Privacy Policy

---

1. Introduction & Scope

1.1 Who we are

This Privacy Policy applies to Emerald Business Solutions Limited, an IT consulting company incorporated under the laws of Hong Kong, operating under the trading names "EBS IT Solutions" and "Emerald Solutions". Our registered office is located at 22/F, 3 Lockhart Road, Wanchai, Hong Kong. We specialize in providing strategic IT planning, enterprise IT solutions, and expert IT consulting services to help optimize business operations and drive organizational growth.

1.2 Purpose of this policy

The purpose of this Privacy Policy is to outline transparently how Emerald Business Solutions Limited collects, uses, maintains, shares, and protects the personal information of individuals who interact with our business. We are committed to safeguarding the privacy and security of your personal data and ensuring compliance with the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) ("PDPO"), as well as other relevant international data protection regulations, such as the General Data Protection Regulation ("GDPR") for individuals within the European Economic Area ("EEA") and the United Kingdom ("UK"), where applicable.

1.3 Scope

This Privacy Policy applies to our website located at https://emeraldsolutions.io/ (the "Website"), all related services, applications, and tools we offer, as well as offline interactions related to our IT consulting services. It encompasses all individuals whose personal data we process, including prospective and existing clients, website visitors, business partners, and subscribers to our newsletter.

1.4 Definitions

• Personal Data: Any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• Data Subject: The identified or identifiable natural person to whom the personal data
• relates.
• We/Us/Our: Refers to Emerald Business Solutions Limited, trading as EBS IT Solutions / Emerald Solutions.
• You: Refers to the individual data subject utilizing our Website, requesting our services, or interacting with us.

2. Information We Collect

2.1 Information You Provide Directly

In the course of operating our IT consulting business and Website, we may collect various forms of personal data directly from you when you voluntarily provide it. This includes, but is not limited to, situations where you request a consultation, sign up for our newsletter, contact us via email, or enter into a service agreement with us. The types of personal data you may provide directly include:

• Contact information, such as your full name, email address, physical postal address, and telephone number.
• Professional and employment information, such as your job title, company name, department, and industry.
• Billing and financial information necessary for the execution of contracts and payment processing, including invoicing details and payment routing information.
• Project requirements, technical specifications, and proprietary business information shared during consultations or strategic IT planning sessions.
• Newsletter subscription details, primarily your email address provided when opting into our marketing communications to receive updates and promotional offers (such as our 10% discount on first purchases).
• Inquiry messages and correspondence contents when you reach out to our team for support, questions, or service inquiries.

2.2 Information Collected Automatically

When you access and interact with our Website, we automatically collect certain technical data and usage information to ensure the proper functioning of the site, analyze website traffic, and optimize your user experience. This automated data collection is generally facilitated through cookies and similar tracking technologies. Information collected automatically may include:

• Internet Protocol (IP) address utilized to connect your device to the internet.
• Device and browser information, including browser type and version, browser plug-in types and versions, operating system, and platform.
• Referrer URLs, indicating the website or search engine that directed you to our Website.
• Pages visited, navigation paths, and interactions within the Website, including the date and time of your visit and the duration spent on specific pages.
• Approximate geographical location data derived from your IP address.
• Session data, error logs, and performance metrics.

Cookie identifiers and associated tracking metrics.

2.3 Information from Third Parties

We may occasionally receive personal data about you from third-party sources and public domains to complement the information you provide and support our business operations. These third-party sources may include:

• Referrals from existing clients, business partners, or industry affiliates.
• Publicly available business information, corporate registries, and professional networking platforms (e.g., LinkedIn) to verify corporate identities and understand organizational structures for our strategic IT planning services.
• Analytics providers (such as website traffic analysis tools) that offer aggregated or pseudonymous insights into user behavior and Website performance.
• Payment processors and financial institutions that confirm the status of transactions and billing operations.

2.4 Sensitive Personal Data

Emerald Business Solutions Limited does not actively seek or knowingly collect "Sensitive Personal Data" (which may include information regarding racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health conditions, sexual orientation, or criminal records). We ask that you do not submit such sensitive information to us through the Website or general correspondence. If the processing of sensitive personal data becomes strictly necessary for the execution of a specific IT project, it will only be done with your explicit consent and subject to enhanced security measures.

3. How We Use Your Information

We process your personal data solely for legitimate business purposes appropriate for an enterprise IT consulting firm. We will not use your personal information for purposes incompatible with those for which it was originally collected without providing prior notice and, where required, obtaining your consent. We use your information to:

• Deliver expert IT consulting services, strategic IT planning, and customized enterprise IT solutions as requested by your organization.
• Respond promptly and accurately to your inquiries, requests for proposals, and general communications.
• Manage and maintain client relationships, including onboarding, ongoing project coordination, and account administration.
• Prepare, send, and negotiate proposals, quotes, service level agreements (SLAs), and technical specifications.
• Conduct billing, invoicing, payment processing, accounting, and related financial administration tasks.
• Facilitate project management, technical support, troubleshooting, and continuous optimization of implemented IT infrastructures. 
• Send marketing communications, newsletters, industry insights, and promotional offers (such as our newsletter sign-up discount), provided you have opted in or consented to receive such materials.
• Improve our Website's functionality, content, user interface, and overall user experience based on traffic analysis and usage trends.
• Implement and monitor security measures to protect our Website, networks, and client data against unauthorized access, fraud, and cyber threats.
• Comply with applicable legal obligations, regulatory requirements, tax reporting duties, and lawful requests from government authorities.
• Perform internal analytics, business performance reviews, and strategic planning to enhance our service offerings and operational efficiency.

4. Legal Basis for Processing

4.1 Under Hong Kong PDPO

For individuals and operations governed by the legal jurisdiction of Hong Kong, our data processing practices comply strictly with the Data Protection Principles (DPPs) set out in the Personal Data (Privacy) Ordinance (PDPO). We only collect personal data for lawful purposes directly related to our functions and activities as an IT consulting firm. We ensure that the data collected is necessary and adequate but not excessive for those purposes. We provide transparent notice of our data collection practices, maintain the accuracy of the data, apply appropriate security measures to prevent unauthorized access, and grant data subjects rights of access and correction in accordance with the PDPO.

4.2 Under GDPR for EEA/UK Individuals

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data. We rely on the following lawful bases to process your information:

• Consent: We may process your data when you have given explicit consent for a specific purpose, such as subscribing to our newsletter or accepting non-essential cookies. You have the right to withdraw this consent at any time.
• Contractual Necessity: We process your data when it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract (e.g., providing a quote or delivering IT services).
• Legal Obligation: We process data when necessary to comply with a legal obligation to which we are subject, such as maintaining tax records or responding to lawful regulatory requests.
• Legitimate Interests: We process data when necessary for our legitimate business interests, provided those interests are not overridden by your fundamental rights and freedoms. Examples include improving our services, securing our network, and managing client relationships.
• Vital Interests: In rare cases, we may process data to protect the vital interests of you or another natural person.

Public Interest: We may process data if required for the performance of a task carried out in

the public interest (though this is uncommon for our business scope).

4.3 Other Jurisdictions

Emerald Business Solutions Limited operates globally. If you access our services from jurisdictions outside Hong Kong, the EEA, or the UK, we are committed to complying with all applicable local data protection and privacy laws governing the collection, use, and cross-border transfer of your personal data.

5. Cookies and Similar Tracking Technologies

5.1 What cookies are

Cookies are small text files placed on your computer, smartphone, or other web-enabled devices when you visit a website. They are widely used to make websites work more efficiently, enhance the user experience, and provide analytical information to the website owners regarding user interaction and site performance.

5.2 Types we use

Our Website uses cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data. Specifically, we use the following categories of cookies:

Strictly Necessary Cookies: These cookies are essential for the Website to function correctly. They enable core functionalities such as security, network management, and accessibility. You cannot opt out of these cookies without affecting how the Website functions.

Analytics Cookies: As stated on our Website, we utilize analytics cookies to collect information about how visitors use our site. This helps us understand traffic patterns, identify popular pages, and improve the overall structure and content of our Website. The data collected is generally aggregated and anonymous.

Functional Cookies: These cookies allow the Website to remember choices you make (such as your language preference or region) and provide enhanced, more personal features.

Marketing Cookies: We may use these cookies to track the effectiveness of our promotional campaigns, including our newsletter sign-up offers, and to deliver content more relevant to your interests.

5.3 Third-party cookies

In addition to our own cookies, we may also utilize third-party cookies provided by trusted partners, such as analytics providers (e.g., Google Analytics) and website hosting platforms (e.g., GoDaddy). These third parties may collect information about your online activities over time and across different websites. We do not have direct control over the data collection practices of these third-party cookies.

5.4 Managing cookies

You have the right to choose whether or not to accept cookies. Upon your first visit to our Website, you will be presented with a cookie banner requesting your consent for non-essential cookies.

Additionally, most web browsers allow you to manage your cookie preferences through their settings. You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse cookies, certain parts of the Website may become inaccessible or not function properly.

5.5 Do Not Track signals

Some web browsers incorporate a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. At this time, our Website does not respond to DNT signals, as there is no uniform technological standard for recognizing and implementing DNT requests.

6. How We Share Your Information

Emerald Business Solutions Limited is committed to maintaining the confidentiality of your personal data. We do not sell, rent, or trade your personal information to third parties for commercial gain. We may, however, share your personal data with specific categories of third parties under the following circumstances:

6.1 Service providers / processors

We engage trusted third-party service providers and data processors to assist us in operating our business and providing our IT consulting services. These may include cloud hosting providers, customer relationship management (CRM) systems, email marketing platforms, website analytics providers, and payment processors. These third parties are contractually bound to process your personal data only on our documented instructions, maintain strict confidentiality, and implement adequate security measures to protect your data.

6.2 Professional advisors

We may disclose your personal data to our professional advisors, including legal counsel, accountants, auditors, and insurance brokers, to the extent necessary for them to provide their professional services to our company and ensure our legal and regulatory compliance.

6.3 Legal and regulatory disclosures

We may disclose your personal information if required to do so by law, regulation, subpoena, court order, or formal request from a government or law enforcement agency. We may also share information to establish, exercise, or defend our legal rights, or to protect the rights, property, or physical safety of our company, our clients, our employees, or the public.

6.4 Business transfers

In the event that Emerald Business Solutions Limited undergoes a business transition, such as a merger, acquisition, restructuring, reorganization, or sale of all or a portion of its assets, your personal data may be transferred to the successor entity as part of the due diligence process and the finalized transaction. We will ensure that the acquiring entity commits to protecting your personal data in a manner consistent with this Privacy Policy.

6.5 With consent

We may share your personal data with third parties for other purposes not listed above, provided we have explicitly notified you of the intended disclosure and obtained your prior, informed consent.

6.6 No sale of personal data

For the avoidance of doubt, Emerald Business Solutions Limited strictly prohibits the sale of personal data to any third party.

7. International Data Transfers

Given the global nature of cloud infrastructure and modern IT systems, your personal data may be transferred to, stored at, or processed in jurisdictions outside of Hong Kong or outside the European Economic Area (EEA), depending on your location and the location of our service providers.

When we transfer your data internationally, we take all necessary steps to ensure that your privacy rights continue to be protected and that the recipient provides an adequate level of data protection. For transfers from the EEA or UK to jurisdictions not deemed adequate by the relevant authorities, we implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs), UK Addendums, and thorough transfer impact assessments.

Regarding Hong Kong legislation, while Section 33 of the PDPO (which restricts the transfer of personal data outside Hong Kong) is not yet fully in force, Emerald Business Solutions Limited voluntarily applies equivalent protections, ensuring that any offshore data processing aligns with the robust standards expected under the PDPO.

8. Data Retention

We retain your personal data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, as outlined in Section 3 of this Privacy Policy, and to comply with our legal, accounting, and regulatory obligations.

Client Records: We generally retain client service agreements, invoices, and related project documentation for a minimum of seven (7) years to comply with Hong Kong tax and corporate statutory requirements.

Inquiries and Communications: General inquiries and correspondence from non-clients are typically retained for maintain contextual history for future interactions.

Marketing Data: Contact information used for newsletter subscriptions and direct marketing will be retained until you unsubscribe or withdraw your consent. Upon unsubscribing, we will maintain limited data on a "do-not-contact" suppression list to ensure your preferences are respected.

Cookies and Analytics: Data collected via cookies is retained in accordance with the specific lifespan of the cookie, which typically ranges from a single browser session up to

months.

Once the retention period has expired, or when we no longer have a legitimate business need to process your personal data, we will securely delete, destroy, or irreversibly anonymize the information.

9. Data Security

Emerald Business Solutions Limited takes the security of your personal data very seriously. As an IT consulting firm, we recognize the critical importance of safeguarding information infrastructure. We implement a comprehensive suite of technical and organizational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and unauthorized access.

Technical Measures: We employ data encryption in transit (e.g., SSL/TLS protocols) and at rest, deploy robust firewalls, utilize secure hosting environments, and implement strict access controls and multi-factor authentication (MFA) to prevent network intrusions.

Organisational Measures: We enforce role-based access to personal data, meaning only employees who require the information to perform their job duties are granted access. 

Furthermore, our staff undergoes data protection training, and all employees and contractors are bound by stringent Non-Disclosure Agreements (NDAs). We maintain an active incident response plan to address any potential security threats promptly.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. In the unfortunate event of a data breach that poses a significant risk to your rights and freedoms, we are committed to notifying you and the relevant supervisory authorities in accordance with applicable legal timeframes.

10. Your Rights

10.1 Under PDPO (Hong Kong)

If you are protected under the laws of Hong Kong, the PDPO grants you specific rights regarding your personal data. You have the right to:

• Ascertain whether we hold personal data about you and request access to such data (Data Access Request).
• Require us to correct any personal data relating to you which is inaccurate (Data Correction Request).
• Be informed of our policies and practices in relation to personal data.
• Withdraw your consent to the use of your personal data for direct marketing purposes at any time, without charge.
• Lodge a formal complaint regarding our data handling practices with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD).

10.2 Under GDPR (EEA & UK)

If you are a resident of the EEA or the UK, you possess comprehensive rights under the GDPR/UK GDPR, subject to certain legal exemptions. These include the right to:

• Access: Obtain confirmation as to whether your data is being processed and receive a copy
• of the personal data we hold.
• Rectification: Request the correction of inaccurate or incomplete data.
• Erasure (Right to be Forgotten): Request the deletion of your personal data when it is no longer necessary, or if you withdraw your consent.
• Restriction: Request that we temporarily halt the processing of your data under specific circumstances.
• Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and have it transmitted to another controller.
• Object: Object to processing based on legitimate interests or direct marketing.
• Automated Decision-Making: Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
• Withdraw Consent: Withdraw previously granted consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Lodge a Complaint: File a complaint with your local data protection supervisory authority.

10.3 Under CCPA (California)

If the California Consumer Privacy Act (CCPA) applies to you, you have the right to request access to your specific pieces of personal information, request the deletion of your personal data, and the right to opt-out of the "sale" or "sharing" of your personal data. As stated in Section 6.6, Emerald Business Solutions Limited does not sell personal data. We also guarantee the right to non-discrimination, ensuring you will not receive varying levels of service or pricing for exercising your privacy rights.

10.4 How to exercise your rights

To exercise any of your statutory rights, please contact our Data Protection Officer using the details provided in Section 15. For your security, we may require you to verify your identity before we fulfill your request. We aim to respond to all valid requests promptly and within the legal time limits (e.g., within 40 days for PDPO Data Access Requests, and within one month for GDPR requests).

11. Children's Privacy

Our Website and IT consulting services are designed strictly for enterprise clients, business professionals, and individuals over the age of 18. We do not intentionally or knowingly direct our services to children, nor do we knowingly collect personal data from children under the age of 16 (or higher age thresholds as defined by local laws). If you are a parent or guardian and you believe that your child has provided us with personal information without proper consent, please contact us immediately so that we can take swift action to locate and remove such data from our systems.

12. Third-Party Links

Our Website may contain external links to third-party websites, applications, and platforms that are not operated or controlled by Emerald Business Solutions Limited (for instance, the GoDaddy platform powering our Website, or links to our social media profiles). Please be aware that we are not responsible for the privacy practices, content, or data collection policies of these third parties. We strongly encourage you to review the privacy policies of any third-party websites you visit before submitting any personal data to them.

13. Marketing Communications

We offer a newsletter sign-up through our Website (https://emeraldsolutions.io/), providing subscribers with a 10% discount on their first purchase and keeping them informed about our latest IT solutions and industry trends. In accordance with Part 6A of the PDPO and other applicable direct marketing laws, we will only use your personal data for direct marketing purposes if we have obtained your explicit, opt-in consent.

We respect your right to control your inbox. If you no longer wish to receive marketing communications from us, you can easily opt-out at any time by:

• Clicking the "unsubscribe" link provided at the bottom of every marketing email we send.
• Contacting us directly using the information in Section 15 to request removal from our mailing list.

Upon receiving your opt-out request, we will promptly cease sending you direct marketing materials and will add your contact details to our internal do-not-contact registry to prevent future solicitations. Please note that opting out of marketing emails will not prevent us from sending you essential administrative or service-related communications.

14. Changes to This Privacy Policy

Emerald Business Solutions Limited reserves the right to evaluate, amend, and update this Privacy Policy from time to time to reflect changes in our business practices, technological advancements, or modifications to applicable legal and regulatory frameworks. Whenever we make changes to this document, we will post the revised Privacy Policy on this page and update the "Last Updated" date at the top of the document.

If we make material changes to how we process your personal data, we will provide more prominent notice, such as displaying a banner on our Website or sending an email notification to our clients and newsletter subscribers. Your continued use of our Website and services following the posting of an updated Privacy Policy constitutes your acknowledgment and acceptance of the modified terms.

15. Contact Us

If you have any questions, concerns, or feedback regarding this Privacy Policy, our data collection practices, or if you wish to exercise your data subject rights, please do not hesitate to contact our Data Protection Officer / Privacy Officer.

Company: Emerald Business Solutions Limited (trading as EBS IT Solutions / Emerald Solutions)

Address: 22/F, 3 Lockhart Road, Wanchai, Hong Kong

Email: customercare@emeraldbis.com

Furthermore, if you remain dissatisfied with how we have handled your personal data or your privacy requests, you have the right to lodge a formal complaint with the relevant regulatory authority. In Hong Kong, this is the Office of the Privacy Commissioner for Personal Data (PCPD).