Signal Eight
Signal Eight

Privacy Policy

Last Updated: 1 September 2025

Signal Eight Limited (“Signal Eight”, “we”, “us”, “our”) is a Hong Kong–based consultancy specialising in AI consulting, training, CRM solutions and digital transformation. We are committed to protecting your privacy and handling personal data in accordance with Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) and the Data Protection Principles (“DPPs”).

This Privacy Policy explains what personal data we collect, how we use it, to whom it may be transferred, how long we keep it, and your rights. It applies to our websites, communications, scheduling tools, and services (collectively, the “Services”).

1) The Personal Data We Collect

A. Information you provide to us

  • Contact & enquiry data: name, email address, company, role, phone (if provided), and the content of your message.
  • Newsletter & waitlist sign-ups: email address, name, company (waitlist), and your marketing preferences/consent. We may use double opt‑in to confirm your subscription.
  • Scheduling & consultations: details needed to arrange a meeting (e.g., name, email, time zone, preferred time) and any notes you choose to share.
  • Training/engagement data: information necessary to plan or deliver our consulting, training and CRM‑related Services.
  • Other voluntary submissions: any other information you voluntarily provide to us through the Site, such as in comments, reviews, or surveys.

B. Information collected automatically

  • Usage and device data: IP address, browser type and version, operating system, pages viewed, referring URLs/UTM parameters, time spent, interactions (e.g., clicks), language and approximate location derived from IP.
  • Error and performance data: diagnostic information to monitor availability, security and performance.

C. Cookies and Tracking Technologies

We and our third-party service providers (such as advertising platforms) use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities over time and across different websites and online services. This information helps us understand your interests and serve more relevant advertisements. This data may include:

  • Device Information: Information about the device you use to access our services (e.g., hardware model, operating system version, unique device identifiers).
  • Location Information: General location information (e.g., derived from your IP address).
  • Ad Interaction Data: Information about your interactions with our ads (e.g., whether you clicked on an ad, the website you came from to our Site).

2) Why We Collect and Use Personal Data (Purposes)

We use personal data to:

  • Provide and improve Services: operate our sites, deliver consulting/training/CRM solutions, schedule meetings, and respond to enquiries.
  • Communicate with you: send confirmations, administrative messages and important updates.
  • Operate newsletters and waitlists: manage subscriptions, confirm sign-ups (including double opt‑in where used), and send content you requested.
  • Direct marketing (with consent/no objection): send information about our Services, events and insights. You can opt out at any time (see Section 6).
  • Analytics and research: understand usage, improve performance and content, and enhance user experience.
  • Security and abuse prevention: detect, investigate and prevent spam, fraud or misuse.
  • Compliance and legal: comply with laws, regulations, and requests from authorities, and protect our rights.

3) Who We Share Personal Data With (Classes of Transferees)

We may transfer personal data to:

  • Service providers: We engage third-party companies and individuals to perform services on our behalf (e.g., website hosting, analytics, advertising services, email delivery). These service providers have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
  • Professional advisers: lawyers, accountants, insurers, and auditors for legitimate business and compliance needs.
  • Business transferees: parties to a merger, acquisition, reorganisation or sale of all/part of our business.
  • Authorities and regulators: where required by law or to protect rights, security or property.
  • Group companies/affiliates: to help deliver the Services consistent with this Privacy Policy.

4) International Data Transfers

Our service providers and systems may be located outside Hong Kong (including, without limitation, the United States, the European Economic Area and Asia‑Pacific locations). Where personal data is transferred outside Hong Kong, we take reasonable steps to ensure recipients provide a standard of protection comparable to the PDPO (e.g., contractual safeguards, access controls and confidentiality commitments).

By using our Services or providing personal data, you understand that your information may be transferred, stored and processed outside Hong Kong.

5) Retention

We keep personal data only for as long as necessary to fulfil the purposes set out in this Policy or to meet legal, regulatory or accounting requirements, after which it is securely deleted or anonymised. Illustrative examples:

  • Newsletter/waitlist: retained while you remain subscribed or until your request to unsubscribe is processed.
  • Enquiries and scheduling records: retained for the period needed to manage your request and any follow‑up.

6) Direct Marketing

With your consent (or an indication of no objection) as required by the PDPO, we may use your name and contact details to send marketing communications about Signal Eight’s Services (AI consulting, training, CRM solutions and digital transformation), events and insights. You may opt out at any time by clicking “unsubscribe” in our emails or contacting us (see Section 11). We will honour your request promptly.

7) Your Rights under the PDPO

Subject to the PDPO, you have the right to:

  • Access personal data we hold about you;
  • Request correction of inaccurate or incomplete data; and
  • Withdraw consent to direct marketing (see Section 6).

We may charge a reasonable fee to process a data access request, as permitted by law. We will respond within a reasonable time and in accordance with the PDPO.

8) Security

We implement reasonable and practicable administrative, technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or destruction. These include access controls, least‑privilege practices and encryption in transit for our websites. However, no method of transmission or storage is completely secure; residual risk remains.

9) Third‑Party Sites and Services

Our website may link to or embed third‑party sites or services (for example, scheduling pages). Those third parties have their own privacy practices, which we do not control. We encourage you to review their privacy information before submitting data on their properties.

10) Children’s Privacy

Our Services are intended for business and professional users and are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data without appropriate consent, please contact us and we will take appropriate steps.

11) How to Contact Us

Data User: Signal Eight Limited (Hong Kong)

Email: hello@signaleight.ai

Subject line: Privacy Enquiry

For data access/correction requests, please include sufficient information to verify your identity and identify the relevant records (e.g., name, contact email, and the nature of your request).

12) Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on our website and revise the “Last Updated” date above. Material changes will be highlighted where appropriate. Please review this Policy periodically.

Appendix A — Personal Information Collection Statement (PICS)

When we collect personal data directly from you (e.g., via forms, newsletter sign‑ups or scheduling):

(1) Purpose of collection

  • To operate our website and deliver Services;
  • To respond to your enquiries;
  • To arrange consultations or training;
  • To manage newsletters and waitlists (including double opt‑in where used);
  • To conduct analytics and improve our Services;
  • To carry out direct marketing with your consent/no objection; and
  • To comply with legal and regulatory obligations.

(2) Classes of transferees

  • Service providers supporting hosting, analytics, email/newsletter delivery, scheduling, security and customer support;
  • Professional advisers;
  • Authorities/regulators where required by law;
  • Affiliates assisting with Service delivery; and
  • Parties to a business transfer/reorganisation.

(3) Whether it is obligatory or voluntary to provide data; consequences of failure

  • Providing contact or scheduling details is necessary for us to respond or arrange a meeting.
  • Providing newsletter/waitlist details is voluntary, but without them we cannot subscribe you.
  • If required fields are not provided, we may be unable to process your request.

(4) Access and correction

  • You have rights of data access and correction under the PDPO. Requests can be made tohello@signaleight.ai. A reasonable fee may be charged for data access requests.

(5) Direct marketing

  • We may use your name and contact details for direct marketing of our Services only with your consent or indication of no objection. You can opt out at any time via unsubscribe links or by contacting us.

(6) Data retention

  • Personal data is retained only for so long as necessary to fulfil the purposes stated above or as required by law, after which it is securely deleted or anonymised.

(7) Transfers outside Hong Kong

  • Personal data may be transferred to locations outside Hong Kong where our service providers operate (including the United States, the European Economic Area and Asia‑Pacific). We take steps to ensure a level of protection comparable to the PDPO.

If there is any inconsistency between this Privacy Policy and a translated version, the English version shall prevail.