O
Otterwick Get in Touch

Legal

Privacy Policy

Otterwick  ·  Last updated: 14 March 2025  ·  Effective date: 14 March 2025

1. Introduction

Otterwick ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, and protect information in connection with our consulting services and this website, in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong ("PDPO").

If you have questions about this policy or wish to exercise your rights, you may contact us at privacy@{{DOMAIN_NAME}}.

2. Data We Collect

We collect personal data that you provide directly to us, including:

  • Name, email address, and phone number submitted through our contact form
  • Business name and role where provided
  • Correspondence content — emails, messages, and meeting notes
  • Engagement-related documents and data shared as part of a consulting project

We also collect limited technical data automatically when you visit this website:

  • IP address and browser type (used for security and analytics purposes)
  • Pages visited and time spent (aggregated, not linked to individual profiles)
  • Referring website or search query

3. How We Use Your Data

We use personal data for the following purposes:

  • Responding to enquiries submitted through the contact form
  • Conducting consulting engagements commissioned by you or your organisation
  • Fulfilling contractual obligations under a signed engagement scope
  • Maintaining records required by law or professional standards
  • Improving this website based on aggregated usage data

We do not use personal data for direct marketing without your explicit consent. We do not sell, rent, or trade personal data to third parties.

4. Legal Basis for Processing

Under the PDPO, personal data is used only for the purpose for which it was collected or a directly related purpose. Our processing is based on:

  • Consent — where you have submitted data via a form or agreed to communication
  • Contract performance — where processing is necessary to deliver a consulting engagement
  • Legitimate interest — for website analytics and security
  • Legal obligation — where record-keeping is required by applicable law

5. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

  • Contact form enquiries that do not proceed to an engagement: 12 months
  • Engagement-related data: 7 years from engagement completion (in line with standard business record-keeping practice in Hong Kong)
  • Website usage data (aggregated): 24 months

After the applicable retention period, data is securely deleted or anonymised.

6. Data Protection Measures

We apply security measures appropriate to the nature of the data held:

  • Access to personal data is restricted to personnel who need it to perform their role
  • All digital communications and file storage use encryption in transit and at rest
  • Physical documents containing personal data are held in locked storage
  • Internal practices are aligned with ISO 27001 information security principles
  • Incidents involving personal data are addressed promptly and reported as required by law

7. Cookies

This website uses cookies for basic functionality and aggregated analytics. Essential cookies are necessary for the site to operate and cannot be disabled. Optional cookies (analytics, preferences, marketing) are only placed with your consent.

You may manage your cookie preferences at any time via our Cookie Policy page.

8. Third-Party Services

We may use the following third-party services that process limited data:

  • Google Analytics — aggregated website traffic analysis (anonymised)
  • Google Maps — embedded map for office location (no personal data transmitted)
  • Email service provider — for handling contact form submissions securely

Each third-party service is governed by its own privacy policy. We do not grant third parties access to engagement-related client data.

9. Your Rights

Under the PDPO, you have the right to:

  • Request access to personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request erasure of data no longer required for the original purpose
  • Withdraw consent to non-essential processing at any time
  • Object to data use for direct marketing purposes
  • Lodge a complaint with the Office of the Privacy Commissioner for Personal Data (Hong Kong)

To exercise any of these rights, contact us at privacy@{{DOMAIN_NAME}}. We will respond within 40 days in accordance with the PDPO.

10. Third-Party Links

This website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies before submitting any data.

11. Children's Privacy

Our services are directed at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that personal data from a person under 18 has been collected without parental consent, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will reflect the most recent revision. Continued use of our website or services after a revision constitutes acceptance of the updated policy.

13. Contact

For questions regarding this Privacy Policy or to exercise your rights:

For complaints, you may also contact the Office of the Privacy Commissioner for Personal Data at www.pcpd.org.hk.