PRIVACY POLICY
Effective Date: 23/10/2025
Last Updated: 23/10/2025
CoordinAid respects your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [www.coordinaid.co], in compliance with the EU General Data Protection Regulation (GDPR) and Hong Kong’s Personal Data (Privacy) Ordinance (PDPO).
1. DATA CONTROLLER
CoordinAid [36 Nam Long Shan Road, Hong Kong] is the data controller for GDPR purposes and the “data user” under PDPO.
Contact:
- Email: teamcoordinaid@gmail.com
- Phone: +852 2525 7088
2. PERSONAL DATA WE COLLECT
We may collect the following categories of data:
- Identifiers: Name, job title, agency/institution, email, phone number.
- Professional Data: Organization details, role in emergency services/S&R.
- Technical Data: IP address, browser type, device information, cookies (via our Cookie Policy).
- Interaction Data: Inquiries, demo requests, feedback, survey responses.
Sensitive Data: We do not collect race, religion, health data, or biometric information unless voluntarily provided for specific purposes (e.g., emergency health monitoring during product testing).
3. HOW WE COLLECT DATA
- Directly From You: Via contact forms, demo requests, emails, or partnerships.
- Automatically: Through cookies and analytics tools (e.g., Google Analytics).
- Third Parties: Government agencies, industry partners (with your consent).
4. PURPOSES & LEGAL BASIS (GDPR/PDPO)
| Purpose | Legal Basis (GDPR) | PDPO Compliance |
|---|---|---|
| Responding to inquiries/demo requests | Contractual necessity | Purpose directly related to our function |
| Sending marketing updates | Consent (opt-in required) | Consent obtained |
| Site analytics & improvements | Legitimate interests | Data directly related to site function |
| Compliance with legal obligations | Legal obligation | Required by law |
5. DATA SHARING & DISCLOSURE
We may share data with:
- Government Agencies: For S&R service integration (with your consent).
- Service Providers: Cloud hosts (AWS/Azure), IT support, analytics firms (under strict confidentiality agreements).
- Legal Authorities: If required by law (e.g., court orders).
- Business Transfers: During mergers/acquisitions (with PDPO/GDPR-compliant safeguards).
International Transfers: Data may be transferred outside the EU/Hong Kong. We ensure safeguards:
- GDPR: Standard Contractual Clauses (SCCs) or adequacy decisions.
- PDPO: Data transfer agreements ensuring equivalent protection.
6. DATA RETENTION
We retain personal data:
- Until the purpose is fulfilled (e.g., inquiry resolved).
- For marketing: Until consent is withdrawn.
- As required by law (e.g., tax records: 7 years).
7. YOUR RIGHTS
| Right | GDPR | PDPO |
|---|---|---|
| Access/copy of your data | ✔️ (Art. 15) | ✔️ (DPP 6) |
| Correction of inaccurate data | ✔️ (Art. 16) | ✔️ (DPP 2 Principle 2) |
| Deletion (“right to be forgotten”) | ✔️ (Art. 17) | ✔️ (Upon request) |
| Withdraw consent | ✔️ (Art. 7) | ✔️ (DPP 1 Principle 1) |
| Object to processing | ✔️ (Art. 21) | ✔️ |
| Data portability | ✔️ (Art. 20) | ❌ |
To exercise rights, contact teamcoordinaid@gmail.com. We respond within 30 days (GDPR) / 40 days (PDPO).
8. DATA SECURITY
We implement:
- Encryption (SSL/TLS) for data transfers.
- Access controls and multi-factor authentication.
- Regular security audits and breach response plans.
- Staff training on GDPR/PDPO compliance.
In case of a data breach, we will notify regulators (e.g., Hong Kong PCPD, EU supervisory authorities) and affected users within 72 hours (GDPR) / as soon as practicable (PDPO).
9. COOKIES & TRACKING
We use cookies for:
- Site functionality (essential).
- Analytics (performance).
- Marketing (optional; consent required).
Manage preferences via our Cookie Consent Banner or browser settings.
10. THIRD-PARTY LINKS
Our Site may link to government portals (e.g., Hong Kong SAR) or partner sites. We are not responsible for their privacy practices.
11. POLICY UPDATES
We will notify users of material changes via email or Site notices. Continued use constitutes acceptance.
12. CONTACT & COMPLAINTS
For questions or complaints:
- Data Protection Officer (DPO): dpo@coordiaid.com
- Hong Kong PCPD: www.pcpd.org.hk
- EU Supervisory Authority: List here
This policy is reviewed annually.
© CoordinAid 2025. All rights reserved.