By Doctor Name
By Specialty
Anaesthesia
Endocrinology and Diabetes
Ear, Nose, Throat (Otorhinolaryngology)
General Practice / Family Medicine
Infectious Disease
Intensive Care Unit
Medical Imaging Department
Cardiothoracic Surgery
Gastroenterology & Hepatology
General Surgery
Colorectal Surgery
Orthopaedics & Traumatology
Neurosurgery (Brain & Spine)
Neurology
Oncology
Paediatric Surgery & Paediatric Urology
Obstetrics & Gynaecology
Ophthalmology Centre
Paediatrics
Plastic Surgery
Dermatology & Venereology
Dermatology
Rheumatology
Respiratory / Sleep-apnoea Clinic
Haematology & Haemotological Oncology
Psychiatry
Psychiatry (Child and Adolescent Services)
Union Speech & Swallowing Therapy Clinic
Urology
Geriatric Medicine
Allergy Centre
Breast Centre
Union Dental Centre
DHI Hair Centre
Emergency Medicine Centre
Gastrointestinal Diseases Centre
Health Maintenance Centre
Heart Centre
Integrated Liver Centre
Minimally Invasive Centre
Renal Dialysis Centre
Union Reproductive Medicine Centre
Dietitian Consultation
Podiatry
Clinical Psychology
Counseling Psychology
Speech Therapy
 

Privacy Policy Statement

Statement of Policy

Union Medical Centre Limited and its subsidiary, affiliated or related companies, including Union Hospital (collectively, “we”, “us” or “our”) understand the importance of protecting the privacy, confidentiality and security of the personal information we hold by complying with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance.

It is important that you read this Privacy Policy Statement together with the applicable personal information collection statement of the relevant service, website, and/or mobile application provided by us. So that, you are fully aware of how and why we are using your personal data. This Privacy Policy Statement supplements other notices of us and is not intended to override them.


Statement of Practice

Kinds of Personal Data Held

Four broad categories of personal data are held by us. They are personal data contained in:

Medical records which include records containing information related to the physical and/or mental health of an individual;

Personnel records which include job applications and staff personal details, job particulars, details of salary, qualifications, benefits, leave and training records, group medical insurance records, mandatory provident fund schemes participation, performance appraisals, and disciplinary matters, etc.;

Other records which include administration and operational files, service agreements, personal data provided to us from individuals for participating in promotional activities and other events, records relating to direct marketing, newsletters subscriptions, records relating to service request management, enquiries, customer opinions and feedback, compliance check records, statistical analysis, surveys and quality assurance, etc.; and

Records collected on webservers and/or mobile application servers which include personal particulars and email addresses (whereas they can be used to identify an individual under specific circumstances thus may constitute personal data) collected for online appointment booking, enquiry form submission, service request submission and opinions submission, etc.


Main Purposes of Keeping Personal Data

Personal data held in:

Medical records are kept for the purposes of providing patient care or general related purposes (including but not limited to treatment, quality assurance, research, education and charges levied by us);

Personnel records are kept for recruitment and human resource management purposes, relating to such matters as employees' appointment, employment benefits, termination, performance appraisal and discipline, etc.;

Other records are kept for various purposes which vary according to the nature of the record, such as handling of complaints, seeking advice on policy or operational matters, organizing and delivering promotional, educational and training activities and handling of compliance checks, etc.; and

Records collected on webservers and/or mobile application servers are kept for various purposes which vary according to the nature of the record, such as contacting clients for confirmation of online appointment booking, contacting clients to reply their online enquiries, etc.


Information Collected When You Visit Our Website(s) and/or Use Our Mobile Application(s)

When you visit our website(s) and/or use our mobile application(s), the servers will collect data relating to your visits to/use of such website(s) and/or use of such mobile application(s), including but not limited to your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, the time/duration and the pages visited (log files). We use these log files for the purpose of maintaining and improving our website(s) and/or mobile application(s) such as to determine the optimal screen resolution, which pages have been most frequently visited, etc.

We do not use, and have no intention to use the visitor data to personally identify anyone.


Use of Social Media Platform

If you interact with us on social media platforms (e.g., by “Liking” our Facebook page), we can interact with you and send you messages via these platforms. We will interact with you in accordance with the social media platform’s rules, but we are not responsible for how the platform operators collect and handle your personal data. We are not responsible for the content posted on our social media accounts by third parties.


Use of Cookies and other Tracking Mechanisms

Cookies are small blocks of data generated by a webserver while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Some cookies allow us to improve your digital experience when you navigate our website(s) and/or mobile application(s), while others are used to enable us to store and track information about your interests and preferences at our website(s) and/or mobile application(s). We may also engage third parties to track and analyze nonpersonally identifiable data from our website(s) and/or mobile application(s). We use the data collected by such third parties to help us manage and improve our website(s) and/or mobile application(s) and to analyze usage of the same. It is important to note that this is unrelated to and separate from your personal data. However, such third parties may combine the non-personally identifiable data that we provide about you with other information that they have collected to produce personally identifiable data. If you do not wish to allow the use of cookies, you can disable them through your browser settings, but to do so you may not be able to utilize certain functionality of the website(s) and/or mobile application(s).


Outsourcing Arrangements

Our IT systems are developed and maintained by in-house staff and local third party service providers. All of them are bound by contractual duty and we maintain and execute strict outsourcing arrangements to ensure the security of the personal data stored.


Online Payment Gateway

We accept payments for selected services through AsiaPay. In order to process the payment via AsiaPay, users are required to provide personal information including but not limited to their credit card and billing contact information to AsiaPay which is managed by AsiaPay (HK) Limited, a company registered under the laws of Hong Kong Special Administrative Region.

In selecting and agreeing to make payment via AsiaPay, users will be bound by the terms for payments of AsiaPay services which may be revised from time to time by AsiaPay (HK) Limited. Users are also recommended to read the Privacy Policy of AsiaPay (HK) Limited before using the AsiaPay services. AsiaPay’s Privacy Policy can be found at:https://www.asiapay.com/privacy.html.


Third Party Websites or Mobile Applications

Our website(s) and/or mobile application(s) may from time to time contain links to other third party websites or mobile applications. These other third party websites or mobile applications are independent of our website(s) or mobile application(s). We have no control or management over the contents of such other websites, mobile applications or their privacy policies or compliance with law. It is important for you to note that the provisions of such links do not constitute an endorsement, approval, or any form of association by or with us. We have no control over your personal data submitted by you, if any, to other websites or mobile applications. We recommend that you read the respective privacy policies of other websites or mobile applications carefully.


Protection Measures

Security arrangements will be reviewed regularly to ensure that the personal data we hold is protected against unauthorized or accidental access, processing, erasure, loss or use. The security arrangements include, without limitation, the following:

  1. Restriction of access to personal data on a “need-to-know” basis;
  2. Restriction of the access rights of staff to office areas storing confidential information;
  3. Provision of clear guidelines to staff on the proper handling of data access request;
  4. Provision of timely personal data privacy training; and
  5. Regular review and enhancement of data security for protection of personal data in the information systems against malicious attacks.

Data Retention

We will take all reasonably practicable steps to erase personal data collected which is no longer necessary for the purposes for which it is to be used.


Disclosure of Personal Data

When you provide personal data to us, please make sure the data provided is accurate and complete. Failure to provide accurate or complete information may affect our ability to provide services for the healthcare purposes mentioned.

You should note that your personal data (including health information) may be made available to:

  • Appropriate persons in Union Medical Centre Limited and its subsidiary, affiliated or related companies;;
  • Doctors/healthcare providers/other relevant persons outside Union Medical Centre Limited and its subsidiary, affiliated or related companies;
  • Visitors/ staff/ students/ trainees from hospitals/ healthcare or educational institutions (local or overseas) whose presence at Union Medical Centre Limited and its subsidiary, affiliated or related companies are authorized;
  • Appropriate government departments/ Hospital Authority/ third parties in disaster situations; and
  • Appropriate government departments/ agencies/ authorities etc. when disclosure is required or permitted by law, is necessary for public health purposes or enables verification of your identity/status for charging or other purposes.

In addition to the above, we will only use, disclose or transfer the personal data you provided to us for, first, purposes relating to your healthcare or directly related purposes or, secondly, where permitted by law. We will need to obtain your consent before using your personal data for any other purposes.


Direct Marketing

Without your consent, we cannot use or provide to third parties (whether intra-group and/or external parties) your personal data for the purpose of direct marketing. Subject to your consent, we may use or provide to third parties (whether intra-group and/or external parties) your personal data for direct marketing purposes in accordance with the personal information collection statement provided to you on or before collection of your personal data. You may withdraw your consent at any time by writing to the Marketing Department, Union Hospital, 18 Fu Kin Street, Tai Wai, Shatin, New Territories, Hong Kong Special Administrative Region or by email at marketing@union.org.


Data Access & Correction

If you wish to access or correct your personal data, you may do so under the Personal Data (Privacy) Ordinance. Please contact our Nursing Staff during office hours / Data Protection Officer by mail to Union Hospital, 18 Fu Kin Street, Tai Wai, Shatin, New Territories, Hong Kong Special Administrative Region (Marked Confidential) or via email at privacy@union.org.


Updates to Privacy Policy Statement

This Privacy Policy Statement may from time to time be updated, revised or amended. Any update, revision or amendment will be effective immediately upon being posted on website(s) and/or mobile application(s) of us. Where legally required, we shall notify you and/or obtain your consent for any major changes. If you do not accept the updates, revision or amendment, and/or provide your consent, then we may not be able to provide goods or services to you. You are advised to check the website(s) and/or mobile application(s) of us for updates to this Privacy Policy Statement on a regular basis.


Governing Law and Jurisdiction

These terms and conditions are governed by and construed in accordance with the laws of Hong Kong Special Administrative Region and you agree to submit to the exclusive jurisdiction of the courts of Hong Kong Special Administrative Region.


Enquiries

Any enquiries regarding personal data privacy policy and practice, please contact our Data Protection Officer by mail to Union Hospital, 18 Fu Kin Street, Tai Wai, Shatin, New Territories, Hong Kong Special Administrative Region or via email at privacy@union.org (Marked Confidential)

This Privacy Policy Statement is effective from the date of posting and supersedes any previous versions. This Privacy Policy Statement has been translated into Chinese. If there is any inconsistency or ambiguity between the English version and the Chinese version, the English version shall prevail.


We keep our privacy policy statement under regular review. This statement was last updated on 01 Mar 2024.