The privacy of our patients / users of our services / our hospital or clinic visitors / visitors or users of our website or mobile applications (you) is of utmost importance to CUHK Medical Centre Limited (CUHKMC, we, our or us). This statement establishes how we collect information from or about you from your use of our services / visit of our hospital or clinic / visit or use of our website or mobile applications and how we use or disclose such information.
We are committed to protecting the privacy, confidentiality and security of personal data we collect and hold by complying with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO). Please visit the website of Office of the Privacy Commissioner for Personal Data, Hong Kong at http://www.pcpd.org.hk for PDPO and the relevant guidance notes.
1. Types of Personal Data Collected and Held
1.1 For customer identification, provision of services, treatments and/or facilities (collectively, Services) to you and other purposes, we may collect from you and/or third parties authorised by you, and/or by means of our clinical diagnostic procedures, and hold personal data about you, including, but not limited to, the following:
(1) your personal particulars (including your name, gender, date of birth, identification document type and number, nationality, marital status and religion);
(2) your contact information (including correspondence address, telephone number, email address and preferred language for communication);
(3) personal particulars and contact details of your emergency contact person(s) and/or next-of-kin(s);
(4) your credit or debit card account and billing information (including name of cardholder, credit or debit card number and expiry date);
(5) your insurance information (including name of insurer or broker, insurance policy number and insurance coverage); and
(6) your medical history / condition, drug history and/or other relevant information relating to your health.
1.2 When you use our website, we may collect and store information about your activities and website preference on our website for statistical and internal analysis purposes. For example, we may count the number of access / visitors to the different pages of our website and collect general usage patterns to measure the effectiveness and improve the usability of our website and the services provided through our website. Our server logs record IP (internet protocol) address, the date and time of the access / visit, the pages accessed and documents downloaded, the previous site visited and the type of browser used. Such information collected is anonymous and does not contain name or address information or any information that will enable anyone to contact you.
1.3 No attempt will be made to identify users of our website or their respective browsing activities from the information referred to in paragraph 1.2 except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect our server logs. This information is frequently reviewed for analysing our website’s usage statistics.
1.4 By sending us an electronic mail message, you may be sending us personal information (for example, name, address, email address). We may store this information provided by you in order to respond to the request or to otherwise resolve the subject matter of your email.
1.5 Some features of our website may require you to fill out registration forms when you request specific information and/or services. Other information that may be collected on our website (for example, through questionnaires, feedback forms or other means) enables us to determine a user / visitor's interests, thereby in furtherance of our goal to provide better service.
2. Use of Personal Data
2.1 Your personal data may be used mainly for the following purposes or any purposes directly relating to any of them:
(1) purposes relating to your healthcare and/or generally for medical care or treatment purposes, including provision of the Services to you by us;
(2) teaching, education, research and/or statistical purposes;
(3) operation and maintenance of our information systems and our mobile applications for patients and doctors;
(4) provision of our and/or our Affiliates’ promotional and direct marketing materials to you pursuant to paragraph 4 below (our Affiliates means our shareholders/holding companies and their respective subsidiaries and associated companies, together with their respective joint ventures, partnerships and/or collaborations relate to the provision of healthcare services);
(5) evaluation, planning and improvement of services which we and/or our Affiliates provide;
(6) communication with you in relation to us/our Affiliates;
(7) our accreditation, audit, service quality control and administrative purposes;
(8) investigation and processing of complaints or disputes;
(9) prevention or detection of crime;
(10) compliance with or disclosure as permitted or required by any law, rule, regulation, code or guideline (collectively, Law); and
(11) any other purposes as may be agreed between you and us, including purposes set out in any written communication or terms and conditions for the supply of specific services/facilities to you by us.
2.2 When we collect personal data from you, we will provide you with a personal information collection statement (PICS) in an appropriate format and manner (such as the Personal Information Collection Statement to Patients) to identify to you the purposes for which your personal data are collected and the types of third parties to whom we may disclose your personal data.
3. Disclosure of Personal Data
3.1 We will keep your personal data confidential but we may, in addition to our staff, transfer or disclose your personal data to third parties (such as your attending doctors/healthcare providers, your insurer, our Affiliates, our agents and service providers or such other persons as permitted by any Law) for the purpose(s) as set out in the relevant PICS. We will also disclose your personal data as required by any Law.
3.2 Except as stated above, we will not transfer or disclose your personal data to any third party without your prior consent.
4. Direct Marketing
4.1 By virtue of PDPO, we will not use your personal data for direct marketing purposes without your prior consent.
4.2 With your consent which is not subsequently opted out, we may use your personal data for sending you promotional and direct marketing materials in relation to healthcare services provided by us / our Affiliates through various communication channels (such as SMS and electronic mail).
4.3 If you wish us cease to use your personal data in direct marketing, you may send your request at any time to firstname.lastname@example.org or through such other channels as we may announce from time to time.
5. Retention of Personal Data
We will not keep personal data for longer than is necessary for fulfilling the purposes (including any directly related purposes) for which they are, or are to be, used. Different retention periods apply to different types of personal data collected and are held by us in accordance with our retention policies.
6. Accuracy and Security of Personal Data
6.1 We have appropriate procedures in place to maintain, so far as is reasonably practicable, the accuracy, completeness and relevance of the personal data used by us in relation to the purposes for which the personal data are collected.
6.2 We take appropriate steps to protect the personal data we hold against unauthorised or accidental access, processing, erasure, loss or use.
7. Access and Correction of Personal Data
7.1 You have the right to request access to and/or correction of your personal data held by us. You have to make your data access or correction request in writing to our Data Protection Officer by post or email to:
Address: Medical Records Office, CUHK Medical Centre
9 Chak Cheung Street, Shatin, New Territories
We will require you or any other person who makes such request on your behalf to provide suitable document or information for verification of identity and/or confirmation of authorisation.
7.2 For data access request, you may use the “CUHKMC Patient Data Request Form” or the form specified by the Privacy Commissioner for Personal Data downloaded from this link https://www.pcpd.org.hk/english/publications/files/Dforme.pdf Data access request is subject to payment of a reasonable fee.
8. Retention of Personal Data
If you have any enquiries on this statement or wish to obtain further information on our privacy policies and practices, please write to email@example.com
10. Governing Versions