Hong Kong Marriage and Family Therapy Association Limited (“HKMFTA”)
As of 2 June 2022
Policy, Practice & Personal Information Collection
We are committed to protecting the privacy, confidentiality, and security of the personal information we hold by complying with the requirements of Personal Data (Privacy) Ordinance, Chapter 486, Laws of Hong Kong (“Cap. 486) with respect to the management of personal information. This statement of practice sets out our practice and personal information collection statement. It applies to all personal data covered by Cap. 486 which we collect from individuals whether collected in paper format or through electronic means, or over the internet.
Kinds of Personal Data Held
Four broad categories of personal data are held by HKMFTA. They are personal data contained in:
Complaint and investigation records, which include records containing information supplied by data subjects and data users and collected in connection with complaints, investigations, and related activities under the Complaints& Disciplinary Rules of the HKMFTA.
Personnel records, which include membership applications and members personal details disclosed in the application and renewal of memberships, payment information when you pay for membership and services through our PayPal business account, etc.
Other records, which include administration and operational files, personal data provided to the HKMFTA from individuals for participating in promotional activities, records relating to educational and training activities organised by the HKMFTA, newsletters and social media subscriptions, etc.
Records collected on webservers, which include email addresses (whereas they constitute personal data under specific circumstances that the addresses can be used to identify an individual) collected while accessing websites and social media sites organized by the HKMFTA.
Main Purposes of Keeping Personal Data
Personal data held in:
Complaint and investigation records are kept for the purposes of responding to and taking follow-up action on complaints, including conciliation between the parties concerned, investigation, if appropriate, and any enforcement.
Personnel records of members and employees are kept for recruitment, membership and human resource management purposes relating to such matters as membership application and renewals, employees’ appointment, employment benefits, termination, performance appraisal and discipline, for payment of fees necessary for maintaining membership, or for educational or training events, etc.
Other records are kept for various purposes which vary according to the nature of the record, such as administration of office functions and activities, seeking advice on policy or operational matters, organising and delivering promotional, educational and training activities, acquisition of services, subscription of publications, handling of compliance checks, etc.
Records collected on webservers are kept for the purpose of maintaining HKMFTA’s websites and social media presence Such records include those collected by webservers for web traffic analysis, reporting and records.
Information collected when you visit our websites
Third-party electronic payment vendors: We use PayPal, a third-party electronic payment vendor to process payment card data and other personal data required to authenticate certain online payments when membership fees and events are paid by using credit or debit cards. Additionally, when a HKMFTA member or customer applies to utilize the payment services of our electronic payment vendor, we will share a summary of such customer’s transaction history, as well as certain customer personal data (e.g., name, credit/debit card used, etc.) with our electronic payment vendor, who may use the information for purposes of account verification and, where permissible, to market its payment processor services to our members and customers.
Governmental entities and third parties: We may disclose personal data about you to governmental entities, such as regulatory agencies, law enforcement and judicial authorities, including to meet national security or law enforcement requirements, as well as other third parties under any of the following conditions: (a) if we have your valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, search warrant, legal process or other legal obligation; (c) to enforce any of our terms and conditions or policies; (d) as necessary in the case of emergencies or internal security matters; or (e) as necessary to pursue available legal remedies or defend legal claims.
Cross-Border Transfers: Your personal data may be transferred and stored on servers of our third-party service providers outside of Hong Kong. The data protection and privacy laws of such foreign places may differ from the laws of Hong Kong
The HKMFTA maintains and executes retention policies of records containing personal data to ensure personal data is not kept longer than is necessary for the fulfilment of the purpose for which the data is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by the HKMFTA in accordance with legal requirements of Hong Kong.
We implement appropriate technical and organizational measures designed to assist in maintaining the security and confidentiality of personal data; safeguarding against anticipated threats to the confidentiality, integrity and availability of personal data; and protecting your personal data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access.
However, whenever personal data is processed, there is a risk that such data could be lost, misused, modified, hacked, breached, and/or otherwise accessed by an unauthorized third party. No system or online transmission of data is completely secure. You should use appropriate security measures to protect your personal data. If you believe that the personal data that you provided the HKMFTA is no longer secure, notify us immediately at [email protected]
Data access and correction
You should make your data access request by completing the Data Access Request Form prescribed by the Privacy Commissioner of Hong Kong (form 7) (OPS003) (This link will open in a new windowwww.pcpd.org.hk/english/resources_centre/publications/forms/files/Dforme.pdf) and sending the completed Form directly to the HKMFTA by email at [email protected].
Please note that the HKMFTA may refuse to comply with a data access request in the circumstances specified in section 20 of Cap.486. A reasonable fee is chargeable by the HKMFTA for complying with a data access request.