Unchain Dog HK Privacy Policy

Unchain Dog HK ("we," "our," or "us") is committed to protecting your personal data privacy in accordance with the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (the "PDPO"). This Privacy Policy outlines our practices regarding the collection, use, retention, security, and disclosure of your personal data when you interact with our website, http://www.unchaindoghk.com.

By using our website and submitting your personal data, you consent to the practices described in this Privacy Policy.

1. Our Commitment to Privacy (Data Protection Principles)

We adhere to the six Data Protection Principles of the PDPO:

Principle 1 (Purpose and Manner of Collection): We collect personal data for a lawful purpose directly related to our functions or activities, and only to the extent necessary. We inform you about the purpose of collection and other relevant details.

Principle 2 (Accuracy and Duration of Retention): We take all practicable steps to ensure personal data is accurate and not kept longer than necessary.

Principle 3 (Use of Personal Data): We use personal data only for the purpose for which it was collected, or a directly related purpose, unless your express consent is obtained.

Principle 4 (Data Security): We implement appropriate security measures to protect personal data against unauthorised or accidental access, processing, erasure, loss, or use.

Principle 5 (Openness): We are open about our personal data policies and practices, the types of personal data we hold, and the main purposes for which we use it.

Principle 6 (Data Access and Correction): We provide you with the right to request access to and correction of your personal data.

2. What Personal Data We Collect

When you use our contact form, we collect the following personal data:

Name: To address you properly in our response.

Email Address: To enable us to reply to your inquiry.

Message Content: The text of your message, which may contain other personal information you choose to provide.

We do not use any advertising cookies or third-party tracking. We use Theme preferences (local storage) on your device to remember your website display preferences. This information is stored only on your device and is not collected or processed by us.

3. Purpose of Collection and Use of Personal Data

The personal data collected through our contact form is used solely for the following purpose:

To respond to your inquiries and communications: We collect your name, email, and message content to understand your query and provide you with a relevant and timely response.

Consequences of Not Providing Data:

The provision of your name and email address is obligatory if you wish for us to respond to your inquiry via the contact form. Without this information, we will be unable to reply to your message. The provision of your message content is voluntary, but necessary to convey your specific inquiry.

Direct Marketing:

We do not use personal data collected via the contact form for direct marketing purposes. If we ever intend to use your personal data for a new purpose not directly related to your original inquiry (e.g., for marketing), we will seek your express and voluntary consent beforehand.

4. Retention of Personal Data

We will retain the personal data collected via the contact form for a maximum period of 30 days from the date of submission. This is achieved through a TTL (Time-to-Live) index on our MongoDB database, which automatically deletes entries after this period. This retention period is determined by our need to respond to your inquiry and for a short period of record-keeping in case of follow-up questions. Once the data is no longer necessary for this purpose, it will be automatically erased.

5. Security of Personal Data

We take all practicable steps to protect the personal data we hold from unauthorised or accidental access, processing, erasure, loss, or use. These measures include:

Access Control: Access to our data systems (MongoDB and CMS) is restricted to our authorised personnel only.

MongoDB: Access is secured via Google Single Sign-On (SSO) for authorised users, along with API keys for programmatic access. MongoDB Atlas provides robust security features including always-on authentication, encryption in transit and at rest, and network access controls (IP whitelisting).

CMS on Vercel: Access to our CMS is restricted to our authorised users (our team members) via secure login credentials.

Hosting Security: Our CMS is hosted on Vercel, which implements industry-standard security measures including data encryption (at rest and in transit via HTTPS/TLS 1.3), SOC 2 Type 2 attestation, ISO 27001:2022 certification, and regular security audits. Vercel's infrastructure includes DDoS mitigation, private isolated cloud environments, and robust backup strategies.

Data Minimisation: We only collect personal data that is necessary for the stated purpose.

Data Erasure: We use a TTL index for automatic deletion of contact form data after 30 days.

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee its absolute security.

6. Disclosure and Transfer of Personal Data (Classes of Transferees)

We will keep your personal data confidential. We may transfer or disclose your personal data only to the following classes of persons for the purpose stated in Section 3:

Our internal team members: Who are responsible for handling and responding to your inquiries.

Third-party service providers: We engage the following third-party service providers who assist us in operating our website and processing your inquiries. These providers process data on our behalf and are contractually obligated to protect your data in a manner consistent with this Privacy Policy and the PDPO:

Resend: For sending emails generated from our contact form.

Vercel: For hosting our CMS and website.

MongoDB: For database storage of contact form submissions.

We will ensure that any third parties to whom we transfer your personal data adhere to appropriate data protection and security standards. We do not sell, rent, or trade your personal data to any third parties for their own marketing purposes.

7. Your Rights (Data Access and Correction)

Under the PDPO, you have the right to:

Request access to your personal data: You can request a copy of the personal data we hold about you.

Request correction of your personal data: You can request us to correct any inaccurate or incomplete personal data we hold about you.

To make an access or correction request, please contact our designated contact person as detailed in Section 9. We will respond to your request within 40 days as required by the PDPO. We may ask you to verify your identity to ensure the security of your personal data before processing your request. A reasonable fee may be charged for complying with a data access request.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or relevant laws. We will notify you of any material changes by posting the updated Privacy Policy on our website. We encourage you to review this Privacy Policy periodically.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our personal data practices, or if you wish to exercise your data access or correction rights, please contact us at:

Data Protection Contact Person

Ng Ching, Founder | ching@unchaindoghk.com