Privacy Policy

Privacy Policy

Privacy Policy


The Efficiency Office (EffO) sees the protection of personal data privacy as of vital importance in maintaining public trust in the public service. We are committed to implementing and complying with the Personal Data (Privacy) Ordinance (Cap. 486) ("PD(P)O").



Kinds of Personal Data Held


EffO holds the following five broad categories of personal data –


  • Consultancy records, which include personal particulars of personnel of consultancy firms, records of company representatives of consultancy firms listed on the General Management Consultancy Portal (GMC) maintained by EffO, and personal particulars of participants of user research for consultancy projects.
  • Social Innovation and Entrepreneurship Development Fund (SIE Fund) records, which include personal particulars of the Chairman and Members of the SIE Fund Task Force, as well as individuals and personnel employed by organisations who participate in the activities organised by the SIE Fund Secretariat, show interest or make enquiries, suggestions or complaints related to the fund.
  • Records related to the Business Facilitation Advisory Committee (BFAC) and its Task Forces, Business Liaison Groups (BLGs) and Business Consultation e-Platform, which include personal particulars of the Chairman and Members of the BFAC and its task forces, individuals and personnel assisting the Chairman and members in liaising with the Government and the trade participants of BLGs, and email addresses of subscribers of the Business Consultation e-Platform maintained by EffO.
  • Employment-related records, which include job applications, employee personal particulars, education and qualifications, employment history, salary and allowances, terms and conditions of service, housing benefits, medical records, leave and passages, training, investments, outside employment, performance appraisals, promotion board assessments, conduct and discipline, and retirement and pension, etc.
  • Other records, which include administration and operational files, minutes of meetings, quotations and prices of purchased stores and services, requests made under the Code on Access to Information and the Privacy Ordinance, and enquiries and complaints made to the EffO, through which the personal identity of individuals can be ascertained.



Main Purposes of keeping Personal Data


Personal data held in –


  • Consultancy records are kept to assess the capability of consultancy firms and for the monitoring of consultants’ performance, for registration of GMC firms to assist bureaux/departments in their procurement of management consultancy services, and for analyzing behaviours and preferences of public service users in research projects;
  • SIE Fund records are kept for communication, promotion and publicity, and handling of enquiries, suggestions or complaints;
  • Records related to BFAC and its task forces, BLGs and Business Consultation e-Platform are kept for communication and meeting purposes; and issue of updates to subscribers of the e-Platform.
  • Employment-related records are kept for recruitment and human resource management purposes, relating to such matters as employees' appointment, employment benefits, termination, performance appraisal and discipline, etc.
  • Other records that are kept for various purposes, which vary according to the nature of the record, such as administration of the office functions and activities, seeking advice on policy or operational matters, procurement of stores and equipment, acquisition of services, handling of enquiries or complaints and which contain personal identifiers.



Information collected when you visit our websites


The Government will record visits to our websites without collecting any personal identifiable information of users. Such general statistics are collected for the compilation of statistical reports and the diagnosis of problems with or concerning computer systems to help the Government improve our websites.


Unless permitted or required by law, the Government will not disclose your personal data to any third parties without your prior consent.


Search service on our websites is provided by an independent contractor of the Government. We are advised by the independent contractor that it does not collect personal identifiable information while serving search results through our websites. The independent contractor will share the anonymous data it collects through the search service with the Government for compiling traffic analysis on government websites. The Government will not match the data obtained from any such search activity with any personal data possibly held by the Government.





The Principal Executive Officer (EffO) [PEO(EffO)] is the Data Protection Officer who is responsible for overseeing compliance with the Privacy Ordinance in EffO.



Collection of Personal Data


When collecting personal data, EffO will satisfy itself that the purposes for which the data is collected are lawful and directly related to a function or activity of EffO; the means of collection are lawful and fair in the circumstances of the case; and the personal data collected is necessary and adequate, but not excessive, for the purpose(s) for which it is collected.



Accuracy and Retention of Personal Data


Practicable steps will be taken to ensure that personal data are accurate and up-to-date. Personal data will not be kept longer than is necessary for the fulfillment of the purpose (including any directly-related purpose) for which the data is or is to be used.



Use of Personal Data


All personal data collected will be used only for the purpose for which the data is collected or a directly related purpose that is made known to the data subject before the data is provided. In so doing, the personal data collected may be transferred to parties who will be contacted by us during the handling of the case.





Practical steps are taken to ensure that personal data are protected against unauthorised or accidental access, processing, erasure, loss or use.



Transparency of policy


Our statement of privacy policy and practices will be regularly reviewed and published on this website.



Breach Handling


A mechanism is set up for incident reporting and breach handling in case there is loss or leak of personal data, or there is a reason to believe that such data has been compromised. In the event of a suspected breach, the data subject concerned can write to the Data Protection Officer (contact details at below) to provide the relevant details for investigation.



Ongoing Review and Monitoring


A Data Protection Log Book is kept for registering refusal of data holding/access/correction requests as required under section 27 of the Privacy Ordinance. We keep our privacy policy statement under regular review.



Data Access and Correction Requests


Any request for access to personal data and correction should be made by completing the Data Access Request Form (OPS003) specified by the Office of the Privacy Commissioner for Personal Data, which is available at " and sending the completed Form to the Data Protection Officer by fax (fax number 2524 7267), by email (, or by mail to the following address –

Data Protection Officer [PEO(EffO)]

Efficiency Office

14/F, Treasury Building,

3 Tonkin Street West,

Cheung Sha Wan, Kowloon


When handling a data access or correction request, we will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request.





A charge will be imposed to cover the cost of photocopying personal data to be supplied in response to data access requests at the current standard charges or as otherwise provided for or approved by the Secretary for Financial Services and the Treasury.


[Last reviewed: May 2018]