Privacy Policy

Effective Date: 6 August 2025

on this page

Table of content

Introduction

This Privacy Policy governs the processing of personal data by Alvren Partners Limited, trading as Alvren, a private company limited by shares, incorporated under the laws of Hong Kong on 8 September 2025, with company registration number 78758019, having its registered office at Unit 1603, 16th Floor, Wing On Centre, 111 Connaught Road Central, Hong Kong (“Alvren”, “we”, “us”, or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website www.alvren.com (the “Site”), engage with us via other channels, or use our consultancy and advisory services (collectively, the “Services”).

This Privacy Policy applies to all individuals whose personal data is processed by us, including visitors to our Site, clients, service providers, and business contacts. We aim to be transparent about our practices and comply with the standards of the EU GDPR, UK GDPR, and other applicable data protection laws.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

I. Definitions

Personal Data – Any information relating to an identified or identifiable natural person, including names, contact details, identification numbers, location data, online identifiers, and other information that can be directly or indirectly linked to an individual.
Processing – Any operation performed on personal data, whether automated or not, such as collection, storage, use, disclosure, or deletion.
Data Subject – An individual whose personal data is processed.
Data Controller – The legal person that determines the purposes and means of the processing of personal data.
Data Processor – A third party that processes personal data on behalf of the Data Controller.

II. Categories of Personal Data We Collect

II.1. Identity & Contact Information

  • First and last name
  • Company name and title (if applicable)
  • Email address
  • Telephone number
  • Mailing address

II.2. Technical and Usage Data

  • Internet Protocol (IP) address
  • Browser type and version
  • Device type and operating system
  • Time zone and language preferences
  • Pages visited, session duration, navigation patterns
  • Referring URLs

II.3. Communication and Engagement Data

  • Content of emails and web forms
  • Client onboarding documents
  • Preferences and responses to marketing communications
  • Meeting notes and business records

II.4. Marketing and Cookie Data

  • Preferences provided through cookie banners
  • Consent logs
  • Analytics cookies (e.g., Google Analytics)

III. How We Collect Personal Data

  • Direct interactions: Filling out forms on our website, subscribing to newsletters, sending us emails, or engaging our Services.
  • Automated technologies: Cookies, server logs, and similar technologies when you browse our Site.
  • Third-party sources: Business partners, public sources, and referrals.

IV. Legal Basis for Processing Personal Data under the GDPR

Depending on the context in which your data is collected and your relationship with us, we may rely on:

  • Performance of a contract – To provide consultancy services, respond to inquiries, or manage client relationships.
  • Consent – For newsletters or non-essential cookies. You may withdraw consent at any time.
  • Legitimate interests – For service security, improvements, or communications, provided your rights are not overridden.
  • Legal obligations – To comply with laws such as anti-money-laundering or financial reporting requirements.

V. Use of Personal Data

  • Provide, manage, and maintain our Services
  • Respond to inquiries or fulfil requests
  • Send service-related notices and operational updates
  • Conduct due diligence and compliance checks
  • Personalise and improve our Site and Services
  • Maintain internal records, contracts, and billing data
  • Manage client relationships and business operations
  • Send marketing communications (if consented)
  • Comply with legal obligations or defend against claims

VI. Marketing Communications

If you have opted in to receive marketing communications, we may send you updates about our services or events. You may withdraw consent at any time by clicking “unsubscribe” or contacting us. We do not sell or rent your personal data.

VII. Cookies & Tracking Technologies

We use cookies and similar tracking tools to:

  • Enhance browsing experience
  • Analyse site usage
  • Support functionality and security

Some cookies are essential and cannot be disabled. Others (preference, analytics, security) require consent. Third-party services like Google Analytics may also collect usage data. You can manage cookies through browser settings or our consent banner.

VIII. Data Sharing and Disclosure

We may share your data with:

  • Internal personnel – Employees and consultants on a need-to-know basis
  • Service providers – Hosting, analytics, storage, communication, IT, legal/accounting, or marketing vendors under confidentiality
  • Corporate partners – For joint ventures, mergers, or acquisitions with safeguards
  • Legal authorities – When legally required or to protect rights and safety

IX. International Data Transfers

Your data may be transferred outside your jurisdiction, including to places without the same protection level. Safeguards include:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Data transfer agreements
  • Your explicit consent

X. Security of Personal Data

We protect your data with measures such as:

  • TLS encryption for website traffic
  • Firewalls and intrusion detection tools
  • Least-privilege access controls
  • Encrypted storage of sensitive data
  • Regular security audits and staff training

XI. Data Retention

  • Contact form submissions: up to 2 years
  • Client correspondence/contracts: up to 7 years
  • Analytics data: up to 14 months
  • Consent records: up to 5 years

Data no longer needed is securely deleted or anonymized.

XII. Your Rights Under GDPR

  • Right of Access
  • Right to Rectification
  • Right to Erasure (“Right to be Forgotten”)
  • Right to Restriction
  • Right to Data Portability
  • Right to Object
  • Right to Withdraw Consent
  • Right to Lodge a Complaint

Send requests to: legal@alvren.com (verification may be required; responses within 30 days).

XIII. Children’s Privacy

Services are not intended for those under 18. We do not knowingly collect data from minors. Parents may request deletion.

XIV. Third-Party Sites and Services

Our Site may link to external sites or platforms. We are not responsible for their privacy practices. Please review their policies separately.

XV. Changes to This Privacy Policy

We may amend this policy at any time.

  • “Last Updated” date will be revised
  • Material changes may trigger email or banner notices

XVI. Contact Us

For questions or requests regarding this Privacy Policy or your personal data:
Email: legal@alvren.com