Guangdong-Hong Kong-Macau GBA Youth Exchange Promotion Association
Special Privacy Policy Statement
Version number: v1.0
Last updated: January 27, 2026
Scope of Application : This statement applies to all actions taken by the Guangdong-Hong Kong-Macau GBA Youth Exchange Promotion Association (hereinafter referred to as "we") in the process of organizing youth exchange activities in the Guangdong-Hong Kong-Macao Greater Bay Area (including but not limited to cross-border exchange programs, internships, academic seminars, business incubation, cultural experiences, etc.), in which we collect, use, store, transmit across borders, and protect the personal data of young people. This covers service scenarios in the Hong Kong Special Administrative Region and the nine cities in the Greater Bay Area (Guangzhou, Shenzhen, Zhuhai, Foshan, Huizhou, Dongguan, Zhongshan, Jiangmen, and Zhaoqing).
I. Statement of Purpose
We strictly abide by the Hong Kong Personal Data (Privacy) Ordinance (Chapter 486), the Mainland's Personal Data Protection Law, Data Security Law, and the Standard Contract for Cross-border Flow of Personal Data in the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland and Hong Kong), and respect the privacy rights of young people in the Greater Bay Area (hereinafter referred to as "You"). We process personal data in accordance with the principles of legality, fairness, and necessity, especially ensuring the security and compliance of cross-border data transmission. By providing personal data or participating in our exchange activities, you agree to our processing of the relevant data in accordance with the methods described in this statement.
II. Collection of personal data
1. Scope of collection: Only information necessary to achieve the purpose of youth exchange will be collected, including but not limited to:
· Basic identity information: name, gender, date of birth, ID card number/Mainland Travel Permit for Hong Kong and Macao Residents number, contact information (telephone, email, mailing address), emergency contact information.
· Exchange relevant information: academic background (school, major, year of study), career information (employer, position), application information for exchange projects, participation records, internship/practice assessment materials, awards information, and feedback on activities.
· Required supplementary information: health status (for cross-border travel and activity safety), visa/entry permit information, and financial account information (only for subsidy disbursement and expense settlement).
· Non-identifiable information: Activity participation statistics and website/mini-program browsing history (IP address, browser type) are used only for activity optimization and performance analysis.
2. Collection method:
· You voluntarily provide the following: completing online /offline registration forms, submitting application materials, registering for the event, signing informed consent forms, and submitting information on the online platform.
· The following information shall be provided by the partners: with your explicit consent, relevant information provided by the partner universities, enterprises, youth organizations in the Greater Bay Area and relevant institutions in Hong Kong (proof of your consent must be attached).
· Automatic collection: Non-identifiable data automatically recorded through our official website, mini-programs and other online platforms.
3. Collection Statement: When collecting your data, we will provide you with the "Personal Data Collection Statement for the Guangdong-Hong Kong-Macao Greater Bay Area Youth Exchange Program," which clearly outlines the purpose of data collection, the scope of cross-border transmission, recipient information, and your rights. Providing personal data is voluntary, but failure to provide necessary information may result in your inability to participate in exchange programs or enjoy related services.
III. Purpose of Using Personal Data
The collected personal data will be used for the following lawful purposes or for purposes directly related to such purposes:
1. Application review, eligibility screening, quota confirmation and related administrative matters for exchange programs.
2. Cross-border activity organization and support: including itinerary planning, accommodation booking, transportation coordination, visa/entry permit assistance, health and safety management, and insurance purchase.
3. Exchange services include: internship matching, mentorship, academic/entrepreneurship resource links, event material preparation, and certificate issuance.
4. Information notification and feedback: Sending project updates, activity reminders, itinerary change notifications, participation in feedback surveys, and results presentations, etc..
5. Funds and subsidies management: application review and disbursement of scholarships, transportation subsidies, and living allowances, and archiving relevant financial records.
6. Promotion of the event and dissemination of results: With your separate consent, photos, videos, and participation experiences of the event may be used for non-commercial promotion (consent may be withdrawn at any time).
7. Compliance and Security: We comply with relevant laws, regulations, and regulatory requirements in Hong Kong and Mainland China, respond to emergencies, and protect your and others' legitimate rights and interests.
8. Service optimization: Optimize communication project design and improve service quality based on statistical analysis (using only anonymized data).
9. Other lawful uses with your explicit consent.
IV. Cross-border transfer and disclosure of personal data
1. Cross-border transfer compliance requirements : Due to the cross-border nature of youth exchanges in the Greater Bay Area, when transferring personal data to partners in the nine mainland cities and Hong Kong, we will strictly comply with the requirements of the "Standard Contract for Cross-border Flow of Personal Information in the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland and Hong Kong)" and take the following compliance measures:
· Cross-border transmission shall only be carried out when necessary to achieve the purpose of communication, and the transmitted data shall be limited to the minimum necessary scope.
· Sign a cross-border data processing agreement (including core terms of a standard contract) with the recipient to clarify the confidentiality obligations and responsibilities of both parties
· Security measures such as encryption and de-identification should be taken for data transmitted across borders.
· Conduct a Personal Information Protection Impact Assessment (PIA) and retain the assessment report for at least 3 years.
· We will fully inform you of the recipient's name, contact information, purpose and scope of transmission, and obtain your explicit consent.
2. Scope of Disclosure and Transfer: Personal data will not be sold, leased, or disclosed to any third party unrelated without your consent or as permitted by law. Data will only be transferred in the following circumstances:
· Our authorized staff and volunteers (based on the "need to know" principle, limited to performing their job duties).
· Partner universities, enterprises, youth organizations, relevant government departments in the Greater Bay Area and partner institutions in Hong Kong (must assume the same confidentiality obligations).
· Third-party suppliers providing administrative, IT, transportation and accommodation booking, insurance, and payment processing services (with confidentiality agreements signed).
· Regulatory and law enforcement agencies in Hong Kong and mainland China as required by law or court order.
V. Data security and preservation
1. Security Measures: We adopt security measures that comply with Hong Kong and Mainland standards to protect personal data, including:
· Technical protection: encrypted data storage and transmission, hierarchical access control, secure servers, firewalls, and regular security testing.
· Management Standards: Establish cross-border data processing procedures, restrict authorized access, provide privacy training and confidentiality agreements for employees/volunteers, and conduct regular security audits.
· Physical protection: Paper documents are locked and stored, storage locations are securely managed, and documents carried across borders are encrypted.
2. Shelf life and destruction:
· Personal data shall be retained for no longer than the period necessary to achieve the purpose of the exchange program and shall meet the following requirements: basic identity information, participation records, financial records, etc. shall be retained for 3 years after the end of the program (to meet the minimum legal retention requirements); health information, visa information, etc. shall be deleted within 1 year after the end of the program.
· Materials that have exceeded their retention period or no longer need to be retained will be destroyed securely (permanent deletion of electronic data, shredding of paper documents) and will not be used for any subsequent purposes.
· Data transferred across borders will be required to be destroyed or returned by the recipient once the purpose is achieved, and relevant supporting documents will be retained.
3. Disclaimer: While necessary security measures have been taken, absolute security cannot be guaranteed during network transmission and cross-border processing. In the event of a data breach not caused by our intentional act or gross negligence, we will immediately initiate an emergency response, take remedial measures, and notify you and relevant regulatory agencies in accordance with the law.
VI. Special Agreements Regarding Direct Sales Promotion
1. We may only use your contact information to send information such as project promotions and resource recommendations after obtaining your explicit consent (written, electronic or oral).
2. You may withdraw your consent or cancel your subscription at any time free of charge, by clicking the "unsubscribe" link in the promotional message, sending a written notice to the Data Protection Officer, or calling the customer service hotline. We will process your request within 15 business days.
3. We will not provide your information to third parties for direct marketing purposes without your separate written consent.
VII. Online Platform and Use of Cookies
1. When you register or participate in activities using our official website, mini-programs, or other online platforms, we may use cookies to record your browsing preferences (such as language settings and registration progress saving) to improve your user experience. Cookies do not collect personally identifiable information.
2. You can refuse cookies by adjusting your browser settings, but this may cause online registration, progress saving and other functions to malfunction.
3. The online platform will take security measures such as data encryption and login verification to protect the personal data you submit online.
VIII. Rights of Young People (Information on the Rights of the Parties Involved)
Under the Hong Kong Personal Data (Privacy) Ordinance and the Mainland's Personal Data Protection Law, you are entitled to the following rights:
1. Access rights: You may request access to your personal data held by us and the cross-border recipient.
2. Right to correction: to request the correction of inaccurate, incomplete, or outdated personal data.
3. Right to withdraw consent: You may withdraw your consent to the collection, use, cross-border transfer and promotional information at any time (without affecting actions that have been handled in compliance with regulations before the withdrawal).
4. Right to deletion: Within the scope permitted by law, the right to request the deletion of personal data that is no longer necessary to retain (except for data that is required to be retained by law).
5. Right to know: To inquire about the processing status of personal data, cross-border transfer details, and implementation details of this statement.
6. Right to complain: If you have any objections to the data processing, you may file a complaint with us or the relevant regulatory agency.
7. How to exercise: To exercise the above rights, you must submit a written application (including email) to the Data Protection Officer, providing valid identification documents for identity verification. We will respond within 40 calendar days (60 days for cross-border inquiries). A reasonable fee may be charged for processing access requests (the fee will be communicated in advance).
IX. Third-party links and cooperation platforms
Our online platforms may contain links to third-party websites or partner platforms (such as university websites or event registration systems). The privacy policies of these platforms are not our responsibility. You should review their privacy policies yourself when accessing third-party platforms, and we are not responsible for the handling of your personal data by these third parties.
X. Revision and Notification of the Statement
1. We may update this statement in accordance with revisions to Hong Kong and Mainland laws and regulations, changes in cross-border compliance requirements, or business adjustments. The revised statement will be prominently displayed on our official website and event registration platform, indicating the update date.
2. By continuing to participate in our communication activities or use our services after the revision of this statement, you indicate your acceptance of the revised terms; if you do not agree, you may stop participating in the activities and notify us to process the relevant information.
XI. Contact Information (Data Protection Officer)
If you have any inquiries, complaints, or need to exercise your personal data rights regarding this statement, please contact:
· Name: Data Protection Officer
· WhatsApp phone number: (852) 62139142
· Email: cs@gbaygen.org
· Hong Kong Office Address: Room 1608, 16/F, 655 Nathan Road, Mongkok, Kowloon, Hong Kong (Please indicate "Data Protection Officer" as the recipient)
XII. Other Terms and Conditions
1. In case of any discrepancy between the Chinese and English versions, the English version shall prevail.
2. This statement is governed by the laws of the Hong Kong Special Administrative Region and relevant laws and regulations of the Mainland. Any disputes arising therefrom shall be settled through negotiation. If the negotiation fails, the dispute shall be submitted to the courts of Hong Kong or the courts of the Mainland with competent jurisdiction (as you choose).
3. Matters not covered in this statement shall be handled in accordance with the "Standard Contract for Cross-border Flow of Personal Information in the Guangdong-Hong Kong-Macau Greater Bay Area (Mainland and Hong Kong)" and relevant laws and regulations.
