How we collect, use and protect your personal data.
This Privacy & Cookies Policy explains how Kensington IT Limited ("Kensington IT", "we", "us" or "our") collects, uses, stores, transfers and protects personal data in connection with our website and the services we provide to our clients.
Kensington IT Limited is a company incorporated in Hong Kong, with registered office at 3906, 39/F, The Center, 99 Queen's Road, Central, Hong Kong. We act as a data user under the Hong Kong Personal Data (Privacy) Ordinance ("PDPO") in respect of personal data we collect for our own purposes (e.g. running our business, communicating with prospects and clients, operating this website).
When we process personal data on behalf of a client as part of our Services (for example, operating an AI agent or database that handles the client's customer or employee data), we act as a data processor under the client's instructions, and the client is the data user / controller. The terms of that processing are set out in the relevant statement of work and, where applicable, a separate data processing agreement.
Where we offer services to clients in the European Economic Area or the United Kingdom, we also have regard to the EU and UK General Data Protection Regulation ("GDPR") to the extent applicable.
Depending on how you interact with us, we may collect the following categories of personal data:
| Purpose | Categories of data | Legal basis (where GDPR applies) |
|---|---|---|
| Responding to enquiries and proposal requests | Prospect contacts | Legitimate interests / steps prior to entering a contract |
| Delivering and administering Services | Client contacts, engagement data, operational data | Performance of a contract |
| Invoicing, accounting and tax compliance | Client contacts, billing details | Legal obligation |
| Operating, securing and improving the Site | Website visitor data | Legitimate interests |
| Marketing communications (limited & relevant) | Prospect & client contacts | Legitimate interests / consent |
| Compliance with legal and regulatory obligations | As required | Legal obligation |
Under the PDPO, we collect personal data lawfully and only for purposes directly related to a function or activity of Kensington IT, and we collect only the data adequate but not excessive for those purposes.
We do not sell personal data. We may share personal data with:
Because we serve clients globally and use cloud-based service providers, personal data may be transferred to, or accessed from, jurisdictions outside Hong Kong, including jurisdictions which may not provide a level of personal data protection equivalent to the PDPO or the GDPR. Where we transfer personal data internationally, we put in place reasonable contractual, technical and organisational measures to protect that data (including, where required by GDPR, Standard Contractual Clauses or other recognised transfer mechanisms).
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting or reporting requirements. Typical retention periods are:
If you are an individual whose personal data we hold as a data user, you have the right to: ascertain whether we hold your personal data; request access to it; request correction of it; and be informed of our policies and practices in relation to personal data.
If GDPR applies to our processing of your personal data, you additionally have the right (subject to conditions and exceptions) to: erasure, restriction of processing, data portability, objection to processing based on legitimate interests, withdrawal of consent where processing is based on consent, and the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
To exercise any of these rights, please contact us at info@kensingtonitlimited.com. We may need to verify your identity before responding.
We maintain a security programme appropriate to the scale and sensitivity of the data we hold, including: least-privilege access controls, multi-factor authentication for administrative accounts, encryption in transit (TLS) and at rest for data we host, regular patching of systems and dependencies, secrets management, audit logging, vendor due diligence, and incident response procedures. No system is perfectly secure; we encourage you to use strong, unique passwords and to keep your own devices and accounts protected.
If you have a concern about our handling of your personal data, please contact us first at info@kensingtonitlimited.com so that we can try to resolve it. You also have the right to complain to:
Our Site uses a small number of cookies and similar technologies. Cookies are small text files stored on your device that allow a website to remember information about your visit.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| Session cookie | Strictly necessary | Maintains your session as you navigate the Site. | Session |
| Cookie consent | Strictly necessary | Remembers your cookie preferences. | 12 months |
| Analytics (e.g. Google Analytics or Plausible) | Analytics | Helps us understand how visitors use the Site, in aggregated form, so we can improve it. | Up to 24 months |
Most browsers let you control cookies through their settings. You can refuse all cookies, accept only first-party cookies, or be notified when a cookie is being set. Disabling strictly-necessary cookies may impair the functioning of the Site. To learn more, visit aboutcookies.org.
Our Site and Services are not directed at children, and we do not knowingly collect personal data from children.
We may update this Policy from time to time. The current version will always be available on this page with the effective date stated below. Where the changes are material, we will take reasonable steps to bring them to your attention.
If you have any questions about this Policy or how we handle personal data, please contact:
Kensington IT Limited
3906, 39/F, The Center
99 Queen's Road, Central
Hong Kong
Email: info@kensingtonitlimited.com