Carmel School Association Home


About Carmel > Privacy Policy

Privacy Policy


Thank you for visiting The Carmel School web site and for reviewing our privacy policy. We collect no personal information about you unless you choose to provide that information to us.

We pledge to meet fully, and where possible exceed, internationally recognized standards of personal privacy protection, in compliance with the Personal Data (Privacy) Ordinance.


Definition


The Carmel privacy policy is formulated to protect the privacy of all data subjects, i.e. employees (current and past), students and their parents and job applicants in respect of their personal data.

A secondary objective of this policy is to develop internal codes of practice to ensure that conditions prescribed by the Personal Data (Privacy) Ordinance are met.
Personal Data Handling

Some of our web pages (such as online contact form) let you voluntarily submit personal information. In those cases, every attempt will be made to protect your privacy. Carmel cannot, however, provide any guarantees as to the absolute security of your personal information.

Any person who controls the collection, holding, processing and use of personal data (data user) is subject to the Personal Data (Privacy) Ordinance.

They should treat all personal data, in whatever form it is recorded, as confidential and take all reasonably practical steps to ensure adequate security control for the effective use of the personal data according to the following data protection principles:


make the purpose(s) clear when collecting personal information;
use the personal data only for the purposes for which it was to be used at the time of collection, or for a directly related purpose;
strive to keep personal data accurate and up-to-date;
lock any personal data kept on paper, tape or disks in a secure location after use;
comply with Carmel Schools' data protection policies and practices when disclosing personal data;
do not allow anyone inside or outside the organization access to personal data without the prescribed consent of the data subject; and
destroy any personal data which is no longer required for the purposes for which it is collected/used.
Rights of the Data Subject

All Carmel employees, students, their parents, and job applicants have the right to:


obtain a copy of the personal data relating to him/her held by Carmel;
require the data user to correct any data relating to him/her which is inaccurate;
obtain Carmel data protection policies and practices in relation to data and be informed of the kind of personal data held by Carmel; and
be asked for consent before his/her personal data is used for a purpose other than the purposes for which it was collected or directly related purposes.

All requests for access to data, or correction of data must be made in writing in either English or Traditional Chinese and be addressed to:

School Manager, Carmel School, Borrett Rd, Mid Levels, Hong Kong.


Operational Procedures

1. Upon receipt of a written data access/correction request from a data subject, Carmel School will comply with the request within 30 days of receiving the request.
2. CarmelSchool will reject any data access/correction request if:
1. the request is not made in writing;
2. the data subject cannot provide sufficient information to locate the data being requested;
3. the request involves data relating to staff planning;
4. the request involves a personal reference or data generated by certain evaluative processes (including a recruitment/promotion/transfer/removal exercise) prior to a decision being made; and/or
5. the request follows two or more similar requests made by the data subject or an authorized person on his/her behalf.

3. If a data/access correction request is to be rejected, Carmel School will give reasons in writing to the person making the request within 30 days of receiving the written request.
4. Carmel School will keep and maintain a log book of requests and refusals which will be kept for at least two years.
5. Carmel School will levy an administration charge for the processing of any data access requested.

Collection, Holding and Use of Identity Card Numbers / Personal Identifiers and Copy of Identity Card
The Carmel privacy policy also applies certain restrictions on the collection, holding and use of identity card numbers/personal identifiers and copies of identity cards:


A data user should not collect identity card numbers except:
1. where required or specifically empowered to do so by a statutory provision; and
2. as a condition for allowing the holder of the identity card access to premises where the monitoring of the activities of the holder on the gaining of such access is not practicable.

A data user shall only use an identity card number for the purpose for which it was collected.
A data user shall not collect an identity card number except by means of the physical production of the identity card/or copy of it in person by the individual.
A data user must take all reasonably practicable steps to erase the record of an identity card number when its requirement to identify or to attribute personal data to the holder of the identity card has been fulfilled.
A data user shall take all reasonably practicable steps to ensure that an identity card number and the name of the holder are not displayed together publicly and not made visible or accessible together to any person.

Restrictions on the collection and use of identity card copy are similar to that of identity card numbers.

As a security safeguard, except where it is required or permitted by law to the contrary, a data user shall not keep a copy of an identity card unless it is marked clearly and permanently across the entire image of the identity card with the word "copy" or the Chinese equivalent. A copy of the identity card shall be kept under reasonably secure conditions with access restricted to individuals who need to carry out activities related to permitted use of the copy.

If you have any questions or comments about the information presented here, please contact us.