are kept to assess the capability of consultancy firms and for the monitoring of consultants' performance, for registration of GMC firms to assist bureaux/departments in their procurement of management consultancy services, and for analyzing behaviours and preferences of public service users in research projects;
- YP records are kept for issue of YP newsletter and communication purpose;
- SIE Fund records are kept for communication, promotion and publicity, and handling of enquiries, suggestions or complaints;
- Employment-related records are kept for recruitment and human resource management purposes, relating to such matters as employees' appointment, employment benefits, termination, performance appraisal and discipline, etc.
- Other records that are kept for various purposes, which vary according to the nature of the record, such as administration of the office functions and activities, seeking advice on policy or operational matters, procurement of stores and equipment, acquisition of services, handling of enquiries or complaints and which contain personal identifiers.
Information collected when you visit our websites
The Government will record visits to our websites without collecting any personal identifiable information of users. Such general statistics are collected for the compilation of statistical reports and the diagnosis of problems with or concerning computer systems to help the Government improve our websites.
Search service on our websites is provided by an independent contractor of the Government. We are advised by the independent contractor that it does not collect personal identifiable information while serving search results through our websites. The independent contractor will share the anonymous data it collects through the search service with the Government for compiling traffic analysis on government websites. The Government will not match the data obtained from any such search activity with any personal data possibly held by the Government.
The Principal Executive Officer (EU) [PEO(EU)] is the Data Protection Officer who is responsible for overseeing compliance with the Privacy Ordinance in EU.
Collection of Personal Data
When collecting personal data, EU will satisfy itself that the purposes for which the data is collected are lawful and directly related to a function or activity of EU; the means of collection are lawful and fair in the circumstances of the case; and the personal data collected is necessary and adequate, but not excessive, for the purpose(s) for which it is collected.
Accuracy and Retention of Personal Data
Practicable steps will be taken to ensure that personal data are accurate and up-to-date. Personal data will not be kept longer than is necessary for the fulfillment of the purpose (including any directly-related purpose) for which the data is or is to be used.
Use of Personal Data
All personal data collected will be used only for the purpose for which the data is collected or a directly related purpose that is made known to the data subject before the data is provided. In so doing, the personal data collected may be transferred to parties who will be contacted by us during the handling of the case.
Practical steps are taken to ensure that personal data are protected against unauthorized or accidental access, processing, erasure, loss or use.
Transparency of policy
A mechanism is set up for incident reporting and breach handling in case there is loss or leak of personal data, or there is a reason to believe that such data has been compromised. In the event of a suspected breach, the data subject concerned can write to the Data Protection Officer (contact details at below) to provide the relevant details for investigation.
Ongoing Review and Monitoring
Data Access and Correction Requests
Any request for access to personal data and correction should be made by completing the Data Access Request Form (OPS003) specified by the Office of the Privacy Commissioner for Personal Data and sending the completed Form to the Data Protection Officer by fax (fax number 2524 7267), by email (email@example.com), or by mail to the following address -
Data Protection Officer [PEO(EU)]
41/F, Revenue Tower, 5 Gloucester Road
Wanchai, Hong Kong
When handling a data access or correction request, we will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request.
A charge will be imposed to cover the cost of photocopying personal data to be supplied in response to data access requests at the current standard charges or as otherwise provided for or approved by the Secretary for Financial Services and the Treasury.