|The HKMU’s personal data protection policy
This statement describes the University’s personal data protection policy and sets out how the University will deal with your personal data.
Principle 1 – Collection
The University provides education and training services. In order to do so, it carries out various activities and collects and uses personal data for various purposes relating to such activities.
Before collecting personal data from you, the University will provide you with the information required by the Ordinance, and will notify you of your right to obtain a copy of, and correct any inaccuracies in your personal data held by the University.
The University will treat your personal data as confidential. However, from time to time, it may need to disclose your personal data to other persons in order to carry out its activities or because it is required to do so by law. Where possible, the University will try to ensure that the recipient of the personal data also agrees to treat it as confidential and in accordance with the provisions of the Ordinance.
Principle 2 – Accuracy and retention
The University will, where practicable, take steps to ensure that the personal data it maintains on you are accurate, but you should note that responsibility for informing the University of changes in your personal data rests with you. The University cannot establish whether your personal data are correct unless you notify the University of any changes. If your personal data are incorrect, the University will take steps to correct such personal data before it uses such data or will ensure that they are erased.
The University will from time to time review whether it still needs to keep your personal data. Personal data which are no longer required will be deleted.
Principle 3 – Use
Unless it has your consent, the University will not use your personal data for any purpose other than the purpose for which they were collected (or a directly related purpose).
Principle 4 – Security
The University will take steps to protect your personal data against unauthorized or accidental access, processing, erasure or use.
The University has produced a Code of Practice to provide guidance to staff and other individuals who have either a contractual or educational connection with the University.
Principle 5 – Information
On or before collecting personal data from you, the University will inform you:-
1. why it is collecting your personal data;
2. the purposes for which this may be used;
3. whom it may be transferred to; and
4. your rights under the Ordinance to ascertain whether the University holds personal data on you.
The University has produced a Code of Practice which gives details of:-
1. the kinds of personal data which the University holds;
2. the purposes for which the University holds such personal data; and
3. the policies and practices of the University in relation to such personal data.
Principle 6 – Access and correction
In accordance with the Ordinance, you are entitled to write to the University:-
1. to ascertain whether the University holds personal data on you; and, if so
2. to ask for a copy of such personal data; and
3. to require any inaccuracies in such personal data to be corrected.
You may make such request with the forms provided by the University for such purpose. Copies of these forms may be obtained from the University Data Protection Officer. The University may charge you a fee to cover its administrative costs.