Book a demo Log in / Sign up

Recruitment Privacy Notice Template for Hong Kong

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Recruitment Privacy Notice?

The Recruitment Privacy Notice is a mandatory document for organizations hiring in Hong Kong, designed to comply with the Personal Data (Privacy) Ordinance (PDPO) and related privacy regulations. It should be provided to all job applicants before or at the time of collecting their personal data. The notice explains how the organization collects, processes, stores, and protects candidate information throughout the recruitment process. It includes details about data retention periods, third-party disclosures, cross-border transfers (if applicable), and candidates' rights under Hong Kong law. This document is particularly crucial given the increasing focus on data privacy protection and the significant penalties for non-compliance with Hong Kong privacy laws.

Frequently Asked Questions

Is a Recruitment Privacy Notice legally required in Hong Kong?

Yes, under Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486), employers must provide a privacy notice to job applicants before collecting their personal data. This is mandated by Data Protection Principle 1, which requires informing individuals about data collection purposes and uses. Failure to provide this notice can result in enforcement action by the Privacy Commissioner.

Can I be fined for not having a proper Recruitment Privacy Notice in Hong Kong?

Yes, the Privacy Commissioner for Personal Data can impose enforcement notices, compensation orders, and prosecution for serious breaches. Companies may face criminal liability with fines up to HK$1 million and imprisonment. Additionally, affected job applicants can claim compensation for damages caused by privacy violations during the recruitment process.

How long must I keep job applicants' personal data under Hong Kong law?

The Personal Data (Privacy) Ordinance requires data retention periods to be specified in your Recruitment Privacy Notice and limited to what's necessary for the stated purposes. Typically, successful candidates' data is retained for employment records, while unsuccessful applicants' data should be deleted within 12-24 months unless they consent to longer retention for future opportunities.

How is a Recruitment Privacy Notice different from an Employee Privacy Policy in Hong Kong?

A Recruitment Privacy Notice applies specifically to job applicants during the hiring process, while an Employee Privacy Policy covers current employees' ongoing data handling. The recruitment notice focuses on application data, interview records, and hiring decisions, whereas the employee policy addresses workplace monitoring, HR records, and employment-related data processing throughout the employment relationship.

How long does it take to prepare a compliant Recruitment Privacy Notice in Hong Kong?

Using a template, most companies can complete a basic notice within 2-4 hours, including customization for specific recruitment practices. However, larger organizations with complex hiring processes may need 1-2 weeks for legal review and stakeholder approval. The initial setup takes longer, but updates for policy changes typically require only 30-60 minutes.

Can I collect job applicants' HKID numbers without their explicit consent?

Generally no, unless collection is required by law or directly related to the employment purpose. Under the Personal Data (Privacy) Ordinance, collecting HKID numbers requires clear justification and should be stated in your Recruitment Privacy Notice. Most employers only collect HKID numbers after job offers for employment verification and mandatory provident fund enrollment.

Common mistakes employers make with Recruitment Privacy Notices in Hong Kong?

The most frequent errors include failing to provide the notice before data collection, using vague language about data purposes, not specifying retention periods, and forgetting to update notices when recruitment practices change. Many employers also fail to inform applicants about their rights to access and correct their personal data under the Personal Data (Privacy) Ordinance.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Hong Kong

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Policy

Sector

Business

Cost

Free to use

Last updated

About the Recruitment Privacy Notice

When hiring employees in Hong Kong, you must inform job candidates about how their personal data will be handled throughout the recruitment process. A Recruitment Privacy Notice fulfills this legal obligation under the Personal Data (Privacy) Ordinance, ensuring transparency and protecting both your organization and candidates' rights.

When do you need this document?

You need a Recruitment Privacy Notice whenever you collect personal data from job applicants, whether through online applications, CV submissions, interviews, or assessment processes. This includes situations where you engage recruitment agencies, conduct background checks, or request references from previous employers. The notice must be provided before or at the time of data collection, making it essential for job postings, application forms, and initial candidate interactions. Even if you're a small business hiring your first employee, this document is mandatory under Hong Kong law.

Key legal considerations

Your notice must clearly identify your organization as the data controller and specify the types of personal data you collect, from basic contact information to sensitive details like medical records or criminal history checks. You must explain the specific purposes for collecting this data, such as assessing suitability, conducting interviews, or verifying qualifications. Data retention clauses are critical—you need to specify how long you'll keep successful and unsuccessful candidates' information. The document should address data security measures, third-party sharing arrangements with recruitment agencies or background check providers, and any cross-border data transfers. Most importantly, you must inform candidates of their rights to access, correct, or request deletion of their personal data.

Legal requirements in Hong Kong

Under the Personal Data (Privacy) Ordinance, your Recruitment Privacy Notice must comply with the six Data Protection Principles, particularly the requirement for fair and lawful collection with adequate notice to data subjects. The Privacy Commissioner's Code of Practice on Human Resource Management provides specific guidance for recruitment scenarios, requiring explicit consent for sensitive personal data and clear limitations on data use. You must ensure the notice covers mandatory retention periods under the Employment Ordinance for successful hires, while establishing reasonable deletion timelines for unsuccessful candidates. The notice should reference candidates' rights under sections 18 and 22 of the PDPO to access and correct their personal data. Anti-discrimination laws also impact what information you can legally collect and process during recruitment, requiring careful consideration of protected characteristics under the Sex Discrimination Ordinance and other equality legislation.

GOVERNING LAW

Applicable law

This Recruitment Privacy Notice is drafted to comply with Hong Kong law. Key legislation includes:

Personal Data (Privacy) Ordinance (Cap. 486): Hong Kong's primary data protection law that regulates the collection, handling, processing and use of personal data. It sets out six data protection principles that must be followed when handling personal data.
Code of Practice on Human Resource Management: A practical guidance issued by the Privacy Commissioner providing specific guidelines on the proper handling of employment-related personal data throughout the employment cycle, including recruitment.
Employment Ordinance (Cap. 57): Main employment legislation in Hong Kong that may have implications for record-keeping requirements and handling of employment-related data.
Sex Discrimination Ordinance (Cap. 480): Prohibits discrimination based on sex, marital status, and pregnancy, affecting what personal data can be collected during recruitment.
Disability Discrimination Ordinance (Cap. 487): Affects the collection and handling of health-related data during recruitment process.
Race Discrimination Ordinance (Cap. 602): Impacts what racial and ethnic data can be collected during recruitment process.
Family Status Discrimination Ordinance (Cap. 527): Relates to the collection of information about candidates' family responsibilities during recruitment.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it