The Innovation and Technology Commission is committed to ensuring that all personal data are handled in accordance with the provisions of the Personal Data (Privacy) Ordinance. The Commission sets procedures to ensure good practices within the Commission on the acquisition, collection, recording, storage, disclosure, correction, erasure and communication of personal data kept by the Commission on its employees and members of the public. The Commission’s policy and general practices are summarised as follows:
- to collect adequate, but not excessive, personal data by lawful and fair means only for lawful purposes directly related to the functions or activities of this Commission;
- to take all reasonably practicable steps to ensure that the personal data collected or retained are accurate, having regard to the purposes for which they are to be used;
- to take all reasonably practicable steps to ensure that a person can be informed of the kinds of personal data that the Commission holds, the purposes for which the data are to be used, whether the person is obliged to supply the data, and the consequences of not supplying the data.
- to erase personal data which are no longer necessary for the purposes for which they are to be used;
- to use the personal data collected only for purposes or directly related purposes for which the data were to be used at the time of collection, unless the individual concerned has given prior consent for a change of use or such use is permitted by law;
- to take all reasonably practicable steps to ensure that personal data held are protected against unauthorised or accidental access, processing, erasure or other use; and
- to allow persons to access and correct personal data of which they are the data subjects and process any such access/ correction requests in a manner permitted or required by law. Photocopies of the data requested will only be provided upon payment of charges. The requester will be advised in advance of the charges.