Privacy Policy

Introduction

Gravik ("we," "our," or "us") is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, engage our consulting services, or communicate with us.

We operate in accordance with the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong and applicable data protection regulations. By using our services or providing your information to us, you consent to the practices described in this policy.

For questions regarding this Privacy Policy, please contact us at [email protected]

Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when:

• Filling out contact forms on our website
• Requesting information about our services
• Engaging our consulting services
• Subscribing to communications
• Participating in surveys or feedback requests

This information may include: name, email address, phone number, business name, job title, and any other details you choose to provide in messages or engagement documentation.

Automatically Collected Information

When you visit our website, we automatically collect certain information through cookies and similar technologies:

• Browser type and version
• Operating system
• IP address and general location
• Pages visited and time spent on pages
• Referring website addresses
• Device identifiers

How We Use Your Information

We use collected information for the following purposes:

Service Delivery

• Responding to inquiries and providing requested information
• Delivering consulting services as contracted
• Managing client relationships and engagements
• Processing payments and maintaining financial records

Communication

• Sending service-related communications
• Providing engagement updates and deliverables
• Responding to support requests
• Sending occasional industry insights (with consent)

Website Improvement

• Analyzing website usage patterns
• Improving user experience and functionality
• Troubleshooting technical issues

Legal Compliance

• Meeting regulatory and legal requirements
• Protecting our rights and property
• Preventing fraud or misuse

Legal Basis for Processing

We process your personal data based on:

• Consent: When you voluntarily provide information through forms or engagement agreements
• Contract Performance: When processing is necessary to deliver consulting services you've engaged
• Legitimate Interests: For business operations, security, and improvement of services
• Legal Obligations: When required by Hong Kong law or regulation

Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

Service Providers

Third-party service providers who assist with:

• Website hosting and maintenance
• Email communication platforms
• Payment processing
• Analytics and website optimization

These providers are contractually bound to protect your information and use it only for specified purposes.

Legal Requirements

We may disclose information when required by law, court order, or regulatory authority, or when necessary to protect our rights, property, or safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to equivalent privacy protections.

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption of data in transit and at rest
• Secure server infrastructure with regular security updates
• Access controls limiting information access to authorized personnel
• Regular security audits and vulnerability assessments
• Staff training on data protection and confidentiality
• Incident response procedures for potential breaches

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but maintain industry-standard practices.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law:

• Inquiry information: retained for 2 years after last contact
• Client engagement records: retained for 7 years after engagement completion (for professional liability and regulatory purposes)
• Financial records: retained for 7 years (per Hong Kong tax requirements)
• Marketing consent records: retained until consent is withdrawn

After the retention period, we securely delete or anonymize your information.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience and analyze site usage. For detailed information about our cookie practices, please see our Cookie Policy.

You can control cookie preferences through your browser settings or our cookie management interface.

Your Rights

Under Hong Kong's Personal Data (Privacy) Ordinance, you have the following rights:

Right of Access

You may request a copy of the personal information we hold about you. We will provide this within 40 days of receiving your request.

Right to Correction

You may request correction of inaccurate or incomplete personal information. We will respond within 40 days.

Right to Data Portability

You may request your data in a structured, commonly used format for transfer to another service provider.

Right to Object

You may object to processing of your personal data for direct marketing purposes at any time.

Right to Erasure

You may request deletion of your personal information, subject to legal and legitimate business retention requirements.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

To exercise these rights, please contact us at [email protected]. We may require verification of your identity before processing requests.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete it promptly.

International Data Transfers

While we primarily operate within Hong Kong, some service providers may be located in other jurisdictions. When transferring data internationally, we ensure appropriate safeguards are in place, including:

• Contractual clauses ensuring equivalent protection
• Verification of recipient's data protection standards
• Compliance with Hong Kong cross-border transfer requirements

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notification to active clients and contacts (for material changes)

Continued use of our services after changes indicates acceptance of the updated policy.

Complaints and Regulatory Authority

If you have concerns about how we handle your personal information, please contact us first at [email protected]. We will investigate and respond to your complaint.

If you remain unsatisfied, you have the right to lodge a complaint with:

Contact Information

For questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact: