Certizen Technology Limited (“Certizen” or “Company”) and Smart City Consortium Limited (“Smart City Consortium”, together with Company, collectively, “we”) respect the privacy of everyone who uses “MyeHealthPass” application (“MyeHealthPass” or “app”) and related systems (collectively, “MyeHealthPass System”). We are committed to ensuring that all personal data submitted through the MyeHealthPass System are processed in accordance with the relevant provisions of the Personal Data (Privacy) Ordinance (“Ordinance”).
Before we collect personal data from individuals, we will provide a "Personal Data Collection Statement" on a written/electronic form or webpage where the individual’s personal data is collected.
1. Type, purpose and use of personal data collected
a. Our collection of personal data through MyeHealthPass System is entirely voluntary. We only collect personal data with the user’s consent, which may include the user’s name, Hong Kong identity card number, phone number, email address, or other information in connection with this system or any other identification information that the user agrees to provide (collectively, “Relevant Information”).
b. The Relevant Information will be used to facilitate the relevant users’ participation in the lucky draws and other promotional activities (collectively, “Promotional Activities”) sponsored by third-party organizations (“Organizers”), and through the app, send notifications of the lucky draws results to the relevant users without being known to the Organizers.
c. We will record the number of times users have visited the "MyeHealthPass" website, but will not collect their personal identification information. The collected browsing count records will only be used to produce statistical reports and investigate computer system problems to help us improving the services of this website.
d. Users can, on a voluntary basis, directly provide the vaccination record numbers to participate in the promotional activities by the Organizers. Based on the information provided, we will assist users to create accounts and passwords in MyeHealthPass System. Users can use the new accounts and passwords to log in MyeHealthPass System to register for the lucky draws and promotional activities by the Organizers. All information collected will only be used for identity verification to register for the lucky draws and promotional activities by the Organizers. For the avoidance of doubt, the information obtained is only used for temporary processing purposes. The user has full control over the vaccination record reference number and the number of doses taken stored in the app, and can choose whether or not to present such information to a third party, and can at any time delete such information. The app will not upload these records to any other computer system.
2. Disclosure of personal data
We only use, disclose or transfer personal data in compliance with the purpose or any directly related purpose for which the data is collected, or being permitted by the Ordinance, or under relevant laws and court orders.
3. Protection measures
a. We use security technology and security precautions, rules, and take appropriate procedures to protect the personal data we hold from loss, unauthorized access, improper use, modification, leakage, loss, destruction or disclosure. Based on this, we have adopted relevant technologies to ensure that all data submitted through My eHealth Pass System are reasonably protected. Data access will be limited to our employees, who have obtained the authority and training to process the data, and strictly abide by the obligation of confidentiality.
c. Although we have adopted the aforementioned security measures, we cannot guarantee that no personal data will be leaked. Although we will try our best to take measures to protect related systems, networks, hardware and/or software and prevent any further violations, we will not be liable and will not be responsible for any loss or damage caused by any leakage of personal data and/or data loss, expenses or fees.
4. User's rights and choices
a. When you choose to provide personal data in accessing MyeHealthPass System, you have certain rights with regard to your personal data we hold. These rights are subject to certain exemptions. In summary, your rights are:
i. Request to obtain your personal data we hold. Except for applicable exceptions, we will provide you with a copy of your personal data within the time limit prescribed by relevant laws. In accordance with applicable laws, we will charge a reasonable fee for providing such copy.
ii. Right to rectify. If the information we hold about you is inaccurate, you have the right to correct that information. You should submit an application to us, and list the information that needs to be corrected and provide the correct information.
iii. Right to erasure / "right to be forgotten". In some cases, you can ask us to delete or remove your information. Whenever you agree to our use of your personal data, you have the right to change your mind and withdraw your consent at any time. When we use your personal data on the basis of our own legitimate interests, you can request us to stop using your data based on relevant personal circumstances. Unless we believe that there are more important legal reasons to continue using your personal data, we will certainly meet your requests.
iv. Right to restrict processing. Under certain circumstances, you have the right to restrict our processing of your personal data.
v. Right to data portability. In some cases, you may have the right to obtain your personal data in a structured, commonly used and machine-readable format, and to reuse the information elsewhere or request us to transfer the information to a third party of your choice.
vi. Right to object. Under certain circumstances, you have the right to object to our processing of your personal data.
b. Without prejudice to the above rights and choices, within the constraints of applicable privacy laws and regulations, you can ask us to perform the following activities:
i. Check whether or not we hold your personal data and/or can access such data;
ii. Require us to correct any incorrect personal information related to you; and
iii. Check our policies and procedures for personal data, and learn about the types of personal data we hold and/or you can access.
c. We have the right to charge a reasonable fee for processing any request for access to personal data.
5. Retention of personal data
a. Personal data will not be stored for longer than the time required for the purpose for which the data was collected. According to the policy of protecting personal data, the various types of personal data we collected and held have different retention periods. Provided that any legal, accounting or reporting requirements are met, we usually retain the data for no more than 6 years, from (i) you are no longer our user; or (ii) the date of the last communication between you and us (whichever is later), save and except that we are required by law or due to commercial interests to keep the data for a longer period of time.
b. In some cases, you can ask us to delete your personal data.
6. Data Access / Enquiries
For information and inquiries about related matters, please contact us for enquiry within office hours (Monday to Friday, 9 am to 5 pm, not including Saturdays, Sundays and public holidays) or call our customer service hotline 3168 0680 or send an email to firstname.lastname@example.org.
Last updated on November 4, 2021