PRIVACY & DATA PROTECTION

2. Data Protection / Privacy Statement

We are committed to protecting your privacy. This statement explains how we collect, use, disclose, and safeguard your personal data, in compliance with the PDPO and aligned with the PCPD’s Model AI Framework for responsible AI use.

2.1 What We Collect

Personal Data: Your name, contact details (email, phone number), company information, and any other information you provide via enquiry forms, consultations, or communications.

Technical Data: Device information (IP address, browser type), usage data (pages visited, times), and cookie tracking information.

changes will be updated here with a revised “Last Updated” date.

2.2 Purpose of Collection (DPP 1)

We collect data to:

Respond to your enquiries and provide consulting services.

Communicate with you, including service updates and (with consent) marketing materials.

Improve our website functionality and user experience.

Comply with legal obligations (e.g., PDPO).

We ensure that the data collected is adequate and not excessive for these purposes, collected fairly and lawfully.

2.3 Use of Personal Data (DPP 3)

Your personal data will only be used for the purposes described above. Any new use of your data will require your express and voluntary consent.

2.4 Data Security (DPP 4)

We adopt reasonable technical and organizational measures to protect your data from unauthorized access, loss, or misuse, including:

Encryption in transit and at rest.

Access controls and least-privilege staffing.

Regular system monitoring and audits.

We implement technical and organizational measures appropriate to the risk: encryption (in transit & rest), access controls, staff training, audits, and incident response planning—even more so for AI systems given evolving risks

2.5 Data Retention & Erasure (DPP 2)

We keep your personal data only as long as needed for the stated purposes or as required by law. Once no longer needed, data will be securely deleted or anonymized.

Subject Rights (UK & HK): You may request access, correction, deletion, restriction of processing, or object to processing. In the UK these rights align with GDPR; in HK, they align with PDPO’s DPP6 requirements

2.6 Disclosure & Third-Party Sharing

We do not sell or lease your data. It may be shared with:

Trusted service providers (e.g., hosting, CRM tools) under confidentiality and security obligations.

Law enforcement or government bodies, as legally required.

2.7 Cross-Border Transfers

If your personal data is processed or stored outside Hong Kong, we ensure compliance with PDPO—through safeguards like contractual clauses, technical and organizational controls.

2.8 Your Rights (DPP 6)

Under the PDPO, you have the right to:

Access your personal data.

Request correction.

Request erasure (subject to legal or contractual constraints).

Withdraw consent at any time.
To exercise these rights, please contact us at: [insert contact email].

2.9 Cookies & Tracking

We use cookies and similar technologies to:

Enable the website’s technical functions.

Analyze usage patterns.

Provide marketing, with your consent.
You can manage your cookie preferences via your browser or our cookie settings tool.

2.10 Transparency & AI-related Handling

Aligned with the PCPD’s Model AI Framework, we:

Provide clear information about any AI tools used in providing our consulting services.

Conduct risk assessments for AI systems, ensuring fairness, robustness, and human oversight.

Maintain AI governance procedures: strategy, audits, incident response preparedness, and staff training.

2.11 Policy Updates

We may revise this Data Protection Statement over time. Any changes will be updated here with a revised “Last Updated” date.

2.12 Business Representation

We welcome genuine business enquiries. Please include your full name, company name, role, and verifiable contact details. We maintain records for all agents, agencies, tradespeople, business inquiries and references found online, excluding official ID documents. However, we may require business registration numbers, dealership licenses, or country-specific identifiers. As business requirements vary by region and culture, we will update our practices accordingly. Verification is mandatory where physical or direct inspections are not possible. This helps protect us and clients against fraudulent actions that impersonate legitimate businesses or persons.

We do not accept solicitations from individuals or organizations whose identity or business representation cannot be verified—whether online, in person, or via third-party verification. Unsolicited proposals submitted without proof of identity or business credentials will not be reviewed.

Users of this website agree not to use the contact information, forms, or communication channels provided on this site for unsolicited marketing, advertising, or sales purposes:

i. Any misuse of our contact details for marketing purposes will be considered a violation of these Terms of Use.

ii. We reserve the right to take appropriate action against repeated or abusive solicitations, including blocking communication channels and reporting such activity where applicable.

iii. This measure is in place to ensure our communication lines remain secured and dedicated to serving our clients and partners.

2.13 Privacy Policy

Last Updated: [27 August 2025]:

Nouveau Core (“we,” “our,” “us”) values your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website and services. It also sets out your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (UK), and Hong Kong’s Personal Data (Privacy) Ordinance (PDPO).

By using our website or services, you agree to this Privacy Policy.

1. Who We Are

Nouveau Core is an AI consulting business operating in both the United Kingdom and Hong Kong.

Contact (UK): [email protected]

Contact (Hong Kong):[email protected]

If you have questions about this Policy or wish to exercise your rights, please contact us.

2. Data We Collect

We may collect the following types of personal data:

Personal details: name, email address, phone number, company name, job title.

Communications: messages or documents you send us through forms or email.

Technical information: IP address, browser type, device information, cookies, and analytics data about how you use our site.

We do not intentionally collect sensitive personal data unless it is essential for providing our services and you have given explicit consent.

3. How We Collect Data

Directly: when you contact us, sign up for updates, or request our services.

Automatically: through cookies and analytics tools when you browse our site.

4. How We Use Your Data

We use your data for:

Providing and improving our consulting services.

Responding to enquiries and client communications.

Sending updates, insights, or marketing (only with your consent).

Meeting legal or regulatory requirements.

Legal Basis (UK): Consent, contractual necessity, legal obligation, or legitimate interest.
Hong Kong: Collected fairly and used only for the purposes stated at the time of collection (in line with PDPO’s Data Protection Principles).

5. Sharing Your Data

We do not sell or rent your personal data.

We may share it with:

Trusted third-party providers (e.g., cloud hosting, analytics, CRM tools) who support our operations.

Regulators or legal authorities, if required by law.

If we transfer data outside the UK or Hong Kong, we take steps to ensure appropriate safeguards (e.g., contractual clauses, adequacy decisions, or equivalent protections).

6. Data Retention

We keep personal data only as long as necessary to fulfil the purposes stated or to meet legal obligations. When no longer needed, we securely delete or anonymize your data.

7. Cookies & Tracking

We use cookies to:

Make the website function properly.

Understand usage and improve performance.

Provide relevant content and marketing (only with your consent in the UK).

You can manage cookies through your browser settings or our cookie consent tool.

8. Your Rights

You have the following rights:

UK (UK GDPR / DPA 2018): Access, correction, deletion, restrict processing, data portability, object to processing, withdraw consent.

Hong Kong (PDPO): Access and correct your personal data, withdraw consent, and request deletion where permitted by law.

To exercise your rights, contact us. We will respond within the timeframes required by law.

9. AI & Responsible Data Use

As an AI consulting company, we follow responsible AI principles:

Collect only the data we need for AI projects.

Apply transparency, fairness, and human oversight in AI-related work.

Carry out risk assessments to safeguard client and individual data.

Comply with Hong Kong PCPD’s Model Personal Data Protection Framework for AI and UK GDPR’s accountability principles.

10. Data Security

We use technical and organizational measures to keep your data safe, including:

i. Encryption in transit and at rest.

ii. Access controls and authentication.

iii. Staff training on data protection and AI governance.

iv. Incident response planning.

v. If a data breach occurs, we will notify you and (where required) regulators promptly.

11. Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted here with a new “Last Updated” date. We encourage you to review this Policy regularly.

12. Complaints

If you are unhappy with how we handle your data, you can complain to:

UK: Information Commissioner’s Office (ICO) – ico.org.uk

Hong Kong: Office of the Privacy Commissioner for Personal Data (PCPD) – pcpd.org.hk

We would appreciate the chance to resolve concerns directly before you approach a regulator.

Effective Date

This Privacy Policy is effective from: [27 Aug 2025]

ICO Registration: ZB935488

UK Data Protection Officer / Contact: +44 03031231113, ico.org.uk

Hong Kong Privacy Officer: [email protected]
You may contact us to exercise your rights or for any inquiries.