PRIVACY POLICY
Last updated: 29 May 2026
Effective date: 29 May 2026
1. Introduction
This Privacy Policy (the “Policy”) explains how Vita Liberta Limited (Company Registration Number: 2888240), a company incorporated in Hong Kong with its registered office at Room 68, 7/F, Woon Lee Commercial Building, 7 Austin Avenue, Tsim Sha Tsui, Kowloon, Hong Kong (“Vita Liberta”, “we”, “us”, or “our”), collects, uses, discloses, transfers, retains, and protects personal data.
Vita Liberta is a licensed Trust or Company Service Provider (TCSP Licence No. TC007080) regulated by the Companies Registry of Hong Kong under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615). We provide corporate, legal, accounting, tax advisory, and trust and company services in and from Hong Kong, with a particular focus on Hong Kong company formation and ongoing corporate services. Although our services are delivered in and from Hong Kong, we market and accept clients from jurisdictions worldwide.
This Policy applies to:
- visitors and users of our website https://www.vitaliberta.hk (the “Site”);
- clients, prospective clients, and authorised representatives of clients receiving or enquiring about our services (the “Services”); and
- any other individual whose personal data we process in connection with our business activities, regardless of where the individual is located (each, a “Data Subject” or “you”).
Where the law of your country of residence imposes stricter standards than those set out below, those higher standards will apply to the processing of your personal data to the extent legally required.
2. Legal Framework
The processing of personal data by Vita Liberta is primarily governed by the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong (the “PDPO”), including the six Data Protection Principles set out in Schedule 1 thereto.
For Data Subjects in other jurisdictions, equivalent local data protection laws may apply to the extent legally required. Where multiple regimes apply concurrently, we apply the standard that affords the highest level of protection to the Data Subject.
3. Categories of Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Identity and Contact Data: full name, date and place of birth, nationality, gender, passport or national identity document details, residential and correspondence address, email address, telephone number, photograph or video where required for identity verification.
3.2 Professional and Business Data: job title, employer, company name, business registration details, tax identification numbers (TIN), professional qualifications, beneficial ownership and corporate structure information, source of funds and source of wealth information.
3.3 Financial Data: bank account details, payment records, invoicing information, and transaction history relating to the Services.
3.4 Technical and Usage Data: IP address, browser type and version, operating system, time-zone setting and location, device identifiers, pages viewed, navigation paths, referral source, and other data automatically collected through cookies and similar technologies (see Section 13).
3.5 Communication Data: records and content of correspondence with us via email, telephone, contact forms, messaging applications, or other channels, including call recordings where applicable and notified to you.
3.6 Special Categories of Data: in limited circumstances and only where strictly necessary for compliance with anti-money laundering (“AML”), counter-terrorist financing (“CFT”), sanctions screening, or know-your-client (“KYC”) obligations — or with your explicit consent or where otherwise permitted by law — we may process data relating to criminal convictions, politically exposed person (PEP) status, sanctions listings, or adverse media findings.
4. Purposes and Legal Bases for Processing
We process your personal data for the purposes set out below, on the legal bases indicated:
(a) Provision of Services — to provide, administer, and deliver the Services requested by you or by the entity you represent, including Hong Kong company incorporation and renewal, company secretarial work, registered office and nominee services, accounting and bookkeeping, tax advisory, legal advisory, and trust services.
Legal basis: performance of a contract; legitimate interests; consent (where required).
(b) Identity Verification and Regulatory Compliance — to verify your identity and conduct customer due diligence (CDD), enhanced due diligence (EDD), ongoing monitoring, sanctions and PEP screening, and other measures required under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) (“AMLO”), the TCSP Licensing Regime administered by the Companies Registry, the Companies Ordinance (Cap. 622), and any equivalent foreign regulations.
Legal basis: compliance with legal obligations; legitimate interests.
(c) Communications — to respond to your enquiries, provide service updates and contractual notifications, and handle administrative matters.
Legal basis: performance of a contract; legitimate interests.
(d) Site Operation and Improvement — to operate, maintain, secure, and improve the Site and Services, including analytics, debugging, and user-experience optimisation.
Legal basis: legitimate interests; consent (for non-essential cookies).
(e) Marketing and Business Development — to promote our Services to prospective clients worldwide, including via the Site, email, online advertising platforms (such as Google Ads and Meta/Facebook Ads), social media, and professional events.
Legal basis: consent; legitimate interests (subject to local law).
(f) Protection of Rights and Security — to protect the rights, property, and safety of Vita Liberta, our clients, and third parties, including fraud prevention, information security, and dispute resolution.
Legal basis: legitimate interests; compliance with legal obligations.
(g) Direct Marketing — to send marketing communications about our Services. In Hong Kong, we will obtain your explicit prior consent before using your personal data for direct marketing, in accordance with Part 6A of the PDPO. You may opt out at any time at no cost.
Legal basis: consent.
(h) Legal and Regulatory Obligations — to comply with court orders, regulatory requests, tax reporting (including FATCA and CRS where applicable), and other legal obligations to which we are subject.
Legal basis: compliance with legal obligations.
If we intend to process your personal data for a purpose materially different from those listed above, we will notify you and, where required, obtain your consent.
5. Methods of Data Collection
We collect personal data:
- Directly from you when you submit information via the Site, contact forms, email, telephone, in-person meetings, or in the course of receiving the Services;
- Automatically through cookies, server logs, and similar technologies when you interact with the Site (see Section 13);
- From third parties and public sources, including corporate registries, regulatory and sanctions databases, credit reference agencies, identity verification service providers, your authorised representatives, banks, and other parties involved in the transactions for which we are engaged.
6. Disclosure of Personal Data
We may disclose your personal data, on a need-to-know basis and subject to confidentiality obligations, to the following categories of recipients:
- Our personnel, contractors, and affiliated entities who require access to perform their functions;
- Professional advisors — including external lawyers, auditors, accountants, and consultants engaged by us;
- Service providers and processors — including providers of IT hosting and cloud infrastructure, cybersecurity, identity verification and KYC, payment processing, customer relationship management, analytics, and communications;
- Counterparties and intermediaries where necessary for the performance of the Services, including the Hong Kong Companies Registry, Inland Revenue Department, banks, registrars, notaries, and government agents in relevant jurisdictions;
- Government authorities, regulators, courts, and law enforcement agencies where required by applicable law, regulation, court order, or to protect vital interests;
- Prospective or actual successors in interest in connection with any merger, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality undertakings.
We do not sell your personal data to third parties.
7. International Transfers of Personal Data
Vita Liberta is established in, and delivers its Services from, Hong Kong. Where you are located outside Hong Kong, the personal data you provide to us will be transferred to and processed in Hong Kong. We may also engage IT and other service providers whose infrastructure is located outside your country of residence; in such cases, the transfer is limited to what is necessary for the Services and is subject to appropriate contractual and security safeguards.
Where personal data is transferred from a jurisdiction whose data protection laws require additional safeguards for cross-border transfers (such as the GDPR) to a jurisdiction without an adequacy decision, we put in place appropriate safeguards, which may include:
- standard contractual clauses approved by the relevant supervisory authority (e.g., the European Commission);
- binding corporate rules;
- explicit consent of the Data Subject; or
- other legally recognised transfer mechanisms.
You may request information about the specific safeguards applied to transfers of your data by contacting us at the details in Section 16.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes set out in this Policy, including any legal, accounting, regulatory, or reporting requirements.
The retention period is determined by reference to:
- the nature and duration of the Services and our contractual relationship with you;
- statutory limitation periods under applicable Hong Kong contract, tort, corporate, or tax law;
- regulatory record-keeping requirements applicable to licensed TCSPs in Hong Kong, which require retention of client identification and transaction records for a period of not less than five (5) years after the end of the business relationship or completion of the relevant transaction, in accordance with the AMLO;
- record-keeping requirements under the Inland Revenue Ordinance (Cap. 112) (generally seven years for business and tax records); and
- any longer period required by applicable foreign law.
On expiry of the relevant retention period, personal data is securely deleted, destroyed, or irreversibly anonymised.
9. Your Rights
Subject to applicable law and any exemptions thereunder, you may have the following rights in relation to your personal data:
- Right of access — to confirm whether we process your personal data and obtain a copy thereof;
- Right to rectification / correction — to request correction of inaccurate or incomplete data;
- Right to erasure (“right to be forgotten”) — to request deletion in specified circumstances;
- Right to restriction of processing — to request limitation of processing in specified circumstances;
- Right to data portability — to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller, where applicable;
- Right to object — to object to processing based on legitimate interests or for direct marketing purposes;
- Right to withdraw consent — to withdraw consent at any time, without affecting the lawfulness of prior processing;
- Right to opt out of direct marketing — at any time, free of charge;
- Right not to be subject to automated decision-making that produces legal or similarly significant effects (we do not currently engage in such processing — see Section 11);
- Right to lodge a complaint with the supervisory authority of your jurisdiction (in Hong Kong, the Office of the Privacy Commissioner for Personal Data; in the EEA, your local data protection authority; in the UK, the Information Commissioner’s Office).
To exercise any of these rights, contact us at the details in Section 16. We will respond within the timeframe prescribed by applicable law. We may request reasonable additional information to verify your identity before fulfilling your request. We may charge a reasonable fee where permitted by law (e.g., under section 28 of the PDPO).
10. Data Security and Breach Notification
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, damage, alteration, or disclosure. These measures include encryption in transit and (where appropriate) at rest, access controls based on the principle of least privilege, secure storage, periodic security assessments, staff training, and confidentiality obligations imposed on personnel and processors.
While we strive to protect your data, no method of electronic transmission or storage can be guaranteed to be 100% secure.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected Data Subjects, we will notify the competent supervisory authority and, where required by applicable law, affected Data Subjects, in accordance with applicable notification timelines and procedures.
11. Automated Decision-Making and Profiling
We do not currently make decisions based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you. If we introduce such processing in the future, we will update this Policy and, where required, obtain your consent or implement other appropriate safeguards.
12. Children’s Privacy
The Site and Services are directed exclusively at corporate clients, professional users, and other adults. They are not intended for, marketed to, or directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected such data, we will delete it promptly.
13. Cookies and Similar Technologies
The Site uses cookies and similar tracking technologies to enable core functionality, improve user experience, analyse Site usage, and support marketing activities (including remarketing through Google Ads and Meta/Facebook Ads). Cookies are small text files stored on your device that allow us to recognise your browser and retain certain information.
Where required by applicable law (including the GDPR and the ePrivacy Directive in the EEA/UK), we will obtain your consent before placing non-essential cookies. You may manage your cookie preferences through the cookie banner on the Site or your browser settings. Disabling certain cookies may affect Site functionality.
For details of the specific cookies we use and their respective purposes, please refer to our separate Cookie Policy.
14. Third-Party Links
The Site may contain links to third-party websites, plugins, applications, or services. Clicking such links may enable third parties to collect or share data about you. We do not control and are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policy of any third-party website you visit.
15. Changes to This Privacy Policy
We may update this Policy from time to time to reflect changes in our practices, Services, technology, legal obligations, or other circumstances. The revised version will be indicated by an updated “Last updated” date and will take effect upon posting on the Site. Where changes are material, we will take reasonable steps to notify you in advance (for example, by email or a prominent notice on the Site). Your continued use of the Site or Services after the effective date of the updated Policy constitutes acceptance of the changes.
16. Contact Information
Questions, concerns, or requests regarding this Policy or our processing of your personal data should be addressed to our Responsible Person:
Vita Liberta Limited
Room 68, 7/F, Woon Lee Commercial Building
7 Austin Avenue, Tsim Sha Tsui, Kowloon, Hong Kong
Email: legal@vitaliberta.hk
Telephone: +852 6841 6177
17. Jurisdiction-Specific Provisions
17.1 Hong Kong (PDPO). You have the right to request access to and correction of your personal data under sections 18 and 22 of the PDPO. Complaints may be addressed to the Office of the Privacy Commissioner for Personal Data (www.pcpd.org.hk).
17.2 European Economic Area and United Kingdom (GDPR). Vita Liberta is established in Hong Kong and does not target the EEA or the UK as primary markets. However, because our online advertising (including campaigns via Google Ads and Meta/Facebook Ads) may reach users located in the EEA or the UK, certain provisions of the GDPR and the UK GDPR may apply to such Data Subjects under Article 3 thereof. Vita Liberta has not appointed a representative under Article 27 of the GDPR. Data Subjects in the EEA or the UK who wish to exercise their rights under the GDPR may do so by contacting us directly at the address in Section 16. EEA Data Subjects may also lodge a complaint with the supervisory authority of their member state of habitual residence, place of work, or place of the alleged infringement; UK Data Subjects may lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).
18. Governing Law
This Policy is governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region, without prejudice to any mandatory data protection rules of your country of residence that may apply to the processing of your personal data.
Hongkong
China