Privacy Policy

Statement of Privacy Policy and Practices

ShineRay is committed to ensuring that all personal data are handled in accordance with the provisions of the Personal Data (Privacy) Ordinance (“PD(P)O”).  We undertake to:

  1. collect adequate, but not excessive, personal data by lawful and fair means only for lawful purposes related to the functions or activities of the department;
  2. take all reasonably practicable steps to ensure that the personal data collected or retained are accurate, having regard to the purposes for which they are to be used;
  3. erase personal data which are no longer necessary for the purposes for which they are to be used;
  4. use the personal data collected only for purposes or directly related purposes for which the data were to be used at the time of collection, unless the individual concerned has given express consent for a change of use or such use is permitted by law;
  5. take all reasonably practicable steps to ensure that personal data are protected against unauthorized or accidental access, processing, erasure or other use;
  6. take all reasonably practicable steps to ensure that a person can be informed of the kinds of personal data that the department holds and the purposes for which the data are to be used; and
  7. permit persons to access and correct personal data of which they are the data subjects and process any such access/correction requests in a manner permitted or required by law.  Access to personal data as provided for in the PD(P)O means obtaining a copy of the data rather than inspection of the data or file.  Furthermore, the PD(P)O requires that the personal data of other individuals in the same record be deleted from the copy to be supplied to a data subject.  Payment of photocopying charge is required for the supply of a copy of the personal data.  Requestors will be advised in advance of the charge to be levied.