The Center adheres to the provisions of the Personal Data (Privacy) Ordinance (Chapter 486) (“the Ordinance”) in safeguarding the privacy, confidentiality, and security of personal data collected and held by the Center. If you wish to access the Ordinance and related guidelines, you can visit the website of the Office of the Privacy Commissioner for Personal Data, Hong Kong: Personal Data Privacy Commissioner’s Office (pcpd.org.hk/cindex.html)
- Types of Personal Data Collected and Held
1.1. 1.1. In order to verify your identity, provide you with services (collectively referred to as “the Services”), and for other purposes, the Center may collect personal data about you from you and/or authorized third parties, and/or through the use of the Center’s clinical diagnostic procedures. This may include, but is not limited to, the following:
(1) Your personal information (including your name, gender, date of birth, identification document type and number, nationality, marital status, and religious beliefs);
(2) Your contact information (including mailing address, telephone number, email address, and preferred language of communication);
(3) Personal information and contact details of your emergency contacts and/or relatives;
(4) Your credit card or debit card account and billing information (including cardholder name, credit card or debit card number, and expiration date); and
(5) Your medical records/conditions, medication records, and/or other health-related information.
1.2. When you use the Center’s website, the Center may collect and store data about your browsing activities on the website and your preferences in using the website for statistical and internal analysis purposes. For example, the Center may track the number of visits/visitors to individual web pages of the Center’s website and collect general patterns of website usage to measure the effectiveness of the Center’s website and improve its usability and services. The Center’s servers may record the IP (Internet Protocol) address of users when browsing the website, the date and time of access/browse, the web pages visited and files downloaded, previously visited websites, and the type of browser used. Such data is anonymous and does not contain any information that can be used to contact you, such as your name or address.
1.3. The Center does not attempt to identify the identities of users of the Center’s website or their respective browsing activities from the data specified in clause 2, unless in exceptional circumstances where law enforcement agencies are investigating and have lawful authority to review the Center’s server logs. Server logs are periodically reviewed for the purpose of analyzing website usage data.
1.4. By sending emails to the Center, you may have provided personal information (such as your name, address, email address) to the Center. We may store the information you provide to respond to inquiries or other follow-up actions to address the matters raised in your email.
1.5. The Center’s website may require you to fill out registration forms when requesting specific information and/or services. Other data that may be collected through the Center’s website (such as through surveys, feedback forms, or other means) will help the Center analyze and understand users’/visitors’ areas of interest to facilitate the goal of providing better services.
- Use of Personal Data
Your personal data may primarily be used for the following purposes or any directly related purposes to the following:
(1) For medical and/or general examination purposes related to you, including providing such services to you by this center;
(2) For educational, teaching, research, and/or statistical purposes;
(3) Operating and maintaining the electronic information systems of this center and its mobile applications for patients and doctors;
(4) Providing promotional and direct marketing information from this center and/or affiliated institutions to you, as stated in section 4 below (“affiliated institutions” refer to joint businesses, partnerships, and/or collaborations involving the shareholders/holding company of this center and their respective subsidiaries and associated companies, along with their respective shareholders, holding companies, subsidiaries, and associated companies engaged in providing medical services);
(5) Evaluating, planning, and improving the services provided by this center and/or affiliated institutions;
(6) Contacting you regarding matters related to this center and/or affiliated institutions;
(7) For the accreditation, audit, service quality control, and administrative purposes of this center;
(8) Investigating and handling complaints or disputes;
(9) Preventing or detecting crimes;
(10) Complying with any laws, rules, regulations, codes, or guidelines (“Laws”), or making disclosures as permitted or required by any Laws; and
(11) Any other purposes agreed upon by you and this center, including any purposes specified in written communications or relevant terms and conditions regarding the specific services/facilities provided to you by this center.
- Disclosure of Personal Data
3.1. When collecting personal data from you, the Center will provide you with a Personal Data Collection Statement (“Collection Statement”) in an appropriate format and manner to inform you of the purposes for collecting your personal data and the types of third parties to whom the Center may disclose your personal data. Your personal data will be kept confidential by the Center, except that the Center may transfer or disclose your personal data to the Center’s staff and the third parties specified in the relevant Collection Statement (such as your attending physician/medical personnel, your insurer, affiliated organizations, the Center’s agents and service providers, and other individuals to whom disclosure is permitted by law) for the purposes stated in the Collection Statement. The Center may also disclose your personal data as required by law.
3.2. 3.2. Except as described above, the Center will not transfer or disclose your personal data to any third party without your prior consent.
- Direct Marketing
4.1. 4.1. In accordance with the Personal Data (Privacy) Ordinance, the Center will not use your personal data for direct marketing purposes without obtaining your prior consent.
4.2. 4.2. If you have provided consent and have not subsequently withdrawn it, the Center may use your personal data to send promotional and direct marketing materials regarding the medical services provided by the Center/affiliated organizations through various communication channels, such as SMS and email.
4.3. 4.3. If you wish for the Center to cease using your personal data for direct marketing purposes, you may submit your request at any time to email@example.com or through other channels as periodically announced by the Center.
- Retention of Personal Data
The Center will not retain personal data for a period longer than necessary for the purposes for which it was collected or for which it is used, including any directly related purposes. Different retention periods will apply to different types of personal data collected and held by the Center, in accordance with its personal data retention policy.
- Accuracy and Security of Personal Data
6.1. 6.1. The Center has implemented appropriate procedures to maintain the accuracy, completeness, and relevance of personal data when using it for the purposes for which it was collected, to the extent reasonably practicable.
6.2. 6.2. The Center takes appropriate steps to safeguard the personal data it holds from unauthorized or accidental access, processing, deletion, loss, or use.
- Access and correct personal data
You have the right to request access to and/or correction of your personal data held by the Center. You must submit a written request to the Data Protection Officer of the Center for accessing or correcting the data. Please send your request to the following address or email address:
Address: 7/F, Prince Tower, 12A Peking Road, Tsim Sha Tsui, Kowloon
Email address: firstname.lastname@example.org
The Center may request appropriate documentation or information from you or any other person authorized to make the request to verify identity and/or confirm authorization.