Statement of Policy
Hong Kong Convention and Exhibition Centre (Management) Limited (“HML”) pledges to comply with the requirements of the Personal Data (Privacy) Ordinance (Cap.486) of the Laws of Hong Kong. In doing so, we will ensure compliance by our staff with the strictest standards of security and confidentiality.
When we collect personal data from individuals, we will provide them with a Personal Information Collection Statement ("PICS") on or before the collection in an appropriate format and manner.
Collection of Information
You may be invited to provide your personal data when you visit Hong Kong Convention and Exhibition Centre (“HKCEC”) website or when you order our services for different purposes. If you are under the age of 18, you should obtain consent from your parent or guardian before you provide the HKCEC with your personal data.
Statement of Practice
Your personal information collected and held by us will be used for the purpose of processing your bookings, enquiries, job applications, restaurant bookings, newsletter subscription, enquiries about student competition event or HML’s event invitation.
We will not provide your personal data to third parties for direct marketing or other unrelated purposes without your consent.
Kinds of Personal Data Held
Your personal details, including names, contact information, company information, school information are collected and held by HML. They are contained in:
Booking enquiry records, which include records containing information collected from you in connection with booking enquiries;
Media enquiry records, which include name of media organisations and contact information;
General enquiry records, which include name and contact information collected from individuals;
Job application records, which include personal data and resume;
Subscription records collected on webservers, which include name, email address, company names, job positions, and geographic location collected for newsletter subscription;
Restaurant booking enquiry records, which include name and contact information collected from individuals in connection with restaurant booking enquiries;
Restaurant VIP cardholder records, which include name, contact information and month of birth collected from individuals;
Food & beverage order records, which include name, contact information and credit card information collected from individuals in connection with orders of cake, mooncake, Chinese New Year pudding and rice dumpling;
Student competition event enquiry records, which include school names and contact information; and
HML’s event invitation records, which include name, company names, job positions and contact information.
Main Purposes of Keeping Personal Data
Personal data held in:
Booking enquiry records are kept for the purposes of responding to and processing booking enquiries and taking follow-up action;
Media enquiry records are kept for handling enquiries from journalists and reporters;
General enquiry records are kept for responding to enquiries from individuals of the public;
Job application records are kept for processing job applications;
Subscription records collected on webservers are kept for the purpose of sending newsletters to subscribers registered through the websites;
Restaurant booking enquiry records are kept for the purposes of responding to and processing booking enquiries and taking follow-up action;
Restaurant VIP cardholder records are kept for maintaining the VIP membership database and sending information on restaurant promotions to registered VIPs;
Food & beverage order records are kept for the purposes of responding to and processing orders of cake, mooncake, Chinese New Year pudding and rice dumpling;
Student competition event enquiry records are kept for handling enquiries from schools, teachers, parents, students and the general public about the event details; and
HML’s event invitation records are kept for the purpose of updating the guest database, responding to guests' reply and processing the invitation, and taking follow-up action.
Information Collected When You Visit Our Websites
When you visit this website, we may use cookie files to store and track information about your location, IP address, browser type, domain name and access time of managing and improving the design of the website.
Accuracy of Information
You may be requested to provide to HML certain personal data (particularly relating to your contact information) for specific services. If you fail to provide update information as requested for each specific service, the provision of such services by HML may be affected.
Statistics on visitors to our websites
When you visit our website we will record your visit only as a “hit”. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/durations and the pages visited (visitor data). We use the visitor data for the purpose of maintaining and improving our websites such as to determine the optimal screen resolution, which pages have been most frequently visited etc. We use such data only for website enhancement and optimisation purposes. We do not use, and have no intention to use the visitor data to personally identify anyone.
HML’s email marketing solution system is developed and maintained by a third-party service provider. The third-party service provider may access to personal data stored in the system without identification of the data subject.
HML’s websites are developed and maintained by in-house staff and a local third-party service provider.
HML’s Premium Wi-Fi service is developed and provided by a third-party service provider. The payment processing is handled by a third party digital payment service provider. The personal information and credit card information are collected and retained by the third party service providers.
All HML service providers are bound by contractual duty to keep confidential any data they come into contact with against unauthorised access, use and retention.
Our Commitment to Personal Data Security
HML takes appropriate steps to protect the personal data we hold against loss, unauthorised access, use, modification or disclosure.
To prevent unauthorized access and ensure the correct use of the personal information we collect, HML has implemented appropriate physical, technical, and administrative measures to safeguard and secure the personal data we collect.
We use industry standard practices to protect the personal information we collect. For example, we use encryption, firewalls and Secure Socket Layer (SSL) technology to protect in transmission the personal data we collect online.
Notwithstanding the foregoing, no data transmission over the Internet or any other public network can be guaranteed to be completely secure, and privacy cannot be assured in your communication with us.
Disclosure of Personal Data
The personal information we collect about you will not be disclosed by us to any other party without your prior consent.
Where permitted by applicable local law, we may also disclose your personal data to third parties: (i) when required by law, by court order, or in response to a search warrant or other legally valid inquiry; (ii) to an investigative body; (iii) to enforce our agreements with you; (iv) with your express consent, or, (v) pursuant to our good faith belief that disclosure is required by law or otherwise necessary to the establishment of legal claims or defences, to obtain legal advice, to exercise and defend our legal rights, to protect our rights or property and those of our subsidiaries or associated companies, or to protect the life, body or property of an individual. This also applies when we have reason to believe that disclosing the personal data is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
Retention of Information
HML will retain your personal data collected for a period no longer than necessary for the fulfillment of the purposes for which it is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by HML. The above is subject to any legal, statutory, regulatory or accounting requirements.
Third Party Websites
Notice on Direct Marketing
Occasionally, we may use your personal data (including your name and contact details) to send you marketing communications such as emails containing news, offers, promotions and joint marketing offers.
We cannot use your personal data unless we have received your consent or indication of no objection.
You can indicate your consent by providing us with your personal data through the Subscription Form on our website, ticking boxes indicating your consent https://www.hkcec.com/en/hml-news-subscription or
You can opt-out from receiving marketing communications at any time, free of charge, by:
a. following the opt-out instructions contained in the communications;
b. writing to our Senior Manager – Corporate & Marketing Communications at firstname.lastname@example.org
Access and Correction of Information and Withdrawal of Consent
You have the right to request in writing to Senior Manager – Corporate & Marketing Communications at email@example.com of HML:
a. for access to your personal data held by HML (if any);
b. require HML to correct your personal data that is inaccurate (if any); and
c. withdraw your consent to the use of your personal data (such withdrawal may, however, affect our services to you).
All such requests will be handled promptly in accordance with the requirements of the Personal Data (Privacy) Ordinance, at free of charge.
Provisions relating to individuals based in the EU
If you are based in the EU, you have a number of additional legal rights in relation to the personal information that we hold about you. These rights include:
Right to obtain certain information:
You have a right to obtain certain information about our processing, including: the purposes of processing the data; the categories of personal data processed; the recipients who receive your personal data; how long we store your personal data or the criteria we apply to determine retention periods; information on the source of the data where it is not collected directly from you; information on the safeguards we use to secure cross-border transfers; and whether we use automated decision making.
Right to receive a copy (data portability):
You have a right to receive a copy of any personal data which we process about you, in a commonly used and machine-readable format. This extends to the right to request that we transmit your personal data to another data controller, where technically possible. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of personal information.
Right of erasure:
You have a right to request the erasure of your personal information in certain circumstances (including where it is no longer necessary for us to retain your personal data for the purposes for which we collected it; or where you withdraw your consent).
Right to restrict data processing:
You have a right to restrict the processing of your personal data in certain circumstances (including where you contest the accuracy of the data).
Right to object to data processing:
You have a right to object to the processing of your personal data in certain circumstances (i.e. for direct marketing purposes or for statistical purposes).
Right to withdraw your consent:
You have a right to withdraw your consent at any time, although this will not affect the lawfulness of any processing carried out before the withdrawal.
Right to lodge a complaint:
You have a right to raise a complaint with the relevant data protection authority, if you think that any of your rights have been infringed by us.
Right to not be subject to automated decision-making:
You have the right not to be subject to automated decision-making in relation to your personal data. We can confirm that we do not use automated decision-making.
Right to be notified of a data security breach:
You have a right to be notified in the event of a personal data breach which is likely to result in a high risk to your rights.”