1. Introduction

This Data Protection Policy outlines The Hong Kong Management Association's commitment to protecting personal data in compliance with the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong. This policy applies to all employees, contractors, and third parties who handle personal data on behalf of The Hong Kong Management Association.

2. Scope

This policy covers all personal data processed by The Hong Kong Management Association, including data related to employees, customers, suppliers, and other stakeholders.

3. Data Protection Principles

The Hong Kong Management Association adheres to the six Data Protection Principles (DPPs) as outlined in the PDPO:

• DPP1 - Purpose and Manner of Collection: Personal data is collected for lawful purposes directly related to our functions and activities. Data subjects are informed of the purpose and use of their data at the time of collection.
• DPP2 - Accuracy and Retention: Personal data is kept accurate, up-to-date, and only for as long as necessary to fulfill the purpose for which it was collected.
• DPP3 - Use of Personal Data: Personal data is used only for the purposes for which it was collected or for a directly related purpose, unless the data subject consents otherwise.
• DPP4 - Data Security: Appropriate security measures are implemented to protect personal data against unauthorized or accidental access, processing, erasure, loss, or use.
• DPP5 - Openness: The Hong Kong Management Association maintains transparency about its data protection policies and practices.
• DPP6 - Access and Correction: Data subjects have the right to access and correct their personal data held by The Hong Kong Management Association.

4. Roles and Responsibilities

• Data Protection Officer (DPO): The DPO is responsible for overseeing data protection strategy and implementation to ensure compliance with PDPO requirements.
• Employees: All employees are responsible for adhering to this policy and attending regular training on data protection practices.

5. Data Subject Rights

The Hong Kong Management Association respects and upholds the rights of data subjects, including the right to:

• Access their personal data.
• Request correction of inaccurate data.
• Object to the use of their data for direct marketing purposes.
• Withdraw consent for data processing.

6. Data Security Measures

• Technical Measures: Use of encryption, secure servers, and access controls.
• Organizational Measures: Regular training for employees, data protection audits, and incident response plans.

7. Data Breach Response

In the event of a data breach, The Hong Kong Management Association will:

• Notify the affected individuals and the Privacy Commissioner for Personal Data (PCPD) as required.
• Take immediate steps to mitigate the breach and prevent future occurrences.

8. Compliance and Monitoring

• Regular audits and reviews of data protection practices.
• Continuous improvement of data protection measures based on audit findings and regulatory updates.

9. Policy Review

This policy will be reviewed annually or as required to ensure ongoing compliance with the PDPO and other relevant regulations.

10. Contact Information

For any questions or concerns regarding this policy, please contact our Data Protection Officer at it@hkma.org.hk.