01Who we are
This Privacy Policy applies to the website autoplus.hk and the consulting services operated under the brand Autoplus. The data controller is Aether Frontier Group Limited, a company incorporated in Hong Kong (CR No. 78145236), with business correspondence directed to info@autoplus.hk.
02What we collect
We collect only the personal data necessary to respond to enquiries, deliver consulting services, issue invoices, and meet our legal obligations. Categories include:
- Identity & contact: name, company, role, email address, phone or messaging handle (e.g. WhatsApp).
- Enquiry content: the message you send through our contact form, email, WhatsApp, or other channels.
- Engagement records: proposals, contracts, invoices, deliverables, and meeting notes.
- Technical data: standard server logs (IP, user agent, request path, timestamp) for security and reliability.
We do not knowingly collect personal data from children under 13.
03How we use your data
- To respond to your enquiries and provide quotations.
- To negotiate and execute consulting engagements (under separate written agreement).
- To deliver, support, and document the agreed services.
- To comply with tax, accounting, anti-money-laundering, or other legal duties in Hong Kong.
- To improve our website, content, and security posture.
We do not use your personal data for automated profiling or advertising targeting.
04Sharing with third parties
We do not sell or rent personal data. We share limited data with carefully selected service providers, only to the extent needed to operate:
- Hosting & website: Vercel Inc. (USA, EU edge) — site delivery and analytics logs.
- Email & productivity: Google Workspace — email, calendar, document storage.
- Messaging platforms: Meta Platforms (WhatsApp Business Cloud API, Facebook Pages, Instagram) — for messages you send through those channels.
- Workflow infrastructure: Hostinger / n8n — for automation and operational runbooks.
Each of the above operates under its own privacy commitments. We require all sub-processors to handle personal data confidentially. We may also disclose data when required by law, court order, or to protect our legal rights.
05Cross-border transfer
Some of our service providers process data outside Hong Kong (notably the United States and the European Union). Where personal data is transferred outside Hong Kong, we rely on the providers' contractual commitments and recognised security standards. We have not separately certified these transfers under any specific adequacy framework.
06Retention
We retain personal data only as long as necessary for the purposes above and to meet our legal obligations:
- Enquiry records — up to 24 months from the last interaction, then deleted or anonymised.
- Engagement records (contracts, invoices, deliverables) — 7 years after the engagement ends, in line with Hong Kong tax and accounting requirements.
- Server logs — 90 days, then automatically rotated.
07Your rights under PDPO
Under the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486), you have the right to:
- Request access to your personal data we hold.
- Request correction of inaccurate data.
- Request deletion of data no longer required for the original purpose.
- Withdraw consent for direct marketing (we do not currently send direct marketing).
- Lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD).
To exercise any of these rights, email our data protection contact (see Section 10). We respond within 40 days, in line with PDPO timelines.
08Cookies & tracking
autoplus.hk uses minimal cookies. Strictly necessary cookies may be set by our hosting provider for site reliability and security. We do not currently run third-party advertising trackers, social pixels, or cross-site marketing cookies. If this changes, this policy will be updated and a cookie consent prompt will be introduced before any non-essential cookie is loaded.
09Security
We take reasonable steps to protect personal data against unauthorised access, alteration, or disclosure. Measures include encrypted transport (HTTPS), access controls on cloud accounts, role-based permissions, and operational runbooks. No method of transmission or storage is fully secure; we cannot guarantee absolute security.
10Contact
Data Protection Contact
11Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced on this page with a revised effective date. Continued use of the website or our services after a change constitutes acceptance of the revised policy.