SSDCheck.com
Operated by Serene Solutions Limited
Hong Kong SAR
Effective Date: August 15, 2025
Last Updated: August 15, 2025
1. Introduction
Serene Solutions Limited (“we,” “us,” “our,” or “the Company”) operates SDDCheck.com (“the Website”) and provides AI-powered due diligence services (“the Services”). We are committed to protecting your privacy and handling your personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong (“PDPO”) and all applicable Hong Kong laws.
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Website and Services. By accessing our Website or using our Services, you consent to the collection and use of your personal data as described in this Privacy Policy.
Company Registration Details:
– Company Name: Serene Solutions Limited
– Registration: Hong Kong Companies Registry
– Business Address: Unit B, 12/F, Hang Seng Causeway Bay Building, 28 Yee Woo Street, Causeway Bay, Hong Kong.
– Contact: info@sddcheck.com
2. Personal Data We Collect
2.1 Information You Provide Directly
When you use our Services, we collect personal data that you voluntarily provide, including:
Client Information:
– Full name (first and last name)
– Company name and business details
– Email address and phone number
– Business address and contact information
– Payment information (processed securely through third-party payment processors)
Service Requests:
– Investigation target information (company names, individual names for business purposes)
– Business relationship details and investigation requirements
– Additional context and specific concerns you provide
– Communication preferences and service customization requests
Website Usage:
– Account registration information
– Communication with our support team
– Feedback and survey responses
– Marketing communication preferences
2.2 Information Collected Automatically
Technical Data:
– IP address and device identifiers
– Browser type, version, and settings
– Operating system and device information
– Website usage patterns and page views
– Cookies and similar tracking technologies
– Login timestamps and session duration
Analytics Data:
– Website performance metrics
– User interaction patterns
– Geographic location data (country/city level)
– Referral sources and marketing campaign effectiveness
2.3 Information from Third Parties
Payment Processing:
– Transaction confirmations from payment processors
– Billing and payment status information
– Fraud prevention data from financial institutions
Service Enhancement:
– Publicly available business information for verification purposes
– Industry databases for service quality improvement
– Professional networks for business validation
3. How We Use Your Personal Data
3.1 Service Provision
We use your personal data to:
– Process and fulfill your due diligence service requests
– Conduct AI-powered research and analysis as requested
– Prepare and deliver professional due diligence reports
– Provide customer support and respond to inquiries
– Process payments and maintain billing records
– Verify your identity and prevent fraudulent activities
3.2 Business Operations
Service Improvement:
– Analyze usage patterns to enhance our AI algorithms
– Improve website functionality and user experience
– Develop new features and service offerings
– Conduct quality assurance and performance monitoring
Legal Compliance:
– Comply with legal obligations under Hong Kong law
– Respond to lawful requests from government authorities
– Maintain records as required by applicable regulations
– Implement anti-money laundering and fraud prevention measures
Communication:
– Send service-related notifications and updates
– Provide technical support and customer service
– Share important policy changes and legal notices
– Deliver requested marketing communications (with consent)
3.3 Legitimate Business Interests
Marketing and Business Development:
– Analyze market trends and customer preferences (with anonymized data)
– Develop targeted marketing campaigns (with consent)
– Conduct business intelligence and competitive analysis
– Build customer relationships and retention programs
4. Legal Basis for Processing
Under the PDPO and applicable Hong Kong laws, we process your personal data based on:
Consent: Where you have provided explicit consent for specific uses of your personal data, such as marketing communications or optional service features.
Contract Performance: To fulfill our contractual obligations in providing due diligence services, processing payments, and delivering reports.
Legal Obligations: To comply with Hong Kong laws, including anti-money laundering regulations, data protection requirements, and court orders.
Legitimate Interests: For our legitimate business interests, such as fraud prevention, service improvement, and business analytics, provided these interests do not override your privacy rights.
5. Data Sharing and Disclosure
5.1 Service Providers and Partners
We may share your personal data with trusted third parties who assist in providing our Services:
Technology Partners:
– Cloud hosting and data storage providers
– Payment processing companies
– AI and analytics service providers
– Customer support and communication platforms
Professional Service Providers:
– Legal advisors and compliance consultants
– Accounting and audit firms
– IT security and data protection specialists
– Business intelligence and research partners
Due Diligence Requirements:
All third parties are contractually required to:
– Maintain appropriate security measures
– Use data only for specified purposes
– Comply with Hong Kong data protection laws
– Implement confidentiality safeguards
5.2 Legal Requirements
We may disclose your personal data when required by law:
– Court orders and legal proceedings
– Government investigations and regulatory inquiries
– Anti-money laundering and fraud prevention obligations
– National security and public safety requirements
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.
5.4 No Sale of Personal Data
We do not sell, rent, or lease your personal data to third parties for their marketing purposes.
6. Data Security
6.1 Technical Safeguards
We implement industry-standard security measures to protect your personal data:
Encryption: All data transmissions are protected using 256-bit SSL encryption, and sensitive data is encrypted at rest.
Access Controls: Role-based access controls ensure only authorized personnel can access personal data on a need-to-know basis.
Network Security: Firewalls, intrusion detection systems, and regular security monitoring protect against unauthorized access.
Regular Updates: Security systems are regularly updated and patched to address emerging threats.
6.2 Organizational Measures
Staff Training: All employees receive regular training on data protection principles and procedures.
Background Checks: Personnel with access to personal data undergo appropriate background verification.
Incident Response: We maintain incident response procedures to address any potential data breaches promptly.
Regular Audits: Internal and external security audits are conducted to ensure ongoing compliance and effectiveness.
6.3 Data Breach Notification
In the unlikely event of a data breach that poses risks to your rights and interests, we will:
– Notify the Privacy Commissioner for Personal Data within 72 hours
– Inform affected individuals without undue delay
– Provide clear information about the nature and extent of the breach
– Implement immediate containment and remediation measures
7. Data Retention
7.1 Retention Periods
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
Active Client Data: Retained during the course of our business relationship and for up to 7 years after the last service provision for legal compliance and potential future service requests.
Due Diligence Reports: Client reports and associated data are retained for 7 years after delivery to comply with Hong Kong business record requirements.
Payment Records: Financial transaction data is retained for 7 years as required by Hong Kong tax and accounting regulations.
Marketing Data: Contact information for marketing purposes is retained until consent is withdrawn or for 3 years from the last interaction.
Website Analytics: Aggregated and anonymized usage data may be retained indefinitely for business intelligence purposes.
7.2 Secure Deletion
When retention periods expire, we securely delete or anonymize your personal data using industry-standard methods to ensure it cannot be recovered or reconstructed.
8. Your Rights Under Hong Kong Law
Under the PDPO, you have the following rights regarding your personal data:
8.1 Right of Access
You have the right to request confirmation of whether we hold your personal data and to obtain a copy of such data. We will respond to access requests within 40 days as required by the PDPO.
8.2 Right to Correction
You may request correction of inaccurate or incomplete personal data. We will investigate and respond to correction requests promptly.
8.3 Right to Erasure
You may request deletion of your personal data in certain circumstances, such as when:
– The data is no longer necessary for the original collection purpose
– You withdraw consent and no other legal basis applies
– The data has been unlawfully processed
– Erasure is required for compliance with legal obligations
8.4 Right to Object
You have the right to object to the processing of your personal data for direct marketing purposes at any time.
8.5 Right to Data Portability
Where technically feasible, you may request that your personal data be provided in a structured, commonly used, and machine-readable format.
8.6 Exercising Your Rights
To exercise any of these rights, please contact us at:
– Email: info@sddcheck.com
– Phone: +852 9057 2692
– Address: Unit B, 12/F, Hang Seng Causeway Bay Building, 28 Yee Woo Street, Causeway Bay, Hong Kong
We may require verification of your identity before processing your request to ensure the security of your personal data.
9. Cross-Border Data Transfers
9.1 International Transfers
Some of our service providers and technology partners may be located outside Hong Kong. When we transfer your personal data internationally, we ensure appropriate safeguards are in place:
Adequacy Decisions: Transfers to jurisdictions recognized by Hong Kong as having adequate data protection laws.
Contractual Safeguards: Standard contractual clauses and data processing agreements with international service providers.
Consent: Where required, we obtain your explicit consent for international transfers.
Necessity: Transfers necessary for contract performance or legitimate interests with appropriate protections.
9.2 Mainland China Considerations
Given Hong Kong’s unique legal status, any data transfers to Mainland China are conducted in strict compliance with:
– Hong Kong’s Personal Data (Privacy) Ordinance
– Applicable cross-border data transfer regulations
– Contractual safeguards ensuring continued protection
– Transparency about the nature and purpose of such transfers
10. Cookies and Tracking Technologies
10.1 Cookie Usage
Our Website uses cookies and similar technologies to:
– Essential Functions: Enable basic website functionality and security
– Analytics: Understand how visitors use our Website to improve performance
– Preferences: Remember your settings and customize your experience
– Marketing: Deliver relevant content and measure campaign effectiveness
10.2 Cookie Management
You can control cookies through your browser settings:
– Accept/Reject: Choose which categories of cookies to accept
– Delete: Remove existing cookies from your device
– Notifications: Receive alerts when cookies are being set
Note: Disabling essential cookies may affect website functionality and service provision.
10.3 Third-Party Cookies
We may use third-party cookies for:
– Google Analytics: Website usage analytics (anonymized)
– Payment Processing: Secure transaction processing
– Customer Support: Live chat and support functionality
11. Children’s Privacy
Our Services are designed for business use and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.
12. Third-Party Links
Our Website may contain links to third-party websites and services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Privacy Policy
13.1 Policy Updates
We may update this Privacy Policy periodically to reflect:
– Changes in our business practices
– Updates to Hong Kong data protection laws
– New features or services we offer
– Feedback from regulators or users
13.2 Notification of Changes
Significant Changes: We will notify you via email or prominent website notice for material changes that affect your rights.
Minor Updates: Routine updates will be posted on our Website with the effective date clearly indicated.
Continued Use: Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy.
14. Contact Information
14.1 Privacy Inquiries
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Privacy Officer
Serene Solutions Limited
Email: info@sddcheck.com
Phone: +852 9057 2692
Address: Unit B, 12/F, Hang Seng Causeway Bay Building, 28 Yee Woo Street, Causeway Bay, Hong Kong.
14.2 Complaint Procedures
If you believe we have not handled your personal data in accordance with this Privacy Policy or Hong Kong law, you may:
1. Contact us directly using the information above
2. File a complaint with the Privacy Commissioner for Personal Data:
– Website: www.pcpd.org.hk
– Hotline: 2827 2827
– Address: 12/F, Sunlight Tower, 248 Queen’s Road East, Wan Chai, Hong Kong
14.3 Response Times
We are committed to addressing your privacy concerns promptly:
– General Inquiries: 5 business days
– Data Access Requests: 40 days (as required by PDPO)
– Correction Requests: 40 days (as required by PDPO)
– Urgent Security Matters: 24 hours
15. Governing Law and Jurisdiction
This Privacy Policy is governed by Hong Kong law. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the Hong Kong courts.
16. Language
This Privacy Policy is prepared in English. In case of any inconsistency between the English version and any translated version, the English version shall prevail.
Document Version: 1.0
Effective Date: August 15, 2025
Next Review Date: August 10, 2026 + 1 Year