Privacy Policy
1. Policy
It is the policy of The Hong Kong Institute of Directors (“HKIoD” or “the Institute”) to protect the privacy of personal data and treat personal data with respect. In the collection of personal data, the Institute works to meet the requirements of the Personal Data (Privacy) Ordinance. In handling personal data, the Institute ensures compliance by staff with the standards of security and confidentiality prescribed under the Ordinance.
2. Purposes of data collection
- Processing of enrolment application for HKIoD membership.
- Processing of enrolment application for members’ meetings.
- Processing of enrolment application for training courses and speaker forums.
- Processing of enrolment application for mission delegations.
- Processing of enrolment application for Board Appointment Service.
- Fulfilment of publications to HKIoD members and those who order or request or are approved by the Institute for receiving such publications.
- Circulation of notices to members and those non-members who request and are approved by the Institute for such circulation on updates, events, projects, membership, services and publications.
- Invitation to non-members for joining the Institute’s membership as referred by members.
- Invitation to non-members for participating in the Institute’s training courses, speaker forums and projects.
- Processing of candidates for Directors Of The Year Awards
- Compilation of statistics
The provision of data by the data subjects is voluntary. However, failure to provide the requested personal data may result in the Institute being unable to process a request or deliver a service.
3. Types of personal data collected
The types of personal data collected include, but are not limited to:-
Purposes | Data Subjects | Data Collected |
---|---|---|
(a) Application for membership | Applicants to HKIoD membership | Name – including addressing title and honours Gender Date of birth Nationality Hong Kong Identity Card number Business, professional and academic qualifications Business and home addresses, telephone numbers, fax numbers, email address Work experiences in years – total, as director Name of current principal company Position in current principal company Information on current principal company – legal status, main activity, board size, number of employees Other directorships or business engagements – company name, position and chronology Contact person and telephone number |
(b) Enrolment to member’ meetings | HKIoD members | Name – including addressing title |
(c) Enrolment to training courses and speaker forums | Applicants who may be HKIoD members or non-members | Name – including addressing title Contacts – postal address, telephone and fax numbers, email address Name of current principal company Position in current principal company Membership of other associations (for special programme applying discount on course fee) Applicant assistant’s name and contact details |
(d) Enrolment to mission delegations for cross-border visits. | Delegation Members and spouses (if joining) | Name – including addressing title and honours* Hong Kong Identity Card number** Passport number** Business, professional and academic qualifications* Contacts – postal address, telephone and fax numbers, email address* Name of current principal company* Position in current principal company* Public service – organisations and positions* Awards received* Notes:- *Data for producing a delegates’ booklet for visited organisations, subject to individual delegate consent **Data for travel arrangements |
(e) Enrolment for Board Appointment Service – for members who offer service – for matching of search and offering members – subject to matched members’ consent, for recommendation of candidates to companies in search |
HKIoD members | Name – including addressing title and honours Business, professional and academic qualifications Contacts – postal address, telephone and fax numbers, email address Work experiences in years – total, as director Name of current principal company Languages Industry/professional background skills Present directorships – company name and category, position as ED/NED/INED Past directorships in past five years – company name and category, position as ED/NED/INED Major public service – organisation and position Role as NED Time available per month in number of hours for new appointment Expected annual director’s fee for new appointment |
(f) Fulfilment of publications – for circulation | Readers who may be HKIoD members or non-members | Name – including addressing title Contacts – postal address, telephone and fax numbers, email address Name of current principal company Position in current principal company |
(g) Circulation of notices on updates, events, projects, | HKIoD members and non-members | Name – including addressing title Contacts – postal address, telephone and fax numbers, email address |
4. Data retention
4.1 Unless otherwise agreed, hard copies of any documents containing personal data provided to the Institute will become the property of the Institute and will not be returned.
4.2 Personal data will be retained only for such period as may be necessary for carrying out the purposes stated in this policy or as otherwise specified at the time of collection.
4.3 Membership data will be retained and updated as long as the data subject remains a member.
4.4 Within 12 months after an applicable event/purpose or elapse of membership, the Institute will erase non-public-domain data of data subjects. The reasons for the 12-month retention period are to cater for annual audits and rejoining of elapsed members in accordance with past pattern of behaviour.
5. Data disclosure
5.1 Personal data held by the Institute will be kept confidential but the Institute may, where such disclosure is necessary to satisfy the purpose, or directly related purpose, for which the data was collected, provide such information to the following relevant parties:-
- HKIoD members by way of access to the Membership Directory in the Members’ Login Area of the Institute’s website, whereby the data displayed are only members’ names and are not applicable to those members who have opted to be excluded from this directory.
- HKIoD members by way of electronic circulation of a Welcome List, whereby the data displayed are the new members’ respective names, companies and positions and are not applicable to those new members who have opted to be excluded from this Welcome List.
- Visitors to the Web-list of Board Appointment Candidates in the Institute’s website, whereby the data displayed are only members’ names and are applicable to those members who have opted to be included in this list.
- The Institute’s Council and/or delegated Committees for review and approval of enrolment to membership and events and participation in projects.
- The Institute’s staff in executing relevant processing, whereby the staff members are bound by condition of confidentiality in their employment letters.
- A third party such as (i) a joint organiser or a sponsor or a speaker in the case of a jointly organised event, (ii) a visited organisation in the case of a mission delegation outside of Hong Kong and (iii) the Honorary Selection Consultants and the Panel of Judges of the project Directors Of The Year Awards, whereby the participants’ consent will have been obtained for the disclosure and the third party is required to maintain the personal data in confidentiality.
- A contractor or agent bound by confidentiality agreement when commissioned by the Institute in executing tasks for the purposes specified in paragraph 2 above.
- Government bodies and regulators as required under the law or pursuant to any regulatory arrangements between the Institute and the relevant government body or regulator.
- Any person to whom the Institute is required to make disclosure under any Hong Kong law.
5.2 Except as stated above or with consent of the data subject, the Institute will not disclose the personal data to a third party.
5.3 The Institute will do its best to ensure compliance with the Ordinance by providing guidelines to and monitoring compliance of the relevant parties. However, the Institute cannot control how third parties use personal information and assumes no responsibility for the privacy protection provided by such third parties.
6. Communication channels
In executing tasks for the purposes specified in paragraph 2 above, the Institute communicates with data subjects through one or more of the following channels:- (a) postal service, (b) email, (c) telephone, (d) fax
7. Data collection statements
7.2 Consent will be sought from data subjects for
- the use of personal data by the Institute in communications on updates, events, projects, membership, services and publications, with option to receive such communications.
- disclosure of personal data to a third party, wherever applicable.
8. Data subject’s rights
8.1 Right of access and correction: Data subjects have a right of access and correction with respect to personal data. Right of access includes the right to obtain a copy of personal data provided by the relevant data subject. Requests regarding access and correction can be directed in writing to the Institute.
8.2 Notification of breach of data security: Upon suspicion or discovery of breach of data security, a data subject may notify the Institute in writing. It is the policy of the Institute to investigate the alleged breach and rectify the situation if the breach is proven. Provided that the complaint is made by an identified person who is the data subject with identified communication
channel, the Institute will inform the data subject concerned of the outcome and rectification action, if any, as a conclusion.
8.3 Objection to receiving direct marketing: Data subjects who do not wish to receive the Institute’s communications on updates, events, projects, membership, services and publications may forward written request to the Institute stating name, postal address/email address.
9. Administration and legal resource
9.1 The Institute has assigned the role of Data Protection Officer to a number of staff members as part of their duties:-
- One employee in charge of membership administration has the relevant role regarding members’ and prospective members’ personal data.
- Two employees in charge of project implementation have the relevant role regarding event participants’ personal data.
- One employee in charge of training has the relevant role regarding training participants’ personal data.
- The CEO is the ultimate Data Protection Officer and assures the effectiveness of the various data protection functions performed by the above employees.
9.2 The HKIoD Employees Handbook stipulates clearly employees’ right of personal data protection and their duty of exercising care in accordance with this Policy when handling personal data of stakeholders.
9.3 The theme of privacy and protection of personal data is included in:-
- employee induction upon commencement of employment and
- regular staff meetings to refresh staff training and ensure knowledge and execution of updates.
9.4 The Honorary Legal Adviser of the Institute, P C Woo & Co, is the Institute’s legal resource on data protection matters.
10. Contact address of the Institute
Requests related to personal data may be made to
The Hong Kong Institute of Directors
by post at 2104 Shanghai Industrial Investment Building, 48 Hennessy Road, Wan Chai, Hong Kong, or
by email at personaldata@hkiod.com, or
by fax at +852 2889 9982.
For inquiry, tel no. +852 2889 9986.