Privacy Policy

--------------------------------------------------------------------------------
1. Introduction and scope
--------------------------------------------------------------------------------

Profit Accounting Company Limited ("Profit Accounting", "we", "us", "our") is committed to protecting the privacy and confidentiality of personal data that we hold. We collect, use, disclose and process personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong ("PDPO") and this Privacy Policy.

This Privacy Policy explains how we handle personal data when you visit our website https://profitaccounting.hk, contact us, or use our professional services including company formation, company secretarial, accounting, audit, tax and virtual office services (collectively, the "Services").

By using the Site or our Services, or by providing personal data to us, you acknowledge that you have read and understood this Privacy Policy and you consent to our collection, use, disclosure and processing of your personal data as described here.

--------------------------------------------------------------------------------
2. What personal data we collect
--------------------------------------------------------------------------------

Depending on your relationship with us and the Services you use, we may collect and process the following categories of personal data:

- Identification and KYC data – such as full name, alias, date of birth, Hong Kong identity card or passport details, nationality, beneficial ownership details, tax identification numbers and information required for know-your-client and due diligence checks.

- Contact details – such as residential or correspondence address, email address, telephone and mobile numbers, and preferred language.

- Professional and business information – such as job title, employer or business name, shareholding and directorship details, and information about your business operations and transactions.

- Financial and transactional data – such as invoices, payment records, bank details provided for payments, accounting records, tax filings and supporting documentation relevant to our engagements.

- Technical data – such as IP address, browser type, device identifiers, operating system, pages visited, time and date of access, and cookies or similar technologies used on the Site.

--------------------------------------------------------------------------------
3. How we collect personal data
--------------------------------------------------------------------------------

We may collect personal data in various ways, including:

- Directly from you when you contact us by phone, email, post, online forms, messaging apps or in person, or when you submit incorporation, secretarial, accounting, audit or tax instructions and documents to us.

- When you use our Site, through your browser or device (for example via server logs, analytics tools and cookies).

- From documents you provide such as identity documents, address proofs, bank statements, contracts, invoices, tax returns and corporate records.

- From publicly available sources (such as public registers and company searches) and from regulators, professional bodies or business partners where permitted by law.

If you provide personal data to us about other individuals (for example, shareholders, directors, ultimate beneficial owners, employees, authorised signatories or family members), you confirm that you have informed them of this Privacy Policy and have obtained their consent (or that another lawful ground applies) for us to collect, use and disclose their personal data for the purposes described in this Policy.

--------------------------------------------------------------------------------
4. Purposes for which we use personal data
--------------------------------------------------------------------------------

We may collect, use and process personal data for one or more of the following purposes:

- To provide and manage our Services – including assessing and accepting new clients, incorporating and maintaining companies, acting as company secretary and designated representative, maintaining statutory registers and the significant controllers register, preparing accounts and financial statements, performing audits and reviews, preparing and filing tax returns, and providing virtual office and mail-handling services.

- To communicate with you – including responding to enquiries, issuing engagement letters and invoices, sending reminders and notices, arranging meetings, and providing updates on your engagements.

- To comply with legal, regulatory and professional obligations – including customer due diligence, anti-money-laundering and counter-terrorist-financing requirements, obligations as a licensed trust or company service provider, requirements of the Companies Registry, Inland Revenue Department and other regulators, as well as professional and ethical standards applicable to our company.

- For internal administration and risk management – including internal audits, quality control, training, managing our relationship with you, maintaining and improving our systems, and managing business risks, complaints and disputes.

- For billing, payment and accounting – including issuing invoices, processing payments, recovering amounts owed, and maintaining financial and tax records for our own business.

- For security and fraud prevention – including monitoring access to our premises and systems, investigating suspicious activities, and protecting our rights, property, clients and staff.

- For marketing (subject to your consent or opt-out) – including sending you information about our services, seminars, updates and promotions that we think may be of interest to you, by email, phone, SMS or other channels, in accordance with the PDPO's requirements on direct marketing.

We will not use personal data for purposes that are not related to the original purposes for which it was collected, unless we have your consent or such use is otherwise permitted or required by law.

--------------------------------------------------------------------------------
5. Disclosure and transfer of personal data
--------------------------------------------------------------------------------

We may disclose or transfer personal data to one or more of the following categories of recipients, but only to the extent reasonably necessary for the purposes set out above or as required by law:

- Our group companies, partners, directors, employees and authorised personnel who need the information to perform their duties.

- Professional advisers (such as lawyers, auditors and other consultants) engaged by us or by you.

- Service providers who process data on our behalf, such as IT and cloud service providers, document management providers, couriers, mailing houses, payment processors and identity-verification providers, subject to appropriate confidentiality and security obligations.

- Banks, financial institutions, insurers and other intermediaries in connection with your business or our engagements.

- Government authorities, regulators, law-enforcement agencies, courts and professional bodies in Hong Kong or other jurisdictions, where we are required or permitted to do so under applicable laws or regulations, or where disclosure is necessary to protect our rights or those of others.

- Any actual or proposed assignee, transferee or acquirer of our business or assets, or participants in any corporate transaction involving us, subject to confidentiality obligations.

We do not sell, rent or trade personal data to third parties for their own marketing purposes.

Where we transfer personal data outside Hong Kong, we will take reasonable steps to ensure that the recipient provides a standard of protection to personal data that is comparable to that under the PDPO, or that the transfer is otherwise in compliance with applicable data-protection requirements.

--------------------------------------------------------------------------------
6. Cookies and website analytics
--------------------------------------------------------------------------------

Our Site may use cookies, web beacons and similar technologies to collect technical information about your visit, such as pages viewed, time spent, browser type and referring URLs, so that we can understand how the Site is used, improve its performance and personalise content.

You can usually configure your browser to refuse some or all cookies or to alert you when cookies are being sent; however, disabling cookies may affect the availability or functionality of certain features of the Site.

--------------------------------------------------------------------------------
7. Data security
--------------------------------------------------------------------------------

We take reasonably practicable steps to protect personal data against unauthorised or accidental access, processing, loss, misuse, alteration or disclosure, including through administrative, technical and physical safeguards, access controls, staff training and data-handling policies.

However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your passwords, account details and devices secure, and for notifying us promptly if you suspect any unauthorised access or misuse of your personal data in connection with our Services.

--------------------------------------------------------------------------------
8. Data retention
--------------------------------------------------------------------------------

We will retain personal data for as long as is reasonably necessary to fulfil the purposes for which it was collected, to meet our legal, regulatory, tax and professional obligations, and to exercise or defend legal rights.

When personal data is no longer required for these purposes, we will take reasonably practicable steps to erase it or anonymise it so that it no longer identifies any individual, unless retention is required or permitted by law.

--------------------------------------------------------------------------------
9. Your rights in relation to personal data
--------------------------------------------------------------------------------

Subject to applicable legal requirements and exemptions, you may have the following rights in relation to the personal data we hold about you:

- The right to request access to your personal data and to receive a copy of it.

- The right to request correction of inaccurate or incomplete personal data.

- The right to request us to stop using your personal data for direct marketing at any time, without charge.

If you wish to exercise any of these rights, please contact us using the contact details set out in section 10 below. We may need to verify your identity and may charge a reasonable fee as permitted by the PDPO to process data-access or data-correction requests.

--------------------------------------------------------------------------------
10. Direct marketing
--------------------------------------------------------------------------------

We may, with your consent or where otherwise permitted by law, use your name and contact details to send you marketing communications about our services, events, publications and promotions that we think may be of interest to you.

You may at any time withdraw your consent or opt out of receiving direct-marketing communications by following the unsubscribe instructions in our messages or by contacting us using the details below; after that, we will stop using your personal data for direct marketing, although we may still contact you for non-marketing purposes (for example about ongoing engagements or legal notices).

--------------------------------------------------------------------------------
11. Third-party websites
--------------------------------------------------------------------------------

Our Site may contain links to third-party websites or services that are not operated or controlled by us. This Privacy Policy does not apply to those third-party sites or services, and we are not responsible for their privacy practices, content or security. You are encouraged to review the privacy policies of those third parties before providing any personal data to them.

--------------------------------------------------------------------------------
12. Changes to this Privacy Policy
--------------------------------------------------------------------------------

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or services. The updated version will be posted on our Site with a revised "last updated" date and will take effect upon posting, unless otherwise stated.

Where required by law, we will obtain your consent to material changes or will give you an opportunity to opt out before such changes take effect.

--------------------------------------------------------------------------------
13. Contacting us
--------------------------------------------------------------------------------

If you have any questions about this Privacy Policy, or if you wish to request access to or correction of your personal data, or to opt out of direct marketing, you may contact us at:

Tel: (852)28541988
Email: [email protected]

======================================================================
END OF PRIVACY POLICY
======================================================================