The Personal Data Notice is a crucial compliance document required under Hong Kong's Personal Data (Privacy) Ordinance (PDPO). It should be provided to data subjects at or before the time of data collection, explaining how their personal data will be handled. This document is essential for any organization operating in Hong Kong that collects, processes, or stores personal data. The notice must address the six data protection principles outlined in the PDPO, including purpose and manner of collection, accuracy and retention, use limitations, security measures, transparency requirements, and access rights. Organizations should regularly review and update their Personal Data Notice to reflect changes in their data handling practices or regulatory requirements.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Key Requirements PROMPT example:
Personal Data Notice
"I need a Personal Data Notice for my Hong Kong-based fintech startup launching in March 2025, which will collect and process customer financial data and biometric information for mobile payment services, including cross-border transactions with mainland China."
1. Introduction: Overview of the organization and purpose of the notice
2. Types of Personal Data Collected: Detailed list of personal data categories that are collected
3. Purpose of Collection: Specific purposes for which personal data is collected and used
4. Transfer and Disclosure of Personal Data: Information about how and to whom personal data may be transferred or disclosed
5. Data Security Measures: Description of measures taken to protect personal data
6. Retention Period: Information about how long personal data will be retained
7. Rights of Data Subjects: Explanation of rights under the PDPO including access and correction rights
8. Contact Information: Details of the data protection officer or responsible person for handling privacy-related queries
1. Direct Marketing: Required if personal data will be used for direct marketing purposes, including opt-in/opt-out procedures
2. Cross-border Transfer: Required if personal data will be transferred outside of Hong Kong
3. Cookies and Tracking Technologies: Required for online services that use cookies or similar technologies
4. Biometric Data Collection: Required if collecting biometric data such as fingerprints or facial recognition data
5. Children's Privacy: Required if services may involve collection of personal data from children
6. Automated Decision Making: Required if personal data is used in automated decision-making processes
1. Schedule 1: Categories of Personal Data: Detailed breakdown of all personal data categories collected
2. Schedule 2: Third Party Recipients: List of categories of third parties who may receive the personal data
3. Schedule 3: Specific Processing Activities: Detailed description of processing activities for different types of personal data
4. Appendix A: Data Subject Request Form: Standard form for data subjects to submit access or correction requests
5. Appendix B: Marketing Preferences Form: Optional form for recording marketing preferences and consent
Authors
Relevant legal definitions
Personal Data
Data Subject
Processing
Data User
Data Processor
Consent
Direct Marketing
PDPO
Privacy Commissioner
Sensitive Personal Data
Third Party
Cross-border Transfer
Data Access Request
Data Correction Request
Personal Data Collection Statement
Data Protection Principles
Hong Kong Identity Card
Opt-out
Retention Period
Automated Processing
Data Breach
Pseudonymization
Marketing Subject
Cookies
Log Data
Biometric Data
Data Subject
Processing
Data User
Data Processor
Consent
Direct Marketing
PDPO
Privacy Commissioner
Sensitive Personal Data
Third Party
Cross-border Transfer
Data Access Request
Data Correction Request
Personal Data Collection Statement
Data Protection Principles
Hong Kong Identity Card
Opt-out
Retention Period
Automated Processing
Data Breach
Pseudonymization
Marketing Subject
Cookies
Log Data
Biometric Data
Clauses
Data Collection
Purpose Limitation
Data Use
Data Storage
Data Security
Data Transfer
Data Subject Rights
Consent
Direct Marketing
Cross-border Transfer
Retention Period
Access and Correction
Breach Notification
Cookie Usage
Third Party Disclosure
Children's Privacy
Automated Processing
Marketing Communications
Data Protection Measures
Complaint Handling
Contact Information
Policy Updates
Purpose Limitation
Data Use
Data Storage
Data Security
Data Transfer
Data Subject Rights
Consent
Direct Marketing
Cross-border Transfer
Retention Period
Access and Correction
Breach Notification
Cookie Usage
Third Party Disclosure
Children's Privacy
Automated Processing
Marketing Communications
Data Protection Measures
Complaint Handling
Contact Information
Policy Updates
Relevant Industries
Financial Services
Healthcare
Retail
Technology
Education
Professional Services
Insurance
Telecommunications
E-commerce
Real Estate
Human Resources Services
Tourism and Hospitality
Manufacturing
Transportation and Logistics
Relevant Teams
Legal
Compliance
Risk Management
Information Technology
Information Security
Human Resources
Marketing
Operations
Customer Service
Data Protection
Digital Services
Relevant Roles
Chief Privacy Officer
Data Protection Officer
Chief Compliance Officer
Legal Counsel
Privacy Manager
Compliance Manager
Risk Manager
Information Security Officer
HR Director
IT Director
Marketing Director
Operations Manager
Customer Service Manager
Digital Services Manager
Find the exact document you need
Client NDA
Hong Kong-law governed non-disclosure agreement for protecting client confidential information in business relationships.
find out more
Extension Request Letter For Continuation Of Job
A formal letter requesting employment term extension under Hong Kong law, from employee to employer.
find out more
General Performance Evaluation Form
A Hong Kong-compliant performance evaluation form for structured employee assessment and feedback documentation.
find out more
Personal Data Collection Agreement
A Hong Kong law-governed agreement establishing terms for personal data collection and processing, ensuring compliance with the Personal Data (Privacy) Ordinance.
find out more
Personal Data Notice
A Hong Kong-compliant notice detailing an organization's personal data collection and processing practices under the Personal Data (Privacy) Ordinance.
find out more
Customer License Agreement
A Hong Kong law-governed agreement setting out terms for customer use of licensed products, software, or services.
find out more
Standard Non Disclosure Agreement
Hong Kong-law governed NDA for protecting confidential information exchange between parties.
find out more
Download our whitepaper on the future of AI in Legal
By providing your email address you are consenting to our Privacy Notice.
Genie’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; Genie’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our Trust Centre for more details and real-time security updates.
Read our Privacy Policy.