M+ no longer supports this web browser.
M+ 不再支持此網頁瀏覽器。
M+ 不再支持此网页浏览器。
This Privacy Policy and Personal Information Collection Statement (“Privacy Policy”) applies to the West Kowloon Cultural District Authority (“WKCDA”) and its subsidiaries and affiliates (M Plus Museum Limited, M Plus Collections Limited, Hong Kong Palace Museum Limited, West Kowloon Cultural District Foundation Limited, Blue Poles Limited, WestK Enterprise Limited and WestK Ticketing (Shenzhen) Limited; this list may be updated from time to time: see [https://www.westk.hk/en/about-us/board-and-senior-management]) (collectively and individually the “Group” or “We”).
We respect personal data privacy. We will comply with the Personal Data (Privacy) Ordinance (Cap. 486 of the laws of Hong Kong SAR) (the “Ordinance”) and are committed to fully implementing the data protection principles promulgated under the Ordinance. We will also comply with other personal data privacy laws and regulations to the extent they apply to us.
PIPL Addendum
If you are an individual located in Chinese Mainland at the time of collection of personal data, the Personal Information Protection Law (PIPL) Addendum will apply to you.
Personal Information Collection Statement
This Privacy Policy also serves as a general Personal Information Collection Statement. Where applicable, this general Personal Information Collection Statement may be supplemented by more specific Personal Information Collection Statement(s) to provide with more information of how we handle your personal data.
Statement of Practices
Information We Collect
From time to time, we may collect various types of personal information (“personal information” or “personal data”) from you in connection with our provision of services, activities, and facilities, including but not limited to account registration, ticketing transaction, newsletter subscription, event registration, membership, Wi-Fi usage, payment, following up on enquiries, conducting customer surveys, advertising, venue booking, donations, fundraising campaigns, job application and/or employment-related issues, and contractor management, etc.
We do not actively collect personal data of minors but we may collect their personal data while they use our services or register for our activities and events. Minors must have obtained consent from their parents or guardians before providing personal data to us.
The types of personal data that we collect and process will depend on the particular purposes of collection and generally fall under the following main categories:
(i) Identity, contact and personal information, e.g. name, gender, identity card/passport information, birthday, age/age range, phone number, address, email address, social media account information, personal background, preferences and interests;
(ii) Facial images, likeness, voice, health related data, biometrics data, etc.;
(iii) Membership and transaction data, e.g. membership points/status, bank account, credit card information, payment information, transaction records;
(iv) Usage, behavioural, and technical data which do not identify your identity, e.g. location data, browsing data, access data, IP address, device data; and
(v) Other types of data as may be specified at the time of collection.
We will let you know whether it is mandatory for you to provide certain personal data to us. There may be circumstances that if you choose not to provide certain personal data, we may not be able to achieve the intended purposes (e.g. providing services to you).
Main Purposes of Collecting Personal Data
The main purposes of collecting personal data are as follows:
We may collect and combine/process information from you (where applicable) through various channels, such as online channels (e.g. websites, mobile applications, social media platforms), offline channels (e.g. physical application forms), or publicly available information about you.
Implementation of Practices
We will implement the practices at (a) to (f) below in accordance with the data protection principles in the Ordinance.
(a) Collection of personal data
When collecting personal data, the Group will satisfy itself that:
When we collect personal data from you, you will be provided with a Personal Information Collection Statement (general and/or specific) (“PICS”) on or before the collection in an appropriate format and manner. Practicable steps will be taken to ensure that:
If we intend to use the personal data collected for a new purpose, other than the purpose of first collection as stated in the PICS, we will obtain prior consent from the data subject before the usage. If the data subject is a minor, we will only use the personal data for a new purpose after we obtained prior consent from the parent or guardian of the data subject.
(b) Accuracy and retention of personal data
Personal data collected and maintained by us will be as accurate, complete, and up-to-date as is necessary for the purpose(s) for which it is to be used.
We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
(c) Use of personal data
All personal data collected will be used by and shared among the Group for purposes which are directly related to the discharge of the Group’s activities or functions. We will never sell or rent your information with any other organisation outside the Group. We may share your personal information with our service providers providing services such as IT services, cloud services, event organisation, marketing services, media services, security services, travel and logistics services, ticketing services and document disposal services, etc., in order for them to perform services on our behalf. We may also share your personal data with our selected Partners for purposes including organising events, providing goods and services or fulfilling your requests. For the purpose of this Privacy Policy, “Partners” include our business partners, sponsors, donors, venue hirers, service providers, online platforms, and social media platforms. Personal data may also be disclosed to other entities which are authorised to receive such information for law enforcement, prosecution or review of decisions purposes, or otherwise as required or permitted by law. We may also transfer your personal data outside of Hong Kong to achieve the purposes of collection.
You will be informed of the transferees of personal data when your personal data is collected. We require all transferees to respect the security of your personal data and comply with the Ordinance and other applicable personal data laws. We do not allow our transferees to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If personal data is to be used for a purpose other than the purposes for which the data is collected, prior consent will be sought from you where practicable. In seeking the consent, all practicable steps will be taken to ensure that:
Direct marketing use
We intend to use (and share within the Group) your personal data for direct marketing, and share your personal data with our selected Partners for their use in direct marketing, but we will not do so without obtaining your relevant consent.
Such direct marketing communications (“Marketing Communications”):
We will notify you when using personal data for direct marketing for the first time that you have a right to request us to cease using the data for direct marketing if you so require. You may, at any time, require us to cease using your personal data in direct marketing by informing us through the applicable unsubscribe channel(s) and/or the channels as stated in practice (f) below.
(d) Security of personal data
We observe strictly the relevant security standards and regulations. Security arrangements will be reviewed regularly to ensure that personal data is protected against loss and unauthorised or accidental access, use, disclosure, modification and erasure. The security arrangements include, without limitation, the following:
(e) Transparency of the personal data policy and practices
The Group’s privacy policy and practices can be found on our website: https://www.mplus.org.hk/en/privacy-policy/, as may be updated from time to time.
(f) Access to and correction of personal data
We recognise your rights of access to and correction of your personal data in accordance with the Ordinance. To make a data access request, you should complete the form specified by the Office of the Privacy Commissioner for Personal Data, which is available at https://www.pcpd.org.hk/english/publications/files/Dforme.pdf, and submit the completed form to us in any one of the following ways —
By email/post/in person:
Attn. Data Protection Officer
by email at [email protected];
or
by post or in person to:
West Kowloon Cultural District Authority, 9/F., WKCDA Tower, West Kowloon Cultural District, No. 8 Austin Road West, Kowloon, Hong Kong.
We may impose a fee for the necessary cost of complying with a data access request.
Use of Cookies
When you browse our Platforms, cookies will be stored in the browser of your computer or device. Cookies do not collect any personally identifiable information. The purposes of using cookies are to:
We also use third-party cookies such as Google Analytics to analyse anonymised data to help us understand how our audiences interact with our Platforms and visitor traffic and habits, so that we can improve your overall experience. You may disable the use of Google Analytics by opting out via [https://tools.google.com/dlpage/gaoptout?hl=en-GB].
We may also use web beacons and other similar technologies in addition to, or in combination with, cookies. Web beacons are transparent graphic images that help us to determine whether you have accessed our contents.
You have a choice not to accept cookies, however this may affect certain functionalities of our Platforms. (Cookies settings)
Location Information
We use the location data described in this “Location Information” section to improve results in the West Kowloon Cultural District App and for the purposes identified below.
Users of the West Kowloon Cultural District App: if you've enabled your device's location services, we may collect and use your start location information when you open the App. If you disable your device's location services, we collect only the start and end points that you search manually. When you share location in the West Kowloon Cultural District App, we collect your location information throughout your journey. We use this data as non-identifying data to provide wayfinding support, such as providing route to your destination.
Targeted/Behavioural Advertising
We may also engage selected Partners or service providers to collect IP addresses and other information through the use of cookies and other technologies on our Platforms and third-party websites. The information collected will be used to help us customise our contents, advertisements, notifications and other information provided on our Platforms, external websites and social media platforms. If you do not wish to receive those contents, advertisements, notifications and other information on third-party websites and platforms, you may change your browsing preferences on those third-party websites and platforms.
Website Statistics
When you visit our Platforms, we will record your visit only as a ‘hit’. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, operating systems, previous sites visited, and time/duration and the pages visited (collectively, “webserver access log”).
We use the webserver access log for the purpose of maintaining and improving our Platforms such as to determine the optimal screen resolution, or which pages have been most frequently visited. We use such data only for the enhancement and optimisation of our Platforms. User data is all anonymous.
Linking with Third Parties
Please be aware that our Platforms may contain links to other sites hosted by third parties. Different rules may apply to their collection, use, or disclosure of your personal information. These third-party sites may collect cookies which can identify you as an individual when you are logged in to their services. We do not control these cookies or how these sites collect and handle your personal data. We encourage you to review such third-party websites’ policies before revealing any personally identifiable or sensitive information. We are not responsible for the content or privacy practices and policies of such other sites and under no circumstances shall we have any liability whatsoever for the activities conducted by or at any website accessed from or through our Platforms.
Enquiries
Any enquiries regarding personal data privacy policy and practice may be addressed to the Data Protection Office at the above correspondence address or via email at [email protected].
Interpretation
Words used herein which import the singular only also include the plural and vice versa where the context so admits.
Chinese version of this Privacy Policy is for reference only. In the event of any discrepancies or inconsistency between the English and Chinese versions of this Privacy Policy, the English version shall apply and prevail.
If you are an individual located in Chinese Mainland at the time of collection of personal data, this Personal Information Protection Law (PIPL) Addendum ("Addendum") shall apply to you in addition to our Privacy Policy and Personal Information Collection Statement (“Privacy Policy”).
1. Information We Collect
The types of personal data that we collect and process will depend on the particular purposes of collection and generally fall under those main categories described in the Privacy Policy.
The following paragraphs serve to elaborate on some of the scenarios which we may collect personal data from you (for some scenarios, certain sensitive personal data in the context of PIPL may be involved, bolded and underlined):
1.1 Location Services: When you use location-based services (such as locating our venues, facilities or navigation services), we may need to collect your precise or approximate geographical location information.
1.2 Ticketing and Event Reservations: For events subject to real-name registration requirements (such as designated performances) under applicable laws and regulations or required by event organisers, we are required to collect your identity document number (such as Mainland Travel Permit for Hong Kong and Macao Residents, passport, or identity card numbers) for admission verification or identity-binding purposes.
1.3 Third-party Data: If you purchase tickets or apply for membership for a third party, you may be required to provide the name and contact details of that third party; or their identity document number for real-name registrations; for designated activities, we may also need to collect additional information about such third party (such as a child’s age for children’s workshops). You hereby confirm and warrant that you have obtained the explicit consent of such third parties to authorise us to process their personal data, and that you have informed them of the full contents of our Privacy Policy (including this Addendum and the appended Personal Information Protection Policy for Minors).
1.4 Biometrics Data: To enhance admission efficiency, we may offer fast-track access based on facial recognition. When you participate in our events, we may take photographs and video footages of such activities and, with your consent, publish or release photographs, videos footages, and similar materials relating to the events, which may include event participants’ facial images, likenesses and voices. In addition, certain of our events or courses may require participants to provide medical or health-related data, for the purpose of assessing whether the participant is suitable to take part in such activities or courses.
1.5 Payment Information: To process relevant transactions, we will collect your bank account number, credit card number, payment information and transaction records.
2. Data Disclosure and Cross-border Transfer
We will share your personal data as follows:
Purposes of data processing and personal data involved
For details, please refer to the Privacy Policy. The main purposes of processing include:
Recipients of personal data
As our operations are primarily based in Hong Kong, and you may be located in Chinese Mainland, personal data you provided may be transferred cross-border from Chinese Mainland to Hong Kong. We will ensure that such cross-border transfers comply with applicable laws and regulations. If you need to exercise your rights under applicable laws against overseas recipients of personal data, please contact us via the contact details set out in the Privacy Policy.
3. Personal Data of Minors
We place great importance on the protection of minors’ personal data. Some of our services (such as family workshops, learning workshops, and family memberships) may be available to minors with the consent of their guardians. Where it is necessary to collect minors’ personal data, we will do so only with the consent of the guardian and only to the extent permitted by law and necessary for the provision of services.
Minors should use our services under the guidance of their guardians. Guardians are advised to read carefully the Privacy Policy for Minors in this Addendum. We will collect and use minors’ personal data only after obtaining guardians' consent or within the scope permitted by law.
We collect minors' personal data only to the extent necessary for provision of services.
Guardians have the right to request access to, correct or delete the personal data of the minors under their guardianship, or to withdraw consent or delete accounts. If you discover that we have collected minors’ personal data without the required consent, please contact us immediately.
4. Enquiries
If you wish to exercise your rights under the Personal Information Protection Law of the People’s Republic of China, please contact us through the following means:
By email/post/in person:
Attn. Data Protection Office
by email at [email protected];
or
by post or in person to:
West Kowloon Cultural District Authority, 9/F., WKCDA Tower, West Kowloon Cultural District, No. 8 Austin Road West, Kowloon, Hong Kong.
Special Notice to Guardians
If you are a guardian of a minor, please read this policy carefully to determine whether you agree to the relevant policies for processing minors’ personal data and whether you consent to the minor under your guardianship using our products/services under your authorisation and guidance, and providing personal data to us. If you do not agree with this policy, please require the minor under your guardianship to immediately stop accessing and using our products and services. This may result in the minor being unable to use certain product or service functions, but will not affect access to our basic services.
Special Notice to Minors
If you are a minor, please read this policy with and under the guidance of your guardian. Please use our products/services or provide your personal data to us only after obtaining your guardian’s consent.
Collection and Use of Minors’ Personal Data
During minors’ use of our products and services, we will strictly comply with the obligations and responsibilities set out under applicable laws and regulations for the protection of minors’ personal data. We will adhere to the principles of necessity, informed consent, clear purposes, security safeguards and lawful use to collect and use minors’ personal data only where there is a specific purpose and sufficient necessity, where stringent protection measures are adopted and where separate consent has been obtained from the guardian. For details, please refer to the Privacy Policy.
Disclosure and Transfer of Minors’ Personal Data
We will only provide minors’ personal data to WKCDA or third parties in accordance with the Privacy Policy upon your explicit authorisation and consent.
In addition to the measures described in the section on use of personal data in the Privacy Policy, we will also adopt the following measures to safeguard minors’ personal data during data sharing and transfer:
Protection of Minors’ Personal Data
We will take all reasonably practicable measures to protect minors’ personal data. We recommend that you assist us in safeguarding the account and information security of the minor under your guardianship by adopting security measures and using complicated passwords. If you discover that a minor’s personal data has been leaked, in particular the leakage of account username or passwords, please immediately contact us through the contact information provided in the Privacy Policy and Personal Information Collection Statement.
Management of Minors’ Personal Data
In the following circumstances, you or the minors under your guardianship may request us to delete the minors' personal data collected, used and processed by us. Upon completion of identity verification, we will take timely steps to delete such data:
(a) where we collect, store, use, transfer or disclose minors’ personal data in violation of any laws, administrative regulations or agreed terms;
(b) where we collect, store, use, transfer or disclose minors’ personal data beyond the agreed scope of collection purposes or the necessary retention period;
(c) where you withdraw consent;
(d) where you or the minors under your guardianship terminates the use of our products or services through account deletion or other means.
This website uses cookies to ensure you get the best experience on our website.
Learn MoreDiscover 10,000+ objects 探索超過10,000個藏品
Explore More Explore More Explore More
M+ Cinema is Hong Kong’s destination for visual culture on screen. M+戲院為香港充滿活力的觀影場所,以光影呈現豐富多彩的視覺文化。