Privacy Policy

The Hong Kong Federation of Youth Groups Leadership Institute Privacy Policy Statement

The Hong Kong Federation of Youth Groups Leadership Institute (the Institute) respects the privacy of individuals. We do our best to ensure the collection, usage, storage, transfer and disclosure of your personal data accord to the Personal Data (Privacy) Ordinance. This Statement explains our policies and practices on handling personal data.

Data collection

When you are using the service of the Institute, providing services to the Institute, being employed by the Institute, making a complaint and/or browsing the websites of the Institute, your personal data may be collected, including but not limited to:

Participants / service users: Name, telephone number, mobile phone number, address, email address, date of birth, HKID number, guardian information, school, etc.

Employees / part-time instructors / any person directly or indirectly employed by the Institute: the personal data provided in the job application forms, information on salary/wage, bank account number, payment records, contributions to provident fund or mandatory provident fund, leave records, training records, records on medical and claiming subsidies, performance appraisal and disciplinary action, etc.

Service providers: Name, HKID number, telephone number, address, bank account number, etc.

Complainants: the name of complainant, telephone number, email address, the content of the complaint, investigation process and result etc.

You are obliged to provide the mandatory information as listed on the forms or other necessary information for initiating the process. Otherwise, the Institute may not be able to provide the service you request.

Data usage

Participants / service users: the data collected may be used for the purposes related to the participation in different programmes and activities, the issuance of receipts, collecting user feedback, conducting analyses, and any other initiatives in relation to the aims and objectives of the Institute.

Employees / part-time instructors / any person directly or indirectly employed by the Institute: the data collected may be used for recruitment and human resources management, such as appointment, salary/wage payment, internal transfer, performance appraisal and disciplinary action.

Service providers: the data collected may be used for payment or relevant issues.

Complainants: the data collected will be used for the investigation, reply and follow-up to the complaint.

The dissemination of news and information related to the Institute and its service units would be conducted in accordance with the requirements of the Personal Data (Privacy) Ordinance, after obtaining the consent from the data subject. Should you wish to stop receiving news and information from the Institute and its service units, please contact us at

Outsourcing arrangements

Some of the services of the Institute, including but not limited to the development and maintenance of systems, running of classes and courses, are provided, developed and/or maintained by third-party service providers.

All providers are bound by contractual duty to keep all the personal data confidential; we also promise to take all practicable measures to protect your personal data.

Transfer of personal data to places outside Hong Kong

If deemed necessary, the Institute may transfer your personal data to places outside Hong Kong, in order to carry out the purposes stated during data collection, or related purposes.

Data retention

The Institute will only retain your personal data within the period that retention is necessary for the fulfillment of the purposes stated during collection. Shall the personal data we keep be no longer required for the stated purposes, they will be erased within a reasonable timeframe.

Disclosure of personal data

The Institute does not rent, sell, transfer or disclose your personal information with other people or non-affiliated companies except under the following circumstances:

i. any agent, contractor or third party service provider who provides administrative, telecommunications, computer, or any other services to the Institute in connection with the operation of its business;

ii. the services requested by you is provided by the person or company concerned;

iii. with your prior consent;

iv. we believe that it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person;

v. to satisfy any applicable law, regulation, legal process, enforceable governmental request and administrative requirements.

Information collected when you visit the Institute’s websites and using the Institute’s mobile apps

Internet technology requires some basic information in order for users of websites or mobile apps to use our online services smoothly. The basic information should include but not limited to IP addresses and/or domain names, browser type and settings, language settings, geographical district, operating system, and time/duration of visit. These data are anonymous and cannot be used to identify the user under general situations. When personal identifiable information of users are involved or collected in the Institute’s websites or mobile apps, users will be prompted to give explicit alert of the collection so as to give consent.

CCTV Monitoring System

To safeguard the security and properties of the Institute, its staff and visitors, the Institute has installed CCTV monitoring systems in the public areas in some offices and premises. You may be recorded in reasonable ranges of the premises. Generally speaking, video records will be kept for not more than 6 months. Only authorized personnel can access the video records for the purpose stated above.

Protection measures

The Institute takes appropriate measures to protect the personal data we hold from loss, unauthorized collection, use, modification, transfer, access or disclosure.

A registered user of the Institute’s websites should keep his/her login name and password safe and secure; and has sole responsibility over the action conducted under his/her own login name and password.

Data access and correction

You should update your personal information with us shall there be any change; otherwise the Institute may not be able to provide the services you request.

According to the Personal Data (Privacy) Ordinance, you have the right to access and correct your personal data and request a copy of the said data. When such requests are made, the Institute will check the requestor’s identity to ensure the requestor is legally entitled to make the data access or correction request. The Institute shall or may refuse to comply with a data access request in the circumstances specified in section 20 of the Ordinance, for example, the requestor fails to provide necessary information to the Federation.

You can make your request by completing the Data Access Request Form (OPS003) available from the Office of the Privacy Commissioner for Personal Data ( and/or submitting the request in writing; and sending the details to Your request will be answered in 40 days. A fee may be charged for complying a data access request.

Revision of this Statement

The Institute reserves the right to revise this Statement. Revision will be announced on the Institute’s website ( This Statement was last updated October 2020.

In case of any discrepancy between the English and Chinese versions of this Statement, the English version shall prevail.