Privacy Policy

Lotus Anchor ("we", "us", "our") is committed to protecting the personal data of individuals who visit our website or enquire about and enrol in our courses. This policy explains what personal data we collect, how we use it, and what rights you have under Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO").

If you have questions about this policy, contact us at [email protected].

1. Data Controller

The data controller for personal data collected through this website and our courses is:

Lotus Anchor
Unit 1503, Millennium City 5, 418 Kwun Tong Road, Kwun Tong, Hong Kong
Email: [email protected]
Phone: +852 3684 2175

2. Personal Data We Collect

Data you provide directly

• Name and email address (submitted via our contact form)
• Phone number (optional, if provided in enquiry form)
• Message content (course enquiries or general correspondence)
• Payment information (processed securely by our payment provider; we do not store card details)

Data collected automatically

• IP address and browser type (via server logs and analytics)
• Pages visited and time spent on site (via analytics cookies, if consented)
• Cookie data (see our Cookie Policy for details)

3. How We Use Your Data

• Responding to enquiries about our courses
• Processing course enrolments and sending access to course materials
• Sending course-related communications (weekly content releases, check-in reminders)
• Improving the quality of our courses using aggregated, anonymised feedback data
• Complying with legal obligations applicable to us in Hong Kong

We do not use your personal data for unsolicited marketing, and we do not sell or share your data with third parties for their marketing purposes.

4. Legal Basis for Processing

• Consent: For optional analytics cookies and marketing communications (where you have opted in)
• Contract performance: To process enrolments and deliver course materials
• Legitimate interests: To respond to enquiries and maintain course quality
• Legal obligation: Where required by Hong Kong law

5. Data Retention

We retain personal data for the following periods:

• Contact form enquiries: 24 months from date of submission
• Course enrolment records: 7 years from date of enrolment (for financial record-keeping purposes)
• Analytics data: Aggregated and anonymised after 26 months

After these periods, data is deleted or anonymised.

6. Data Sharing

We share personal data with the following categories of third parties:

• Payment processors: To handle course fee transactions securely
• Email service providers: To deliver course content and correspondence
• Analytics providers: Google Analytics (if analytics cookies are accepted) — data is processed under Google's privacy terms

All third-party processors are required to handle data securely and in accordance with applicable law. We do not transfer personal data outside of Hong Kong except where necessary for the services listed above, in which case appropriate safeguards are in place.

7. Cookies

Our website uses essential cookies (required for basic functionality) and optional analytics and preference cookies (accepted or declined via our cookie banner). Please see our Cookie Policy for a full explanation of cookies used and how to manage your preferences.

8. Your Rights Under the PDPO

Under Hong Kong's Personal Data (Privacy) Ordinance, you have the right to:

• Request access to personal data we hold about you
• Request correction of inaccurate personal data
• Request deletion of your personal data (subject to legal retention requirements)
• Object to certain uses of your personal data
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 40 days as required by the PDPO.

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) at www.pcpd.org.hk.

9. Data Security

We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (TLS), access controls on internal systems, and regular review of our data handling practices.

In the event of a data breach that is likely to result in harm to affected individuals, we will notify the PCPD and affected individuals as required by law.

10. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.

11. Children's Privacy

Our courses and services are directed at adults. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. When changes are material, we will update the "Last Updated" date at the top of this page. Continued use of our website after a policy update constitutes acceptance of the revised terms.

13. Contact

For privacy-related enquiries, contact our data privacy team:
Email: [email protected]
Address: Unit 1503, Millennium City 5, 418 Kwun Tong Road, Kwun Tong, Hong Kong