Privacy Policy Statement

This Privacy Policy Statement (“PPS”) provides you with notice as to policies and practices of Common Care Limited (“CCL”) (the data user) in relation to our handling of personal data as well as the kinds of personal data which we hold and the main purposes for which such personal data is or is to be used and to whom any data access or correction request should be addressed.  You may be asked to consent to the practices and policies in this statement when you access, or interact with us via, our website. Otherwise, by using our website, you are accepting the practices and policies in this PPS.

OUR POLICY

CCL is committed to protecting the privacy, confidentiality and security of personal information we hold by complying with the requirements of the Personal Data (Privacy) Ordinance (“PDPO”) and relevant codes of practice which may be issued by the Office of the Privacy Commissioner for Personal Data (“PCPD”) from time to time.   

We ensure that our staff complies with the policies and practices set out in PPS and maintains appropriate standards in meeting such commitment.

OUR PRACTICES

1. Existing and Prospective Patients

Types of Personal Data Collected and Held: in relation to therapeutic service provided by us (“the Service”) from time to time, we collect or obtain, hold and use personal data of various categories of individuals

• Full name  

• Age 

• Correspondence address 

• Gender 

• Religion 

• Information on medical condition / history 

• Information on preferences in therapist

• Information on preferences in type of therapy, preferred availability, budget

• Screening for suicidal ideation including self-harm and harm to others

Please note that it is mandatory for you to provide personal data marked with asterisks as listed in the Common Care Online Therapy Client Intake Questionnaire.  (i.e. information required for creating an account, and to enable you to access the features of the website and receive the Service.) A failure to provide the requested personal data, or the provision of inaccurate or incomplete information may result in us not being able to process your request, application, submission, enquiry, complaint or matter (as the case may be).   Besides, some of the requested personal data may include sensitive personal data (e.g. health information).  The provision of such personal data is generally voluntary unless otherwise specified. 

How We Use the Personal Data: the purposes for which personal data may be used by us and/or the persons set out below to which personal data may be disclosed and/or transferred are as follows:-

1. processing, assessing and determining applications for and requests relating to the Service;

2. administering, maintaining, managing the Service (including enforcing rights and fulfilling obligations under the Service), and performing any function and activity related thereto (such as maintenance of online and other services);

3. processing any feedback, enquiry or complaint made by or otherwise involving a Data Subject under the Service;

4. any internal management purpose;

5. administering and processing any future application by or involving the same Data Subject for any Service;

6. communicating with a Data Subject generally (such as updates or changes to any Service) and customer relationship management purposes;

7. complying with any disclosure, reporting, screening, monitoring, record keeping, filing or notification or other similar obligations pursuant to any legal, regulatory, judicial, statutory, industry or administrative requirements (as applicable from time to time) including compliance with applicable laws, rules, regulations, codes of practice, guidelines or international and intergovernmental agreements (whether of Hong Kong or any other relevant jurisdictions);

8. assisting in law enforcement purposes, investigations by police or other government or regulatory authorities, in Hong Kong or elsewhere;

9. designing new or enhancing existing services provided by us;

10. advertising, marketing and promoting any Service and other supporting services (including in connection with direct marketing as detailed below; and

11. any other directly related purposes pertaining to any of the above, or other purposes agreed by a data subject.

Disclosing the Personal Data: any personal data held by us will be kept confidential but we may disclose or transfer such information to the following parties (within or outside Hong Kong) for or in relation to the purposes above:-

1. CCL’s staff who provides services such as risk management, HR, IT and system administration services and undertake leadership reporting;

2. service providers acting as processors who provide services to CCL and employees such as IT and system administration services and company registrations or agencies;

3. Professional advisers acting as processors who provide services to CCL and employees;

4. any court, tribunal or administrative, governmental or regulatory body or enforcement agency in Hong Kong or elsewhere (including local or foreign tax authorities);

5. for the purposes of direct marketing, any person specified below; 

Use and Provision of Personal Data in Direct Marketing: we may use Data Subject’s personal data in direct marketing and we require the Data Subject’s consent (which includes an indication of no objection) for that purpose. 

In addition to the purposes set out above, where permitted by law, CCL may use your name and contact details for promotional or marketing purposes including sending you promotional materials and conducting direct marketing in relation to the Service ("Classes of Marketing Subjects"). 

For the purposes of direct marketing, we may, where permitted by law, provide your personal information to providers whether within or outside of CCL of any of the Classes of Marketing Subjects described above and call centre, marketing or research services so that they can send you promotional materials and conduct direct marketing in relation to the products and services they offer (these materials may be sent to you by postal mail, email or other means). 

Before using or providing your personal data for the purposes and to the transferees set out in this section, we may be required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use and provide your personal data for any promotional or marketing purpose.

The types of personal data that CCL would use and provide for direct marketing purposes as described above are your name and relevant contact details, although we may possess additional personal data. 

If your consent is required, and you provide such consent, you may thereafter withdraw your consent to the use and provision to a third party by CCL of your personal data for direct marketing purposes and thereafter CCL shall cease to use or provide such data for direct marketing purposes.

If you have provided consent and wish to withdraw it or if you prefer not to receive marketing communications from us in any form, please inform us by writing to the address in the section on “Access Rights to Personal Data” or sending us an email to dpo@commoncarecentral.com.  Any such request should clearly state details of the personal data in respect of which the request is being made.

2. Job Applicants and Staff

Types of Personal Data Held: We collect or obtain, and hold, the personal data of persons who (1) are applying for employment, (2) are employed by or seconded to us, (3) are our prospective and current officers and staff (including secondees and interns) and (4) are no our longer officers and staff (including secondees and interns). 

How We Use the Personal Data: Generally, we hold and use such personal data mainly for the following purposes:

1. consideration of employment, appointment or secondment as one of our officers or staff;

2. recruitment, staff supervision, training and human resources management;

3. determination and review of salaries, bonuses and other benefits;

4. consideration for and facilitating appraisals, promotion, career development, staff planning, training, secondment or transfer;

5. administration of staff benefits, compensation, payroll and entitlements;

6. provision of staff references;

7. administration of the mandatory provident fund schemes (MPF) and occupational retirement schemes (ORSO);

8. making tax returns;

9. staff disciplinary matters;

10. review of employment decisions;

11. application, registration, waiver(s) or exemption(s) in relation to any licence, approval or registration required to carry out duties;

12. support of our development;

13. compliance with any disclosure, reporting, filing or notification or other similar obligation pursuant to any judicial, statutory or regulatory requirement including compliance with applicable laws, regulations and guidelines, whether of Hong Kong or any other relevant jurisdiction, which we are bound by or any failure to comply with will result in adverse consequences (sanctions, penalties, imprisonment etc.) for us or our officers and staff;

14. conducting user authentication on the systems or devices (e.g. Windows operating systems) and providing access to authorized resources for selected users; and

15. monitoring and taking action in relation to compliance with legal, regulatory and internal policy requirements.

Disclosing the Personal Data: Such personal data held by us will be kept confidential but we may disclose or transfer such information to the following parties for the purposes set out above:

1. any bank in relation to remuneration arrangements;

2. any bank, fund, professional investor, broker and arranger in relation to MPF and ORSO arrangements;

3. any service provider (such as payroll administrators) providing administrative or other support services for staff matters and/or us;

4. a/an auditor, accountant, tax adviser, lawyer, consultant or other professional advisor;

5. any court, tribunal, administrative, governmental or regulatory body or enforcement agency in relation to the purposes set out above; and

6. any person with the data subject’s consent (including any potential future employer).

We will usually identify any information which is mandatory when we collect the information from you.  Provision of full and complete information in support of your application is necessary for selection purposes.   Failure to provide the mandatory information may affect the processing and outcome of your application.

3. Use of Cookies

Cookies are small text containing small amounts of information which are downloaded and may be stored on any of your web browsers or internet enabled devices (e.g. your computer, smartphone or tablet) that can later be read by the server - like a memory for a web page.

CCL may use cookies and other tools on our website. By continuing to use the website, you are agreeing to us placing cookies on your computer. The information collected (including but not limited to: your IP addresses (and domain names), browser software, types and configurations of your browser, language settings, geo-locations, operating systems, referring website, pages and content viewed, and durations of visit) will be used to ensure operation of the website and enable you to log in securely, for compiling aggregate statistics on how our visitors reach and browse our websites for web enhancement and optimisation purposes, and to help us understand how we can improve your experience on it. You have a right to object to any decisions based on automated processing of personal data.

The cookies also enable our website to remember you and your preferences, and tailor the website for your needs. Advertising cookies will allow us to provide advertisements on our websites that are as relevant to you as possible, e.g. by selecting interest-based advertisements for you, or preventing the same advisement from constantly reappearing to you. You can find more information on the types of cookies we collect, what we use these for, and how to manage your cookie settings in our Cookie Policy. 

4. Accuracy and Retention of Personal Data

We have procedures in place to maintain, so far as is reasonably practicable, the accuracy, completeness and relevance of the personal data held by us in relation to the purposes for which the data is used.  We aim to keep the personal data accurate and updated. However, we rely primarily on the relevant data subject to disclose all material information to us, as appropriate, and to inform us of any inaccuracy or changes in such information.

We maintain and execute retention policies of records containing personal data to ensure that such personal data is not kept longer than necessary for the fulfilment of the purposes for which it is or is to be used. Different retention periods apply to the various kinds of personal data collected or obtained and held by us in accordance with our internal policies on retention of personal data, and also as prescribed or permitted by applicable laws and regulations.

For further details, please contact our Data Protection Officer whose contact details are set out below. 

5. Security of Personal Data

We take appropriate steps to protect the personal data we hold against unauthorised or accidental access, processing, erasure, loss or use of the personal data. These steps include restricting physical and electronic access to personal data on a “need-to-know” and “need-to-use” basis, and having in place internal security policies and practices which require our staff to comply with the requirements of the PDPO. We also provide relevant training, including induction and on-going training, to staff to handle personal data properly.

6. Outsourcing Arrangements

Our internal IT systems are developed and maintained by our in-house staff and local third party service provider(s). The third party service provider(s) do not have access to personal data stored in our IT system except when it is carrying out maintenance/checking/trouble shooting supervised by our IT staff. Where we engage external third party to handle or process information, we use contractual or other reasonably practicable steps to prevent unauthorised or accidental access, processing, erasure, loss or use of any personal data and, where applicable, require such third party data processor not to keep the relevant data longer than is necessary for processing of the data.

7. Data Access Request and Data Correction

1. In accordance with the PDPO, an individual has the right to check whether we hold his/her personal data and to require us to provide a copy of such personal data and to correct any of his/her personal data which is inaccurate. Such requests can be made in writing using the form prescribed by PCPD (which can be downloaded from the website “www.pcpd.org.hk”) to our Data Protection Officer at the following address:

   The Data Protection Officer 
   Common Care Limited
   United 2302, 23/F,
   New World Tower 1
   18 Queen’s Road Central
   Central
   Hong Kong
   Email: dpo@commoncarecentral.com

2. When we handle a data access or correction request, we will check the identity of the requestor to ensure that he/she is legally entitled to make such request. In this regard, we may require the requestor to provide his/her identity proof, e.g. by production of his/her Hong Kong identity card or other identification document. In the case of a request made by a “relevant person” (as defined in the PDPO), he/she will be required to provide proof of his/her identity and the identity of the data subject concerned as well as documents showing his/her capacity as the relevant person, such as written authorisation signed by the data subject, birth certificate or court order (as the case may be). If we cannot reasonably ascertain the identity of the data subject or establish the relationship between the requestor and the data subject, we will refuse to comply with the request.

3. We will respond in writing to any such request as soon as practicable and in any event no later than 40 days after receiving the request in accordance with the relevant requirements of the PDPO.

4. We have the right to charge a fee which is not excessive for the processing of any data access request.

8. Changes to this PPS

CCL reserves the right to update this PPS at any time and will make available an updated PICS on our website or in writing so that you are always aware of what information we collect, how we use the information and under what circumstances the information is disclosed. Any such change, update or modification will be effective immediately upon posting.

If you have any questions about this PPS, please contact the data protection officer at dpo@commoncarecentral.com.