King’s College Old Boys’ Association – Privacy Policy

Version: 1.1 | Effective Date: 07 March 2026 | Controller: King’s College Old Boys’ Association ("KCOBA") and its Affiliates

1) Scope and Who We Are

This Policy applies to all processing of personal data carried out by KCOBA and its Affiliates.

“Affiliates” means only entities that are directly owned and controlled by KCOBA, and operate solely for KCOBA’s administrative or alumni‑related purposes.
Affiliates do not include external organizations that support our activities, including vendors, suppliers, sponsors, or independent partners.

We do not use or share your personal data outside KCOBA and its Affiliates, and we do not disclose or sell your personal data to any third party for promotional or marketing purposes.

2) What Personal Data We Collect

Identity & Profile: name, graduation year/class, school activities (clubs, teams), photos you upload, KCOBA membership info.
Contact Information: email (optional), phone (optional), address (optional).
Career Information: employer, job title, industry, career history (optional).
Engagement Information: event participation, volunteering, mentorship, donation records (excluding full payment card details).
Technical Information: login credentials, session logs, device/browser data, IP address, cookies.

Data is collected directly from you or via your interaction with the Platform.

3) Legal Bases (GDPR) / PDPO Compliance

Contract / Service Provision: to operate your Platform account.
Consent: for email marketing using your optional email address, and for optional fields.
Legitimate Interests: alumni networking, security, fraud prevention, Platform improvement (balanced against your rights and expectations).
Legal Obligations: compliance with applicable laws, reporting, audits.

Under Hong Kong’s PDPO, we follow the Data Protection Principles (DPP): DPP1 (purpose and manner of collection), DPP2 (accuracy & retention), DPP3 (use), DPP4 (security), and DPP6 (access & correction).

4) How We Use Personal Data

Operate the Platform and alumni directory.
Enable alumni networking and community updates.
Manage events, volunteering, mentoring, and member services.
Provide essential service notifications (e.g., account, security, event confirmation).
Send KCOBA and its Affiliates’ promotional messages to you only if you provided your email and opted in.

We do not use your data outside KCOBA and its Affiliates. We never disclose personal data to external third parties for their marketing or promotional uses.

5) Disclosure and Recipients

5.1 KCOBA and Its Affiliates

Entities wholly owned and controlled by KCOBA that operate solely for alumni‑related purposes.

5.2 Service Providers (Not Affiliates)

External service providers (e.g., hosting, IT support, email delivery) that process data only under our written instructions and only for KCOBA purposes, subject to confidentiality requirements. These service providers are not affiliates and are strictly prohibited from using your data for their own purposes, for marketing, or disclosing it to third parties.

5.3 Regulatory or Legal Requirements

We may disclose information where required by law, court order, or regulatory authority.

6) Direct Marketing (Email Marketing Is Optional)

Providing your email is optional. If you choose to provide it, we may use it to send KCOBA or KCOBA Affiliate promotional messages such as event invitations, alumni news, fundraising appeals, and updates about KCOBA services, only if you opt in.

Consent must be explicit, and we will always provide clear notice of what data is used, the types of promotional messages sent, and a free and simple opt‑out method. You may withdraw your consent at any time, and we will stop sending marketing messages.

We never share your email or any personal data with third parties for their promotions.

7) Data Retention

We keep personal data only for as long as necessary for alumni‑related purposes and legal requirements. When data is no longer required, it will be securely deleted or anonymized.

Account/profile: while account is active + reasonable archival period.
Event/transactional data: per statutory audit and recordkeeping requirements.
Marketing preferences: retained to maintain accurate opt‑out records.

8) Security

We maintain administrative, technical, and physical security measures to safeguard personal data, including access controls, encryption (where applicable), secure storage, logging and monitoring, and incident response procedures.

9) Your Rights

You may exercise the following rights (subject to applicable law):

Access to your data
Correction of inaccurate information
Withdraw marketing consent
GDPR rights (if applicable): erasure, restriction, portability, objection, withdrawal of consent

We respond to verified requests within legal timeframes.

10) Children’s Data

The Platform is intended for adult alumni. If you believe we have collected data from a minor without consent, please contact us.

11) Cookies

We use necessary cookies for login and security. Additional cookies (e.g., analytics or preferences) may require consent. Cookie settings may be managed in your browser or (if provided) our cookie banner.

12) Changes to This Policy

We may amend this Policy from time to time. Updates will be posted with a new version number and effective date.

13) Contact Us

For privacy inquiries or personal data requests:

Email: [email protected]