Privacy Policy

Last updated: 4 June 2026

ByteCraft Limited (“ByteCraft”, “we”, “us”) is committed to protecting the privacy of personal data we collect through this website and in the course of our engagements. This policy explains what personal data we collect, how we use it, and the rights you have, in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong (the “PDPO”).

1. Who we are

The data user responsible for the personal data collected through this website is:

ByteCraft Limited
1603, 16th Floor, The L. Plaza
367–375 Queen’s Road Central
Sheung Wan, Hong Kong
Business Registration No. 78098758
Phone: 9847 3261

2. What personal data we collect

We only collect personal data that you voluntarily provide to us through the contact form on this website. This is limited to:

Your name
Your email address
Your company name (optional)
The content of any message you send us

We do not use cookies, third-party analytics, advertising trackers, fingerprinting scripts, or any other passive collection technology on this website. Standard web server logs (IP address, user agent, request timestamp) are retained for a short period for security and abuse prevention only.

3. Purposes of collection

We use the personal data you provide solely for the following purposes:

Responding to your enquiry
Discussing a potential engagement and preparing a written scope
Performing services we have agreed to provide
Complying with applicable legal, regulatory and accounting obligations in Hong Kong

We do not use your personal data for direct marketing and we do not sell, rent, trade or otherwise disclose your personal data to third parties for marketing purposes.

4. Disclosure and transfer

Your personal data may be disclosed to:

Our employees, contractors and professional advisers on a strict need-to-know basis;
Service providers acting on our behalf (for example, email and document hosting), under written confidentiality obligations;
Governmental, regulatory or judicial authorities where we are required to do so by law.

We do not transfer personal data outside Hong Kong other than in the ordinary course of operating cloud-based business tools, where the recipient is bound by equivalent data protection standards.

5. Retention

We retain personal data only for as long as is necessary for the purpose for which it was collected. Enquiry data is typically retained for up to 24 months unless an engagement is entered into, in which case retention follows the engagement record and applicable legal retention periods (generally up to 7 years for accounting records).

6. Security

We apply reasonably practicable steps to safeguard personal data against unauthorised access, processing, loss or destruction, including encryption in transit (TLS), restricted access controls, and regular review of our security practices.

7. Your rights under the PDPO

Under the PDPO you have the right to:

Request access to personal data we hold about you;
Request correction of personal data that is inaccurate;
Be informed of the kinds of personal data we hold and our policies and practices in handling them.

Requests should be made in writing to the contact address below. We will respond within the timeframes prescribed by the PDPO as required by the Ordinance.

8. Children

Our services are directed at businesses and not at children. We do not knowingly collect personal data from individuals under the age of 18.

9. Changes to this policy

We may update this policy from time to time. The current version is always available at this URL with the “Last updated” date at the top of the page.

10. Contact

For any privacy-related question or request, please contact us through the form on our main page, addressed to the attention of the Data Protection contact.