M+ no longer supports this web browser.
M+ 不再支持此網頁瀏覽器。
M+ 不再支持此网页浏览器。
Statement of Policy
M Plus Museum Limited (“M+” or “We”), a subsidiary of the West Kowloon Cultural District Authority (“WKCDA”), respects personal data privacy. We, together with WKCDA’s other group companies including Hong Kong Palace Museum Limited and West Kowloon Cultural District Foundation Limited, are collectively referred to as the “Group”. We will comply with the Personal Data (Privacy) Ordinance (Cap. 486 of the laws of Hong Kong SAR) (the “Ordinance”) and are committed to fully implementing the data protection principles promulgated under the Ordinance.
Statement of Practices
Information We Collect
From time to time, we may collect various types of personal information (“personal information” or “personal data”) (such as email address, name, and contact number) from you in connection with our provision of services, activities, and facilities, including but not limited to account registration, ticketing transaction, e-newsletter subscription, event registration, membership, Wi-Fi usage, payment, following up on enquiries, conducting customer surveys, advertising, venue booking, fundraising campaigns, job application and/or employment-related issues, and contractor management, etc.
We do not actively collect personal data of minors under the age of 18 but we may collect their personal data while they use our services or register for our activities and events. Minors must have obtained consent from their parents or guardians before providing personal data to us.
Main Purpose of Collecting Personal Data
The main purposes of collecting your personal data are as follows:
We may collect and combine/process information from you (except for Purposes 14 and 15) through various channels, such as online channels (e.g. websites, mobile applications, social media platforms), offline channels (e.g. physical application forms), or publicly available information about you. We use this information to help improve your experience and communicate with you about events or offerings that may be of interest.
Implementation of Practices
M+ will implement the practices at (a) to (f) below in accordance with the data protection principles in the Ordinance.
(a) Collection of personal data
When collecting personal data, M+ will satisfy itself that:
When M+ collects personal data from you, you will be provided with a Personal Information Collection Statement (“PICS”) on or before the collection in an appropriate format and manner. Practicable steps will be taken to ensure that:
If M+ intends to use the personal data collected for a new purpose, other than the purpose of first collection as stated in the PICS, M+ will obtain prior consent from the data subject before the usage. If the data subject is under the age of 18, we will only use the personal data for a new purpose after we obtained prior consent from the parent or guardian of the data subject.
(b) Accuracy and retention of personal data
Personal data collected and maintained by M+ will be as accurate, complete, and up-to-date as is necessary for the purpose(s) for which it is to be used.
M+ maintains a personal data inventory, which contains the kinds of personal data that M+ holds, the purposes for which the personal data is collected, used and disclosed, and how the personal data is stored. The personal data inventory will be reviewed periodically to ensure that it is accurate and up-to-date.
M+ will only retain your personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we will consider the amount, nature, and sensitivity of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Should there be a need to retain personal data for statistical purposes, such personal data will be anonymised so that the individuals concerned can no longer be identified.
(c) Use of personal data
All personal data collected will be used by and shared among the Group for purposes which are directly related to the discharge of M+’s or the Group’s activities or functions. We will never sell or rent your information with any other organisation outside the Group. We may transfer your personal information to our service providers such as IT contractors, cloud service providers, event agents and confidential documents disposal service agents, etc., in order for them to perform services on our behalf. We may also share your personal data with partners or service providers that are involved in co-organising events with us or providing goods and services to you or fulfilling your requests. We will ask for your consent before sharing personal information with any third party partners for direct marketing purposes such as external online platforms and social media platforms, etc. Personal data may also be disclosed to other entities which are authorised to receive such information for law enforcement, prosecution or review of decisions purposes, or otherwise as required or permitted by law. We may also need to transfer your personal data outside of Hong Kong for necessary handling, processing or storage.
You will be informed of the transferees of personal data when your personal data is collected. We require all transferees to respect the security of your personal data and comply with the Ordinance and other applicable personal data laws. We do not allow our transferees to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If personal data is to be used for a purpose other than the purposes for which the data is collected, prior consent will be sought from you where practicable. In seeking the consent, all practicable steps will be taken to ensure that:
M+ will not use personal data or provide personal data for use in direct marketing without your explicit consent. Such direct marketing communications may take the form of mails, emails, SMSs, targeted online advertisements, notifications via our mobile applications, push notifications, instant messaging, etc. Such direct marketing communications may relate to products, activities, events and services of M+ and/or the Group, including those sponsored by or jointly organised by M+ and/or the Group with third parties, and those on offer or taking place at the West Kowloon Cultural District (“Marketing Communications”). Examples of these Marketing Communications include newsletters, membership benefits, shop/merchandise promotions, event invitations, invitations to donations, etc. If M+ intends to use your personal data for direct marketing, M+ will obtain explicit consent from you before using your personal data and will notify you when using personal data for direct marketing for the first time that you have a right to request M+ to cease using the data for direct marketing if you so require. These Marketing Communications may be sent by M+, the Group and/or an external party on our behalf (e.g. external online platforms and social media platforms). If M+ intends to provide your personal data to an external party (e.g. our service providers or third party partners) for use by that other person for their direct marketing purposes, M+ will inform you in writing in advance that M+ intends to provide the personal data and will not provide the personal data unless it has received your explicit consent. You may, at any time, require M+ to cease using your personal data in direct marketing by informing M+ through the channels as stated in practice (f) below.
(d) Security of personal data
M+ observes strictly the relevant security standards and regulations. Security arrangements will be reviewed regularly to ensure that personal data is protected against loss and unauthorised or accidental access, use, disclosure, modification and erasure. The security arrangements include, without limitation, the following:
(e) Transparency of the personal data policy and practices
M+’s privacy policy and practices can be found on M+’s website: http://www.mplus.org.hk/privacy-policy as may be updated from time to time.
(f) Access to and correction of personal data
M+ recognises your rights of access to and correction of your personal data in accordance with the Ordinance. To make a data access request, you should complete the form specified by the Office of the Privacy Commissioner for Personal Data, which is available at https://www.pcpd.org.hk/english/publications/files/Dforme.pdf, and submit the completed form to M+ in any one of the following ways —
By email / post / in person:
Attn. Data Protection Office
by email at [email protected];
or
by post or in person to:
West Kowloon Cultural District Authority, 9/F., WKCDA Tower, West Kowloon Cultural District, No. 8 Austin Road West, Kowloon, Hong Kong.
When handling a data access or correction request, M+ will check the identity of the requester to ensure that the requester is the person legally entitled to make the data access or correction request.
M+ may impose a fee for the necessary cost of complying with a data access request. M+ will clearly inform the requester the amount to be charged.
M+ may refuse a data access request in the circumstances specified in Section 20 of the Ordinance.
M+ maintains a logbook recording the data access or correction requests received as required under Section 27 of the Ordinance.
Use of Cookies
When you browse our platforms, cookies will be stored in the browser of your computer or device. Cookies do not collect any personally identifiable information. The purposes of using cookies are to:
We also use third party cookies such as Google Analytics to analyse anonymised data to help us understand how our audiences interact with our platforms and visitor traffic and habits, so that we can improve your overall experience. You may disable the use of Google Analytics by opting out via [https://tools.google.com/dlpage/gaoptout?hl=en-GB].
We may also use web beacons and other similar technologies in addition to, or in combination with, cookies. Web beacons are transparent graphic images that help us to determine whether you have accessed our contents.
You have a choice not to accept cookies, however this may affect certain functionalities of our platforms.
Targeted/Behavioural Advertising
We may also engage third party partners or service providers to collect IP addresses and other information through the use of cookies and other technologies on our platforms and third party websites. The information collected will be used to help us customise our contents, advertisements, notifications and other information provided on our platforms, external websites and social media platforms. If you do not wish to receive those contents, advertisements, notifications and other information on third party websites and platforms, you may change your browsing preferences on those third party websites and platforms.
Website Statistics
When you visit our platforms, we will record your visit only as a ‘hit’. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, operating systems, previous sites visited, and time/duration and the pages visited (collectively, “webserver access log”).
M+ uses the webserver access log for the purpose of maintaining and improving our platforms such as to determine the optimal screen resolution, or which pages have been most frequently visited. M+ uses such data only for the enhancement and optimisation of our platforms. User data is all anonymous.
Linking with Third Parties
Please be aware that our platforms may contain links to other sites hosted by third parties. Different rules may apply to their collection, use, or disclosure of your personal information. These third party sites may collect cookies which can identify you as an individual when you are logged in to their services. We do not control these cookies or how these sites collect and handle your personal data. We encourage you to review such third party websites’ policies before revealing any personally identifiable or sensitive information. We are not responsible for the content or privacy practices and policies of such other sites and under no circumstances shall we have any liability whatsoever for the activities conducted by or at any website accessed from or through our platforms.
Incident Reporting and Breach Handling
A mechanism is set up for incident reporting and breach handling in case there is a loss or leakage of personal data, or there is a reason to believe that the personal data held by M+ or the Group has been compromised.
Ongoing Monitoring and Review
M+ will keep this Privacy Policy Statement and relevant policies under regular review. Officers responsible for handling personal data will attend relevant training courses to keep themselves updated of the latest personal data policies.
Enquiries
Any enquiries regarding personal data privacy policy and practice may be addressed to the Data Protection Office at the above correspondence address or via email at [email protected].
Interpretation
Words used herein which import the singular only also include the plural and vice versa where the context so admits.
Words used herein which import one gender (whether masculine, feminine or neuter) shall be taken to include any other gender where the context so admits.
Chinese version of this Statement is for reference only. In the event of any discrepancies or inconsistency between the English and Chinese versions of this Statement, the English version shall apply and prevail.
Collection of your personal data
M Plus Museum Limited (“M+” or “we”), a subsidiary of the West Kowloon Cultural District Authority (“WKCDA”), collects your personal data to provide our services to you and to improve customer experience. We, together with WKCDA’s other group companies including Hong Kong Palace Museum Limited and West Kowloon Cultural District Foundation Limited, are collectively referred to as the “Group”. Please note that it is mandatory for you to provide personal data marked with asterisks. In the event that you do not provide such personal data, we may not be able to provide you with certain information, materials and/or your requested services.
We will use your personal data for one or more of the following purposes:
We may collect and combine/process information from you through various channels, such as online channels (e.g. websites, mobile applications, social media platforms), offline channels (e.g. physical application forms), or publicly available information about you. We use this information to help improve your experience and communicate with you about events and offerings that may be of interest.
Use of personal data
The personal data collected will be used by and shared among the Group for purposes as stated above. We will never sell or rent your information with any other organisation outside the Group. We may transfer your personal information to our service providers such as IT contractors, cloud service providers, event agents and confidential documents disposal service agents, etc. in order for them to perform services on our behalf. We may also share your personal data with partners or service providers that are involved in co-organising events with us or providing goods and services to you or fulfilling your requests and may also transfer your personal data outside of Hong Kong for necessary handling, processing or storage. We will ask for your consent before sharing personal information with any third party partners for direct marketing purposes such as online platforms and social media platforms, etc. We require all service providers to respect the security of your personal data and comply with the Personal Data (Privacy) Ordinance (Cap. 486 of the laws of Hong Kong SAR) (the “Ordinance”) and other applicable personal data laws. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Data access and correction requests
You have the right to request access to and correction of your personal data held by M+. Such request should be made in writing to the Data Protection Officer at [email protected] or by post to the address: West Kowloon Cultural District Authority, 9/F., WKCDA Tower, West Kowloon Cultural District, No. 8 Austin Road West, Kowloon, Hong Kong. For details of our privacy policy, you may refer to the Privacy Policy.
Data access and correction requests
You have the right to request access to and correction of your personal data held by M+. Such request should be made in writing to the Data Protection Officer at [email protected] or by post/in person to the address: West Kowloon Cultural District Authority, 9/F., WKCDA Tower, West Kowloon Cultural District, No. 8 Austin Road West, Kowloon, Hong Kong. For details of our privacy policy, you may refer to the Privacy Policy Statement at https://www.mplus.org.hk/en/privacy-policy/.
Use of data in direct marketing
We intend to use your personal data and/or share your personal data within the Group and with our partners including external online platforms and social media platforms for use in direct marketing, and we may not so use and/or share your personal data unless we have received your consent (which includes an indication of no objection to the intended use and/or sharing). Such direct marketing communications may take the form of mails, emails, SMSs, targeted online advertisements, notifications via our mobile applications, push notifications, instant messaging, etc. Such direct marketing communications may relate to products, activities, events and services of M+ and/or the Group, including those sponsored by or jointly organised by M+ and/or the Group with third parties, and those on offer or taking place at the West Kowloon Cultural District (“Marketing Communications”). Examples of these Marketing Communications include newsletters, membership benefits, shop/merchandise promotions, event invitations, invitations to donations, etc. These Marketing Communications may be sent by M+, the Group and/or an external party on our behalf (e.g. external online platforms and social media platforms). Please indicate your consent or no objection for such use and/or sharing in the relevant online or offline forms at the time of collection of your information.
If you do not wish to receive the aforementioned Marketing Communications, you may choose to opt-out from direct marketing at any time, free of charge, by:
If you do not wish to receive information particularly in relation to fundraising activities (including promotion of donations or contributions for charitable or non-profit making events of M+ and/or the Group), you may choose to opt-out from fundraising activities at any time, free of charge, by emailing us at [email protected].
Language versions
In case of discrepancies between the English and Chinese versions of this Statement, the English version shall apply and prevail.
This website uses cookies to ensure you get the best experience on our website.
Learn MoreThe museum will open at 10:00 today
M+ Cinema will open at 15:00 today
Discover 10,000+ objects 探索超過10,000個藏品
Explore More Explore More Explore More
M+ Cinema is Hong Kong's destination for visual culture on screen. M+戲院為香港充滿活力的觀影場所,以光影呈現豐富多彩的視覺文化。