私隱政策 · Privacy Policy

AIO HUB LIMITED · 生效日期 2026年8月1日 / Effective 1 August 2026

最後更新 Last updated:2026年8月1日

中文(公司定稿,以此版本為準)

1. 引言與適用範圍

本私隱政策說明 AIO HUB LIMITED(「我們」、「本公司」)旗下教育平台「ALL IN ONE」(AIO)(包括網站 www.aiobegin.com、相關流動應用程式及平台服務,統稱「本平台」)如何收集、使用、儲存、披露及保護個人資料。

本平台主要供香港中小學、學生、教師、學校管理人員及家長使用,協助學校提供教學、學習管理、課業支援、學習進度分析及人工智能輔助學習功能。

在大多數情況下,就由學校提供或透過本平台產生的學生、教師及家長教學資料而言,相關學校為該等資料的資料使用者(Data User),而本公司按學校指示作為受委託的資料處理服務供應商處理有關資料。

然而,就本公司為營運、維護、保安及改善本平台而處理的帳戶安全紀錄、技術日誌、支援查詢及公司聯絡人資料,本公司可能作為相關資料的資料使用者。

本公司致力遵守香港《個人資料(私隱)條例》(第486章)(「PDPO」)及適用的資料保障原則。

2. 我們可能收集的個人資料

我們只會收集提供本平台服務、維持平台安全及履行與學校協議所合理需要的個人資料。

視乎使用者角色及學校啟用的功能,我們可能處理以下資料:

學生資料

  • 姓名、學生編號、就讀學校、級別、班別及帳戶資料;
  • 學習紀錄、課業提交內容、測驗或評估結果、完成進度及教師回饋;
  • 學生於本平台輸入或提交的文字、圖片、文件、答案、作品或其他學習內容;
  • 與人工智能功能的互動內容,包括學生提出的問題、提示內容及系統生成的學習回應;
  • 與帳戶使用及平台安全有關的技術資料。

教師及學校管理人員資料

  • 姓名、職務、學校名稱、聯絡資料及帳戶資料;
  • 班別、課程、學生管理、教學內容及平台操作紀錄;
  • 學習報告、教學回饋及平台管理紀錄。

家長/監護人資料

  • 姓名、與學生的關係、聯絡方式及帳戶資料;
  • 與學生學習進度、通知、家長功能或支援查詢有關的資料。

技術及安全資料

  • 帳戶識別碼、登入時間、IP 位址、裝置類型、應用程式版本、瀏覽器資料;
  • 使用紀錄、錯誤紀錄、保安紀錄及防止濫用所需資料。

本平台並非以收集學生醫療紀錄、心理健康紀錄、家庭背景資料、完整特殊教育需要評估資料或其他高度敏感個人資料為目的。除非學校已啟用特定功能、具備適當授權並明確要求使用者提供,使用者不應將該等資料輸入本平台或提交至人工智能功能。

3. 收集及使用資料的目的

我們只會為下列與教育服務及平台運作直接相關的目的處理個人資料:

  • 建立、管理及驗證使用者帳戶;
  • 提供學習、課業、評估、教學管理及人工智能輔助學習功能;
  • 協助教師及學校檢視學生學習進度、表現、完成情況及學習需要;
  • 向家長、教師及學校提供與學生學習相關的通知、報告或平台功能;
  • 維持平台安全、偵測異常活動、防止濫用及處理保安事件;
  • 提供技術支援、回覆查詢及處理服務問題;
  • 履行與學校的合約、法定責任及合理的審計、紀錄保存要求;
  • 改善平台穩定性、功能、安全及使用體驗。

除非獲得適當授權、同意或法律要求或准許,我們不會將學生、教師、家長或學校資料用於與教育服務無關的商業用途。

我們不會出售學生個人資料,不會將學生資料用於行為廣告、跨網站廣告追蹤或第三方商業推廣。

4. 學校授權、家長通知及未成年人資料

本平台一般由學校代表其學生、教師及家長啟用、管理及使用。

學校負責按照適用法律、學校政策及其與家長/監護人的安排,就使用本平台向學生、家長及教職員提供適當通知,並在適用情況下取得所需授權或同意。

由於本平台的部分使用者為未成年人,我們會採取與學生年齡、使用情境及資料敏感程度相稱的保護措施,包括限制資料收集、角色權限管理及限制非必要資料的使用。

如本公司直接向學生、家長或其他使用者收集個人資料,我們會在收集時或之前說明資料用途及相關安排。

5. 人工智能功能與資料使用

本平台可能使用人工智能技術提供學習提示、內容建議、答案分析、課業支援、學習回饋、教學協助及其他教育相關功能。

當使用者使用人工智能功能時,使用者主動輸入、提交或選擇提供的內容,可能會被傳送至相關人工智能服務供應商,以產生回應、分析或學習建議。

我們會採取合理措施,盡量減少向人工智能服務供應商傳送不必要的可識別個人資料。學校、教師及學生亦應避免將身份證號碼、住址、醫療資料、銀行資料、家庭私隱或其他不必要的個人資料輸入人工智能功能。

除非另有明確說明及適當安排,我們不會使用學生個人資料訓練本公司自有的公開人工智能模型,亦不會允許第三方服務供應商將學生資料用於訓練其公開基礎模型。

6. 第三方服務供應商及資料披露

為提供及維持本平台,我們可能委託受信任的第三方服務供應商提供以下服務:

  • 雲端基礎設施及資料託管;
  • 帳戶登入、身份驗證及權限管理;
  • 人工智能模型、內容分析及學習輔助服務;
  • 資料庫、系統維護、錯誤監測及保安服務;
  • 電郵、通知及客戶支援服務。

我們只會向該等服務供應商提供其履行服務所需的最少資料,並會要求其按照適用法律、合約條款及合理資料保護要求處理有關資料。

我們不會向第三方出售學生資料,亦不會容許第三方將學生資料用於其自身廣告、行銷或不相關商業用途。

如學校要求,本公司可提供與該學校服務相關的主要資料處理服務供應商資料。

7. 跨境資料處理

部分服務供應商可能在香港以外地區處理、儲存或備份資料,例如位於新加坡、美國或其他提供雲端及人工智能服務的地區。

如個人資料需要在香港以外處理,我們會採取合理措施,要求相關服務供應商提供與資料性質及處理風險相稱的保護措施,包括合約限制、存取控制、保安要求及用途限制。

8. 資料保安

我們採取合理及切實可行的技術、行政及管理措施,以保護個人資料免受未經授權或意外的查閱、處理、刪除、遺失、使用或披露。

相關措施可能包括:

  • 角色為本的存取控制;
  • 帳戶驗證及權限管理;
  • 資料庫及系統層級的存取限制;
  • 操作、登入及管理活動紀錄;
  • 合理的傳輸及儲存保護措施;
  • 系統維護、保安監察及異常活動偵測;
  • 對員工及服務供應商的保密及資料保護要求。

儘管我們致力採取合理保安措施,任何互聯網傳輸或電子儲存方式均無法保證絕對安全。如發生涉及個人資料的保安事故,我們會按適用法律、與學校的協議及事件性質採取適當處理及通知措施。

9. 資料保留及刪除

我們保留個人資料的時間,不會超過達致收集目的、提供服務、履行合約責任、保障平台安全及符合法律或審計要求所需的期間。

就由學校控制的學生、教師及家長資料,我們一般按學校的書面指示、服務協議或資料處理協議保留、匯出、刪除或匿名化資料。

除非學校另有書面指示,當學校終止使用本平台後,我們會在合理期間內刪除或匿名化不再需要保留的個人資料。

因系統備份、保安、爭議處理、法定責任或審計需要而保留的有限資料,可能會於合理及必要期間後才刪除或匿名化。

10. 查閱、更正、刪除及撤回同意

根據 PDPO,資料當事人有權要求查閱及更正其個人資料。

由於本平台大多數學生、教師及家長資料由學校控制,相關查閱、更正、刪除或撤回同意要求一般應先向所屬學校提出。學校可按其程序處理有關要求,並指示本公司提供合理協助。

使用者亦可直接聯絡我們。我們會根據自身角色、適用法律、學校指示、服務協議及資料是否仍有必要保留而處理有關要求。

如你認為你的個人資料私隱權利受到影響,你可向香港個人資料私隱專員公署提出查詢或投訴。

11. Cookie 及類似技術

本平台可能使用必要的 Cookie、本地儲存技術或類似工具,以維持登入狀態、記住基本設定、保障帳戶安全及維持平台正常運作。

我們不會使用 Cookie 或類似技術進行跨網站行為廣告追蹤。

使用者可透過瀏覽器或裝置設定管理或刪除 Cookie;但部分平台功能可能因此無法正常運作。

12. 本政策的更新

我們可能不時更新本私隱政策,以反映法律、平台功能、資料處理方式或服務安排的變更。

如作出重大更改,我們會於本頁公布更新版本,並更新「最後更新日期」。如變更對學校、學生、家長或教師的權益有重大影響,我們可能透過平台通知、電郵或學校管理渠道作出通知。

13. 聯絡我們

如你對本私隱政策、個人資料處理方式或你的資料權利有任何查詢,請聯絡:

AIO HUB LIMITED — 資料保障聯絡人

電郵:info@aio103.com

你亦可向香港個人資料私隱專員公署查詢或投訴。網站:www.pcpd.org.hk

English (sync translation; the Chinese version prevails)

1. Introduction & Scope

This Privacy Policy explains how AIO HUB LIMITED ("we", "us", "the Company") and its education platform "ALL IN ONE" (AIO) — including the website www.aiobegin.com, related mobile applications and platform services (collectively, the "Platform") — collects, uses, stores, discloses and protects personal data.

The Platform is primarily used by Hong Kong primary and secondary schools, students, teachers, school administrators and parents, to help schools deliver teaching, learning management, assignment support, learning-progress analysis and AI-assisted learning features.

In most cases, in respect of students', teachers' and parents' teaching-and-learning data that schools provide or that is generated through the Platform, the relevant school is the data user of that data, while the Company processes the data as an engaged data processing service provider on the school's instructions.

However, in respect of account-security records, technical logs, support enquiries and corporate contact data that the Company processes to operate, maintain, secure and improve the Platform, the Company may be the data user of such data.

The Company is committed to complying with the Personal Data (Privacy) Ordinance (Cap. 486) (the "PDPO") and the applicable data protection principles.

2. Personal Data We May Collect

We only collect personal data that is reasonably necessary to provide the Platform's services, maintain platform security and fulfil our agreements with schools.

Depending on the user's role and the features a school has enabled, we may process the following data:

Student data

  • Name, student number, school attended, level, class and account data;
  • Learning records, submitted assignment content, quiz or assessment results, completion progress and teacher feedback;
  • Text, images, documents, answers, work or other learning content that a student inputs or submits on the Platform;
  • Content of interactions with AI features, including questions and prompts submitted by the student and the system-generated learning responses;
  • Technical data relating to account use and platform security.

Teacher and school administrator data

  • Name, role, school name, contact details and account data;
  • Class, course, student-management, teaching content and platform-operation records;
  • Learning reports, teaching feedback and platform-management records.

Parent/guardian data

  • Name, relationship to the student, contact details and account data;
  • Data relating to the student's learning progress, notifications, parent features or support enquiries.

Technical and security data

  • Account identifiers, login times, IP addresses, device type, application version and browser data;
  • Usage logs, error logs, security logs and data needed to prevent abuse.

The Platform is not intended to collect students' medical records, mental-health records, family-background information, complete Special Educational Needs (SEN) assessment data or other highly sensitive personal data. Unless a school has enabled a specific feature, has appropriate authorisation and expressly requires users to provide such data, users should not input it into the Platform or submit it to AI features.

3. Purposes of Collection and Use

We process personal data only for the following purposes that are directly related to educational services and platform operation:

  • Creating, managing and authenticating user accounts;
  • Providing learning, assignment, assessment, teaching-management and AI-assisted learning features;
  • Helping teachers and schools review students' learning progress, performance, completion status and learning needs;
  • Providing parents, teachers and schools with notifications, reports or platform features relating to students' learning;
  • Maintaining platform security, detecting abnormal activity, preventing abuse and handling security incidents;
  • Providing technical support, responding to enquiries and resolving service issues;
  • Fulfilling contracts with schools, statutory obligations and reasonable audit and record-keeping requirements;
  • Improving the Platform's stability, features, security and user experience.

Unless we have appropriate authorisation or consent, or as required or permitted by law, we will not use student, teacher, parent or school data for commercial purposes unrelated to educational services.

We do not sell students' personal data, and do not use student data for behavioural advertising, cross-site advertising tracking or third-party commercial promotion.

4. School Authorisation, Parental Notice and Minors' Data

The Platform is generally enabled, managed and used by a school on behalf of its students, teachers and parents.

The school is responsible for providing appropriate notice to students, parents and staff about the use of the Platform, and for obtaining any required authorisation or consent where applicable, in accordance with applicable law, school policy and its arrangements with parents/guardians.

As some users of the Platform are minors, we adopt protective measures commensurate with students' age, the usage context and the sensitivity of the data, including limiting data collection, role-based permission management and restricting the use of non-essential data.

Where the Company collects personal data directly from students, parents or other users, we will explain the purposes of collection and the related arrangements at or before the time of collection.

5. AI Features and Use of Data

The Platform may use AI technologies to provide learning hints, content suggestions, answer analysis, assignment support, learning feedback, teaching assistance and other education-related features.

When a user uses AI features, the content the user actively inputs, submits or chooses to provide may be transmitted to the relevant AI service providers in order to generate responses, analysis or learning suggestions.

We take reasonable measures to minimise the transmission of unnecessary identifiable personal data to AI service providers. Schools, teachers and students should also avoid inputting identity-card numbers, addresses, medical data, banking data, family-privacy information or other unnecessary personal data into AI features.

Unless otherwise expressly stated and appropriately arranged, we do not use students' personal data to train the Company's own public AI models, nor do we allow third-party service providers to use student data to train their public foundation models.

6. Third-Party Service Providers & Disclosure of Data

To provide and maintain the Platform, we may engage trusted third-party service providers for the following services:

  • Cloud infrastructure and data hosting;
  • Account login, identity authentication and access management;
  • AI models, content analysis and learning-assistance services;
  • Database, system maintenance, error monitoring and security services;
  • Email, notification and customer-support services.

We provide such service providers only with the minimum data necessary for them to perform their services, and require them to handle the data in accordance with applicable law, contractual terms and reasonable data protection requirements.

We do not sell student data to third parties, nor do we allow third parties to use student data for their own advertising, marketing or unrelated commercial purposes.

Upon a school's request, the Company can provide information about the principal data processing service providers relevant to that school's service.

7. Cross-Border Data Processing

Some service providers may process, store or back up data outside Hong Kong, for example in Singapore, the United States or other regions that provide cloud and AI services.

Where personal data needs to be processed outside Hong Kong, we take reasonable measures to require the relevant service providers to provide protection commensurate with the nature of the data and the processing risk, including contractual restrictions, access controls, security requirements and purpose limitation.

8. Data Security

We adopt reasonable and practicable technical, administrative and managerial measures to protect personal data against unauthorised or accidental access, processing, erasure, loss, use or disclosure.

Such measures may include:

  • Role-based access control;
  • Account authentication and permission management;
  • Database- and system-level access restrictions;
  • Logging of operational, login and administrative activities;
  • Reasonable protection during transmission and storage;
  • System maintenance, security monitoring and abnormal-activity detection;
  • Confidentiality and data protection requirements imposed on staff and service providers.

Although we strive to adopt reasonable security measures, no method of internet transmission or electronic storage can be guaranteed absolutely secure. In the event of a security incident involving personal data, we will take appropriate handling and notification measures in accordance with applicable law, our agreements with schools and the nature of the incident.

9. Data Retention & Deletion

We retain personal data for no longer than is necessary to achieve the purposes of collection, provide services, fulfil contractual obligations, safeguard platform security and meet legal or audit requirements.

For student, teacher and parent data controlled by schools, we generally retain, export, delete or anonymise data in accordance with the school's written instructions, service agreement or data processing agreement.

Unless a school instructs otherwise in writing, after a school ceases to use the Platform we will delete or anonymise personal data that no longer needs to be retained within a reasonable period.

Limited data retained for system backup, security, dispute resolution, statutory obligations or audit purposes may only be deleted or anonymised after a reasonable and necessary period.

10. Access, Correction, Deletion & Withdrawal of Consent

Under the PDPO, data subjects have the right to request access to and correction of their personal data.

As most student, teacher and parent data on the Platform is controlled by schools, requests for access, correction, deletion or withdrawal of consent should generally first be made to the relevant school. The school may handle such requests in accordance with its procedures and instruct the Company to provide reasonable assistance.

Users may also contact us directly. We will handle such requests based on our own role, applicable law, the school's instructions, the service agreement and whether the data still needs to be retained.

If you believe your personal data privacy rights have been affected, you may make an enquiry or complaint to the Office of the Privacy Commissioner for Personal Data, Hong Kong.

11. Cookies & Similar Technologies

The Platform may use necessary cookies, local-storage technologies or similar tools to maintain login status, remember basic settings, safeguard account security and keep the Platform functioning properly.

We do not use cookies or similar technologies for cross-site behavioural advertising tracking.

Users may manage or delete cookies through their browser or device settings; however, some platform features may not function properly as a result.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, platform features, data-processing practices or service arrangements.

If we make material changes, we will publish the updated version on this page and update the "Last Updated" date. Where the changes materially affect the rights of schools, students, parents or teachers, we may give notice through platform notifications, email or school-administration channels.

13. Contact Us

If you have any questions about this Privacy Policy, how personal data is handled, or your data rights, please contact:

AIO HUB LIMITED — Data Protection Contact

Email: info@aio103.com

You may also make an enquiry or complaint to the Office of the Privacy Commissioner for Personal Data, Hong Kong. Website: www.pcpd.org.hk