1. Purpose Statement
Digi-Sign recognizes the responsibility to safeguard the information and data entrusted to it by subscribers and others. Digi-Sign is committed to complying with the relevant legislative provisions and in particular, the Personal Data (Privacy) Ordinance (Cap.486), and section 46 of the Electronic Transactions Ordinance (Cap.553).
Digi-Sign acknowledges that all its personnel, including employees, contractors and agents, will undertake to honour their commitment and duty regarding protection of confidentiality.
2. Confidential Information
For the purpose of this Protection of Confidentiality Statement, the term "confidential information" includes:
- Information collected for processing subscriber applications, encompassing, among others, the following:
- - Subscriber application details
- - Identity documentation and details
- - ID-Cert information kept on subscriber records, excluding details for disclosure in the ID-Cert directory
- - Subscriber Agreement details
-
Information contained in or related to an ID-Cert, encompassing, among others, the following:
- Reason for revocation of an ID-Cert, excluding information disclosed in the Certificate Revocation List
3. Release of Records and Information
No document, record or information kept by Digi-Sign will be released to law enforcement agencies, or Government officials, except where the release is in accordance with the law, a subpoena or a court order.
4. Disclosure Request
The data subject, as defined in the Personal Data (Privacy) Ordinance, has right of access to the information kept by Digi-Sign for subscribers only when:
- A formal authorization is provided to Digi-Sign, and this may be done electronically and signed by a valid digital signature, or
- An application is made in a prescribed form, authorizing the access and release of the information; such release may be made to the data subject personally or to a third party named in the application in writing.
For further information, please contact the Chief Executive Officer, who is the Personal Data Administrator, using the contact details in section 6 of the Digi-Sign Privacy Policy.
5. Information Not Classified as Confidential
For the purpose of this Protection of Confidentiality Statement, the terms "confidential information" will exclude:
- ID-Cert information published in the ID-Cert directory, encompassing, among others, the following:
- - List of the recognized certificates issued by Digi-Sign
- - ID-Cert status
- - Personal information contained in a recognized certificate
- - Revocation of ID-Cert
- - Digi-Sign CRL
-
Information published by Digi-Sign, encompassing, among others, the following:
- - The Digi-Sign Certification Practice Statement
- - Digi-Sign Privacy Policy
- - Information and reason code relating to those ID-Cert revoked
- - Information and reason code provided in the Digi-Sign CRL