Privacy Policy

1. Introduction

Driftmind ("we", "us", "our") is committed to protecting the personal data of individuals who interact with our services, visit our website, or engage with us during the course of business. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have in relation to it.

We operate in full compliance with Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"). This policy applies to all personal data collected through our website at driftmia and through our client engagement process.

Questions or requests relating to this policy should be directed to: privacy@driftmia

2. Data We Collect

We may collect the following categories of personal data:

• Contact information: name, email address, phone number
• Professional information: job title, company name, industry
• Communication records: content of messages submitted via our contact form or sent by email
• Website usage data: pages visited, time spent, browser type, IP address (collected via analytics cookies where consented)
• Client engagement data: data shared with us during the course of an engagement, subject to separate confidentiality agreements

We do not collect sensitive personal data (such as health information or financial account details) through our standard website or contact processes.

3. How We Collect Data

• Contact forms: when you submit an enquiry through our website
• Direct communication: when you contact us by email or phone
• Analytics cookies: where you have consented, through tools that track website usage (see our Cookie Policy)
• Client engagements: data shared under a separate confidentiality and data processing agreement

4. Legal Basis for Processing

We process personal data on the following grounds under the PDPO:

• Consent: for analytics cookies and marketing communications
• Legitimate interest: for responding to enquiries and managing business relationships
• Contract performance: for data processed during client engagements
• Legal obligation: where we are required to retain records

5. How We Use Your Data

• Responding to enquiries and booking discovery calls
• Delivering contracted services and communicating about ongoing engagements
• Sending service updates or information relevant to our work (where you have provided consent)
• Improving our website and understanding how visitors use it
• Meeting legal and regulatory obligations

We do not sell personal data to third parties. We do not use client engagement data for model training across separate engagements.

6. Data Sharing

We share personal data only in the following circumstances:

• Service providers: we use a small number of trusted third-party services (email hosting, analytics) who are contractually required to handle data in accordance with applicable law
• Legal requirements: where required by law or court order
• Business continuity: in the event of a merger or acquisition, subject to equivalent privacy obligations on the receiving party

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following guidelines:

• Enquiry data (no engagement commenced): 12 months from last contact
• Client engagement data: 3 years from project close, unless a longer period is required by law
• Financial records: 7 years in accordance with Hong Kong tax law requirements
• Analytics data: subject to the retention settings of the analytics tool and cookie consent

8. Data Security

We implement technical and organisational security measures appropriate to the nature of the data we hold. These include:

• Access controls limiting data access to authorised personnel only
• Encrypted transmission for data in transit
• Secure storage practices aligned with our ISO 27001 certification
• Confidentiality agreements covering all personnel and contractors

In the event of a data breach affecting personal data, we will notify affected individuals and, where applicable, the Office of the Privacy Commissioner for Personal Data (PCPD) in accordance with PDPO requirements.

9. Cookies

Our website uses cookies. For full details of the cookies we use and how to manage your preferences, please see our Cookie Policy.

10. Your Rights

Under the PDPO, you have the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate personal data
• Object to the processing of your personal data for direct marketing
• Withdraw consent where processing is based on consent
• Lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) at www.pcpd.org.hk

To exercise any of these rights, contact us at privacy@driftmia. We will respond within 40 days in accordance with PDPO requirements.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and recommend reviewing their privacy policies before providing any personal data.

12. Children's Privacy

Our services are intended for organisations and individuals aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have done so, we will delete the data promptly.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Continued use of our website or services after such changes constitutes acceptance of the updated policy.

14. Contact

Data controller: Driftmind

Address: 90 Java Road, North Point, Hong Kong

Privacy enquiries: privacy@driftmia