Privacy Policy

Welcome to the official website of Light Security Consulting Limited (hereinafter referred to as “LSC” or “we”) (Registered address: 21/F Kings Wing Plaza 2, No. 1 On Kwan Street, Shek Mun, Shatin, Hong Kon). We are aware of the importance of privacy and personal information to you, and fully respect your privacy, we will strictly comply with laws and regulations require the adoption of appropriate security measures, and is committed to protecting your privacy! We are committed to protecting your privacy by taking appropriate security measures in strict compliance with laws and regulations. Based on this, in order to provide you with services related to this website, we hereby formulate this Privacy Policy (hereinafter referred to as the “Policy”).

We would like to explain to you through this Privacy Policy (“Policy”) how we handle (including collection, use, storage, provision, etc.) and protect your personal information when you use this website and related services. The provisions of this Policy that may be of significant relevance to your legitimate interests are highlighted in bold.

This Policy is closely related to your use of the Website and related services, so please be sure to read and understand the entire contents of this Policy and use it only after confirming that you fully understand and agree to all of its contents, especially when you provide us with your personal information voluntarily through the relevant pages of the Website or consent to the collection of your personal information through the relevant operational behaviour, we have sufficient and reasonable grounds to believe that you have fully read, understood and agreed to be bound by this policy. Where permitted by law, we may process your personal information without your consent. If you have any questions, comments or suggestions about the contents of this Privacy Policy, you may contact us using the contact information provided in this Privacy Policy.

This policy will help you understand the following:

1. The scope of application of this policy
2. How we collect and use personal information
3. How we share, transfer and publicly disclose personal information
4. Where and for how long information is stored
5. How we keep personal information secure
6. How you can access and manage your personal information
7. How we use cookies and similar technologies
8. Protection of Minors
9. Updates to this policy
10. How to contact us

1.1. This Policy only applies to the pages of LSC’s official website. We may embed links to our affiliates, proprietary pages of our business or products/services, or other related platforms (e.g., the LSC Security Emergency Response Centre, etc.) in our official website so that you can quickly jump to them if necessary, and such pages have their own agreements, policies, statements or terms presented in other forms that are specifically applicable to them. Each of these pages has its own applicable agreements, policies, statements or terms presented in other forms, which you should review when accessing or using the relevant page.

1.2. This Policy does not apply to products or services provided to you by other third parties through the Site or otherwise. When you use the products or services provided to you by other third parties, you need to separately negotiate and agree with such third parties on the rights and obligations related to the use of the products or services.

1.3. This Agreement only applies to the personal information involved in your use of the Website and related services, including personal information attributable to you and personal information attributable to other individuals, but submitted by you after you have obtained the authorization of the individual subject, and we will handle the information attributable to other entities in accordance with the contract or agreement signed with the corresponding entity or the agreement reached by other means. We will handle the information in accordance with the contract or agreement signed with the corresponding entity or agreed by other means.

In the course of your use of this website and related services, the specific circumstances that may involve your personal information are as follows:

2.1.   Provide you with information feedback channels, including:

a) If you need to consult with us on the project programme design-related issues, you can submit the project through the consultation page related to the consultation, you need to fill in and provide us with your name, email address, industry and the name of the company, in order to facilitate the products you are interested in or the description of the project information for you to provide feedback that meets your needs.

b) You can also directly with us to consult the purchase of products / services or the use of related issues, online conversation process in order to facilitate our further contact with you, we may need to provide you with contact information and other relevant personal information, you can according to their own needs to decide whether to provide.

c) In order to maintain the safe and stable operation of this website and to continuously optimise and improve your experience, during your use of this website, we may automatically collect information about your interactions with this website, including operation logs and other information, by means of program code.

2.2.   Personal information relating to your use of LSC-branded products or other related services will be enumerated in the applicable privacy policy and user agreement/service agreement of the specific product or service, and will only be handled in accordance with the relevant agreement when you use the specific product or service. If the Website or other specific products or services provide you with the need to submit other relevant personal information beyond the scope described in this Policy or its specifically applicable agreements, we will obtain your consent in writing by updating the agreement or pop-up notification or signing an authorisation letter offline.

2.3.   You are fully aware that, in accordance with applicable law, we do not require your authorised consent to collect and use personal information in the following circumstances:

a) It is necessary for the fulfilment of a legal duty or obligation

b) It is necessary for the performance of statutory duties or legal obligations

c) It is necessary for the performance of a legal duty or obligation

d) It is necessary for the fulfilment of a statutory duty or statutory obligation

e) It is necessary for the fulfilment of a statutory duty or statutory obligation

f) It is necessary for the performance of a statutory duty or statutory obligation

3.1. We do not share your personal information with third parties, except in the following circumstances:

3.1.1. Sharing with your explicit consent. After informing you of the name or names of the third party, contact information, the purpose of processing, the way of processing and the type of personal information, and obtaining your explicit consent, we will share the information within the scope of your authorisation to the third party with your consent.

3.1.2. Sharing under legal circumstances. We will share your personal information in accordance with applicable laws and regulations, legal procedures, litigation/arbitration, governmental mandatory orders, regulatory requirements; for example, we will share your personal information with relevant governmental authorities or third parties designated or recognised by them in order to satisfy the requirements of real-name authentication of the network in accordance with relevant laws and regulations.

3.1.3. To the extent required or permitted by law, it is necessary to provide your personal information to a third party in order to protect the interests, property or safety of you or the public from damage.

3.1.4. It is necessary to share your personal information in order to protect national security, public safety and the significant legitimate rights and interests of you and other subjects.

3.1.5. Personal information that you disclose yourself or that we are able to obtain from other legitimate public sources.

3.1.6. We may disclose your personal information to our affiliates for them to provide you with transaction support, service support or security support. For example, we may share your personal information with LSC’s mainland companies or companies with which LSC has a direct or indirect controlling or significantly influential relationship; we will only share your information with our affiliates for specific, explicit and legitimate purposes and only to the extent necessary to provide the service. Affiliated companies will seek your consent again if they wish to change the purposes for which the information is processed.

3.2. We will not transfer the personal information we process/are entrusted with to any company, organisation or individual, except in the following circumstances:

3.2.1. Your explicit consent has been obtained.

3.2.2. In the event of a merger, acquisition or insolvent liquidation involving the transfer of personal information, we will require the new company or organisation holding your personal information to continue to be bound by this Privacy Policy, or we will require that company or organisation to seek authorised consent from you again. Where no transfer of personal information is involved, we will keep you fully informed and delete or anonymise the personal information we process.

3.3. We will not generally disclose your personal information to the public unless we have your individual consent or are required to do so by law or regulation.

3.4. In accordance with relevant laws and regulations and national standards, we may share, transfer, or publicly disclose your personal information without your consent in the following circumstances:

3.4.1. Necessary for the conclusion and performance of a contract to which the individual is a party

3.4.2. Necessary for the conclusion and performance of a contract to which the individual is a party

3.4.3. Necessary to respond to a public health emergency, or to protect the life, health and property of natural persons in an emergency

3.4.4. To perform acts such as news reporting and public opinion monitoring in the public interest, and to handle personal information within a reasonable scope

3.4.5. To handle personal information that individuals disclose on their own or that has been otherwise lawfully disclosed within a reasonable scope in accordance with the law

4.1. As we are a company founded and operated in China (Hong Kong), the data and information processed/commissioned by us will be stored on servers in China (Hong Kong) and will be stored in accordance with the relevant legal provisions or for the period of time agreed upon with the user (subject to meeting the necessary requirements to provide the user with products or services).

4.2. We will only store your personal information for the period necessary to fulfil the purposes stated in this policy and within the time limits required by law and regulation. After the necessary period, we will delete or anonymise your personal information. If deletion is technically difficult to achieve, we will stop processing activities other than storage and taking the necessary security measures.

4.3. If we cease to operate the Site, we will promptly cease to continue to collect your personal information, notify you of the cessation of operation by means of a public notice or similar form, and delete or anonymise your personal information (if any) that we have stored.

5.1. We take the security of your information very seriously. We will endeavour to protect your personal information by adopting a variety of technical (including secure encryption, anti-intrusion, anti-virus, etc.) and managerial security measures to prevent unauthorised access to, use of, public disclosure of, modification of, damage to or loss of your personal information. For example, we provide HTTPS protocol secure browsing on our website; we use encryption technology to improve the security of user information; we use trusted protection mechanisms to prevent user information from being maliciously attacked; in addition, we establish a user information security management system and workflow, and carry out strict authority control over access to user information, and authority control for staff who have access to personal information. In addition, we will establish a user information security management system and workflow, strictly control the access to user information, provide staff who have access to personal information with authority restrictions and training related to security and privacy protection, and conduct regular risk assessments of personal information security and timely disposal of related risk issues, in order to continuously improve the security capability of personal information protection.

5.2. In the unfortunate event of an information security incident (information leakage, loss, etc.), we will, in accordance with the requirements of laws and regulations, promptly inform you of: the basic situation of the security incident and its possible impacts, the measures we have taken or will take to deal with the incident, the suggestions you can independently make to prevent and reduce the risks, and the remedial measures to be taken against you. We will promptly inform you of the situation related to the incident by email, letter, phone call, push notification, etc. When it is difficult to inform the subject of the information one by one, we will adopt a reasonable and effective way to make a public announcement. At the same time, we will also report the handling of information security incidents in accordance with the requirements of the regulatory authorities.

5.3. We will endeavour to protect your personal information, but no measure can be infallible and no service or product, website, information transmission, computer system, or network connection is absolutely secure. If the information is subject to unauthorised access, public disclosure, alteration or destruction due to damage to our physical, technical or managerial protection facilities, and as a result of which your legitimate rights and interests are damaged, we will be held legally liable. However, if any security incident such as leakage/loss of user information occurs as a result of you informing others of your account password for this website or the products/services used, or violating the terms of the agreement related to the use of this website/products/services, or using it inappropriately/neglecting to take precautions, etc., or as a result of a third-party cause such as hacking/virus invasion, etc., or force majeure factors, you understand that we cannot be held liable for any direct or indirect damages or responsibility.

Where required by applicable law, you may have the following rights:

6.1. Access specific personal information we hold about you

6.2. To require us to correct inaccurate personal information about you

6.3. To refuse or restrict our use of your personal information

6.4. To require us to delete your personal information

6.5. To obtain a copy of your personal information

We respect your rights in relation to your personal information so that you can make your own decisions to fully protect your privacy and security of your personal information. If you wish to exercise your rights or have any questions, comments, suggestions or complaints about our privacy policy and handling of personal information, you may contact us via the contact details in Part XI of this Policy.

We may refuse to respond to your request and provide you with reasons if your request contains personal information that does not belong to you, is beyond reasonable limits, requires excessive technical means (e.g., requires the development of a new system or a fundamental change in current practices), may infringe on the legitimate rights and interests of others, is impracticable, or if there are other reasons that we have that are lawful and legitimate.

Normally, we will respond to your request within 15 business days; in the case of a complex situation that requires an extension of time to resolve the issue, we will also provide you with an explanation within 15 business days.

The contact information you provide in your feedback will only be used by our user hotline to communicate with you and provide feedback. Except with your explicit consent and/or as expressly provided by law, we will not provide your above information to any third party.

7.1. Cookies are small data files that are placed on your computer or mobile device when you visit a website. The content of a cookie can only be retrieved or read by the server that created it. We may record and use information about you through cookies, but the information recorded through cookies is only stored locally on the device you are using and only when you use the relevant features/services of the Website. The specific purposes for which we use cookies include:

7.1.1. to remember your identity in order to complete authentication, e.g. cookies help us to recognise you as a potential user of our site

7.1.2. to store your operational settings or preferences so that you can have a more efficient user experience

7.1.3. to count and analyse your use of our website in order to provide you with a more personalised service, which may include, but is not limited to, customised pages, content recommendations, etc

7.2. Other similar technologies

In addition to cookies, we may use other similar technologies to collect information automatically. For example, we may use browser web storage (including through HTML5), also known as locally stored objects, for purposes similar to cookies.

7.3. Most web browsers have settings to block cookies and clear browser web storage, which you can manage or clear according to your preferences. Please note, however, that if you set your settings to block the operation of cookies or other similar technologies, you may not be able to enjoy the best possible experience of the Services and the usability of certain features may be affected

8.1. We provide the Services and other related products on this Website primarily to adults. We attach great importance to the protection of minors’ personal information. If you are a minor, we request you to ask your parents or other guardians to read all the contents of this policy carefully and to use our products or services and provide information to us under the premise of obtaining the consent of your parents or other guardians.

8.2. In the case of the collection of personal information from minors who use the Site with the consent of their parents or other guardians, we will only process this information as permitted by law, with the express consent of the parent or other guardian, or as necessary for the protection of the minor.

8.3. If LSC discovers that it has collected personal information from a minor without first obtaining verifiable parental or other guardian consent, it will seek to obtain valid authorised consent or delete the relevant personal information as soon as possible.

We may revise and update this Policy from time to time in response to changes in the business we operate or in the management of this website or in the specifics of the handling of personal information. If the update of this Policy may result in a material reduction of your rights under this Policy, or involves a change of important rules such as expanding the scope of our collection and processing of personal information, we will notify you to check the updated content of the Policy by making a public announcement on the page of the Website or conducting a pop-up window, or by sending an email to you, or by other means. Under the aforementioned circumstances, if you continue to use our website, it means that you have agreed to accept the updated content of this policy.

If you have questions about this policy or other matters related to the use of the service, you can contact us via info@lightsecurityconsulting.com for feedback, we will receive the information you submit as soon as possible after the review, and in a timely manner after the clarification of your needs to feedback.