Personal Data Protection Act (PDPO) of Hong Kong SAR, China

The Hong Kong PDPO has stipulated the following six data protection principles:

• Principle 1: The purpose and manner of collection of personal data

• Principle 2: Accuracy and duration of retention of personal data

• Principle 3: Use of personal data

• Principle 4: Security of personal data

• Principle 5: Transparency

• Principle 6: Access to personal data

For more details, see Huawei Cloud Compliance with PDPO of the Hong Kong Special Administrative Region of the People's Republic of China.

The personal data processed by Huawei Cloud mainly includes the personal data in your content data and the personal data that you provide when creating or managing your Huawei Cloud account. You have control over your content data. When processing personal data in the content data, Huawei Cloud generally acts as a data processor. Huawei Cloud serves as the data user when processing the personal data in your Huawei Cloud account.

Based on the characteristics of Huawei Cloud services and the PDPO requirements, Huawei Cloud, as a data user, is responsible for protecting the privacy of your personal data in your account information. Huawei Cloud has deeply analyzed the six data protection principles of the PDPO of Hong Kong SAR, China and described its privacy protection responsibilities as a data user under principle together with the corresponding measures. For more details, see Huawei Cloud Compliance with PDPO of the Hong Kong Special Administrative Region of the People's Republic of China.

As a customer of cloud products and services, you have the right to choose how to use these products and services and how to use them to store and process content data, including personal data. Therefore, you are responsible for the security and compliance of the content data. To be brief, you are responsible for content security. Your responsibilities are as follows:

• Content data protection: You must correctly and completely identify personal data on the cloud, develop policies to protect personal data security and privacy, and take appropriate privacy protection measures. Specific measures include security configuration based on service and privacy protection requirements, such as operating system configuration, network configuration, security protection, and database encryption policies, and proper access control policies and password policies.

• Response to data subjects' rights: You must protect the rights of data subjects and respond to data subjects' requests. When a personal data breach occurs, you must take appropriate actions in compliance with laws and regulations, such as notifying regulatory authorities, notifying data subjects, and taking mitigation measures.

When you are a data user and Huawei Cloud assists with the processing of personal data in your content data, you may fall into the jurisdiction of the PDPO of Hong Kong SAR, China. If you are in this jurisdiction, you must comply with the Hong Kong PDPO privacy protection principles. Based on the data protection principles stipulated in this ordinance, Huawei Cloud lists your privacy protection responsibilities as a data user and the service support that Huawei Cloud can provide for you as a data processor.

In addition, Huawei Cloud provides you with a wide range of cloud products or services that can help you meet the compliance requirements of the PDPO of Hong Kong SAR, China. The products and services include network products, database products, security products, and management and deployment tools. They provide functions such as data protection, data deletion, network isolation, and permission management to help you protect content data privacy.

For more details, see Huawei Cloud Compliance with PDPO of the Hong Kong Special Administrative Region of the People's Republic of China.