Complaint Case Notes

編號: 0008/2009/IP

標題: The names of the heads of households which owe management fees were posted inside a building by a management company

立案原因: Complaints


    Resident Y is the owner of Unit X in Building B. Resident Y claimed that Property Management Company A (hereinafter referred to as Company A) posted, in 2007, notices for the collection of management and maintenance fees which contained the following information: the name of the head of the household, the unit number, the parking space number, the amounts owed and the number of months such payments corresponded to and the total amount owed during the period in which it managed Building B.
  Resident Y filed a complaint with this Office (GPDP), claiming that the “Personal Data Protection Act” had been breached because Company A disclosed too much personal data on the Building B households.


    In accordance with the provisions in articles 4.1.(1) and 3.1 of the Personal Data Protection Act, the data processing involved in this case is within the scope of regulation by the said Act.
  Resident Y expressed that he had not personally signed any document authorizing Company A to manage Unit X. According to the proceedings of the First General Meeting of Apartment Owners of Building B held on September 23rd of 2006, provided by Resident Y, the Management Committee of Building B (hereinafter referred to as Committee C) had been elected to coordinate and handle the management affairs of the buildings.
  This investigation of GPDP concluded that the management and maintenance fees notice posted in October 2007 by Company A included several households (including Resident Y’s) which had been in arrears for at least 4-28 months, thereby directly affecting Company A’s normal operation of management and maintenance of the building.
  Resident Y expressed that, in adjusting the management fee without permission, Company A breached the regulations of Articles 1332.3 and 1332.4 of the “Civil Code”, thereby making it invalid. Resident Y indicated that he was willing to pay the original management fee, which Company A refused to accept. Afterwards, the Small Claims Court ruled that Company A’s management fee increase was illegal, and that Resident Y only needed to pay the original fee. Therefore, Resident Y felt that the unilateral increase of the fees, posting of relevant recovery notice by Company B were illegal and lacked reasonable justification.
  Company A provided a reply, explaining that the management fees for Building B and its parking spaces had increased since March 2006. Prior to May of 2007, Resident Y had also paid the adjusted management fee and Company A had never refused the management fee of any household. The receipts provided by Company A showed that Resident Y had paid the outstanding management fees as ordered by the court on May 13th, 2009.
  As Resident Y’s description and Company A’s response were uncompromising, it was difficult to determine the validity of the fact as Company A’s refusal to receive the management fee, in the absence of other supporting information.
  In GPDP’s opinion, according to the terms of Articles 1329.1 and 1357 of the Civil Code, Committee C, had been authorized by the General Meeting of the Apartment Owners to represent all the owners in signing a building management service contract with the property management company. However, due to the continued difference in opinions, no contract was ever signed. In reality, Company A had been carrying out the management duties in Building B since 1990 and, as part of its property management responsibilities, had to deal with the personal data of the owners of this building. Since Resident Y moved into above unit in 2003, he had provided Company A with the unit’s sales and purchase agreement. Resident Y had, as head of the household and up until the management dispute in 2007, paid all management fees on time. This showed that Resident Y had accepted the arrangement of Company A managing Building B, and presumably, authorized Company A to process his personal data. In addition, Resident Y’s did sign a document authorizing Company A to manage all management duties regarding the parking spaces Y and Z in Building B. As such, Company A had obtained Resident Y’s consent prior to processing any personal data within the scope of its property management duties and could implement the contract with Resident Y, in accordance with Article 6 of the “Personal Data Protection Act”. Company A therefore legitimately processed Resident Y’s personal data.
  As there were still households which continued to owe management fees within Building B and Company A only posted the notices for the collection of the amounts owed in public areas within the building, GPDP believed that the conduct of Company A was directly related to building management activities and that its purpose was legitimate and justified. However, the posting of the unit numbers, parking space numbers, amount owed and the number of months such amounts corresponded to by Company A would have been sufficient for the households in Building B to understand the management and maintenance fees situation. Therefore, under the terms of Article 5.1.(3) of the “Personal Data Protection Act”, it was inappropriate for Company A to post the name of the head of households within the notice and there was a need for improvement in this aspect.
  GPDP believed that the posting of the notices in the public areas of Building B by Company A was directly related to their building management duties and did not exceed and deviate from the purpose of processing the personal data of the households in order to carry out their building management duties. Therefore, the conduct of Company A was carried out in line with the terms of Article 5.1.(2) and Article 6 of the “Personal Data Protection Act” regarding the principles and conditions of legitimacy of personal data processing.
  Even though it was inappropriate for Company A to have published the names of the heads of the households who owed management fee payments within the notice, GPDP still took the following factors into consideration to determine whether the terms of Article 5.1.(3) was breached: Firstly, Committee C had not entered into a management contract with Company A and there were no terms to regulate how the personal data of the households should be processed; secondly, when the “Personal Data Protection Act” first came into effect, there was relatively little awareness and sensitivity in the local community; thirdly, Company A stopped posting the respective notices upon termination of its contract to manage Building B and; lastly, there was no information showing that any of the households within the building had suffered any damages as a result of this conduct.
  In summary, GPDP believed that Company A had not breached the “Personal Data Protection Act”, but there was room for improvement.
Resident Y had filed an objection against GPDP’s preliminary decision. After an assessment of the information submitted by Resident Y and response from Company A, GPDP decided that Resident Y had not supplied sufficient evidence and justifications to overturn the preliminary decision (in other words, GPDP was unable to conclude that Company A had breached the terms of the “Personal Data Protection Act). Based on this, the objection was dismissed.


    GPDP sent official letter to Company A and Resident Y, informing them of the results of the analysis and decision, as well as the decision on the objection of Resident Y.

Please refer to "Personal Data Protection Act", articles 3,4,5,6 .