Privacy Policy

March 1999

The Hong Kong Baptist University, as a Data User, respects the Privacy of Personal Data. The University is fully supportive and committed to upholding the spirit of the data protection principles and to complying with the requirements of the Ordinance in its management practices. For compliance with the requirements of the Ordinance, the University has prepared the Policy Guidelines on the Processing of Personal Data to ensure compliance by staff members in the strictest standards of security and confidentiality. The main points of the University policy and practices are summarized as follows:

  1. Personal data will only be collected for a lawful purpose, and by lawful and fair means. Data collected in relation to a specified purpose must be adequate but not excessive in respect of the purpose. The data subject must be informed explicitly on collection:

    1. purpose(s) for which the data are to be collected and the classes of persons to whom the data may be transferred;

    2. whether it is obligatory or voluntary for such data to be supplied, and the consequences of not supplying the obligatory data;

    3. the right of the data subject to request access to, and correction of data held by the data users; and

    4. the person in charge to handle such data access and correction requests.

  2. All reasonably practicable steps will be taken to ensure that the personal data kept is accurate.

  3. Personal data will not be kept longer than is necessary for the fulfilment of the purpose for which it is collected.

  4. Without the prescribed consent of a data subject, the personal data will not be used for any purpose other than the purpose for which the data was originally collected. The prescribed consent may be withdrawn by a data subject.

  5. All reasonably practicable steps will be taken to ensure that personal data held are protected against unauthorized or accidental access, processing, erasure or other use.

  6. The following information in relation to personal data of the University will be generally available:

    1. the kinds of personal data held;

    2. the main purpose for which personal data are used; and

    3. the policies and practices in relation to personal data.

  7. A data subject will have the right to request access to personal data of himself/herself held by a data user, in person or in writing to the department/office concern, within a reasonable time, for a fee that is not excessive, in a manner that is reasonable, and in a form that is intelligible. The data subject will be notified of the outcome within 40 days of submitting his/her access request, and to be given a reason if a data correction request is refused.

  8. A data subject will also have the right to request correction of the personal data, in person or in writing to the department/office concern.

  9. Regarding the transmission of personal data over the Internet, the University has imposed the following security measures:

    1. Encryption – Though the University is still in the process of planning the implementation of an encryption mechanism, the University servers are, to the maximum possible extent, protected against security attacks over the Internet by means of system securities set up and the "Firewalls". A well-organized and safe system of backups is in place.

      As such, users data supplied to the University will reside in the University servers which are protected to the maximum possible extent against unauthorized or accidental access, processing, erasure or other illegitimate manipulation.

    2. Use of Cookies – In order to protect the users' privacy, the University will normally not implement applications with cookies requirement. In rare cases, when cookies are used, a statement will be provided on its web page to alert users before initiating the application.

      Although through cookies, our web servers can monitor which sites the users' have visited, which pages they have seen and which options they have chosen, the University will NOT make any analysis on these cookies data NOR provide such data to outside organizations.

  10. At the same time, the University does not allow users, both internal and external, to make rude and annoying spamming which includes sending unsolicited email, making mailbombs, disseminating commercial advertisements/promotions and distributing mail chain letter. Appropriate action including legal prosecution may be taken to the offenders.

The kinds of personal data held by the University and the respective
purpose(s) of collection

The personal data kept in different Faculties/Schools/Offices/Departments varies depending on their purpose of collection. In general terms, personal data could be classified as factual, evaluative, or statistical data. Factual data are mostly provided by the data subject themselves, evaluative data are normally provided by another person on the data subject, whereas statistical data are derived primarily from factual and evaluative data. For this purpose, personal data are depersonalized before statistical analyses are performed. Usually, personal data kept by the University may include the following:

(a) identification data e.g. name, identity Card/Passport No. etc.

(b) personal details e.g. contact telephone, address, sex, date of birth, age etc.

(c) family data e.g. marital status, details of other family members etc.

(d) contractual data e.g. appointment period, terms of appointment, promotion etc.

(e) education background and employment details

(f) record of assessment and review

  1. Personal data of Job Applicants kept in the Personnel Office include applicants' personal particulars, copies of personal documents, qualifications and record of experiences, evaluative data including interview assessment, resolution and recommendation of assessment panels, references and external assessments, test reports as appropriate are kept for recruitment administration purposes. These personal data will be transferred to the relevant Faculty, School, Department, or Office for recruitment consideration and reference and will be kept until the completion of the recruitment exercises.

  2. Personal data of Staff of the University are kept for appointment administration, manpower and career planning, personnel and employee administration including payroll, leave and benefits administration, analysis for management purposes, assessment and review in terms of posting, promotion and discipline, training, and staff development administration. On the other hand, taxation-related data and superannuation-related data of staff are kept for taxation and superannuation administration.

  3. Personal data of Former Staff of the University are kept in the Personnel Office. The physical personal file including the staff's personal particulars, family data, contractual data, evaluative data and other benefits-related data are kept for 1 year after a staff member left the employment of the University. These basic data are then summarized and kept as a certificate of service thereafter to be retained by electronic means. However, data related to benefits administration are kept for 7 years after a staff member's departure in accordance with the requirements of the Inland Revenue Ordinance.

  4. Personal particulars, examination results and evaluative data of Student Applicants are collected as a basis for selection of applicants for admission. These data will be destroyed upon the completion of the admission process.

  5. Personal data of Students of the University, including the personal particulars, family data, education background, academic and assessment records of students, as well as senate resolution are kept for registration of students, accounting for fees, planning and control of curricula and examinations, commissioning and validating educational materials, calculation and publication of examination results, communication with students, provision of transcripts and references, University promotional/public relation activities, analysis for management purposes, and assessment for scholarship. Other forms of students' personal data like counselling-related information, disciplinary record, co-curricular activities record, and placement-related data are kept for counselling/case management, communication with students, general and professional reference, and for statistical purpose. Upon the graduation of students, their basic identification data and personal details will be kept as Alumni data.

  6. Personal data of Alumni are kept for purpose of communication in relation to university development, invitation to special university functions and alumni gatherings, data analyses and generation of statistical reports for development purposes.

Should you have any queries concerning the above, please e-mail to HKBU Webmaster

- End -