Privacy Policy

Your Privacy Matters to Us

Iridium is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, protect, and manage your personal information in accordance with the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong.

We recognise that privacy is fundamental to building trust with our clients. This policy applies to all interactions with Iridium, including when you contact us by phone, email, form submission, or in person.

1. What Personal Data We Collect

We collect personal data that is necessary to provide our legal services and communicate with you. This includes:

• Contact Information: Name, email address, phone number, physical address
• Professional Information: Job title, company, industry (where relevant to your matter)
• Matter Details: Information about your legal matter that you share with us
• Communication Records: Correspondence, meeting notes, and advice documents
• Payment Information: Banking details for invoice and payment processing (handled through secure payment providers)

2. How We Use Your Data

We use personal data for the following purposes:

• Delivering legal advice and services to you
• Communicating about your matter via email, phone, or post
• Invoicing and payment processing
• Maintaining records required by professional regulations
• Improving our services based on client feedback
• Complying with legal obligations and professional regulations

Legal Basis: We process your data based on your consent (service agreement), contract performance, and legitimate interests in delivering legal services ethically and professionally.

3. How We Protect Your Data

We implement comprehensive security measures:

• Secure encrypted communication and storage systems
• Physical security for documents and records
• Access controls limiting data to authorised personnel only
• Regular security reviews and updates
• Professional indemnity insurance covering data breaches

All communications between you and Iridium are protected by attorney-client privilege and professional confidentiality obligations.

4. How Long We Keep Your Data

We retain personal data for the duration of our professional relationship plus additional periods as required by law:

• Active client files: During engagement and for 7 years after completion (professional regulation requirement)
• Communication records: Retained with matter files
• Payment records: Retained for 7 years (tax and financial regulation requirement)
• Enquiry records: Deleted after 12 months if no engagement follows

5. Sharing With Third Parties

We may share your personal data in limited circumstances:

• With Your Consent: With other professionals (e.g., accountants, other counsel) only with your explicit permission
• Service Providers: With payment processors, secure email providers, and document management services (all bound by confidentiality agreements)
• Legal Obligation: If required by court order, regulatory demand, or law enforcement
• Professional Advice: With specialist counsel in other jurisdictions when handling cross-border matters (with your knowledge)

We do not sell your personal data to third parties. We do not use your data for marketing purposes beyond confirming service delivery.

6. Your Rights Under PDPO

Under Hong Kong's Personal Data (Privacy) Ordinance, you have the right to:

• Access: Request a copy of your personal data we hold
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of data where legally permissible
• Opt-out: Opt out of direct marketing (we do not undertake direct marketing)
• Complaint: Lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD)

To exercise these rights, contact us at [email protected] with your request and relevant details.

7. Cookies & Website Technology

Our website uses cookies and similar technologies to:

• Remember your preferences and settings
• Understand how our website is used (analytics)
• Enable essential functionality

Detailed information about our cookie usage is available in our Cookie Policy. You can control cookie settings through your browser or manage preferences on our cookie management page.

8. International Data Transfers

If your matter involves cross-border elements, we may transfer limited personal data to jurisdictions outside Hong Kong. When we do, we ensure:

• Transfers are necessary for service delivery
• Recipient jurisdictions have adequate data protection (or equivalent safeguards are in place)
• You are informed of the transfer and destination jurisdiction

9. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

• Notify you promptly without unreasonable delay
• Provide details of what occurred and what we're doing to address it
• Advise on steps you can take to protect yourself
• Notify relevant authorities where required

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated to you via email. Continued use of our services constitutes acceptance of the updated policy.