Connect & Help Logo
Connect & Help
nav.requestAccess

Guidelines for Creating Terms & Privacy Policy for Connect and Help App Publication

A. Hong Kong Legal Requirements

1. Primary Laws to Consider

  • Personal Data (Privacy) Ordinance (PDPO)
  • Electronic Transactions Ordinance
  • Hong Kong Basic Law
  • Control of Exempt Publication Consolidation Order
  • Disability Discrimination Ordinance

2. Regulatory Bodies

  • Office of the Privacy Commissioner for Personal Data (PCPD)
  • Hong Kong Communications Authority
  • Equal Opportunities Commission

B. Terms and Conditions Guidelines

1. Basic Requirements

  • Must be written in both English and Traditional Chinese
  • Must use clear, plain language
  • Must be easily accessible within the app
  • Must require explicit user consent
  • Must be printable/saveable

2. Essential Components

a. Introduction

  • Company/App identification
  • Contact information including Hong Kong address
  • Definition of terms
  • Acceptance criteria

b. User Rights and Obligations

  • Age restrictions (18+ for your app)
  • Account creation requirements
  • User responsibilities
  • Prohibited activities
  • Account termination conditions

c. Service Description

  • Detailed description of app functionality
  • Service limitations
  • Volunteer requirements and screening
  • Organization participation rules
  • Quality standards

d. Intellectual Property

  • Copyright notices
  • User-generated content rights
  • License terms
  • Trademark usage

e. Liability Clauses

  • Limitation of liability
  • Indemnification
  • User safety responsibilities
  • Force majeure
  • Warranty disclaimers

f. Dispute Resolution

  • Governing law (Hong Kong)
  • Jurisdiction
  • Arbitration procedures
  • Mediation options
  • Court proceedings

g. Changes to Terms

  • Modification rights
  • Notice requirements
  • User acceptance mechanisms
  • Previous version accessibility

C. Privacy Policy Guidelines

1. Basic Requirements

  • Must comply with PDPO principles
  • Must be written in both English and Traditional Chinese
  • Must be separate from Terms and Conditions
  • Must be easily accessible
  • Must obtain explicit consent for data collection

2. Essential Components

a. Data Collection

  • Types of personal data collected
  • Collection methods
  • Purpose of collection
  • Legal basis for collection
  • Optional vs. mandatory data

b. Special Categories of Data

  • Health information
  • Disability status
  • Emergency contact information
  • Location data
  • Device information

c. Data Usage

  • Primary purposes
  • Secondary purposes
  • Data processing activities
  • Automated decision-making
  • Profiling activities

d. Data Sharing

  • Categories of recipients
  • Third-party service providers
  • Cross-border transfers
  • Data transfer safeguards
  • Emergency services access

e. Data Security

  • Security measures
  • Data protection methods
  • Breach notification procedures
  • Employee access controls
  • Data backup systems

f. User Rights Under PDPO

  • Right to access
  • Right to correction
  • Right to erasure
  • Right to object
  • Complaint procedures

g. Data Retention

  • Retention periods
  • Deletion procedures
  • Archiving policies
  • Backup retention
  • Legal hold procedures

h. Cookies and Tracking

  • Types of cookies used
  • Tracking technologies
  • User control options
  • Third-party tracking
  • Analytics usage

D. Implementation Checklist

1. Pre-Launch

  • Draft policies in both languages
  • Legal review by Hong Kong counsel
  • PCPD compliance check
  • Accessibility review
  • User testing of consent flows

2. Launch

  • Implement consent mechanisms
  • Set up data collection systems
  • Configure security measures
  • Establish support channels
  • Document version control

3. Post-Launch

  • Regular policy reviews
  • Update procedures
  • User feedback collection
  • Compliance monitoring
  • Incident response testing

E. Regular Review Requirements

1. Periodic Reviews

  • Quarterly legal compliance checks
  • Annual policy updates
  • Regular security assessments
  • User feedback analysis
  • Incident response reviews

2. Update Triggers

  • Legal changes in Hong Kong
  • App feature updates
  • User feedback patterns
  • Security incidents
  • Operational changes

F. Documentation Requirements

1. Required Records

  • User consent logs
  • Policy versions
  • Update notifications
  • User requests
  • Incident reports

2. Audit Trail

  • Policy changes
  • User notifications
  • Consent records
  • Data access logs
  • Security measures

G. Common Pitfalls to Avoid

1. Legal Issues

  • Incomplete language versions
  • Unclear consent mechanisms
  • Insufficient data protection
  • Inadequate user rights
  • Missing mandatory disclosures

2. Technical Issues

  • Poor accessibility
  • Complex language
  • Difficult navigation
  • Broken links
  • Update failures

3. User Experience Issues

  • Overwhelming information
  • Hidden important terms
  • Confusing consent flows
  • Difficult opt-out processes
  • Poor mobile formatting

H. Best Practices

1. User Interface

  • Clear navigation
  • Easy access to policies
  • Prominent consent buttons
  • Simple language toggle
  • Mobile-friendly design

2. Content Organization

  • Logical structure
  • Clear headings
  • Numbered sections
  • Table of contents
  • FAQ section

3. Updates and Maintenance

  • Version control
  • Change logs
  • User notifications
  • Archive system
  • Update schedule