ICAS Hong Kong Office

Banner Image

Privacy Policy


ICAS Hong Kong (ICASHK) is the educational division of aec Education Consultancy, an education group of UNSW Global Pty Limited, a not-for-profit, wholly owned enterprise of the University of New South Wales.

ICAS Hong Kong manages the International Competitions and Assessments for Schools in the Hong Kong and Macau region.


ICAS Hong Kong seeks to protect the privacy of individuals through the protection of personal information in accordance with all relevant privacy principles.


This policy sets out how ICAS Hong Kong collects, uses and discloses personal information, as well as how individuals may access their personal information.


Personal Information

Personal information is information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.


As a general practice, information regarding students, consultants, contractors, customers or staff is not disclosed to a third party without that individual's consent. In the case of an emergency or in exceptional circumstances such as a legal requirement, the General Manager or a delegated officer, at his or her discretion, may authorise the release of personal information.

Access to Personal Information

ICAS Hong Kong has in place mechanisms and normal administrative practices which allow the routine handling of requests for access to information, such as statements of results or for alterations to information such as changes of address.

An individual may request access to their personal information or for their personal information to be amended so that it is accurate, complete and not misleading.

As ICAS Hong Kong is a division of UNSW Global, the Privacy Officer at UNSW Global is the point of contact for requests for access to or alteration of, personal information under the Act.


The Privacy Officer can be contacted by:

  • Email: privacyofficer@nsg.unsw.edu.au
  • Telephone: (61 2) 8117 2001 between 9.00 and 5.00 Monday to Friday
  • Mail: Privacy Officer, UNSW Global Pty Limited, 12-22 Rothschild Avenue, Rosebery NSW 2013 Australia


A person who has a complaint in relation to a privacy matter is entitled to request UNSW Global to carry out an internal review.

An application for an internal review must be made in writing, with a return address, to the Privacy Officer, UNSW Global Pty Limited, 12-22 Rothschild Avenue, Rosebery NSW 2013, within 6 months of the time the applicant becomes aware of a contravention of the Privacy Policy. The applicant should identify the conduct which is the basis for the application, and be as specific as possible about the details of the grievance.


There are no fees for lodging an application but fees may be charged for the conduct of the review.


In most cases the Privacy Officer will conduct an internal review. Another officer of UNSW Global may deal with the review if the Privacy Officer is substantially involved in the matter, or if the subject of the matter would be more appropriately dealt with by someone other than the Privacy Officer. Internal reviews will be completed as soon as is reasonably practicable and within 60 days of the application being received by the Privacy Officer. Applicants will be advised of the finding of the internal review within 14 days of completion of the internal review.

The Privacy Commissioner will be notified by the UNSW Global Privacy Officer within 14 days of receiving an application for internal review and will be kept informed of the progress of the review through an interim briefing 30 days after the internal review has commenced. A summary of findings, which may include proposed actions, will also be provided to the Commissioner within 14 days of the completion of the internal review.

Result of a Review

As a result of the internal review, UNSW Global may do one or more of the following:

  • Take no further action on the matter;
  • Make a formal apology;
  • Take such remedial action as it thinks appropriate;
  • Provide undertakings that the conduct will not occur again;
  • Implement administrative measures to ensure that the conduct will not occur again.

An applicant who is not satisfied with the findings of the UNSW Global review or the action taken by UNSW Global, or because the review was not completed within the 60-day period, may apply to the Administrative Decisions Tribunal for a review of the conduct which was the subject of the application.

The Privacy Commissioner

Complaints can also be made directly to the Privacy Commissioner. However, individuals are encouraged to make a complaint to ICAS Hong Kong in the first instance. This gives ICAS Hong Kong the opportunity to resolve the complaint and be made aware of matters sooner that may need to be addressed within the Group.

Privacy Principles


ICAS Hong Kong will only collect personal information directly from the individual reasonably necessary for the purpose it is being collected. The method of information collection will be lawful, fair and not unreasonably intrusive.
The individual will be informed as to why their personal information is being collected, what will be done with it, the consequences of not supplying it (if any) and their right of access to, and correction of, the information.

Use and Disclosure

ICAS Hong Kong will not use personal information for any purpose (the secondary purpose) other than the primary purpose of collection, unless it could be reasonably expected to be used for the secondary purpose, the individual has consented, there is an opt out option (applies to direct marketing), it is necessary for health research, there is a threat to life or health, it is required or authorised by law, or it is reasonably necessary for law enforcement.

Data Quality

ICAS Hong Kong will take reasonable steps to ensure personal information is accurate, complete and up-to-date.


ICAS Hong Kong will take reasonable steps to protect personal information from misuse, loss or unauthorised access, modification or disclosure. Personal Information will be disposed of securely when it is no longer of use.

Access and Correction

An individual has the right of access to their personal information, unless there is a threat to life or health or other people's privacy, the request is frivolous or vexatious, there are legal proceedings in train, negotiations would be prejudiced, access is unlawful, denying access is required or authorised by law, it would prejudice investigation of an unlawful activity or law enforcement or for national security reasons.

If access is denied then a reason will be given.


Where lawful and practicable, ICAS Hong Kong will not require personal information. For example, ICAS Hong Kong will not require a person visiting our website to provide us with personal information, unless they make a request which requires personal information to be disclosed in order to meet that request.

Trans-border data flows

ICAS Hong Kong will not send personal information out of the country, unless the recipient is subject to information privacy laws substantially the same, the individual consents, it is necessary to perform the contract between the individual and the organisation or reasonable steps have been taken to ensure the recipient will deal with the information in line with policies in Hong Kong.

Sensitive Information

ICAS Hong Kong can only collect sensitive information if the individual has consented, collection is required by law, there is a threat to life or health or in relation to legal proceedings. Sensitive information is information about an individual's racial or ethnic origin, political opinions, membership of a political associations, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information.

Online Activities

While users of the ICAS Hong Kong website are covered by the same privacy principles, ICAS Hong Kong will take the following further steps to protect personal information if credit card details are collected for any online activities:

  • We will destroy all identifying credit card numbers and expiry dates after the transaction has been completed.
  • We will not use credit card details for any other purpose. However, we do retain your name and address to ensure all transactions are processed correctly and the appropriate service is delivered. From time to time we may use the name and address to inform you of new publications or information.