All Countries
Procurement
Customer Privacy Notice

Customer Privacy Notice Template for Hong Kong

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Customer Privacy Notice

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Customer Privacy Notice

"I need a Customer Privacy Notice for my Hong Kong-based fintech startup that will launch in March 2025, with specific focus on mobile app data collection and cross-border data transfers to our servers in Singapore."

Celebrated by
Collaborations with
Investors
Document background
A Customer Privacy Notice is a mandatory document for organizations operating in Hong Kong that collect, process, or handle personal data of customers. This document is required under the Personal Data (Privacy) Ordinance (PDPO) and must be provided to customers before or at the time of data collection. The notice serves multiple purposes: it ensures compliance with Hong Kong's data protection laws, provides transparency to customers about their data rights, and protects the organization by clearly documenting its data handling practices. The document should be regularly reviewed and updated to reflect changes in data processing activities, regulatory requirements, or organizational practices. It's particularly crucial given Hong Kong's increasing focus on data protection enforcement and the potential penalties for non-compliance with privacy regulations.
Suggested Sections

1. Introduction: Overview of the organization and scope of the privacy notice

2. Types of Personal Data We Collect: Comprehensive list of personal data categories collected from customers

3. How We Collect Your Personal Data: Methods and sources of personal data collection

4. Purposes of Data Collection and Use: Detailed explanation of why personal data is collected and how it will be used

5. Legal Basis for Processing: Explanation of the legal grounds for collecting and processing personal data

6. Disclosure and Transfer of Personal Data: Information about sharing data with third parties and service providers

7. Data Retention: How long personal data is kept and criteria for determining retention periods

8. Data Security: Measures taken to protect personal data

9. Your Rights: Explanation of data subject rights under the PDPO including access, correction, and deletion

10. Direct Marketing: How personal data is used for marketing and how to opt-out

11. Contact Information: How to contact the organization regarding privacy matters

12. Changes to This Privacy Notice: How changes will be communicated and handled

Optional Sections

1. Cookies and Tracking Technologies: Required if the organization operates websites or apps that use cookies or similar technologies

2. International Data Transfers: Required if personal data is transferred outside of Hong Kong

3. Children's Privacy: Required if services may be provided to or data collected from minors

4. Automated Decision Making: Required if the organization uses automated processing to make decisions about customers

5. Special Categories of Personal Data: Required if collecting sensitive personal data such as health information

6. Industry-Specific Disclosures: Required for regulated industries like financial services or healthcare

Suggested Schedules

1. Schedule 1: Categories of Personal Data: Detailed list of all types of personal data collected, organized by category

2. Schedule 2: Third Party Recipients: List of categories of third parties with whom personal data is shared

3. Schedule 3: Cookie Policy: Detailed information about cookies and other tracking technologies used

4. Schedule 4: Data Retention Periods: Specific retention periods for different types of personal data

5. Appendix A: Data Subject Request Form: Standard form for submitting data access or correction requests

6. Appendix B: Marketing Preferences Form: Form for managing marketing preferences and opt-outs

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Personal Data
Data Subject
Data User
Data Processor
Processing
Consent
Direct Marketing
Special Categories of Personal Data
Third Party
Privacy Commissioner for Personal Data
Cookies
Log Data
Service Providers
Automated Processing
Data Access Request
Data Correction Request
Cross-border Transfer
Data Breach
Privacy Policy
Terms of Service
Group Companies
Legitimate Interests
Opt-out
Anonymization
Pseudonymization
Encrypted Data
Retention Period
Marketing Communications
Account Information
Technical Data
Usage Data
Profiling
PDPO
Sensitive Personal Data
Data Protection Principles
Relevant Industries

Financial Services

Retail

Healthcare

Technology

E-commerce

Insurance

Telecommunications

Education

Professional Services

Travel and Hospitality

Real Estate

Manufacturing

Relevant Teams

Legal

Compliance

Risk Management

Information Security

Data Protection

Customer Relations

Marketing

IT

Operations

Digital Services

Customer Experience

Internal Audit

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Compliance Officer

Legal Counsel

Privacy Manager

Compliance Manager

Risk Manager

Information Security Officer

Customer Relations Manager

Marketing Director

IT Director

Operations Manager

Digital Services Manager

Customer Experience Manager

Industries
Personal Data (Privacy) Ordinance (Cap. 486): Hong Kong's primary legislation governing the collection, holding, processing and use of personal data. It sets out six data protection principles covering purpose and manner of collection, accuracy and duration of retention, use of personal data, security of personal data, information availability and access to personal data.
PCPD Guidance on the Proper Handling of Customers' Personal Data for the Banking Industry: Specific guidelines issued by the Privacy Commissioner for Personal Data for the banking sector, which provide practical guidance on handling customer data in financial services contexts.
PCPD Guidance on Direct Marketing: Specific requirements under the PDPO regarding direct marketing activities, including obtaining consent and providing opt-out options to customers.
PCPD Guidance on Cross-border Data Transfers: Guidelines on the transfer of personal data outside of Hong Kong, including requirements for ensuring adequate levels of protection in recipient jurisdictions.
Electronic Transactions Ordinance (Cap. 553): Relevant for electronic collection and storage of personal data, providing legal framework for electronic records and signatures.
Code of Banking Practice: While not legislation per se, this code issued by the Hong Kong Association of Banks contains important provisions about customer data protection in the banking context.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Purchase Receipt

A Hong Kong-compliant document evidencing a sales transaction, including purchase details, pricing, and payment information.

find out more

Purchase Order Invoice

A Hong Kong-compliant commercial document that combines purchase order and invoice functionalities, serving as both an order confirmation and payment request.

find out more

Customer Privacy Notice

A legal document outlining an organization's personal data handling practices in compliance with Hong Kong's Privacy Ordinance (PDPO).

find out more

Procurement Request For Proposal

A Hong Kong law-governed Request for Proposal document for formal procurement of goods, services, or works, including requirements and evaluation criteria.

find out more

Purchase Order Agreement

A Hong Kong law-governed agreement setting out terms and conditions for commercial procurement transactions between buyer and seller.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.