Our Commitment to Privacy
It is the policy of Hong Kong Certification Authority to meet fully the requirements of the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) of Hong Kong. Where feasible, we aim to meet or exceed internationally recognised privacy standards.
We require our staff and service providers to observe strict standards of security and confidentiality.
Scope
This Policy applies to personal data collected by HKCA through our websites, online forms, and direct interactions related to our services, including services operated by our contractor for HKCA operations.
Additional notices may apply to specific services. Where there is a conflict, the service-specific notice prevails.
Information We Collect
1. When you visit our website
- We record general visit information (e.g., IP address, device/browser type, pages viewed, date/time, referring site) for security, troubleshooting, and statistical analysis.
- These logs do not by themselves identify you personally. We do not attempt to link such data to identified individuals unless required for security, fraud prevention, or by law.
2. When you provide data voluntarily
- You may choose to provide personal data (e.g., name, organisation, telephone number, address, email address, and information relevant to your enquiry or application) via online forms or direct contact.
- We will state the purposes of collection on the relevant page/form and whether the data is mandatory or optional.
3. Cookies and similar technologies
- We may use cookies or similar technologies to enable site functionality, remember preferences, and compile aggregate statistics. Our use of this technology does not mean that we automatically know any information about you. Your acceptance of our cookies in no way gives us access to your computer or any personal information about you.
- You can manage cookies through your browser settings; disabling cookies may affect site functionality.
How We Use Personal Data
The information is used only by us for the purposes stated in the respective screens which we invite you to provide your data.
We will not use your personal data for new purposes without your prior consent, unless such use is permitted or required by law.
Outsourced HKCA Operations
HKCA has engaged Certizen Limited (“Contractor”) as a subservice organization to provide operations and maintenance for its Certification Authority systems and associated certificate services. The Contractor’s management is responsible for implementing the operating controls to support those systems and services.
The Contractor may use personal data provided by subscribers solely for performing its contractual obligations to deliver HKCA services, and must handle such data in accordance with the PDPO and this Policy.
Disclosures and Data Sharing
Our general policy is to disclose no personal identifiable information to other parties except as required by law.
For details about specific collections, please refer to the Personal Information Collection Statement (PICS) presented through our websites.
Data Retention
Personal information you provide to us will be retained for such period as may be necessary for the carrying out of the purposes referred to in this Privacy Policy Statement or as otherwise specified at the time of collection.
After the applicable retention period, data will be securely deleted, anonymised, or archived in a non-identifiable form.
Data Security
We implement administrative, technical, and physical safeguards to protect personal data against unauthorised access, use, disclosure, alteration, or loss.
Access to personal data is restricted to authorised personnel on a need-to-know basis.
Data transmitted through our online forms is protected using SSL/TLS encryption. Despite these measures, no method of transmission or storage is completely secure; we continually review and enhance our controls.
Personal Information Access and Correction
You have the right to request access to and correction of information about you held by us. If you wish to exercise this right, please present your enquiry or request to our Data Protection Officer by e-mail to enquiry@hkca.hk or write to:
Data Protection Officer
Hong Kong Certification Authority
Unit 501, Level 5, Core C, Cyberport 3,
100 Cyberport Road,
Hong Kong.
Updates to This Policy
We may update this Policy from time to time. The effective date will be indicated at the top of the Policy. Material changes will be highlighted on our website or otherwise notified as appropriate.
Language
If there is any inconsistency or ambiguity between the English and Chinese versions of this Policy, the English version shall prevail. Translations may be provided for reference.