Practice Circular on Protection of Personal Data - Questions and Answers (Q&As)

Similar documents
Practice Circular on Sale of Uncompleted Properties Situated Outside Hong Kong. Questions and Answers (Q&As)

Legal assistance for civil claims under the Personal Data (Privacy) Ordinance

Proper Handling of Data Correction Request by Data Users 1

Trustee Licensing Act 1994 [50 MIRC Ch 3]

CODE OF PRACTICE FOR RELEASE OF INFORMATION

Report Published under Section 48(2) of the Personal Data (Privacy) Ordinance (Cap. 486)

HONG KONG DEALER ELECTRONIC SERVICE AGREEMENT

Financial Dispute Resolution Service (FDRS)

Lex Mundi Data Privacy Guide: Focus on the Asia/Pacific Region

Asian Privacy Certification

REQUISITIONS EXPLANATORY MEMORANDUM

TELECOMMUNICATIONS ORDINANCE (Chapter 106) SERVICES-BASED OPERATOR LICENCE. [Name of Licensee]...

Estate Agents Authority

SCHEDULE. Corporate Practices (Model Articles of Association)

PROPERTY MARKET ANALYSIS LLP CONDITIONS OF SUPPLY

THIS DOCUMENT CONTAINS THE INDICATIVE TERMS AND CONDITIONS FOR THE WORKREADY HEAD AGREEMENT

Privacy policy. 1.1 We are committed to safeguarding the privacy of our website visitors.

CONTROL OF HOUSING AND WORK (JERSEY) LAW 2012

RESOLUTIONS FOR COMPANY

APPLICATION FOR THE SUPPLY OF UTILITIES (WATER, ELECTRICITY & GAS)

Remote Support Terms of Service Agreement Version 1.0 / Revised March 29, 2013

Tribunals and Specialised Court

SCHEDULE. Corporate Practices (Model Memorandum and Articles of Association)

1. This is the Country Addendum (Vietnam) to the UOB Business Internet Banking Service Agreement (the Agreement ).

March 2016 INVESTOR TERMS OF SERVICE

DISTRIBUTION TERMS. In Relation To Structured Products

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS

THE MEDICAL COUNCIL OF HONG KONG

the Notices section below.

AIA Australia Limited

Commercial Agents and Private Inquiry Agents Act 2004 No 70

Official Information Act 1997

Association of Local Landlords (Wessex)

The Bulk Sales Act. being. Chapter B-9 of The Revised Statutes of Saskatchewan, 1978 (effective February 26, 1979).

Please contact the UOB Call Centre at (toll free if calls are made from within Singapore) if you need any assistance.

ELECTRONIC TRANSACTIONS (AMENDMENT) ORDINANCE 2004

SECURITIES AND FUTURES (STOCK MARKET LISTING) RULES (NO. 5 OF 2002, SECTION 36(1)) ARRANGEMENT OF SECTIONS PART I PRELIMINARY. 1. Commencement...

Complaints, Comments & Compliments Policy

SENI JAYA CORPORATION BERHAD (Company No X) (Incorporated in Malaysia)

guide to legal services Revised 2015

DATA PROTECTION LAWS OF THE WORLD. South Korea

Rent (Scotland) Act 1984

Access to Personal Information Procedure

TERMS AND CONDITIONS OF SALE

COMMON TERMS AND CONDITIONS FOR CASH MANAGEMENT PRODUCTS & SERVICES

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight

TELECOMMUNICATIONS ORDINANCE (Chapter 106) WIRELESS INTERNET OF THINGS LICENCE. [Company Name]... [Address]

End User Licence Agreement

AGREEMENT BETWEEN THE GOVERNMENT OF AUSTRALIA AND THE GOVERNMENT OF ANGUILLA THE EXCHANGE OF INFORMATION WITH RESPECT TO TAXES

YuanShengTai Dairy Farm Limited. Terms of reference of the Audit Committee of the Board of Directors

Resolutions and Meetings

SECURITY SERVICES AND INVESTIGATORS ACT

Board Standing Orders Revised version December 2013

In this agreement, the following words and phrases shall have the following meanings unless the context otherwise requires:

Assembly Bill No. 262 Assemblyman Carrillo

CHAPTER 33:04 SECTIONAL TITLES

CHAPTER 33:04 SECTIONAL TITLES ARRANGEMENT OF SECTIONS

Update No (Issued 14 December 2018) Document Reference and Title Instructions Explanations. revised page i.

Whereas it is acknowledged that the Contracting Parties are competent to negotiate and conclude a tax information exchange agreement;

CONFLICTS OF INTEREST ACT

PeachCourt Document Access User Agreement Terms of Use

ARRANGEMENT OF SECTIONS

askmid User Agreement

STANDARD TERMS AND CONDITIONS OF MAYBANK COE OPEN BIDDING SERVICE

(company number 2065) - and - (company number SC )

PLEASE READ CAREFULLY BEFORE AGREEING TO THE TERMS AND CONDITIONS

Terms of Service Overview

APPENDIX. 1. The Equipment Interference Regime which is relevant to the activities of GCHQ principally derives from the following statutes:

THE FREEDOM OF INFORMATION ACT, Arrangement of Sections PART I PRELIMINARY

UNMIK REGULATION NO. 2004/2 ON THE DETERRENCE OF MONEY LAUNDERING AND RELATED CRIMINAL OFFENCES

CHAPTER 75:01 CO-OPERATIVE FINANCIAL INSTITUTIONS ACT ARRANGEMENT OF SECTIONS PART I PART II

PREVENTION OF TERRORISM ACT

Oasys Software Licence and Support Agreement

ALUMINIUM COMPANY OF MALAYSIA BERHAD Terms of Reference of the Audit Committee

BELIZE LIMITED LIABILITY PARTNERSHIP ACT CHAPTER 258 REVISED EDITION 2011 SHOWING THE SUBSTANTIVE LAWS AS AT 31 ST DECEMBER, 2011

PROSECUTION AND SANCTIONS

Exchange Control Act 1953

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

Development Financial Institutions (Amendment) 1 A BILL. i n t i t u l e d

The Bulk Sales Act. being. Chapter 237 of The Revised Statutes of Saskatchewan, 1930 (effective February 1, 1931).

DIRECTIVE 97/7/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 1997 on the protection of consumers in respect of distance contracts

AGREEMENT BETWEEN THE GOVERNMENT OF GREENLAND AND THE GOVERNMENT OF GRENADA CONCERNING INFORMATION ON TAX MATTERS

TERMS & CONDITIONS OF ACTIVATION CAMPAIGN INDIA

LME App Terms of Use [Google/ Android specific]

BYLAWS OF THE PRESERVE PROPERTY OWNERS ASSOCIATION, INC. an Alabama nonprofit corporation ARTICLE I THE ASSOCIATION

AnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users

Croydon Immigration and Asylum Support Service (IASS)

2 August Law of 2 August 2002 on the supervision of the financial sector and on financial services

Affiliate Partnership Terms & Conditions

LEGAL BRIEFING DEPRIVATION OF LIBERTY. June 2015

Conveyancers Licensing Act 2003 No 3

Number 36 of 2011 LOCAL GOVERNMENT (HOUSEHOLD CHARGE) ACT 2011 ARRANGEMENT OF SECTIONS. 3. Household charge on certain residential property.

Privacy in relation to VET Student Loans

EMPLOYEES HOUSING SCHEMES (SPECIAL PROVISIONS) ACT

HO HUP CONSTRUCTION COMPANY BERHAD (14034-W) AUDIT COMMITTEE TERMS OF REFERENCE

E-Channels Customer Master Agreement - HSBCnet (Business) Customer Details. Full Customer (Company) Name: Address: Emirate: Postal Code / PO Box:

1638 IDD SERVICE (T&C - I002)

Software Licence Terms

recommendation to buy any products or services featured and you should seek appropriate independent advice.

Transcription:

Practice Circular on Protection of Personal Data - Questions and Answers (Q&As) Notes: 1. All references to: (a) DPP shall mean the Data Protection Principles in Schedule 1 of the PDPO. (b) EAA shall mean the Estate Agents Authority. (c) PCPD shall mean the Office of the Privacy Commissioner for Personal Data, Hong Kong. (d) PDPO shall mean the Personal Data (Privacy) Ordinance. (e) Practice Circular shall mean Circular No. 13-05 issued by the EAA on Protection of Personal Data. (f) Practice Regulation shall mean the Estate Agents Practice (General Duties and Hong Kong Residential Properties) Regulation. 2. These Q&As are for general reference only. They do not constitute legal or professional advice. You should seek legal or professional advice as and when necessary, especially on the interpretation of legal provisions and specific advice on any individual case. While the EAA has used its best endeavours to ensure the accuracy of the information provided in these Q&As, no statement, representation, warranty or guarantee, express or implied, is given by the EAA as to the accuracy, or completeness of such information, or the appropriateness for its use in any particular circumstances. The EAA will not accept any liability or responsibility whatsoever for any loss or damage caused to any person howsoever arising from any use, misuse of, or reliance on the contents of these Q&As. 1

Direct marketing 1. Where a first-time marketing approach is made by telephone, when should I inform the customer that he has an opt-out choice? Should I inform the customer at the beginning or at the end of the marketing call? Section 35F of the PDPO requires that a data user must, when using the data subject s personal data for the first time in direct marketing, notify the data subject of his/her right to request the data user to cease to so use the data, without charge to the data subject. This obligation applies irrespective of whether the personal data is obtained directly from a data subject or from other sources. There is no requirement that a data user must inform the data subject of the opt-out choice at the beginning or at the end of the marketing call. However, as a matter of good practice, it is desirable for a data user to inform the data subject of the opt-out choice as soon as possible. 2

2. How frequent should I update the opt-out list of our company? The opt-out list should be updated regularly and estate agents should disseminate the updated list to all of its relevant department/branches in a timely manner. According to the New Guidance on Direct Marketing issued by the PCPD, where the list is maintained via an online computer network, individual marketing staff connected to the network have to input new opt-out requests as and when they are received. If the list is distributed other than by a computer network, it is recommended that marketing staff members are notified of the updates at a frequency of no less than once per week. Where the data user conducts its business through branch offices, each branch office has to maintain its own opt-out list of customers who have informed the branch office that they do not wish to receive further direct marketing approach. The head office has to coordinate the updating of a consolidated opt-out list by collecting the opt-out information supplied by all branch offices concerned and informing them on a continuous basis the updated position. 3

3. Will I breach the PDPO if I use personal data of property owners obtained from land search records of the Land Registry for direct marketing activities? Please refer to paragraph 11 of the Practice Circular. The land register contains the following statement: The land records are kept and made available to members of the public to prevent secret and fraudulent conveyances, and to provide means whereby the titles to real and immovable property may be easily traced and ascertained. The information contained in the land records shall not be used for purposes that are not related to the purposes of the land records. The use of information provided is subject to the provisions in the Personal Data (Privacy) Ordinance. Licensees may breach the PDPO if they use personal data obtained from land search records beyond the specified purpose or against the specific prohibition e.g. direct marketing. Furthermore, data users may also breach Part VIA of the PDPO if they use the acquired personal data for direct marketing, without complying with the requirement on taking specified actions to notify and obtain consent from the data subjects. 4

4. If the personal data is collected from a third person, do I need to notify the data subject that I intend to use his/her personal data for direct marketing? Licensees should be reminded that the duty to inform the data subject of their intention to use the data subject s personal data in direct marketing is absolute and irrespective of whether the personal data is collected from data subjects directly or not, including personal data obtained from a partner, an associate or a subsidiary company in a cross-marketing scheme. If the licensee intends to use the data received from a third party for direct marketing, the licensee is still required to inform the data subject of the intention to use the data for direct marketing unless the third party has already taken such action and confirmed to the licensee that the data subject had consented to the use or provision for use of his/her personal data in direct marketing and that the products or services that the licensee intends to market fall within the class of marketing subject that the data subject had consented to. In a nutshell, the data user must be notified in writing by the third party from whom the data was transferred (transferor) the following: (a) (b) the transferor has given written notice to the data subject and obtained his/her written consent to the provision of personal data; and the use of the personal data is consistent with the consent obtained from the data subject. 5

Personal Information Collection Statement (PICS) & Privacy Policy Statement (PPS) 5. To comply with the DPP of the PDPO and the Practice Circular, do I have to provide a written PICS to customers and require them to sign on the PICS to acknowledge receipt of it? Can I post the PICS in the form of a notice at a conspicuous place in the shop instead? There is no provision in the PDPO stipulating the means through which a data subject is informed of the purpose of the collection of their personal data and the classes of transferees of the data etc. There is also no requirement in the Practice Circular that licensees must request customers to sign on the PICS to acknowledge receipt of it. However, DPP 1(3) (a) & (b) of the PDPO require a data user to take all practicable steps to ensure that the information is effectively communicated to the data subject and data users are recommended to comply with such requirement by providing a PICS in writing as this may help avoid unnecessary disputes between the data user and the data subject. Whether the posting of the PICS inside the shop will be considered as having complied with the PDPO will be considered in the light of all the relevant circumstances of each case. Relevant factors may include the size of the shop, the place that the PICS is posted, the size of words in the PICS and how the data subject s attention has been drawn to the PICS on or before the collection of his personal data etc. 6

6. Do we need to state in the PICS that our company will engage solicitor firms or debt collection companies to collect commission in arrears from customers? Can we still engage solicitor firms or debt collection companies to collect commission in arrears for us if we do not state so in the PICS? To comply with DPP 1(3)(b)(i)(B) of the PDPO, licensees should explicitly inform customers of the classes of persons to whom the data may be transferred and such potential arrangement when their personal data are collected. However, this requirement would not prejudice the rights of any person to engage solicitors or debt collection companies to enforce a contract on his behalf, if such arrangement is permitted by law. 7. Can we pre-print and include the PICS in the prescribed estate agency agreement forms and request customers to initial against it? Estate agency agreements (Forms 3 to 6 in the Schedule of the Practice Regulation) are forms prescribed under the Practice Regulation. The pre-printing of the PICS and its inclusion in the prescribed estate agency agreement forms may mislead the person signing the agreement that the PICS is part of the text of the estate agency agreement forms prescribed by the Practice Regulation. Hence, licensees should not pre-print and include the PICS in the prescribed estate agency agreement forms. 7

8. Do I need to provide a copy of the PPS and privacy practices to the customers if the PPS has been displayed on the company s website? DPP 5 of the PDPO requires that all practicable steps shall be taken to ensure that a person could, among other things, ascertain a data user s policies and practices in relation to personal data. While it is one of the feasible ways to display the PPS and privacy practices on the company s website, it is also good practice for licensees to display the PPS and privacy practices at their offices or provide a copy of the documents to customers to ensure they are aware of the relevant documents. 8

Handling/Retention of Personal Data 9. According to paragraph 16 of the Practice Circular, personal data collected should be erased after the fulfillment of the performance of the estate agency work for a data subject. Does it mean that all personal data in relation thereto must be erased on the completion date of a sale and purchase/lease transaction? Depending on the circumstances of the case, completion of a sale and purchase/lease transaction does not necessarily mean that the performance of the estate agency work for that data subject has also been fulfilled. Examples are the provision of follow-up services and/or property information and promotional materials to customers after completion of a transaction. For details, please refer to Question 10. In any case, if it is necessary for licensees to retain the personal data of an individual (after fulfillment of the performance of the estate agency work for that individual) pursuant to statutory requirements and applicable circulars issued by the EAA, such personal data need not be erased immediately upon fulfillment of the performance of the estate agency work. Licensees should also refer to paragraph 14 of the Practice Circular in this regard. 9

10. Can I retain the personal data of a customer for the purpose of providing follow-up services to him after completion of the relevant sale and purchase/lease transaction? According to section 26 of PDPO, the data user must take all practicable steps to erase the personal data held by it where the data is no longer required for the purpose (including any directly related purpose) for which the data was used unless any such erasure is prohibited under any law. DPP 2(2) also has a similar requirement. Subject to the customers agreement, licensees may retain the personal data of a customer for providing follow-up services and/or property information and promotional materials to him after completion of the relevant sale and purchase/lease transaction. Licensees should inform customers of such arrangement in advance, for example, by stating the same in the PICS, and the use of such personal data shall also be in compliance with the relevant requirements for direct marketing under the PDPO (if applicable). 10

11. What should I do if a landlord requests a copy of the tenant s identity card for record during the process of negotiating a tenancy agreement? May I disclose the client s personal data for work purpose? For example, may I disclose the occupation and contact number of the tenant upon the landlord s request? In general, no data user may compulsorily require an individual to furnish his identity card number or copy, unless authorized by law or permitted under the Code of Practice on the Identity Card Number and other Personal Identifiers issued by the PCPD. Licensees may encourage landlords and tenants to provide information to strengthen mutual trust by agreement but they should not collect tenants identity card copies on the landlord s behalf. Moreover, licensees should obtain an explicit consent from their clients (i.e. the data subject) before disclosing their personal data to other persons (for example, the landlord or another client). 11

12. May I use the personal data provided in Form 3 to 6 in the Schedules to the Practice Regulation to promote properties (including any properties) to clients? Licensees should collect personal data from a data subject only for a purpose necessary but not excessive for the performance of estate agency work for that data subject. On or before collecting personal data, such as for the signing of an estate agency agreement, licensees should provide to the data subject a PICS stating clearly the purpose of collecting the data, the classes of persons to whom the data may be transferred, and the consequences of failing to provide the data and right of access to the data. Moreover, if such property promotion involves direct marketing under PDPO, licensees should take certain specified actions to notify and obtain consent from the data subjects as stated in the PDPO. 24 July 2013 12

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback