Skip to main content

Statement of Policy
The Education University of Hong Kong (EdUHK) fully supports and observes recognised standards of protection in the security and confidentiality of personal data, as stipulated in the requirements of the Personal Data (Privacy) Ordinance.
Statement of Practices
The University Data Protection Officer, with assistance from his/her deputy, is the key member of staff in driving personal data protection in the University, and will have the following responsibilities:


  1. To coordinate, oversee and review the University's policies related to the Personal Data (Privacy) Ordinance and its implementation so as to ensure the University fully complies with the requirements of the Ordinance;
  2. To handle enquiries related to the policies and their implementation;
  3. To raise awareness of the requirements of the Ordinance in the University; and
  4. To advise the University on related matters. 

All members of the University are required to follow the policies’ requirements in handling personal data and information security, to uphold the compliance of the required regulations. 
Kinds of Personal Data Held

The University may collect personal data that is necessary and adequate but not excessive for various purposes, including student records, staff personnel records, CCTV recordings, control logs, and server access logs. Websites managed by the University and its units may use browser cookies to maintain login sessions and enforce security. You may disable these cookies but this may affect your browsing of the website. We may also collect personal data from our outsourced contractors and visitors for access control and security reasons. Data may be collected for other purposes when needs arise.  


Purposes of Keeping Personal Data
When the University collects personal data from individuals, a Personal Information Collection Statement (“PICS”) will be provided to ensure data subjects are aware of the purposes of the data collected. The collection of data must be justified and not excessive.
Protection Measures
Personal data in the University will be secured and will only be able to be accessed by authorised people. The University’s Information Security Policy ensures proper security measures regarding personal data throughout the life cycle.
Personal data will be deleted once the business purposes are fulfilled. Retention periods are specified in the PICS concerned.
Disclosure of Personal Data
You have the right to request access to and correction of information which is held by the University. The University may charge you a fee to cover the administration overhead incurred. If you wish to access or correct your personal data held by the University, please submit your request to for staff data, for student data, and for other data.
Any enquiries regarding personal data privacy policy and practice should be sent to the University Data Protection Officer at


Updated on 22 November 2022