Introduction

Zenolith is committed to protecting your personal data and your privacy. This Privacy Policy explains how we collect, use, disclose, and store your information. We operate under Hong Kong's Personal Data (Privacy) Ordinance (PDPO) and follow international best practices in data protection.

This policy applies to all personal data we collect through our website, services, and communications. If you have questions about how we handle your data, please contact us at [email protected].

What Personal Data We Collect

Information You Provide

Contact Forms: Name, email address, phone number, company name, and message content
Service Engagement: Business contact information, project details, and communication records
Correspondence: Any information included in emails or messages to us

Information Collected Automatically

Website Usage: Page visits, time spent on pages, browser type, and IP address through analytics
Cookies: Information stored on your device to enhance user experience (see our Cookie Policy)
Device Information: Information about your device including browser and operating system

How We Use Your Data

We use personal data for the following purposes:

Responding to your enquiries and providing requested services
Administering client projects and delivering agreed services
Communicating project updates and findings
Improving our website and services based on usage patterns
Complying with legal obligations
Fraud prevention and security

We do not use your data for marketing communications unless you have explicitly consented. We will always provide a clear opt-out option if you no longer wish to receive communications.

Data Retention

We retain personal data only for as long as necessary to serve the purposes outlined above. Specific retention periods are:

Client Data: During the engagement and for 3 years following project completion for record-keeping and dispute resolution
Website Analytics: Typically retained for 12 months then archived or deleted
Enquiry Forms: Retained for 12 months from submission, then securely deleted
Communications: Retained as long as necessary for business purposes, typically 2-3 years

You can request deletion of your personal data at any time, subject to legal and contractual obligations.

Data Security

We implement industry-standard security measures to protect your personal data from unauthorised access, alteration, or disclosure:

Encryption: Data in transit is encrypted using SSL/TLS protocols
Access Controls: Personal data is accessible only to authorised personnel
Secure Storage: Data is stored on secure servers with restricted access
Regular Audits: We regularly audit security practices and systems
Breach Response: In the unlikely event of a data breach, we will notify affected individuals as required by law

While we take security seriously, no system is completely immune to breaches. We encourage you to practice good security habits including strong passwords and regular account monitoring.

Third-Party Services

We may use third-party service providers to assist with our operations:

Cloud Hosting: Data may be stored on cloud servers with industry-standard security
Analytics Tools: Google Analytics may collect usage data (see our Cookie Policy)
Email Providers: Third-party email services for communications

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Your Rights Under PDPO

You have the following rights regarding your personal data:

Right of Access: You can request a copy of your personal data we hold
Right of Correction: You can request correction of inaccurate data
Right of Deletion: You can request deletion of your data (subject to legal obligations)
Right of Data Portability: You can request your data in a portable format
Right to Object: You can object to certain uses of your data
Right to Withdraw Consent: You can withdraw previously given consent at any time

To exercise any of these rights, contact us at [email protected] with details of your request.

Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. See our Cookie Policy for detailed information about:

Types of cookies we use
Purpose of each cookie
How to manage your cookie preferences
Third-party tracking

International Data Transfers

When we transfer personal data outside Hong Kong, we ensure appropriate safeguards are in place through contractual agreements and adequacy assessments. Data protection laws in other jurisdictions may differ from Hong Kong's PDPO.

Children's Privacy

Our services are not directed to individuals under 18 years old. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete such information promptly.

Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated via email or website notice. Your continued use of our services following changes constitutes acceptance of the updated policy.

Contact Information

Data Controller: Zenolith
Email: [email protected]
Address: Unit 912, 9/F, Millennium City 5, 418 Kwun Tong Road, Kwun Tong, Hong Kong
Phone: +852 2947 3618

If you believe we have mishandled your personal data, you have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong.