Privacy Policy

Hospital Advisor is a web based platform at www.hospitaladvisor.org.hk ("Website"), which aims to help patients with their hospital choice in Hong Kong. Hospital Advisor is operated by HospitalAdvisor Limited ("Hospital Advisor", "we", "us" or "our").

Please read the following Privacy Policy to understand how Hospital Advisor uses the Personal Data (as defined in paragraph 1 below) we may collect from you. By providing your Personal Data to us, you are consenting to this Privacy Policy and the collection, use, access, transfer, storage and processing of your personal information as described in this Policy. We are committed to protecting your personal data privacy. To ensure that you can make informed decisions and feel confident about providing to us your Personal Data, we outline in this notice our practices and the choices you have concerning the collection and use of your Personal Data.

1. Definitions

Capitalised terms used in this Privacy Policy shall have the following meanings:

"Hospital" means any of the public or private hospitals in Hong Kong, including any healthcare professional that is an employee, contractor or consultant of such hospitals;
"Other Data" has the meaning given in paragraph 2.2;
"Patient" means a patient who was admitted to or received health care services from a Hospital;
"Personal Data" means any data relating directly or indirectly to a living individual, from which it is practicable for the identity of that individual to be ascertained;
"Review" means any review of a Hospital provided, uploaded, transmitted, submitted or posted on the Website;
"You" means you, a Patient or a friend or relative of a Patient.

2. Personal Data Collection

  1. 2.1 The types of Personal Data we may collect from you from time to time include:

    • (a) Your username;
    • (b) Your email address;
    • (c) Your mobile number; and
    • (d) Your name.

  2. 2.2 We also collect from you the following data ("Other Data"):

    • (a) Whether you are the Patient or a friend or relative of the Patient;
    • (b) Patient's gender;
    • (c) Patient's ethnicity;
    • (d) Patient's age;
    • (e) Whether the Patient is a Hong Kong resident;
    • (f) The Hospital and the specialty where the Patient was admitted;
    • (g) The number of days of the Patient's admission in the Hospital;
    • (h) The month and year of the Patient's admission in the Hospital;
    • (i) The amount of payment for the Patient's admission in the Hospital;
    • (j) The method of payment for the Patient's admission in the Hospital;
    • (k) Whether the Patient had insurance at the time he/she was admitted in the Hospital; and
    • (l) Whether the payment for the Patient's admission in the Hospital was covered by insurance.

  3. 2.3 The Other Data will not amount to contain or otherwise be linked in anyway to your Personal Data. The Other Data will be stored separately from your Personal Data in our servers. We will not be able to ascertain your identity in relation to the Other Data, as it will be fully anonymised and aggregated on our system.

  4. 2.4 We may also collect non-personally identifiable information about you, such as your use of our websites, personal preferences, etc.

  5. 2.5 By providing the Personal Data to us, you acknowledge that such provision is fair and reasonable in the circumstances.

3. Purposes for which the Personal Data and Other Data are Collected and Used

  1. 3.1 We may use the Personal Data you provide to us for one or more of the following purposes:

    • (a) To create a user account for you, which may include sending a text message to your mobile number to provide you with an authorisation code which you will need in order to complete the registration;
    • (b) To enable us to maintain your user account including keeping an internal record of the Reviews you have posted on the Website. All Reviews will only show your username and no other Personal Data; and
    • (c) To enable us to communicate with you about your user account and/or any matters relating to Hospital Advisor.

  2. 3.2 We may use the Other Data you provide for any of the following purposes:

    • (a) To maintain a database of anonymised data generated from the Other Data ("Database");
    • (b) To generate a Quality of Care score and other quality indicators for each Hospital from the Database to be published on the Website, which shall not include any of your Personal Data;
    • (c) To generate other reports from the Database ("Reports"), which shall not include any of your Personal Data;
    • (d) For any other commercial or business purposes, so long as such Other Data does not include or amount to Personal Data.
    Please refer to the personal information collection statement provided to you at the time we collect your Personal Data, which sets out the exact purpose with which we will use your Personal Data.

4. Disclosure and Transfer of Personal Data and Other Data

  1. 4.1 We will not disclose or transfer the Personal Data to any other parties. We may disclose, transfer and/or sell any part of the Database and/or the Reports (which do not contain any Personal Data) to the Hospitals, our advisors and partners, insurance companies, pharmaceutical companies, universities, researchers, international health organisations and other parties interested in healthcare.

  2. 4.2 We may disclose the Personal Data when required by law or court order of any jurisdiction, or as requested by any government or law enforcement authorities or administrative organs.

  3. 4.3 We may disclose the Personal Data as is necessary to bring a legal action or defend any legal action in relation to you.

5. Personal Data Security and Retention

  1. 5.1 The mobile number you provide to us will be deleted from our server once you have successfully completed your application for your user account.

  2. 5.2 The Personal Data you provide to us will be kept by us in the appropriate form only for as long as is necessary to fulfil the purposes (or a directly relation purpose) mentioned above, after which it will be destroyed. We will retain your Personal Data for two years following the termination of your user account, in order to enable us to address any enquires or disputes that arise between us and you concerning your user account. Only anonymised data generated from the Other Data, where it is not possible to ascertain your identity, is retained for analytical and statistical purposes for more than two years following the termination of your user account.

  3. 5.3 In order to ensure the correct use and to maintain the accuracy of the Personal Data, as well as preventing unauthorised or accidental access, processing, erasure or other use of the Personal Data, we have implemented various physical, electronic and management measures to safeguard and secure the Personal Data we collect. 

6. Use of Cookies

  1. 6.1 A cookie is a small text file that our website transfers to your computer's hard disk. The use of cookies means we can better serve you and/or maintain your information across multiple pages within or across one or more sessions. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in future. You may choose to accept or refuse cookies. However, if you elect to refuse cookies, certain functionality may not be available to you and you may not be able to access certain parts of this website.

  2. 6.2 Cookies contain information about you and your preferences. For example, a cookie might contain a record of which pages within the site you visited, to help the site customise the view for you the next time you visit.

  3. 6.3 Only the information that you provide, or the choices you make while visiting a website, can be stored in a cookie. For example, the site cannot determine your email address unless you choose to type it. Allowing a website to create a cookie does not give that or any other site access to the rest of your computer, and only the site that created the cookie can read it.

7. Log Files

We may also collect information regarding your IP address, browser type, domain name and access time. This information is used for our own research purposes and is not linked to any personal information, so it is separated from the Personal Data. In rare instances, IP addresses may be used to assist in deterring and/or preventing abusive or criminal activities on the website. 

8. Our Commitment to Data Security

  1. 8.1 To maintain the accuracy of the Personal Data, as well as preventing unauthorised access and ensuring the correct use of the Personal Data, we have carried out appropriate physical, electronic and management measures to safeguard and secure the Personal Data we collect online. We use an industry standard for encryption over the Internet and/or mobile application, known as Secure Socket Layer (SSL) protocol, to protect the Personal Data. When you type in sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the Internet and/or through a mobile application.

  2. 8.2 The Personal Data you provide to us will be stored in a database for no longer than is necessary. The website has a firewall in place, which should protect the Personal Data collected from you against unauthorised or accidental access. However, complete confidentiality and security is not yet possible over the Internet and/or mobile applications, and privacy cannot be assured in your communications to us. You acknowledge that personal information is disclosed at your own risk, and may be subject to unauthorised use by others. This may result in, among other things, you receiving unsolicited messages from other parties. We are not responsible in any manner for direct, indirect, special or consequential damages, howsoever caused, arising out of the communication of information to us. You are encouraged to protect against unauthorised access to your password and credit card details. Make sure you sign out from your account when finished, particularly when using a shared computer.

9. How to Access or Correct Your Data or Contact Us

You are entitled to access or correct your Personal Data held by us. Any data access request or data correction request, or any other data privacy related queries, may be made by contacting our Data Privacy Officer at support@hospitaladvisor.org.hk .

10. Language

This Privacy Policy is written in the English language and may be translated into Chinese or any other languages. In the event of any inconsistency between the English version and the translated Chinese version or any other translated version of this Privacy Policy, the English version shall prevail. Without prejudice to the foregoing, please click here if you would like to access the Chinese version of this Privacy Policy.