PRIVACY POLICY

Privacy Policy
Last updated: 23 March 2026

BCHK Medical Group Limited trading as Alluna Medical (“Alluna Medical”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data and health information. This Privacy Policy explains how we collect, use, store, disclose and protect personal data when you visit our website, contact us, book appointments, attend the clinic, receive treatment, communicate with us through social media or messaging platforms, or otherwise use our services.

This Privacy Policy should be read together with our Personal Information Collection Statement, consent forms, cookie notice and any other terms provided to you at the time your personal data is collected. Where there is any inconsistency, the more specific notice given at the point of collection will apply to that collection.​

1. Who we are
Data user: BCHK Medical Group Limited trading as Alluna Medical.​
Clinic address: Suite 2015A, 20/F, Hang Lung Centre, 2-20 Paterson Street, Causeway Bay, Hong Kong.​
Contact email: info@allunamedical.com.​

2. Scope of this Policy
This Policy applies to personal data collected through our website, online forms, booking systems, telephone calls, emails, WhatsApp, social media pages under our control, in-clinic registration, consultations, treatments, procedures, clinical photography and other patient interactions.

3. Personal data we collect
Depending on your interaction with us, we may collect:

  • identification and demographic data, such as your name, date of birth, sex, HKID/passport or similar identifier;​

  • contact and account data, such as phone number, email address, postal address, emergency contact and communication preferences;​

  • appointment and service data, such as booking details, attendance records, payments, invoices and customer service records;​

  • medical and health data, such as medical history, medications, allergies, previous procedures, consultation notes, diagnoses, examination findings, prescriptions, treatment plans, laboratory results, imaging reports and clinical photographs;

  • technical and website usage data, such as IP address, browser type, device information, cookie data and website analytics;​

  • communications content and metadata, including emails, forms, messages, call logs and complaint records.​

4. Sources of personal data
We may collect personal data directly from you, from someone acting on your behalf, from your treating doctors or referrers, from laboratories or imaging centres, from insurers or payment providers, and from publicly available or lawfully accessible sources where relevant to your care or our operations.

5. Purposes of use
We use personal data for purposes directly related to our healthcare and clinic operations, including registration, identity verification, appointment management, medical assessment, diagnosis, treatment, continuity of care, treatment planning, referrals, laboratory and imaging coordination, billing, insurance administration, service communications, complaint handling, quality assurance, risk management, staff training, IT administration, cybersecurity, audit, and compliance with legal and professional obligations.

We may also use de-identified or aggregated information for service improvement, internal reporting and operational analytics where lawful and appropriate.​

6. Lawful and fair handling
We aim to collect personal data only where it is necessary, adequate and not excessive for the relevant purpose, and to handle it in a lawful, fair and transparent manner. If we wish to use personal data for a new purpose that is not the original purpose or a directly related purpose, we will seek the consent required under the PDPO unless an exemption applies.​

7. Disclosure and transfer
We may disclose personal data on a need-to-know basis to healthcare professionals and service providers involved in your care or in operating the clinic, including laboratories, imaging centres, pharmacies, hospitals, insurers, payment processors, IT and cloud vendors, messaging providers, document management providers, legal or professional advisers, auditors and regulators. Such disclosure will be limited to what is reasonably necessary and subject to confidentiality or contractual safeguards where applicable.

We may also disclose personal data where required, authorised or permitted by law, court order, professional obligation, public health requirement, law enforcement request, or where necessary to protect your vital interests or those of another person.​

8. Clinical photographs
Where clinical photographs or videos are taken for identification, assessment, treatment planning, monitoring, documentation or continuity of care, they form part of your confidential medical record. Any use of photographs or videos for publication, teaching, testimonials, website content, social media or other marketing purposes will be subject to separate consent where required.

9. Security
We take practicable administrative, technical and physical steps to protect personal data against unauthorised or accidental access, processing, erasure, loss or use. These measures may include role-based access controls, secure passwords, device protection, encrypted or access-controlled systems, restricted staff access, secure backups, staff confidentiality obligations and vendor controls.

10. Retention
We retain personal data only for as long as reasonably necessary for the fulfilment of the purposes for which it was collected, and thereafter as required or permitted by law, regulatory expectations, professional guidance, insurance, audit, dispute resolution or legitimate business needs. When personal data is no longer required, we will take practicable steps to erase or anonymise it unless retention is required or justified by law.​

11. Data access and correction
You have the right under the PDPO to request access to and correction of your personal data held by us. Requests should be made in writing to our Data Privacy Officer at info@allunamedical.com or by post to our clinic address marked “Access to Personal Data”. We may charge a reasonable fee for a data access request as permitted by law, and we may require proof of identity before processing the request.

12. Direct marketing
We may wish to send you information about services, events, educational content, promotions or updates relating to medical and aesthetic services. We will only do so in compliance with Part 6A of the PDPO, which means we will first provide the required information and obtain your express and voluntary consent or indication of no objection in the prescribed manner. You may opt out at any time, free of charge, by using the unsubscribe method in the message or contacting us in writing. Service and care-related communications are not direct marketing.​

13. Cookies and analytics
Our website may use cookies and similar technologies to enable site functions, remember preferences, understand website usage and improve performance. Some cookies are necessary for the operation of the website, while others support analytics or functionality. You may adjust your browser settings to reject or manage cookies, but some website features may not function properly if you do so.​

If you use third-party platforms such as Instagram, Facebook, Google, WhatsApp or embedded tools linked from or integrated with our website, your use of those platforms is also subject to their own privacy terms and cookie practices.​

14. Third-party links
Our website may contain links to third-party websites or platforms. We are not responsible for the privacy, security or content practices of those third parties, and you should review their policies separately.​

15. Children and persons lacking capacity
Where services are provided to minors or persons lacking legal capacity, personal data may be provided by a parent, guardian or authorised representative, and consents or requests may be handled through that person in accordance with applicable law and professional obligations.​

16. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, our practices or our services. The latest version will be posted on our website with the updated effective date.

17. Contact us
Data Privacy Officer / Personal Data Officer
BCHK Medical Group Limited trading as Alluna Medical
Suite 2015A, 20/F, Hang Lung Centre, 2-20 Paterson Street, Causeway Bay, Hong Kong
Email: info@allunamedical.com

私隱政策
最後更新日期:2026年3月23日

BCHK Medical Group Limited(以 Alluna Medical 名義經營)(下稱「Alluna Medical」、「本診所」、「我們」)尊重閣下私隱,並致力保障閣下的個人資料及健康資料。本私隱政策說明當閣下瀏覽本診所網站、聯絡我們、預約、到診、接受治療、透過社交媒體或即時通訊平台與我們聯絡,或以其他方式使用我們的服務時,我們如何收集、使用、保存、披露及保護閣下的個人資料。

本私隱政策應與本診所的《收集個人資料聲明》、同意書、Cookie 通知及於收集資料時向閣下提供的其他條款一併閱讀。如兩者有任何不一致,以收集資料當時向閣下提供的較具體通知為準。​

1. 我們的身份
資料使用者:BCHK Medical Group Limited(以 Alluna Medical 名義經營)。​
診所地址:香港銅鑼灣百德新街2-20號恆隆中心20樓2015A室。​
聯絡電郵:info@allunamedical.com。​

2. 本政策適用範圍
本政策適用於透過本診所網站、網上表格、預約系統、電話、電郵、WhatsApp、本診所控制的社交媒體頁面、診所登記、診症、治療、程序、臨床攝影及其他病人互動所收集的個人資料。

3. 我們收集的個人資料
視乎閣下與我們的互動情況,我們可能收集:

  • 身份及基本資料,例如姓名、出生日期、性別、香港身份證/護照或其他識別資料;​

  • 聯絡及帳戶資料,例如電話號碼、電郵地址、通訊地址、緊急聯絡人及通訊偏好;​

  • 預約及服務資料,例如預約詳情、到診紀錄、付款、發票及客戶服務紀錄;​

  • 醫療及健康資料,例如病歷、現用藥物、過敏史、既往療程、診症紀錄、診斷、檢查結果、處方、治療計劃、化驗報告、影像報告及臨床照片;

  • 技術及網站使用資料,例如 IP 地址、瀏覽器類型、裝置資料、Cookie 資料及網站分析資料;​

  • 通訊內容及相關資料,包括電郵、表格、訊息、通話紀錄及投訴紀錄。​

4. 個人資料來源
我們可直接向閣下收集個人資料,亦可在與閣下護理或本診所運作有關的情況下,從代表閣下行事的人士、閣下的主診或轉介醫生、化驗所或影像中心、保險公司或付款服務供應商,以及公開或合法可取得的來源收集資料。

5. 使用目的
我們會為與醫療服務及診所營運直接有關的目的使用個人資料,包括登記、身份核實、預約管理、醫療評估、診斷、治療、持續護理、治療計劃、轉介、化驗及影像安排、收費、保險行政、服務通訊、投訴處理、質素保證、風險管理、員工培訓、資訊科技管理、網絡安全、審計,以及遵守法律及專業責任。

在合法及適當的情況下,我們亦可使用去識別化或整合後的資料作服務改進、內部報告及營運分析。​

6. 合法及公平處理
我們致力只收集就有關目的而言屬必要、適當而不過量的個人資料,並以合法、公平及具透明度的方式處理。如我們擬將個人資料用於並非原有目的或與原有目的並非直接有關的新用途,除非私隱條例另有豁免,否則我們會按規定另行取得所需同意。​

7. 披露及轉移
我們可按有需要知道的原則,向參與閣下護理或協助本診所營運的醫療專業人員及服務供應商披露個人資料,包括化驗所、影像中心、藥房、醫院、保險公司、付款處理機構、資訊科技及雲端供應商、訊息服務供應商、文件管理服務供應商、法律或專業顧問、核數師及監管機構。有關披露會限於合理所需範圍,並在適用情況下受保密責任或合約保障約束。

在法律、法院命令、專業責任、公共衛生要求、執法要求所規定、授權或容許的情況下,或在有需要保障閣下或他人重大利益時,我們亦可披露個人資料。​

8. 臨床照片
如為身份識別、評估、治療計劃、進度監察、醫療記錄或持續護理而拍攝臨床照片或影片,該等資料將構成閣下機密醫療紀錄的一部分。任何將照片或影片用於刊物、教學、見證、網站內容、社交媒體或其他市場推廣用途的行為,均會在適用情況下另行取得獨立同意。

9. 資料保安
我們會採取切實可行的行政、技術及實體保安措施,保障個人資料免遭未獲授權或意外查閱、處理、刪除、遺失或使用。有關措施可包括按職能設定權限、使用安全密碼、裝置保護、加密或受控系統、限制員工查閱、備份、員工保密責任及供應商管控。

10. 保存期限
我們只會在達成收集目的所需的合理期間內保存個人資料,其後則按法律、監管期望、專業指引、保險、審計、爭議處理或正當商業需要而保存。在個人資料不再需要時,我們會採取切實可行措施刪除或匿名化該等資料,除非法律要求或容許保留。​

11. 查閱及更正資料
根據私隱條例,閣下有權要求查閱及更正本診所持有的個人資料。有關要求須以書面向本診所資料私隱主任提出,電郵至 info@allunamedical.com 或郵寄至本診所地址並註明「查閱個人資料」。本診所可按法律容許收取合理查閱資料費用,並可要求閣下提供身份證明以處理申請。

12. 直接促銷
本診所或會希望向閣下提供與醫療及醫學美容服務有關的資訊、活動、教育內容、推廣或更新。我們只會在符合私隱條例第6A部規定下進行,即先向閣下提供所需資料,並取得閣下明確及自願的同意或按法例規定作出的不反對表示。閣下可隨時免費選擇停止接收有關訊息,可使用訊息內的取消方式或以書面通知我們。與服務及醫療護理有關的訊息並不屬直接促銷。​

13. Cookies 及網站分析
本診所網站可能使用 cookies 及類似技術,以支援網站功能、記錄偏好、了解網站使用情況及改善表現。部分 cookies 為網站正常運作所必需,另一些則支援分析或功能提升。閣下可於瀏覽器設定拒絕或管理 cookies,但部分網站功能可能因此無法正常運作。​

如閣下使用 Instagram、Facebook、Google、WhatsApp 或其他與本網站連結或整合的第三方平台,閣下對該等平台的使用亦須受其各自的私隱條款及 cookie 政策規管。​

14. 第三方連結
本網站可能載有第三方網站或平台之連結。本診所不對該等第三方的私隱、安全或內容處理方式負責,閣下應自行查閱其相關政策。​

15. 兒童及無行為能力人士
如服務對象為未成年人或法律上無行為能力人士,其個人資料可由父母、監護人或授權代表提供,而有關同意或要求亦可按適用法律及專業責任由該人士代為處理。​

16. 政策更新
我們可不時更新本私隱政策,以反映法律、科技、本診所做法或服務的改變。最新版本將刊載於本網站,並列明更新生效日期。

17. 聯絡我們
資料私隱主任/個人資料主任
BCHK Medical Group Limited(以 Alluna Medical 名義經營)
香港銅鑼灣百德新街2-20號恆隆中心20樓2015A室
電郵:info@allunamedical.com