Privacy Policy
Last updated: 18 June 2026
Company Name: Big Data Fin Limited
Legal Entity: BigDataFIN Limited, a company incorporated under the laws of the Hong Kong Special Administrative Region
Registered Address: Rm B, 16/F, Eubank Plaza, 9 Chiu Lung Street, Hong Kong
Contact Email: chat_us@bigdatafin.mom
Contact Phone: +1 318 591 4703
Website: bigdatafin.mom
1. Introduction and Scope
This Privacy Policy describes how Big Data Fin Limited, its subsidiaries, and its affiliated entities (collectively referred to as Big Data Fin, we, us, or our) collect, use, process, store, disclose, and protect personal data obtained from visitors to our website at bigdatafin.mom, clients who engage our computer systems design and integration services, prospective clients, business partners, and any other individuals whose personal data we may handle in the course of our business operations.
Big Data Fin is a Hong Kong-based technology company specializing in computer systems design and related services. Our developer, Big Data Fin, has built and maintains this website along with all related systems and data processing infrastructure. We are committed to protecting your privacy and handling your personal data in a lawful, fair, and transparent manner.
By accessing our website, engaging our services, or otherwise providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, you should refrain from using our website and services.
This policy applies to all personal data we collect through our website, during the course of providing our services, through written and electronic communications, at events and meetings, and from publicly available sources where permitted by applicable law.
2. Legal Framework and Governing Law
As a company based in the Hong Kong Special Administrative Region, our primary data protection obligations arise under the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong, commonly referred to as the PDPO. The PDPO establishes six Data Protection Principles that govern the collection, holding, processing, and use of personal data in Hong Kong.
Where we handle personal data of individuals located in other jurisdictions, we also endeavor to comply with applicable international data protection laws, including but not limited to the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA) of the United States, to the extent those laws apply to our processing activities.
In the event of any conflict between this Privacy Policy and applicable mandatory data protection legislation, the legislation shall prevail. We regularly review our data protection practices to ensure ongoing compliance with evolving legal requirements across the jurisdictions in which we operate.
3. Personal Data We Collect
We collect personal data that is necessary for our business purposes and that is adequate but not excessive in relation to those purposes. The categories of personal data we may collect include the following:
Identity and Contact Data: This includes your full name, job title, company name, email address, telephone number, postal address, and any other contact details you provide when you fill out forms on our website, correspond with us by email or phone, or exchange business cards with our representatives.
Technical and Usage Data: When you visit our website, we automatically collect certain technical information including your Internet Protocol (IP) address, browser type and version, operating system, device type, referring website URLs, pages visited, time and date of visits, time spent on pages, and other diagnostic data. This information is collected through server logs, cookies, and similar tracking technologies.
Service Engagement Data: If you engage our systems design, integration, or consulting services, we may collect information about your business requirements, existing technology infrastructure, project specifications, and other information necessary to deliver our services effectively.
Communication Data: We retain copies of correspondence when you contact us, including emails, contact form submissions, meeting notes, and records of telephone conversations where relevant to the provision of our services.
Marketing and Preference Data: This includes your preferences in receiving marketing communications from us, your communication preferences, and information about how you engage with our marketing materials.
4. How We Collect Your Personal Data
We collect personal data through a variety of methods, each designed to be transparent and aligned with the purpose for which the data is provided. Direct collection occurs when you voluntarily submit information through our website contact form, when you send us an email, when you call our office, when you meet with our representatives at industry events or business meetings, and when you enter into a service agreement with us.
Automated collection occurs through cookies, server logs, web beacons, and similar technologies when you browse our website. These technologies help us understand how visitors use our site, which pages are most relevant, and how we can improve the user experience. Detailed information about our use of cookies is provided in Section 10 of this policy.
We may also receive personal data about you from third parties, including business partners, referral sources, publicly available databases, and social media platforms, always in compliance with applicable data protection laws. Where we receive data from third parties, we take reasonable steps to ensure that the data has been collected lawfully and that we have a legitimate basis for processing it.
5. Purposes for Which We Use Your Personal Data
We collect and use your personal data only for specified, explicit, and legitimate purposes. We do not process personal data in a manner that is incompatible with these purposes. The primary purposes for which we use personal data include:
Service Delivery: To provide our computer systems design, systems integration, data engineering, cloud infrastructure, security engineering, and technology advisory services; to communicate with you about project status, deliverables, and timelines; to manage our contractual relationship with you; and to fulfill our obligations under any agreement we have with you or your organization.
Business Operations: To operate, maintain, and improve our website and internal systems; to manage our business records; to conduct internal analytics and research; to train our staff; and to ensure the security and integrity of our information technology infrastructure.
Communications: To respond to your inquiries, requests, and feedback; to send you administrative information such as changes to our terms, conditions, and policies; and to provide you with information about our services that may be of interest to you, where you have consented to receive such communications or where we have a legitimate interest in doing so.
Legal and Compliance: To comply with applicable laws, regulations, and legal processes; to respond to lawful requests from government authorities; to enforce our terms of service and other agreements; to protect our rights, privacy, safety, and property, and that of our clients and the public; and to establish, exercise, or defend legal claims.
6. Disclosure and Sharing of Personal Data
We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your personal data only in the following limited circumstances and always subject to appropriate confidentiality and security safeguards:
Service Providers: We engage trusted third-party companies and individuals to perform services on our behalf, including cloud hosting providers, email service providers, analytics services, customer relationship management platforms, and professional advisers such as lawyers and accountants. These service providers have access to personal data only to the extent necessary to perform their functions and are contractually bound to process such data solely in accordance with our instructions and applicable data protection laws.
Business Transfers: In the event of a merger, acquisition, reorganization, sale of assets, or similar corporate transaction, personal data held by us may be among the assets transferred. We will ensure that any recipient of such data agrees to be bound by terms substantially similar to this Privacy Policy.
Legal Requirements: We may disclose personal data if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with our services, protect the personal safety of users of our services or the public, or protect against legal liability.
7. Data Retention and Storage
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required or permitted by applicable law. The specific retention period depends on the nature of the data and the purpose of its collection.
Personal data collected for the purpose of providing services is retained for the duration of our contractual relationship plus a period of seven years following the termination of services, to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements.
Marketing data and communication preferences are retained until you withdraw your consent or opt out of receiving marketing communications. Technical and usage data is generally retained for a period of twenty-six months from the date of collection, after which it is either anonymized or securely deleted.
When personal data is no longer required, we take reasonable steps to securely destroy or permanently de-identify it. Our data destruction processes include secure deletion of electronic records and secure shredding of physical documents containing personal data.
8. Data Security Measures
We implement and maintain appropriate technical, administrative, and physical security measures designed to protect your personal data against unauthorized access, alteration, disclosure, destruction, or accidental loss. These measures are reviewed and updated regularly to address evolving security threats.
Our technical security measures include industry-standard encryption for data in transit and at rest, multi-factor authentication for system access, regular vulnerability scanning and penetration testing, intrusion detection and prevention systems, secure network architecture with network segmentation and firewalls, and comprehensive logging and monitoring of system access.
Our organizational measures include mandatory data protection and security training for all employees, strict access control policies based on the principle of least privilege, confidentiality agreements with all employees and contractors, a dedicated incident response plan, and regular security audits and compliance reviews.
While we strive to protect your personal data using commercially reasonable means, no method of transmission over the Internet or method of electronic storage is entirely secure. We cannot guarantee the absolute security of your personal data, but we are committed to promptly notifying you and the relevant authorities in the event of a data breach where required by applicable law.
9. Your Data Protection Rights
Depending on your jurisdiction and subject to applicable legal exemptions, you may have the following rights regarding your personal data:
Right of Access: You have the right to request access to the personal data we hold about you and to obtain information about how we process it. Where permitted by law, we may charge a reasonable fee to cover our administrative costs in responding to access requests.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. We encourage you to keep your information up to date by notifying us of any changes.
Right to Erasure: In certain circumstances, you have the right to request the deletion of your personal data, for example where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent on which processing is based, or where the data has been unlawfully processed.
Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including where we process your data for direct marketing purposes or where we rely on legitimate interests as the legal basis for processing.
Right to Data Portability: Where technically feasible and where required by applicable law, you may have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have that data transmitted to another data controller.
To exercise any of these rights, please contact us using the details provided in Section 14 of this policy. We will respond to your request within the timeframe required by applicable law, generally within thirty calendar days. We may require proof of identity before processing your request.
10. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand how visitors interact with our content. A cookie is a small text file that is placed on your device when you visit a website.
We use essential cookies that are necessary for the website to function properly, including cookies that enable navigation and access to secure areas of the website. These cookies do not require your consent as they are strictly necessary for the operation of the site.
We also use analytics cookies to collect information about how visitors use our website, including which pages are visited most frequently, how visitors navigate between pages, and whether visitors encounter error messages. This information helps us improve the performance and content of our website. We use this data in aggregated and anonymized form wherever possible.
You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or alert you when cookies are being sent. Please note that disabling cookies may affect the functionality of our website and limit your ability to use certain features.
11. Children and Minors
Our website and services are not directed at individuals under the age of eighteen. We do not knowingly collect, use, or disclose personal data from children or minors without verifiable parental consent. If we become aware that we have inadvertently collected personal data from a child under the age of eighteen without appropriate consent, we will take prompt steps to delete that information from our systems.
If you are a parent or legal guardian and believe that your child has provided personal data to us without your consent, please contact us immediately using the contact details provided in this policy, and we will take appropriate action.
12. International Data Transfers
Your personal data may be transferred to, stored, and processed in countries other than the country in which you reside. As a Hong Kong-based company serving clients globally, we may transfer data to jurisdictions where our service providers, partners, or affiliated entities operate.
When we transfer personal data across international borders, we implement appropriate safeguards to ensure that your data remains protected in accordance with this Privacy Policy and applicable data protection laws. These safeguards may include standard contractual clauses approved by relevant data protection authorities, binding corporate rules, or reliance on adequacy decisions where the destination jurisdiction has been recognized as providing an adequate level of data protection.
By using our website and services, you acknowledge that your personal data may be transferred internationally as described in this policy. If you have questions about the safeguards we apply to international data transfers, please contact us.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or the services we offer. When we make material changes, we will post the revised policy on this page with an updated effective date and, where appropriate, notify you by email or through a prominent notice on our website.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our website and services following the posting of changes to this policy constitutes your acceptance of those changes, to the extent permitted by applicable law.
14. Contact Us About This Privacy Policy
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, or if you wish to exercise any of your data protection rights, please contact us through any of the following channels:
Email: chat_us@bigdatafin.mom
Phone: +1 318 591 4703
Postal Address: Big Data Fin Limited, Rm B, 16/F, Eubank Plaza, 9 Chiu Lung Street, Hong Kong
Website: bigdatafin.mom
We take all privacy-related inquiries seriously and will make every effort to resolve your concerns promptly and fairly. If you are not satisfied with our response, you may have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data in Hong Kong or the relevant data protection authority in your jurisdiction.
15. Consent and Withdrawal
Where we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent, please contact us using the details in Section 14 above.
If you withdraw your consent, we may no longer be able to provide you with certain services or information. We will inform you of the consequences of withdrawal at the time you make your request.