Last Updated: June 1, 2026

APAA is fully dedicated to protecting and treating the personal processing data of our subscribers with absolute discretion. This document serves as our operational Privacy Policy and formal Personal Information Collection Statement (PICS), executed in full alignment and strict compliance with the Hong Kong Personal Data (Privacy) Ordinance (PDPO), Cap. 486.

1. Core Categories of Data Collection

To ensure secure access and track educational benchmarks, APAA collects and archives the following categories of personal information:

• Account Registry Records: Professional identity criteria submitted during signup, including your full name, primary email communication routes, contact telephone records, local medical practice address, and specific medical regulatory board license numbers.
• Automated Learning Progression Monitoring: User streaming logs detailing specific video training modules accessed, unique watch timeline benchmarks, aggregate video module view duration, and assessment attempts.
• Telemetry and Infrastructure Safety Logs: Technical data gathered automatically via platform interaction, encompassing user IP addresses, browser configurations, active operating system frameworks, playback buffering errors, and coarse geolocational data points.

2. Explicit Processing Intent and Purposes

In strict accordance with Data Protection Principle 1 (DPP1) of the PDPO, user personal data is processed exclusively for the primary educational and platform management purposes outlined below:

• Verifying medical regulatory registration status prior to granting clearance to stream clinical dermal injection training assets.
• Generating automated educational completion tracking logs to monitor user course engagement and platform utilization.
• Diagnosing playback issues, managing cloud infrastructure workloads, and running background data safety scripts to actively eliminate illegal credential-sharing, unauthorized media scraping, or stream ripping.

3. Controlled Disclosures and Class of Transferees

To satisfy Data Protection Principle 3 (DPP3) of the PDPO, subscribers are explicitly informed regarding the limited third-party disclosure boundaries established by the Academy:

Verification for Aesthetic Brand Partners

Where a user's course access has been facilitated, sponsored, or requires professional validation linked to specific clinical manufacturing product frameworks, APAA may share your professional identity, medical license metadata, and specific video tracking completion logs with our verified aesthetic pharmaceutical manufacturing and distribution partners. This processing occurs solely to fulfill institutional training validation audits, verify local authorized practitioner registries, and monitor training propagation. APAA never leases, sells, or rents database records to external brokerage networks for separate marketing purposes.

4. Absolute Payment Processing Isolation

All financial settlements and transaction operations are routed completely through secure, industry-certified, and encrypted third-party commercial payment gateways. APAA maintains absolute data isolation from sensitive credit criteria; no full primary account numbers (PAN), expiration fields, or card verification values (CVV) are ever stored, processed, or logged on our core database architectures. We exclusively archive neutral transaction metadata (alphanumeric transaction identifiers, settlement date logs, and fee tiers) for accounting and tax reporting compliance.

5. Rights of the Data Subject (Access and Correction)

Under the explicit terms of the PDPO, users hold a legally protected right to ascertain whether APAA maintains an archive of their personal details, request clear copy transcripts of their processed records, and demand the immediate correction of any outdated or inaccurate profile indicators. All data privacy requests or correction entries must be dispatched via formal text communication to our data monitoring team at info@apaa.org.