Privacy Policy

1. Introduction

Quillar ("we", "us", "our") is committed to protecting the privacy of individuals who interact with our business. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, engage our consulting services, or communicate with us.

This policy applies to all personal data processed by Quillar in the course of its business activities, in accordance with Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO").

If you have questions about this policy, please contact us at privacy@quillaar.

2. Data We Collect

We may collect the following categories of personal data:

Contact Information: Name, email address, phone number, and business address — typically collected when you submit our contact form or correspond with us directly.

Professional Information: Job title, company name, and industry — collected during consulting engagements or initial conversations.

Technical Data: IP address, browser type, operating system, and page visit data — collected automatically through cookies and server logs when you visit our website.

Engagement Data: Information you share with us during the course of a consulting engagement, including business documents and operational data relevant to the services we provide.

3. How We Use Your Data

We use your personal data for the following purposes:

Service Delivery: To carry out consulting engagements, prepare reports, and communicate with you about project progress and deliverables.

Communication: To respond to your enquiries, send project-related updates, and share relevant information about our services when you have opted in to receive such communications.

Website Improvement: To analyse how visitors use our website so that we can improve its functionality, content, and user experience.

Legal Compliance: To meet our obligations under applicable laws and regulations, including data protection, anti-money laundering, and professional standards requirements.

4. Legal Basis for Processing

We process personal data on the following legal bases:

Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to communications.

Contractual Necessity: Where processing is necessary for the performance of a consulting engagement or contract with you.

Legitimate Interest: Where processing is necessary for our legitimate business interests, provided those interests do not override your rights.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. In general:

Contact form submissions are retained for up to 12 months after the last interaction. Engagement-related data is retained for the duration of the engagement plus 3 years, in accordance with professional record-keeping obligations. Website analytics data is retained for 26 months. Marketing communication preferences are retained until you withdraw consent.

6. Data Protection Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including encryption of data in transit and at rest, access controls limiting data access to authorised personnel, regular security reviews and assessments, secure disposal of data when it is no longer needed, and non-disclosure agreements with all team members handling client data.

7. Cookies

Our website uses cookies to improve your browsing experience and help us understand how visitors use the site. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

8. Third-Party Services

We may share limited personal data with trusted third-party service providers who assist us in operating our website and conducting our business. These include website hosting providers, analytics services (such as Google Analytics), email communication platforms, and professional advisors (legal, accounting).

We require all third parties to respect the security of your personal data and to process it only in accordance with applicable law. We do not sell personal data to any third party.

9. Your Rights

Under Hong Kong's PDPO, you have the right to:

Access: Request a copy of the personal data we hold about you.

Correction: Request correction of any inaccurate or incomplete personal data.

Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.

Opt Out: You may opt out of receiving marketing communications at any time by contacting us or using the unsubscribe mechanism provided in our emails.

To exercise any of these rights, please contact us at privacy@quillaar. We will respond to your request within 40 days, as required by the PDPO.

10. Third-Party Links

Our website may contain links to external websites that are not operated by us. We have no control over the content or privacy practices of these sites and are not responsible for their policies. We encourage you to review the privacy policy of any third-party site you visit.

11. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact Information

Data Controller: Quillar

Address: 100 Nathan Road, Unit 1807, Tsim Sha Tsui, Hong Kong

Email: privacy@quillaar

If you are dissatisfied with our handling of your personal data, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong.