Privacy Policy

1. Introduction

Unifin Consulting Ltd and its affiliated entity Uni30fin OÜ (collectively referred to as "Unifin", "we", "us", or "our") are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at unifin.ltd or engage with our services.

This policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") applicable to our operations through our Estonian entity, and the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") of Hong Kong, applicable to our Hong Kong entity.

2. Data Controllers

Depending on the context in which your personal data is processed, the data controller may be:

3. Information We Collect

We may collect information about you in a variety of ways, including:

Personal Data: When you contact us through our website or by other means, we may collect personally identifiable information such as your name, email address, phone number, and company name.

Professional Data: In the course of providing our consulting services, we may collect information relating to your business, regulatory status, and professional background.

Usage Data: We may automatically collect certain information when you visit our website, including your IP address, browser type, operating system, access times, and the pages you have viewed.

4. Legal Basis for Processing (GDPR)

Where the GDPR applies, we process your personal data on one or more of the following legal bases:

• Consent: You have given clear consent for us to process your personal data for a specific purpose.
• Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
• Legitimate Interests: Processing is necessary for the purposes of our legitimate interests, such as improving our services, provided these are not overridden by your rights and freedoms.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

5. Use of Your Information

We may use the information we collect about you to:

• Respond to your inquiries and provide our consulting services
• Improve our website and services
• Send you communications related to our services, where you have consented to receive them
• Comply with applicable laws and regulations in all jurisdictions in which we operate
• Manage our business relationship with you and your organisation
• Conduct internal analysis and research to enhance our service offerings

6. Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience. We use the following types of cookies:

• Strictly Necessary Cookies: Essential for the website to function properly.
• Analytics Cookies: Help us understand how visitors interact with our website.
• Preference Cookies: Remember your settings and preferences.

You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, some parts of the website may become inaccessible or not function properly. Under the GDPR, we obtain your consent before placing non-essential cookies.

7. Disclosure of Your Information

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties except in the following circumstances:

• To trusted third parties who assist us in operating our website or conducting our business, provided those parties agree to keep this information confidential
• When required by law, regulation, or legal process
• To protect our rights, property, or safety, or that of our clients or others
• In connection with a merger, acquisition, or sale of all or a portion of our assets, with appropriate notice

8. International Data Transfers

As we operate across multiple jurisdictions (Hong Kong and the EU/EEA), your personal data may be transferred to and processed in countries outside your country of residence. Where such transfers occur:

• GDPR Transfers: For transfers of personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision.
• PDPO Transfers: Under Hong Kong's PDPO, we take all practicable steps to ensure that personal data transferred outside Hong Kong is protected by standards comparable to those required under the Ordinance.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period may vary depending on the context and our legal obligations in the relevant jurisdiction. When personal data is no longer required, we will securely delete or anonymise it.

10. Data Security

We implement appropriate technical and organisational measures to protect the security of your personal information, in accordance with the requirements of both the GDPR and the PDPO. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security.

11. Your Rights Under the GDPR

If you are located in the EU/EEA, you have the following rights under the GDPR:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request deletion of your personal data, subject to certain exceptions.
• Right to Restriction: You have the right to request restriction of processing of your personal data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to processing of your personal data based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time.

You also have the right to lodge a complaint with a supervisory authority. For our Estonian entity, the relevant authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

12. Your Rights Under the PDPO (Hong Kong)

If your personal data is processed by our Hong Kong entity, you have the following rights under the Personal Data (Privacy) Ordinance:

• Right of Access: You have the right to request access to your personal data held by us and to be informed of the nature of that data.
• Right to Correction: You have the right to request the correction of personal data that is inaccurate.
• Right to Opt-Out: You have the right to request that we cease using your personal data for direct marketing purposes.

Requests may be subject to a fee as permitted under the PDPO. You may also lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a complaint regarding the handling of your personal data, please contact us at: