1. Policy Statement
1.1 Beaufort Marine is bound by the Hong Kong Personal Data (Privacy) Ordinance. This protects personal data and places restrictions on an organisation’s ability to disclose personal data within Hong Kong and overseas. Personal data is information relating to an individual from which they can be identified, e.g. name, address, ID card number.
1.2 Beaufort Marine staff will often be entrusted with personal information given to them in confidence by an individual using Beaufort Marine services. Anyone working for Beaufort Marine has a duty to treat that information with respect, to protect the confidentiality of personal information and to process that information fairly.
2. Data Protection Act
2.1 The Data Protection Act regulates when and how an individual’s ‘personal data’ may be obtained, held, used, disclosed and generally processed. It applies to computerised processing of personal data and paper based files and records held in a relevant filing system.
2.2 To comply with the law, information must be collected and used fairly, stored securely and not disclosed to any other person unlawfully. To do this, Beaufort Marine staff must comply with the Data Protection Principles, which are set out in the Personal Data (Privacy) Ordinance. In summary, these state that personal data shall be:
- personal data shall be collected for a purpose directly related to a function and activity of the data user; lawful and fair collection of adequate data; data subjects shall be informed of the purpose for which the data are collected and to be used.
- all practicable steps shall be taken to ensure the accuracy of personal data; data shall be deleted upon fulfillment of the purpose for which the data are used.
- unless the data subject has given prior consent, personal data shall be used for the purpose for which they were originally collected or a directly related purpose.
- all practicable steps shall be taken to ensure that personal data are protected against unauthorized or accidental access, processing or erasure.
- formulates and provides policies and practices in relation to personal data.
- individuals have rights of access to and correction of their personal data. Data users should comply with data access or data correction request within the time limit, unless reasons for rejection prescribed in the Ordinance are applicable.
3. Requests by Data Subjects for Access to Data Held
3.1 If an individual wishes to see any personal information about them held by Beaufort Marine this can be shown to him or her and a copy made if one is requested. S/he is entitled to see a description of the personal data; the purposes for which they are being processed; and the disclosees, or potential disclosees, of the personal data. To ensure that the request is a genuine one, a request email or form should be sent to the person to complete. If a third party is acting on behalf of the individual, proof of the third party’s identity and the individual’s authority to disclose their information to their representative, must be obtained in writing. All requests must be responded to within 20 working days.
4. Breaking Confidentiality
Confidentiality may be broken in the following circumstances:
- Where the person from whom the information was obtained, and (if different) the person to whom it relates, consents
- Where the information is already available to the public from other sources
- Where the information is in the form of a summary or collection of information so framed that it is not possible to ascertain from it information relating to any particular person
- To prevent a serious criminal act, especially where others may be endangered, for example an act of terrorism
5. Publication of this Policy
5.1 This policy will be published on the Beaufort Marine website, www.beaufortmarine.asia