Privacy Policy Statement

Statement of Policy

  1. The West Kowloon Cultural District Authority (“WKCDA”) and its subsidiaries including M Plus Museum Limited (“M+”) (collectively the “Group” or “we”) respect personal data privacy. We will comply with the Personal Data (Privacy) Ordinance (Cap. 486 of the laws of Hong Kong SAR) (“the Ordinance”) and are committed to fully implement the data protection principles promulgated under the Ordinance.

Statement of Practices

Information We Collect

  1. From time to time, we may collect various types of personal information (such as email address, name and contact number) from you in connection with our provision of services, activities and facilities, including but not limit to account registration, ticketing transaction, e-newsletter subscription, event registration, membership, Wi-Fi usage, payment, following up on enquiries, conducting customer surveys, venue booking, fundraising campaigns etc.

Main Purpose of Keeping Personal Data

  1. The main purposes of keeping the personal data are as follows:
    1. for processing your service requests (i.e. event registration, ticket purchase, e-newsletter subscription, WiFi usage, MyWestKowloon account registration, member registration, venue booking, donation etc.) with us and provide you with the services;
    2. for facilitating communications between you and us;
    3. for notifying you of changes to our services that may affect you;
    4. for responding to and follow up on your enquiries;
    5. for personalising your experience of West Kowloon with programmes and offerings that are most relevant to your interests;
    6. for direct marketing upon obtaining explicit consent from you;
    7. for managing customer relationships within the Group;
    8. for communicating with you for potential support to the Group that is relevant to your interests and appropriate;
    9. for conducting statistical analysis, research, surveys, quality assurance and review; and
    10. for other purposes directly relating to any of the above.

We may combine information you provide to us through various channels, such as online channels like websites / mobile applications, offline channels like physical application forms, or publicly available information about you. We use this combined information to help personalise your experience and communicate with you about events or offerings that may be of particular interest to you.

Implementation of Practices

  1. We will implement the practices at (a) to (f) below in accordance with the data protection principles in the Ordinance.

(a) Collection of personal data

  1. When collecting personal data, the Group will satisfy itself that:
    1. the purposes for which the data is collected are lawful and directly related to a function or activity of the Group;
    2. the manner of collection is lawful and fair in the circumstances; and
    3. the personal data collected is necessary but not excessive for the purpose(s) for which it is collected.
  1. When we collect personal data from a data subject, the data subject will be provided with a Personal Information Collection Statement (“PICS”) on or before the collection in an appropriate format and manner. Practicable steps will be taken to ensure that –
    1. the data subject is informed of whether it is obligatory or voluntary to supply the data and, if obligatory, the consequences in failing to do so; and
    2. the data subject is explicitly informed of the purpose(s) for which the personal data is to be used, the classes of persons to whom the data may be transferred or disclosed, the rights of the data subject to request access to and correction of the data, and the contact of the office to whom any such request may be made.

If the Group intends to use the personal data collected for a new purpose, other than the purpose of first collection as stated in the PICS, we will obtain a prior consent from the data subject before the usage. We will, manually or electronically, keep track of the PICS to ensure that the personal data is only used for the purpose(s) stated in the PICS.

(b) Accuracy and retention of personal data

  1. Personal data collected and maintained by the Group will be as accurate, complete, and up-to-date as is necessary for the purpose(s) for which it is to be used.
  2. The Group maintains a personal data inventory, which contains the kinds of personal data that we hold, the purposes for which the personal data is collected, used and disclosed, and how the personal data is stored. The personal data inventory will be reviewed on an annual basis to ensure that it is accurate and up-to-date.
  3. We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will not keep more information than we need. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Personal data that is no longer required will be erased unless such erasure of personal data is prohibited under any law or it is in the public interest for the data not to be erased. Should there be a need to retain personal data for statistical purposes, such personal data will be anonymised so that the individuals concerned can no longer be identified.
  4. A destruction of records containing personal data will be conducted as and when necessary. Destruction of paper records will be carried out by irreversible means and electronic records will be cleared or destroyed from storage media before disposal by means of sanitisation or physical destruction.

(c) Use of personal data

  1. All personal data collected will be used only for purposes which are directly related to the discharge of the Group’s functions. We will never sell, rent or exchange your details with any other organisation outside the Group. We will ask for your consent to share personal information with third parties. Some of our service providers may have access to your data in order to perform services on our behalf. We require all service providers to respect the security of your personal data and comply with the Ordinance. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Personal data may also be disclosed to other entities which are authorised to receive information for law enforcement, prosecution or review of decisions. The data subject will be informed of the transferees of personal data when the data subject’s personal data is collected. For personal data that is stored in cloud servers of cloud service providers for the Group, personal data may be transferred out of Hong Kong where the cloud servers are located.
  2. If personal data is to be used for a purpose other than the purposes for which the data is collected, prior consent will be sought from the data subject. In seeking the consent, all practicable steps will be taken to ensure that (i) information provided to the data subject is clearly understandable and readable; and (ii) the data subject is informed that he is entitled to withhold his consent or withdraw his consent subsequently by giving notice in writing.
  3. We will not use personal data or provide personal data for use in direct marketing without data subject’s explicit consent. If the Group intends to use the personal data for direct marketing, we will obtain explicit consent from the data subject before using the data subject’s personal data, and will notify the data subject when using personal data in direct marketing for the first time, and will cease to use the data in direct marketing if the data subject so requires. If the Group intends to provide personal data to another person for use by that other person in direct marketing, we will inform the data subject in writing in advance that the Group intends to provide the personal data and will not provide the personal data unless it has received the data subject’s explicit consent. A data subject may, at any time, require the Group to cease using the data subject’s personal data in direct marketing by informing the Group through the channels as stated in practice (f) below.

(d) Security of personal data

  1. We observe strictly all relevant security standards and regulations. Security arrangements will be reviewed regularly to ensure that personal data is protected against loss and unauthorised or accidental access, use, disclosure, modification and erasure. The security arrangements include, without limitation, the following:
    1. restriction of access to personal data on a “need-to-know” basis;
    2. regular review and enhancement of security measures for protection of personal data in the servers, user computers, or transmission of electronic messages;
    3. regular change of passwords for IT facilities, or accounting and personnel systems;
    4. encryption of all backup tapes that are to be transported to offsite storage;
    5. limited staff access rights to office areas storing confidential information; and
    6. provision of clear guidelines to staff as to the types of data that may or may not be disclosed to a phone enquirer and implementation of appropriate identity verification procedures to confirm the enquirer’s identity.

(e) Transparency of the personal data policy and practices

  1. The privacy policy and practices can be found on the WKCDA’s website https://www.westkowloon.hk/privacy.

(f) Access to and correction of personal data

  1. We recognise a data subject’s rights of access to and correction of his own personal data in accordance with the Ordinance. To make a data access request, a data subject should complete the form specified by the Office of the Privacy Commissioner for Personal Data, which is available at http://www.pcpd.org.hk/english/publications/files/Dforme.pdf, and submit the completed form to the Group in any one of the following ways –

    By email/fax/post/in person:

    Attn. Data Protection Office
    By email at privacy@wkcda.hk; or
    By post to West Kowloon Cultural District Authority, Units 608-613, Level 6, Core C, Cyberport 3, 100 Cyberport Road, Hong Kong.
  1. When handling a data access or correction request, we will check the identity of the requester to ensure that the requester is the person legally entitled to make the data access or correction request.
  2. The Group may impose a fee for the necessary cost of complying with a data access request. We will clearly inform the requester the amount to be charged.
  3. We may refuse a data access request in the circumstances specified in Section 20 of the Ordinance.
  4. We maintain a log book recording the data access or correction requests received as required under Section 27 of the Ordinance.
  5. Use of Cookies – When you browse this website, cookies will be stored in your computer's browser. The purposes of using cookies are to remember the browsing preferences (e.g. language, font size) you have chosen in this website to customise your experience. You have a choice not to accept the cookies. If you do not accept the cookie, this website will not be able to remember your browsing preferences and we may not be able to deliver the full features of our website to you. We also use third party cookies such as Google Analytics to analyse anonymised data to help us understand how our audiences interact with our site so that we can improve the overall experience. The cookie itself does not collect any Personally Identifiable Information.
  6. Website Statistics– When you visit our websites, we will record your visit only as a “hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/duration and the pages visited (webserver access log).
    We use the webserver access log for the purpose of maintaining and improving the website such as to determine the optimal screen resolution, or which pages have been most frequently visited. We use such data only for website enhancement and optimisation. User data is all anonymous.

Incident Reporting and Breach Handling

  1. A mechanism is set up for incident reporting and breach handling in case there is a loss or leakage of personal data, or there is a reason to believe that the personal data held by the Group has been compromised.

Ongoing Monitoring and Review

  1. We will keep this Privacy Policy Statement and relevant policies under regular review. Officers responsible for handling personal data will attend relevant training courses to keep themselves updated of the latest personal data policies.

Enquiries

  1. Any enquiries regarding personal data privacy policy and practice may be addressed to the Data Protection Office at the above correspondence addresses, via email at privacy@wkcda.hk.

Interpretation

  1. Words used herein which import the singular only also include the plural and vice versa where the context so admits.
  2. Words used herein which import one gender (whether masculine, feminine or neuter) shall be taken to include any other gender where the context so admits.

Chinese version of this Statement is for reference only. In the event of any discrepancies or inconsistency between the English and Chinese versions of this Statement, the English version shall apply and prevail.


Personal Information Collection Statement

Collection of your personal data 

The West Kowloon Cultural District Authority (“WKCDA”) and its subsidiaries including M Plus Museum Limited (“M+”) (collectively called the “Group” or “we”) collect your personal data to provide our services to you and to improve customer experience. Please note that it is mandatory for you to provide personal data marked with asterisks. In the event that you do not provide such personal data, we may not be able to provide you with certain information, materials and/or your requested services.

Purposes of personal data collection and usage 

We will use your personal data for one or more of the following purposes:

  • for processing your service requests (i.e. event registration, ticket purchase, e-newsletter subscription, WiFi usage, MyWestKowloon account registration, member registration, venue booking, donation etc.) with us and provide you with the services;
  • for facilitating communications between you and members of the Group in respect of your service requests;
  • for personalising your experience of West Kowloon with programmes and offerings that are most relevant to your interests;
  • for notifying you of changes to our services that may affect you;
  • for responding to and follow up on your enquiries;
  • for conducting statistical analysis, research, surveys, quality assurance and review; and

if you give your consent for direct marketing: -

  • for communicating with you on events, services, promotions and special offers at the West Kowloon and/or provided by the Group that are most relevant to your interests;
  • for communicating with you for potential support to the Group that is relevant to your interests and appropriate; and
  • for other purposes directly relating to any of the above.

We will combine information you provide to us through various channels, such as online channels like websites / mobile applications, offline channels like physical application forms, or publicly available information about you. We use this combined information to help personalise your experience and communicate with you about events and offerings that may be of particular interest to you.

Transfer of personal data 

The personal data collected will be used only for purposes as stated above. We will never sell, rent or exchange your details with any other organisation outside the Group. We will ask for your consent to share personal information with third parties. Some of our service providers will have access to your data in order to perform services on our behalf. We require all service providers to respect the security of your personal data and comply with the the Personal Data (Privacy) Ordinance (Cap. 486 of the laws of Hong Kong SAR) (“the Ordinance”). We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Transfer of personal data outside Hong Kong

Please also note that your personal data transferred to us may or may not be located within Hong Kong, and your information may be subject to cross-border transfer to places outside Hong Kong for necessary handling, processing or storage.

Personal data security and retention of data

Please note that your personal data will not be kept longer than necessary in accordance with the Ordinance and that we will comply with all statutory and regulatory requirements in the Hong Kong SAR concerning the retention of personal data. The information you submit in filling the online application form will be encrypted when it is sent electronically to us. Your personal data stored will be accessed only by our employees or service providers who are authorised to do so.

Linking with third parties

Please be aware that our site may contain links to other sites hosted by third parties. Different rules may apply to their collection, use, or disclosure of your personal information. We encourage you to review other websites’ policies before revealing any personally identifiable or sensitive information. We do not control, and are thus not responsible for, the content or privacy practices and policies of such other sites and under no circumstances shall we have any liability whatsoever for the activities conducted by or at any website accessed from or through the Group’s website.

Data access and correction requests

You have the right to request access to and correction of your personal data held by the Group. Such request should be made in writing to the Data Protection Officer at privacy@wkcda.hk or by post to the address: West Kowloon Cultural District Authority, Units 608-613, Level 6, Core C, Cyberport 3, 100 Cyberport Road, Hong Kong. For details of our privacy policy, you may refer to the Privacy Policy at https://www.westkowloon.hk/privacy.

Use of data in direct marketing

We intend to use your personal data in direct marketing, and we may not so use your personal data unless we have received your consent (which includes an indication of no objection to the intended use).

We may use your name, contact details (such as email address), preferences and interests, profile information, transaction data for providing you with information that are most relevant to your interests on events, services, promotions and special offers at the West Kowloon and/or provided by the Group, and ways to support the Group. Please UNTICK THE BOX if you do not agree to such use.

If you do not wish to receive information from the Group for the aforementioned direct marketing purposes, you may choose to opt-out from direct marketing at any time, free of charge, by:

  • clicking the “Unsubscribe” link at the bottom of our emails;
  • emailing us at unsubscribe@wkcda.hk; or
  • contacting our Data Protection Officer by post to “West Kowloon Cultural District Authority, Units 608-613, Level 6, Core C, Cyberport 3, 100 Cyberport Road, Hong Kong”.

If you do not wish to receive information in particular relevant to fundraising activities (including promotion of donations or contributions for charitable or non-profit making events), you may choose to opt-out from fundraising activities at any time, free of charge, by emailing us at development@wkcda.hk.

Language versions

In case of discrepancies between the English and Chinese versions of this Statement, the English version shall apply and prevail.