Privacy Policy
Last Updated: 28 March 2025 · Tessaro
1. Introduction
Tessaro ("we", "us", "our") is committed to protecting the personal data of individuals who interact with our website and services. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"). If you have any questions about this policy, please contact us at [email protected].
2. Data We Collect
We collect personal data in the following ways:
- Contact forms: name, email address, phone number, and message content when you submit an enquiry.
- Engagement correspondence: emails, documents, and information exchanged during the course of a consulting engagement.
- Website analytics: anonymised usage data (pages visited, device type, session duration) collected via cookies, where you have consented.
- Indirect collection: information about your organisation and colleagues shared during interviews, surveys, and facilitation sessions conducted as part of our services.
We do not collect sensitive personal data unless it is strictly necessary for the engagement and agreed upon in writing.
3. Legal Basis for Processing
We process your personal data on the following bases:
- Contract performance: where processing is necessary to deliver the consulting service you have engaged us for.
- Consent: for marketing communications and optional analytics cookies, which you may withdraw at any time.
- Legitimate interests: for administrative and operational purposes, such as maintaining engagement records and responding to enquiries.
- Legal obligation: where required by applicable Hong Kong law.
4. How We Use Your Data
Your personal data may be used for:
- Responding to enquiries and managing client relationships
- Delivering consulting engagements including facilitation, analysis, and reporting
- Internal record-keeping and invoicing
- Improving our website and service quality (aggregate, anonymised analysis only)
- Communicating about upcoming engagements or relevant updates, where you have consented
We do not sell, rent, or trade your personal data to third parties.
5. Data Sharing
We may share your data with trusted service providers who support our operations (such as secure cloud storage or email hosting), subject to data processing agreements. We do not share engagement data with any third party for commercial or marketing purposes. All engagement content is treated as strictly confidential under mutual NDA.
6. Data Retention
We retain personal data for the following periods:
- Enquiry records: 12 months from last contact, unless a formal engagement follows.
- Engagement records: 7 years from engagement close, in line with standard commercial record-keeping requirements.
- Analytics data: Retained in anonymised, aggregated form only. No individual-level data is retained beyond 90 days.
Upon request, data not subject to legal retention obligations will be deleted promptly.
7. Data Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted document transfer, access-controlled systems, and a policy of minimal data retention. In the event of a data breach that may affect your rights, we will notify you as required by applicable law.
8. Cookies
Our website uses cookies to understand how it is used and to support basic functionality. You can manage your cookie preferences at any time. Please see our Cookie Policy for full details.
9. Your Rights Under the PDPO
Under the Personal Data (Privacy) Ordinance, you have the right to:
- Request access to the personal data we hold about you
- Request correction of inaccurate personal data
- Withdraw consent for data processing where consent is the legal basis
- Object to the use of your data for direct marketing purposes
- Lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD)
To exercise any of these rights, please contact us at [email protected]. We aim to respond within 30 days.
10. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.
11. Children's Privacy
Our services are intended for professionals and business representatives aged 18 and above. We do not knowingly collect personal data from minors.
12. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via our website. Continued use of our website or services after such changes constitutes acceptance of the revised policy.
13. Contact
For any privacy-related queries, please contact: