The OUHK's personal data protection policy
This statement describes the University's personal data protection policy and
sets out how the University will deal with your personal data.
Principle 1 - Collection
The University provides education and training services. In order to do so,
it carries out various activities and collects and uses personal data for
various purposes relating to such activities.
Before collecting personal data from you, the University will provide you
with the information required by the Ordinance, and will notify you of your
right to obtain a copy of, and correct any inaccuracies in your personal data
held by the University.
The University will treat your personal data as confidential. However, from
time to time, it may need to disclose your personal data to other persons in
order to carry out its activities or because it is required to do so by law.
Where possible, the University will try to ensure that the recipient of the
personal data also agrees to treat it as confidential and in accordance with the
provisions of the Ordinance.
Principle 2 - Accuracy and retention
The University will, where practicable, take steps to ensure that the
personal data it maintains on you are accurate, but you should note that
responsibility for informing the University of changes in your personal data
rests with you. The University cannot establish whether your personal data are
correct unless you notify the University of any changes. If your personal data
are incorrect, the University will take steps to correct such personal data
before it uses such data or will ensure that they are erased.
The University will from time to time review whether it still needs to keep
your personal data. Personal data which are no longer required will be deleted.
Principle 3 - Use
Unless it has your consent, the University will not use your personal data
for any purpose other than the purpose for which they were collected (or a
directly related purpose).
Principle 4 - Security
The University will take steps to protect your personal data against
unauthorized or accidental access, processing, erasure or use.
The University has produced a Code of Practice to provide guidance to staff
and other individuals who have either a contractual or educational connection
with the University.
Principle 5 - Information
On or before collecting personal data from you, the University will inform
1. why it is collecting your personal data;
2. the purposes for which this may be used;
3. whom it may be transferred to; and
4. your rights under the Ordinance to ascertain whether the University holds
personal data on you.
The University has produced a Code of Practice which gives details of:-
1. the kinds of personal data which the University holds;
2. the purposes for which the University holds such personal data; and
3. the policies and practices of the University in relation to such personal
Principle 6 - Access and correction
In accordance with the Ordinance, you are entitled to write to the
1. to ascertain whether the University holds personal data on you; and, if so
2. to ask for a copy of such personal data; and
3. to require any inaccuracies in such personal data to be corrected.
You may make such request with the forms provided by the University for such
purpose. Copies of these forms may be obtained from the University Data
Protection Officer. The University may charge you a fee to cover its
Personal Data (Privacy) Statement on E-mail
You are welcome to contact the University by e-mail. Any reply to you will
normally be made through e-mail unless otherwise specified by you. The
University would like to draw your attention to the possible risk of such
e-mails being accessible to unauthorized third parties.
The personal data that you provide will only be used by the University for
the purpose of responding to your enquiries and any other directly related
purpose. You have the right to request access to, and correction of, personal
data relating to you that are held by the University. An application for access
and correction may be made by contacting the Data Protection Officer (Email :