SEARCH

Privacy Policy
Thank you for visiting The German Swiss International School (GSIS) web site and for reviewing our privacy policy. We collect no personal information about you unless you choose to provide that information to us.

We pledge to meet fully, and where possible exceed, internationally recognized standards of personal privacy protection, in compliance with the Personal Data (Privacy) Ordinance.

Definition
The GSIS privacy policy is formulated to protect the privacy of all data subjects, i.e. employees (current and past), students and their parents and job applicants in respect of their personal data.

A secondary objective of this policy is to develop internal codes of practice to ensure that conditions prescribed by the Personal Data (Privacy) Ordinance are met.

Non-Personal Data Collection
If you visit the GSIS web site and do nothing more than browse the site, read pages or download information, the site's operating system will automatically record some general information about your visit.

During your visit, the GSIS operating system will record:

  • The Internet domain for your Internet service, such as "xdomain.com" or "xdomain.net" if you use a private Internet access account, or "yourschool.edu" if you connect from a college or other education domain.
  • The type of browser (such as Netscape version X or Internet Explorer version Y) that you are using.
  • The type of operating system that you use (such as Macintosh, UNIX, or Windows).
  • The date and time you visit our site and the web pages that you visit on our site.
  • The address of the previous web site you were visiting, if you linked to us from another web site.

We use this information for statistical analysis and to help make the GSIS web site more useful to visitors. This tracking system does not record information about individuals.

Personal Data Handling
Some of our web pages (such as online contact form) let you voluntarily submit personal information. In those cases, every attempt will be made to protect your privacy. GSIS cannot, however, provide any guarantees as to the absolute security of your personal information.

Any person who controls the collection, holding, processing and use of personal data (data user) is subject to the Personal Data (Privacy) Ordinance.

They should treat all personal data, in whatever form it is recorded, as confidential and take all reasonably practical steps to ensure adequate security control for the effective use of the personal data according to the following data protection principles:

  • make the purpose(s) clear when collecting personal information;
  • use the personal data only for the purposes for which it was to be used at the time of collection, or for a directly related purpose;
  • strive to keep personal data accurate and up-to-date;
  • lock any personal data kept on paper, tape or disks in a secure location after use;
  • comply with GSIS' data protection policies and practices when disclosing personal data;
  • do not allow anyone inside or outside the organization access to personal data without the prescribed consent of the data subject; and
  • destroy any personal data which is no longer required for the purposes for which it is collected/used.

Rights of the Data Subject
All GSIS employees, students, their parents, and job applicants have the right to:

  • obtain a copy of the personal data relating to him/her held by the GSIS;
  • require the data user to correct any data relating to him/her which is inaccurate;
  • obtain the GSIS data protection policies and practices in relation to data and be informed of the kind of personal data held by the GSIS; and
  • be asked for consent before his/her personal data is used for a purpose other than the purposes for which it was collected or directly related purposes.

All requests for access to data, or correction of data must be made in writing in either English or Traditional Chinese and be addressed to:

Business Administrator
German Swiss International School
11 Guildford Road
The Peak
Hong Kong

Operational Procedures
1. Upon receipt of a written data access/correction request from a data subject, GSIS will comply with the request within 30 days of receiving the request.
2. GSIS will reject any data access/correction request if:
1. the request is not made in writing;
2. the data subject cannot provide sufficient information to locate the data being requested;
3. the request involves data relating to staff planning;
4. the request involves a personal reference or data generated by certain evaluative processes (including a recruitment/promotion/transfer/removal exercise) prior to a decision being made; and/or
5. the request follows two or more similar requests made by the data subject or an authorized person on his/her behalf.
3. If a data/access correction request is to be rejected, GSIS will give reasons in writing to the person making the request within 30 days of receiving the written request.
4. GSIS will keep and maintain a log book of requests and refusals which will be kept for at least two years.
5. GSIS will levy an administration charge for the processing of any data access requested.

Collection, Holding and Use of Identity Card Numbers / Personal Identifiers and Copy of Identity Card
The GSIS privacy policy also applies certain restrictions on the collection, holding and use of identity card numbers/personal identifiers and copies of identity cards:

  • A data user should not collect identity card numbers except:
    1. where required or specifically empowered to do so by a statutory provision; and
    2. as a condition for allowing the holder of the identity card access to premises where the monitoring of the activities of the holder on the gaining of such access is not practicable.
  • A data user shall only use an identity card number for the purpose for which it was collected.
  • A data user shall not collect an identity card number except by means of the physical production of the identity card/or copy of it in person by the individual.
  • A data user must take all reasonably practicable steps to erase the record of an identity card number when its requirement to identify or to attribute personal data to the holder of the identity card has been fulfilled.
  • A data user shall take all reasonably practicable steps to ensure that an identity card number and the name of the holder are not displayed together publicly and not made visible or accessible together to any person.

Restrictions on the collection and use of identity card copy are similar to that of identity card numbers.

As a security safeguard, except where it is required or permitted by law to the contrary, a data user shall not keep a copy of an identity card unless it is marked clearly and permanently across the entire image of the identity card with the word "copy" or the Chinese equivalent. A copy of the identity card shall be kept under reasonably secure conditions with access restricted to individuals who need to carry out activities related to permitted use of the copy.

If you have any questions or comments about the information presented here, please contact us.
© 2006 German Swiss International School
Last Modified: Thursday, 01 June 2006 02:21:20