Privacy Policy

Updated 1 May 2026

Zzzzip Limited ("Zzzzip", "we", "us" or "our") respects your privacy and is committed to protecting your personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") of Hong Kong, the requirements applicable to licensed Trust or Company Service Providers ("TCSP") under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) ("AMLO"), and relevant international standards (including principles similar to those in the GDPR where applicable).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you visit our website, engage our services (company incorporation, corporate secretarial, accounting, payroll, visa/immigration, or other TCSP-related services), or otherwise interact with us.

By using our website or services, you acknowledge that you have read and understood this Policy. We may update it from time to time; changes will be posted here with the updated date.

1. Data Controller and Contact Details

Zzzzip Limited (TCSP licensee) is the data user/controller responsible for your personal data. Registered Address: Room 1703-1704, 17/F, Tung Chiu Commercial Centre, 193 Lockhart Road, Wan Chai, Hong Kong. Data Protection / Privacy Officer: William Probert. Email: privacy@zzzzip.com You may contact us for any queries, access/correction requests, or complaints.

2. Personal Data We Collect

We collect personal data directly from you, automatically, or from third parties where lawful. Categories include:

  • Identity & Contact Data: Name, date of birth, nationality, passport/ID details, email, phone, address, job title.
  • Corporate & Beneficial Ownership Data: Company documents, ultimate beneficial owners (UBOs), directors, shareholders, source of funds/wealth information (required for TCSP/AML compliance).
  • Service-Related Data: Engagement letters, payment details, transaction records, instructions for company incorporation, accounting, payroll, or visa services.
  • Technical & Usage Data: IP address, browser type, device information, cookies, visit timestamps, pages viewed (via website analytics).
  • Marketing & Communication Data: Preferences for receiving updates or offers.
  • Other: Any additional information you voluntarily provide.

For TCSP services, certain data collection is obligatory to comply with AMLO customer due diligence (CDD), ongoing monitoring, and record-keeping requirements. Failure to provide it may prevent us from providing services.

3. How We Collect Your Data

  • Directly from you (forms, emails, calls, consultations, KYC/AML submissions).
  • Automatically through website cookies/tracking technologies.
  • From third parties (e.g., public registries, referrers, or service partners) where permitted.

4. Purposes of Use (Data Protection Principle 1)

We use your personal data only for lawful purposes directly related to our functions, including:

  • Providing and managing our services (company setup, secretarial, accounting, payroll, etc.).
  • Conducting mandatory CDD, KYC, enhanced due diligence, ongoing monitoring, and suspicious transaction reporting under AMLO/TCSP regulations.
  • Complying with legal, regulatory, and licensing obligations (e.g., reporting to the Registrar of Companies, JFIU, or law enforcement).
  • Processing payments and internal administration.
  • Communicating with you about services, updates, or support.
  • Improving our website and services (analytics).
  • Direct marketing (with consent or soft opt-in where allowed).
  • Business transfers, legal claims, or other legitimate interests (where your rights do not override ours).

We rely on bases such as contract performance, legal obligations, legitimate interests, or consent.

5. Disclosure and Sharing of Personal Data

We may disclose your data to the following classes of recipients (Data Protection Principle 3):

  • Our employees, agents, and professional advisors (subject to confidentiality).
  • Regulators and authorities (Registrar of Companies, JFIU, PCPD, law enforcement) as required by AMLO or other laws.
  • Third-party service providers (IT, payment processors, cloud storage, professional firms) under contractual safeguards.
  • Group companies or affiliates (if any).
  • Prospective buyers in business transfers (with confidentiality).
  • Other parties with your consent.

We do not sell personal data. Transfers outside Hong Kong are protected by contractual or other means to ensure adequate safeguards consistent with PDPO.

6. Data Security (Data Protection Principle 4)

We implement reasonable technical and organisational measures (e.g., access controls, encryption, secure servers, staff training) to protect against unauthorised access, loss, or misuse. No system is 100% secure, but we strive to meet PDPO standards. Suspected breaches will be handled promptly and notified where required.

7. Data Retention (Data Protection Principle 2)

We retain personal data only as long as necessary for the purposes above or as required by law.

  • TCSP/AML records (KYC, transactions, etc.): Minimum 5 years after the end of the business relationship (per AMLO).
  • Other data: Shorter periods where possible, after which it is securely erased or anonymised.

8. Your Rights (Data Protection Principle 6)

Under the PDPO, you have rights to:

  • Request access to your personal data.
  • Request correction of inaccurate/incomplete data.
  • Object to or withdraw consent for direct marketing (at any time).
  • Request erasure or restriction (subject to legal obligations).

To exercise these, contact our Data Protection Officer with proof of identity. We respond within 40 days (or explain delays). No fee for standard requests (administrative charge possible for excessive ones). You may also complain to the Office of the Privacy Commissioner for Personal Data (PCPD): www.pcpd.org.hk.

9. Cookies and Website Tracking

We use essential, functional, and analytics cookies. You can manage preferences via browser settings. For details, see our separate Cookies Notice.

10. Children's Privacy

Our services and website are not directed at children under 18. We do not knowingly collect data from minors without verifiable parental consent.

11. International Compliance Note

While primarily governed by Hong Kong PDPO and TCSP/AMLO rules, we align practices with broader data protection principles (e.g., lawfulness, fairness, minimisation, accountability) for international clients where relevant. This does not create additional legal rights beyond Hong Kong law.

12. Changes to This Policy

We may revise this Policy. Continued use after changes constitutes acceptance. Significant updates will be notified via website or direct communication.

Thank you for trusting Zzzzip with your business needs. For any questions, please contact us at the details above.

Get your Free Consultation now