Privacy Policy

Last Updated: January 2025
This Privacy Policy outlines how Spectrova Ltd. collects, processes, and protects your personal data. We are committed to transparency and compliance with data protection regulations including GDPR and Hong Kong's Personal Data (Privacy) Ordinance.

1. Introduction

Spectrova Ltd. ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and engage with our services.

2. Data We Collect

Information You Provide Directly

When you contact us through our website contact form, email, or phone, we collect:

Your name and contact information (email, phone number)
Your company name and business details
Any information you include in your inquiry or message

Automatically Collected Information

When you visit our website, we automatically collect certain information:

Usage data (pages visited, time spent, click patterns)
Device information (device type, browser, operating system)
Network information (IP address, referrer)
Cookies and similar tracking technologies

Information from Third Parties

We may receive information about you from business partners or publicly available sources to better understand your organization and our service fit.

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

Consent: You have explicitly consented to the processing
Contractual Performance: Processing is necessary to provide services you've requested
Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services
Legal Obligation: Processing is required by law or regulatory requirement

4. How We Use Your Data

We use the information we collect for the following purposes:

To respond to your inquiries and provide requested information
To deliver and improve our AI services
To conduct business communications about projects and proposals
To analyze website usage and optimize user experience
To send marketing communications (with your consent)
To comply with legal and regulatory requirements
To detect and prevent fraud or security issues

5. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

Contact Information: Retained for 3 years after last interaction, unless an ongoing service relationship exists
Service Data: Retained for the duration of engagement plus 2 years for compliance and audit purposes
Website Analytics: Retained for 13 months
Marketing Communications: Retained until you unsubscribe

6. Data Sharing

We do not sell your personal data. We may share your information with:

Service Providers: Third-party vendors who assist us (hosting, email, analytics) under confidentiality agreements
Legal Requirements: When required by law or to protect legal rights
Business Transfers: In the event of merger, acquisition, or sale of assets

International Transfers

If we transfer data outside Hong Kong, we implement appropriate safeguards including Standard Contractual Clauses or adequacy decisions.

7. Your Data Rights

You have the following rights regarding your personal data:

Right to Access: Request what personal data we hold about you
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data (with exceptions)
Right to Restrict Processing: Request limitation of how we use your data
Right to Data Portability: Request your data in a portable format
Right to Object: Object to processing for certain purposes
Right to Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Security Measures

We implement comprehensive security practices to protect your data:

Encryption of data in transit and at rest using industry-standard protocols
Secure server infrastructure with restricted access
Regular security assessments and penetration testing
Employee training on data protection and privacy practices
Access controls limiting employee data access to necessity

While we employ strong security measures, no system is completely secure. We cannot guarantee absolute security but commit to maintaining appropriate safeguards.

9. Cookies and Tracking

Our website uses cookies to improve your experience. For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

10. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these external sites. We recommend reviewing their privacy policies before providing personal information.

11. Children's Privacy

Our services are not directed to individuals under 18 years old. We do not knowingly collect personal data from children. If we become aware that a child has provided us with information, we will delete such data and terminate the child's account.

12. Data Protection Officer Contact

For data protection inquiries, privacy concerns, or to exercise your data rights, contact our Privacy Team:

Privacy Inquiries

Email: [email protected]

Address: Unit 701, 7/F, Island Beverley, 1 Great George Street, Causeway Bay, Hong Kong

Response Time: We aim to respond to privacy requests within 30 days

13. Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes via email or prominent notice on our website. Your continued use of our services following notification constitutes acceptance of updated terms.

14. Supervisory Authority

In Hong Kong, you have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) if you believe your data has been processed improperly.

This Privacy Policy is effective as of January 2025 and applies to all personal data Spectrova processes.