Legal Last updated · April 2026

Privacy Policy.

This policy explains how Valmere Limited collects, uses, shares and protects personal data when you interact with our website, engage our services or correspond with us.

Who we are

Valmere Limited is a company incorporated in Hong Kong with its registered office at Unit D3, 11/F, Luk Hop Industrial Building, No. 8 Luk Hop Street, San Po Kong, Kowloon, Hong Kong. For the purposes of this policy, Valmere Limited acts as the data controller in respect of personal data collected through our website and in the course of our client relationships.

Where we process personal data on behalf of a client as part of a consulting engagement, we do so as a data processor under instructions set out in the applicable Statement of Work or separate data processing agreement.

This policy is designed to meet the requirements of the Hong Kong Personal Data (Privacy) Ordinance (PDPO), and, where applicable, the EU General Data Protection Regulation (GDPR) and the UAE Personal Data Protection Law (PDPL).

Data we collect

We collect personal data that is necessary for the purposes described in this policy. The categories of data we typically process include:

  • Identification and contact data: name, job title, employer, business address, business email and telephone number.
  • Engagement data: information you provide in enquiries, proposals, contracts, meeting notes and correspondence.
  • Client-provided content: documents, data sets, spreadsheets, organisational information and other materials shared with us for the purposes of an engagement.
  • Website usage data: IP address, approximate location, device type, browser, referring URL, pages visited and timestamps, collected through server logs and analytics.
  • Billing data: invoice contacts, payment references and tax-identification information where required for invoicing.

We do not knowingly collect personal data from children. Our services are directed at businesses and their authorised representatives.

How we use data

We use personal data for the following purposes:

  • To respond to enquiries, prepare proposals, and scope potential engagements.
  • To deliver the Services described in an executed Statement of Work.
  • To issue invoices, collect payments, maintain accounting records and comply with tax and regulatory obligations.
  • To communicate with clients and prospective clients regarding ongoing work, updates and business matters.
  • To operate, secure and improve our website and internal systems.
  • To prevent, detect and respond to fraud, security incidents and unlawful activity.
  • To comply with applicable laws, regulations and valid requests from competent authorities.

We do not use personal data for automated decision-making that produces legal or similarly significant effects, and we do not sell personal data to third parties.

Lawful basis for processing

Where GDPR applies to our processing of your personal data, we rely on one or more of the following lawful bases:

  • Contract: processing necessary to enter into or perform a contract with you or the entity you represent.
  • Legitimate interests: processing necessary for our legitimate business interests in running, promoting and improving our consulting practice, provided these interests are not overridden by your fundamental rights.
  • Legal obligation: processing required to comply with tax, accounting, anti-money-laundering and other statutory obligations.
  • Consent: where we ask for your specific consent, for example before sending marketing communications. You may withdraw consent at any time.

Where processing is subject to the PDPO or the UAE PDPL, we apply equivalent principles, including collection for a specific purpose, use that is directly related to that purpose, and retention no longer than necessary.

Sharing and international transfers

We share personal data only where necessary and with appropriate safeguards. Categories of recipients include:

  • Service providers who support our operations, including IT and cloud hosting providers, email and productivity platforms, accounting and invoicing tools, and professional advisors. These providers act on our instructions and under appropriate confidentiality and data-processing obligations.
  • Subcontractors and associates engaged to deliver Services under a Statement of Work, where this is necessary and where they are bound by confidentiality obligations.
  • Regulators, courts and law-enforcement authorities where disclosure is required by law or to protect our rights or those of our clients.
  • Professional advisors including auditors, lawyers and accountants, where necessary for legal, compliance or financial reporting purposes.
  • Successors in connection with a merger, acquisition, reorganisation or sale of assets, subject to appropriate confidentiality protections.

Because our operations span Hong Kong, the European Union and the United Arab Emirates, personal data may be transferred across jurisdictions. Where data is transferred out of the European Economic Area or the United Kingdom, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses, adequacy decisions where available, or other lawful transfer mechanisms. We take steps to ensure that transferred data receives an equivalent level of protection.

Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting or reporting requirements.

  • Enquiry and prospect data is typically retained for up to twenty-four (24) months from the last interaction.
  • Engagement records, deliverables and related correspondence are typically retained for seven (7) years from the end of the engagement, consistent with accounting and statute-of-limitations requirements in Hong Kong.
  • Accounting and tax records are retained for the period required by applicable law.
  • Website analytics data is typically retained in aggregated form for up to twenty-six (26) months.

At the end of the applicable retention period, personal data is securely deleted or irreversibly anonymised.

Your rights

Subject to applicable law, you have the following rights in relation to your personal data. Some rights are only available under certain frameworks (for example, portability under GDPR):

Access
Request confirmation of whether we hold personal data about you and receive a copy.
Correction
Request correction of personal data that is inaccurate or incomplete.
Erasure
Request deletion of personal data where there is no lawful basis for its continued processing.
Restriction
Request that we limit the processing of your data in certain circumstances.
Portability
Receive your data in a structured, commonly used, machine-readable format, where applicable.
Objection
Object to processing based on legitimate interests or for direct marketing purposes.
Withdraw consent
Withdraw any previously given consent, without affecting the lawfulness of prior processing.
Complaint
Lodge a complaint with a supervisory authority, such as the Office of the Privacy Commissioner for Personal Data in Hong Kong, or your local EU data protection authority.

To exercise any of these rights, please contact us using the details set out below. We will respond within the timeframe required by applicable law.

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or destruction. These measures include access controls, encryption of data in transit, secure authentication, regular backups, and staff training on confidentiality and data protection.

While we take reasonable steps to protect the data we hold, no system of electronic transmission or storage is entirely secure. We encourage you to use strong, unique passwords and to notify us promptly if you suspect any unauthorised access to your account or communications.

Cookies and similar technologies

Our website uses a minimal set of cookies and similar technologies necessary for its operation and basic analytics. These may include:

  • Strictly necessary cookies that enable core website functionality, such as navigation and access to secure areas.
  • Analytics cookies that help us understand how visitors use our website in aggregate, so that we can improve its performance. Where required, we collect these only with your consent.

You can control cookies through your browser settings. Blocking certain cookies may affect the functionality of the website.

Changes and contact

We may update this policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Material changes will be communicated to clients through the usual channels where appropriate.

For any questions about this policy, to exercise your rights, or to raise a concern about how we handle personal data, please contact:

Valmere Limited
Unit D3, 11/F, Luk Hop Industrial Building
No. 8 Luk Hop Street, San Po Kong
Kowloon, Hong Kong
Email: info@valmerelimited.com

Supervisory authority. In Hong Kong, you may also contact the Office of the Privacy Commissioner for Personal Data (PCPD). In the European Union, you may lodge a complaint with the data protection authority of your country of residence.