This Personal Data Collection Agreement is essential for any organization operating in Hong Kong that collects, processes, or manages personal data from individuals. The document is designed to comply with the Hong Kong Personal Data (Privacy) Ordinance (PDPO) and related regulations, providing a legal framework for data protection practices. It should be used whenever an organization begins collecting personal data from individuals, whether through digital platforms, physical forms, or other means. The agreement covers crucial aspects including purpose of collection, types of data collected, data processing methods, security measures, retention policies, and data subject rights. It's particularly important given Hong Kong's strict data protection regime and the significant penalties for non-compliance with privacy laws.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Key Requirements PROMPT example:
Personal Data Collection Agreement
"I need a Personal Data Collection Agreement for my Hong Kong-based e-commerce company that will collect customer data through our website and mobile app, with specific provisions for direct marketing and cross-border data transfers to our warehouses in mainland China."
1. Parties: Identification of the data user (collecting organization) and the data subject (individual whose data is being collected)
2. Background: Context of the data collection relationship and purpose of the agreement
3. Definitions: Key terms used in the agreement, including specific types of personal data, processing activities, and technical terms
4. Purpose of Collection: Clear statement of all purposes for which personal data will be collected and used
5. Types of Personal Data: Comprehensive list of personal data categories to be collected
6. Data Collection Methods: Description of how personal data will be collected (online forms, physical documents, etc.)
7. Use and Processing of Personal Data: Details of how the collected data will be used, processed, and stored
8. Data Retention: Period for which personal data will be retained and criteria for retention
9. Data Security Measures: Security measures implemented to protect personal data
10. Data Subject Rights: Rights of the data subject under PDPO, including access, correction, and deletion rights
11. Third Party Disclosure: Information about potential disclosure to third parties and circumstances of such disclosure
12. Governing Law and Jurisdiction: Specification of Hong Kong law and jurisdiction
1. Direct Marketing Consent: Specific section for obtaining consent for direct marketing activities, required if personal data will be used for direct marketing
2. Cross-border Data Transfer: Details of international data transfers, required if data will be transferred outside Hong Kong
3. Special Categories of Data: Additional provisions for sensitive personal data like health information or biometric data
4. Industry-Specific Provisions: Specific provisions required for regulated industries (e.g., financial services, healthcare)
5. Data Breach Notification: Procedures for handling and notifying data breaches
6. Automated Decision Making: Information about automated processing and profiling, if applicable
7. Cookie Policy Integration: Required if website cookies or similar technologies are used to collect data
1. Schedule 1: Types of Personal Data: Detailed categorization and examples of personal data to be collected
2. Schedule 2: Specific Purposes of Use: Comprehensive list of all specific purposes for which different types of personal data will be used
3. Schedule 3: Third Party Recipients: List of categories of third parties who may receive the personal data
4. Schedule 4: Technical and Security Measures: Detailed description of security measures and safeguards implemented
5. Schedule 5: Data Retention Schedule: Detailed retention periods for different categories of personal data
6. Appendix A: Data Subject Request Form: Standard form for data subjects to exercise their rights under the agreement
7. Appendix B: Consent Withdrawal Form: Standard form for withdrawing previously given consent
Authors
Relevant legal definitions
Agreement
Authorized Representative
Consent
Data Access Request
Data Breach
Data Collection
Data Controller
Data Processing
Data Processor
Data Protection Laws
Data Protection Officer
Data Security Measures
Data Subject
Data Subject Rights
Direct Marketing
Effective Date
Group Companies
Hong Kong
Incident
Law
Material Breach
Notice
Personal Data
PDPO
Privacy Commissioner
Privacy Impact Assessment
Processing Purposes
Regulatory Authority
Retention Period
Sensitive Personal Data
Services
Special Categories of Data
Sub-processor
Term
Third Party
Third Party Recipients
Transfer
Authorized Representative
Consent
Data Access Request
Data Breach
Data Collection
Data Controller
Data Processing
Data Processor
Data Protection Laws
Data Protection Officer
Data Security Measures
Data Subject
Data Subject Rights
Direct Marketing
Effective Date
Group Companies
Hong Kong
Incident
Law
Material Breach
Notice
Personal Data
PDPO
Privacy Commissioner
Privacy Impact Assessment
Processing Purposes
Regulatory Authority
Retention Period
Sensitive Personal Data
Services
Special Categories of Data
Sub-processor
Term
Third Party
Third Party Recipients
Transfer
Clauses
Interpretation
Definitions
Consent
Data Collection
Data Processing
Data Subject Rights
Data Security
Confidentiality
Direct Marketing
Cross-border Transfer
Third Party Disclosure
Data Retention
Breach Notification
Liability
Indemnification
Term and Termination
Governing Law
Dispute Resolution
Amendment
Severability
Assignment
Force Majeure
Notices
Entire Agreement
Data Protection Officer
Audit Rights
Compliance with Laws
Sub-processing
Data Breach Response
Withdrawal of Consent
Definitions
Consent
Data Collection
Data Processing
Data Subject Rights
Data Security
Confidentiality
Direct Marketing
Cross-border Transfer
Third Party Disclosure
Data Retention
Breach Notification
Liability
Indemnification
Term and Termination
Governing Law
Dispute Resolution
Amendment
Severability
Assignment
Force Majeure
Notices
Entire Agreement
Data Protection Officer
Audit Rights
Compliance with Laws
Sub-processing
Data Breach Response
Withdrawal of Consent
Relevant Industries
Financial Services
Healthcare
E-commerce
Technology
Education
Retail
Professional Services
Insurance
Telecommunications
Real Estate
Hospitality
Marketing and Advertising
Human Resources Services
Banking
Consulting
Relevant Teams
Legal
Compliance
Information Technology
Information Security
Risk Management
Human Resources
Marketing
Customer Service
Operations
Data Protection
Privacy
Digital
Corporate Governance
Business Development
Administrative
Relevant Roles
Privacy Officer
Data Protection Officer
Legal Counsel
Compliance Manager
IT Security Manager
Risk Manager
Operations Director
Chief Information Officer
Chief Technology Officer
Chief Privacy Officer
General Counsel
Company Secretary
HR Director
Marketing Director
Customer Service Manager
Find the exact document you need
Client NDA
Hong Kong-law governed non-disclosure agreement for protecting client confidential information in business relationships.
find out more
Extension Request Letter For Continuation Of Job
A formal letter requesting employment term extension under Hong Kong law, from employee to employer.
find out more
General Performance Evaluation Form
A Hong Kong-compliant performance evaluation form for structured employee assessment and feedback documentation.
find out more
Personal Data Collection Agreement
A Hong Kong law-governed agreement establishing terms for personal data collection and processing, ensuring compliance with the Personal Data (Privacy) Ordinance.
find out more
Personal Data Notice
A Hong Kong-compliant notice detailing an organization's personal data collection and processing practices under the Personal Data (Privacy) Ordinance.
find out more
Customer License Agreement
A Hong Kong law-governed agreement setting out terms for customer use of licensed products, software, or services.
find out more
Standard Non Disclosure Agreement
Hong Kong-law governed NDA for protecting confidential information exchange between parties.
find out more
Download our whitepaper on the future of AI in Legal
By providing your email address you are consenting to our Privacy Notice.
Genie’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; Genie’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our Trust Centre for more details and real-time security updates.
Read our Privacy Policy.