������Ƶ

A Subject Access Request is your legal right to find out what personal data an organization holds about you in Hong Kong. Under the Personal Data (Privacy) Ordinance, you can ask any company, government department, or organization to show you your own information - from employment records to CCTV footage.

Once you submit a request, organizations must respond within 40 days. They can charge a reasonable fee and will need to verify your identity first. The request helps you check if your data is accurate, understand how it's being used, and ensure organizations are handling your information properly under Hong Kong's privacy laws.

Submit a Subject Access Request when you need to understand exactly what personal information an organization has about you in Hong Kong. This is especially useful before job interviews, when applying for insurance, or if you suspect your data isn't being handled correctly. It helps you spot and fix errors in your records that could affect important decisions.

Many people file these requests when dealing with banks, healthcare providers, or former employers. It's particularly valuable if you're preparing for legal action, switching service providers, or investigating potential privacy breaches. The request gives you solid evidence of how organizations are using your personal data under Hong Kong's privacy laws.

• Most Subject Access Requests in Hong Kong follow a standard format, but vary in scope and detail based on the type of data requested. Basic requests focus on contact details and account information, while comprehensive requests can cover everything from CCTV footage to internal communications. Organizations often use specialized versions for medical records, employment data, or financial information.
• Public bodies and private companies may require different supporting documents with your request - government departments typically need additional ID verification, while businesses might ask for proof of account ownership or past transactions.

• Data Subjects: Any Hong Kong resident can submit a Subject Access Request to view their personal information. This includes employees checking work records, customers reviewing account details, or patients accessing medical files.
• Data Controllers: Organizations holding personal data must respond to these requests, including banks, hospitals, employers, government departments, and social media companies.
• Privacy Officers: These professionals handle incoming requests, coordinate data collection, and ensure compliance with the 40-day response deadline.
• Legal Teams: In-house lawyers or external counsel often review responses before release to protect both individual privacy rights and organizational interests.

• Personal Details: Gather your full name, ID number, and contact information. Include any reference numbers or account details linked to the organization you're requesting data from.
• Time Period: Specify the date range for the information you need - being precise helps organizations respond faster.
• Data Scope: List exactly what personal data you want to see (e.g., employment records, CCTV footage, email communications).
• Proof of Identity: Prepare copies of your HKID or passport - organizations must verify your identity before releasing data.
• Format Choice: State how you want to receive the information (electronic or hard copy). Our platform helps generate properly structured requests that meet all Hong Kong legal requirements.

• Identification Details: Your full name, HKID number, and current contact information must be clearly stated at the top of the request.
• Organization Details: The full name and address of the organization holding your data needs to be specified.
• Data Description: A clear, specific description of the personal data you're requesting access to.
• Time Frame: The relevant time period for which you're seeking information.
• Legal Declaration: A statement confirming you're the data subject under the Personal Data (Privacy) Ordinance.
• Response Method: Your preferred method of receiving the information. Our platform automatically includes all these essential elements in every Subject Access Request template.

A Subject Access Request differs significantly from an Access Agreement. While both deal with access rights, they serve distinct purposes in Hong Kong's legal framework.

• Legal Nature: A Subject Access Request is a statutory right under the Personal Data Privacy Ordinance, allowing individuals to see their personal data. An Access Agreement is a contractual arrangement setting terms for accessing facilities, systems, or information.
• Purpose and Scope: Subject Access Requests focus exclusively on personal data access and privacy rights. Access Agreements cover broader access permissions, including property, intellectual property, or digital resources.
• Time Frame: Subject Access Requests require response within 40 days by law. Access Agreements typically operate on negotiated or fixed contract terms.
• Enforcement: Subject Access Requests are backed by privacy laws and can be enforced through the Privacy Commissioner. Access Agreements are enforced through standard contract law mechanisms.