Privacy Policy

1. Introduction

Ondura ("we", "us", "our") is committed to protecting the personal data of individuals who interact with us. This Privacy Policy describes how we collect, use, store, and protect personal information in accordance with Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) (PDPO) and other applicable data protection legislation.

This policy applies to personal data collected through our website, through direct correspondence, and in the course of our consulting engagements. Questions regarding this policy should be directed to privacy@{{DOMAIN_NAME}}.

2. Data We Collect

We collect personal data in the following circumstances:

• Contact form submissions: Name, email address, phone number (optional), and message content.
• Engagement correspondence: Business and personal contact details provided in the course of scoping or delivering a consulting engagement.
• Website usage data: Anonymous or pseudonymous data collected via analytics tools, including pages visited, browser type, and approximate location.
• Cookie data: Preferences and session information stored via cookies, subject to your consent. See our Cookie Policy for details.

We collect only the data necessary for a defined purpose and do not collect data speculatively.

3. How We Use Your Data

Personal data we hold is used for the following purposes:

• Responding to enquiries submitted through our contact form or by email.
• Scoping, delivering, and administering consulting engagements.
• Sending engagement-related communications, including proposals, updates, and deliverables.
• Maintaining records required for business administration and legal compliance.
• Improving our website and services through aggregate, anonymised usage analysis.

We do not use personal data for unsolicited marketing without explicit consent, and we do not sell, rent, or trade personal data with third parties for commercial purposes.

4. Legal Basis for Processing

We process personal data on the following legal bases:

• Consent: Where you have provided explicit consent, including for optional analytics and marketing cookies.
• Contractual necessity: Where processing is required to fulfil obligations under an engagement agreement.
• Legitimate interests: For purposes such as responding to enquiries and improving our services, where these do not override your rights.
• Legal obligation: Where processing is required to comply with applicable law.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, and no longer than required by applicable law or legitimate business needs. In general:

• Contact enquiries not leading to an engagement: up to 12 months.
• Engagement records (including correspondence and deliverables): up to 7 years, in line with standard business record-keeping requirements in Hong Kong.
• Cookie data: as specified in our Cookie Policy.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

6. Data Protection Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• Encrypted communication channels for correspondence containing personal data.
• Access controls limiting internal access to personal data on a need-to-know basis.
• Regular review of data security practices.
• Confidentiality obligations applicable to all personnel and contractors who handle personal data.

In the event of a data breach that poses a risk to your rights or interests, we will take prompt action and notify affected individuals and, where required, the relevant authorities.

7. Cookies

We use cookies and similar technologies on our website. For a full description of the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

8. Third-Party Services

We may use third-party services that process data on our behalf, including analytics providers and communication tools. These providers are selected for their alignment with data protection standards and are bound by appropriate confidentiality obligations.

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

9. Your Rights

Under Hong Kong's PDPO, you have the right to:

• Request access to the personal data we hold about you.
• Request correction of inaccurate personal data.
• Request deletion of personal data where we no longer have a lawful basis for holding it.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong if you consider that your rights have been infringed.

To exercise any of these rights, contact us at privacy@{{DOMAIN_NAME}}. We will respond within the timeframes required by applicable law.

10. Children's Privacy

Our services are directed at organisations and business professionals aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that personal data has been collected from a minor, we will take steps to delete it promptly.

11. Policy Updates

We may update this Privacy Policy from time to time. Material changes will be communicated via our website. Continued use of our services following an update constitutes acceptance of the revised policy. The date of the most recent revision is shown at the top of this page.

12. Contact