Privacy policy statement
The Legislative Council Commission ("the Commission") respects personal data and is committed to complying with the requirements of the Personal Data (Privacy) Ordinance ("PD(P)O") (Cap. 486).
Provision of personal data
You may be invited to provide personal data to the Commission on a voluntary basis. The Commission will through its executive arm, the Legislative Council Secretariat ("the Secretariat"), specify the collection purpose and intended usage of your data when it invites you to provide such information. Personal data are kept for the fulfillment of the purpose or its directly related purpose for which the data are used.
Disclosure of personal data
Unless permitted or required by law, the Commission will not disclose your personal data to any third parties without your prior consent.
Security of personal data
The Secretariat uses SSL protocol to encrypt personal data during network transmission to protect your data. All personal data provided to the Secretariat is secured, and access to them is restricted to authorized personnel only.
Kinds of personal data held
There are three broad categories of personal data held in the Secretariat in providing administrative and secretariat support to the Legislative Council ("Council") and its Members. They are personal data contained in:
- complaint records, which include records containing information provided by data subjects and data users, and collected in connection with complaints handling and related activities;
- personnel records, which include personal details, job particulars, details of salary, payments, benefits, performance and promotion appraisals, disciplinary matters, etc. of every person employed with the Commission; and
- other records, which include administration and operational files, personal data provided to the Commission or the Secretariat from individuals for participating in Council business, and the functions and activities of the Commission or the Secretariat.
Main purposes of keeping personal data
Personal data held in:
- complaint records are kept for the purposes of carrying out the constitutional and statutory functions of the Council, including the receiving and handling of complaints;
- personnel records of employees are kept for human resources management purposes, relating to matters such as employees' recruitment, appointment, benefits administration, compensation, termination, performance appraisal, and discipline etc.; and
- other records are kept for various purposes which may vary according to the nature of the record, such as administration of Council business, administration of office functions and activities, procurement of stores and equipment, acquisition of services, etc., participating in educational, promotional and training activities, handling of enquiries from the public, etc., and such records contain personal identifiers.
Retention
The personal data provided to the Commission or the Secretariat will be retained for no longer than is required to fulfill the purpose or any directly related purpose for which the personal data was to be used, subject to legal, statutory and regulatory requirements mandating the retention of data.
Right of access and correction
Under the PD(P)O, you are entitled to make a request for access to and correction of your personal data. Should you wish to access or correct your personal data held by the Commission or the Secretariat, please send your data access or correction request to the Personal Data Privacy Officer as follows –
- by post to the Personal Data Privacy Officer, The Legislative Council Secretariat, Legislative Council Complex, 1 Legislative Council Road, Central, Hong Kong; or
- by email (privacy@legco.gov.hk).
Practices
The Personal Data Privacy Officer is responsible for monitoring and supervising compliance with the PD(P)O within the Secretariat. The following are maintained to ensure compliance with the PD(P)O:
- Data Log Book, as provided in section 27 of the PD(P)O, be kept in respect of refusals of data access and/or data correction requests;
- Data Access Request Form for subject access requests of personal data held by the Commission or the Secretariat.
Use of cookies and server logs
The Secretariat will collect statistics about the users' preference of on-line services offered on the websites and the number of visits to the websites by using cookies and server logs without collecting any personal identifiable information of users.
Cookies
A cookie is a small amount of data created in a computer when a person visits a website on the computer. It often includes an anonymous unique identifier. A cookie can be used to identify a computer. It, however, is not used to collect any personal information. In other words, it does not have the function of identifying an individual user of the website.
Cookies are used by the Secretariat to collect statistics about the users' preference of on-line services offered on the websites.
You may choose to accept or reject cookies. If you reject the cookies, you will not be able to use some of the functions of the websites.
Server logs
When you visit our websites, your internet protocol address will be identified and logged automatically in our server log files, along with the browser type and the pages that you viewed. Server logs are used to compile statistics on the usage levels of our websites without collecting any personal identifiable information of users.
Fees
A fee of $1.2 per page is charged for the processing of data access requests.
Enquiries
Any enquiries on data protection issues should be addressed to the Personal Data Privacy Officer, whose address is set out above.