Privacy and Security Policy

1. Introduction

This policy outlines how personal data is collected, processed, and protected by Fortune Information Technology Limited in compliance with Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), ensuring adherence to its principles for lawful, transparent, and secure data handling.

2. Data Collection and Use

Personal data is collected for lawful purposes directly related to operational functions, including:

• Identifiers (e.g., names, contact details).
• Technical data (e.g., device information, browsing activity).
• Transactional records (e.g., service usage, payment details).

Data is processed only for:

• Fulfilling contractual obligations or providing services.
• Complying with legal requirements.
• Legitimate business interests, provided these do not override individual privacy rights.

3. Legal Basis for Processing

Processing is conducted under the following conditions:

• Consent for non-essential purposes (e.g., marketing).
• Contractual necessity to deliver services.
• Legal compliance with statutory obligations.

4. Individual Rights

Individuals have the right to:

• Access stored data and request copies.
• Rectify inaccuracies in their records.
• Opt-out of direct marketing use.

5. Data Security Measures

Technical and organizational safeguards include:

• Encryption of sensitive data.
• Access controls to limit exposure to authorized personnel.
• Regular risk assessments to identify vulnerabilities.
• Incident response protocols to address breaches (internal logging recommended).

6. Third-Party Sharing

Data may be shared with:

• Service providers under confidentiality agreements.
• Legal authorities when required by law.
• Third parties for legitimate purposes (e.g., fraud prevention), provided compliance with PDPO is maintained.

Cross-border transfers are permitted but must align with PDPO’s requirements for equivalent security standards.

7. Retention Period

Data is retained only as long as necessary for its original purpose or legal obligations, after which it is securely deleted.

8. Policy Adjustability

This policy may be updated to reflect changes in legal requirements, technological advancements, or operational needs. Revised versions will be published publicly, and continued use of services constitutes acceptance of updated terms. Adjustments will remain consistent with PDPO and its objectives.

9. Contact Information

For inquiries or complaints:

• Email: admin@fit.com.hk
• Address: Rm 603C, 6/F Floor, Lai Cheong Factory Building, 479 Castle Peak Road, Lai Chi Kok, Kowloon, Hong Kong SAR

Compliance Statement

This policy aligns with Hong Kong’s PDPO, ensuring lawful data handling, transparency, and security.