Ferrotype Contact Us

Legal

Privacy Policy

Last Updated: 15 February 2026

Ferrotype ("we", "us", "our") is committed to protecting the personal data of individuals who interact with us. This policy explains what data we collect, how we use it, and the rights you have in relation to it. We operate under the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.

1. Data Controller

The data controller is Ferrotype, located at 10 Shing Yip Street, Kwun Tong, Kowloon, Hong Kong. For any data-related enquiry, please contact us at privacy@ferroaty.

2. Data We Collect

We collect personal data through the following means:

  • Contact forms on our website: name, email address, phone number (optional), and message content
  • Email correspondence initiated by you
  • Cookies and website analytics tools (see our Cookie Policy for details)
  • During service delivery: operational data you provide as part of an engagement

We do not collect sensitive personal data (as defined under the PDPO) through our website. Any sensitive data arising in the course of an engagement is governed by a separate confidentiality agreement.

3. How We Use Your Data

Personal data collected through our website is used for the following purposes:

  • Responding to your enquiry or message
  • Providing the services you have requested
  • Sending service-related communications relevant to an active engagement
  • Improving our website based on aggregated, anonymised usage data
  • Complying with legal or regulatory obligations

We do not use your personal data for unsolicited marketing. We do not sell, rent, or trade personal data to third parties.

4. Legal Basis for Processing

  • Your consent (where obtained via our cookie consent mechanism)
  • Legitimate interests — responding to enquiries and operating our business
  • Contractual necessity — where data is needed to deliver a service you have engaged us for
  • Legal compliance — where processing is required by applicable law

5. Data Retention

We retain personal data only for as long as necessary for the purposes described above:

  • Enquiry data (no engagement): retained for up to 12 months, then deleted
  • Engagement-related data: retained for 7 years for legal and compliance purposes, then securely deleted
  • Analytics data: retained in aggregated, anonymised form indefinitely; individual-level data deleted within 26 months
  • Cookie consent records: retained for 12 months

6. Data Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. These include:

  • Encrypted storage and transmission (TLS/SSL)
  • Access controls limiting data access to staff directly involved in the relevant matter
  • Internal access logging
  • Regular review of security practices

In the event of a data breach that poses a risk to affected individuals, we will notify the Office of the Privacy Commissioner for Personal Data (PCPD) and affected individuals in accordance with applicable requirements.

7. Third-Party Services

Our website may use the following third-party services, which may process data on our behalf:

  • Google Analytics — website usage analytics (anonymised where possible)
  • Google Maps — location display (data processed subject to Google's privacy policy)
  • Cloudflare — content delivery and security

Where these services are based outside Hong Kong, data transfers are conducted under appropriate safeguards consistent with the PDPO's requirements on cross-boundary data transfers.

8. Cookies

We use cookies to understand how our website is used and to improve the experience. Please refer to our Cookie Policy for a full explanation of the cookies we use and how to manage your preferences.

9. Your Rights

Under the Personal Data (Privacy) Ordinance, you have the following rights in relation to personal data we hold about you:

  • Right of access — to request a copy of the personal data we hold about you
  • Right of correction — to request that inaccurate data be corrected
  • Right to object — to object to the use of your data for direct marketing (we do not conduct direct marketing)
  • Right to withdraw consent — where processing is based on consent, to withdraw it at any time
  • Right to erasure — to request deletion of your data, subject to legal retention requirements

To exercise any of these rights, contact us at privacy@ferroaty. We will respond within 40 days, as required by the PDPO.

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

11. Children's Privacy

Our services are intended for business organisations and individuals aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has submitted personal data to us, please contact us and we will delete it promptly.

12. Supervisory Authority

If you believe your data has been handled in contravention of the PDPO, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD): pcpd.org.hk

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via a notice on our website. Continued use of the site after changes are posted constitutes acceptance of the revised policy. The date at the top of this page reflects the most recent update.

14. Contact

For any questions relating to this policy or our data practices:

Email: privacy@ferroaty

Post: Ferrotype, 10 Shing Yip Street, Kwun Tong, Kowloon, Hong Kong