Legal

Privacy Policy

Last updated: 23 April 2026

Signal Eight Limited ("Signal Eight", "we", "us", and "our") is a Hong Kong-based consultancy specialising in AI consulting, training, CRM solutions and digital transformation. We are committed to protecting your privacy and handling personal data in accordance with Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) (PDPO) and the Data Protection Principles (DPPs).

This Privacy Policy explains what personal data we collect, how we use it, to whom it may be transferred, how long we keep it, and your rights. It applies to our websites, communications, scheduling tools, and services (collectively, the Services).

1) The Personal Data We Collect

A. Information you provide to us

  • Contact and enquiry data: name, email address, company, role, phone (if provided), and the content of your message.
  • Newsletter and waitlist sign-ups: email address, name, company (waitlist), and your marketing preferences or consent. We may use double opt-in to confirm your subscription.
  • Scheduling and consultations: details needed to arrange a meeting (for example, name, email, time zone, preferred time) and any notes you choose to share.
  • Training and engagement data: information necessary to plan or deliver our consulting, training and CRM-related Services.
  • Other voluntary submissions: any other information you voluntarily provide to us through the site, such as in comments, reviews, or surveys.

B. Information collected automatically

  • Usage and device data: IP address, browser type and version, operating system, pages viewed, referring URLs or UTM parameters, time spent, interactions (for example, clicks), language and approximate location derived from IP.
  • Error and performance data: diagnostic information to monitor availability, security and performance.

C. Cookies and Tracking Technologies

We and our third-party service providers (such as advertising platforms) use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities over time and across different websites and online services. This information helps us understand your interests and serve more relevant advertisements. This data may include:

  • Device Information: information about the device you use to access our services (for example, hardware model, operating system version, unique device identifiers).
  • Location Information: general location information derived from your IP address.
  • Ad Interaction Data: information about your interactions with our ads, such as whether you clicked on an ad and the website you came from to our site.

2) Why We Collect and Use Personal Data (Purposes)

We use personal data to:

  • Provide and improve Services: operate our sites, deliver consulting, training and CRM solutions, schedule meetings, and respond to enquiries.
  • Communicate with you: send confirmations, administrative messages and important updates.
  • Operate newsletters and waitlists: manage subscriptions, confirm sign-ups (including double opt-in where used), and send content you requested.
  • Direct marketing (with consent or no objection): send information about our Services, events and insights. You can opt out at any time (see Section 6).
  • Analytics and research: understand usage, improve performance and content, and enhance user experience.
  • Security and abuse prevention: detect, investigate and prevent spam, fraud or misuse.
  • Compliance and legal: comply with laws, regulations, and requests from authorities, and protect our rights.

3) Who We Share Personal Data With (Classes of Transferees)

We may transfer personal data to:

  • Service providers: third-party companies and individuals that perform services on our behalf, such as website hosting, analytics, advertising services, and email delivery. These providers may access personal information only to perform those tasks for us and are expected not to use it for unrelated purposes.
  • Professional advisers: lawyers, accountants, insurers, and auditors for legitimate business and compliance needs.
  • Business transferees: parties to a merger, acquisition, reorganisation or sale of all or part of our business.
  • Authorities and regulators: where required by law or to protect rights, security or property.
  • Group companies or affiliates: to help deliver the Services consistently with this Privacy Policy.

4) International Data Transfers

Our service providers and systems may be located outside Hong Kong, including the United States, the European Economic Area and Asia-Pacific locations. Where personal data is transferred outside Hong Kong, we take reasonable steps to ensure recipients provide a standard of protection comparable to the PDPO, for example through contractual safeguards, access controls and confidentiality commitments.

By using our Services or providing personal data, you understand that your information may be transferred, stored and processed outside Hong Kong.

5) Retention

We keep personal data only for as long as necessary to fulfil the purposes set out in this Policy or to meet legal, regulatory, or accounting requirements, after which it is securely deleted or anonymised. Illustrative examples include:

  • Newsletter and waitlist data: retained while you remain subscribed or until your request to unsubscribe is processed.
  • Enquiries and scheduling records: retained for the period needed to manage your request and any follow-up.

6) Direct Marketing

With your consent (or an indication of no objection) as required by the PDPO, we may use your name and contact detailsto send marketing communications about Signal Eight's Services, events and insights. You may opt out at any timeby clicking "unsubscribe" in our emails or contacting us (see Section 11). We will honour your request promptly.

7) Your Rights under the PDPO

Subject to the PDPO, you have the right to:

  • Access personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Withdraw consent to direct marketing (see Section 6).

We may charge a reasonable fee to process a data access request, as permitted by law. We will handle data access and data correction requests in accordance with the PDPO, including the applicable 40-day response period where required by law.

8) Security

We implement reasonable and practicable administrative, technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or destruction. These measures include access controls, least-privilege practices and encryption in transit for our websites. However, no method of transmission or storage is completely secure, and residual risk remains.

9) Third-Party Sites and Services

Our website may link to or embed third-party sites or services, such as scheduling pages. Those third parties have their own privacy practices, which we do not control. We encourage you to review their privacy information before submitting data on their properties.

10) Children's Privacy

Our Services are intended for business and professional users and are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data without appropriate consent, please contact us and we will take appropriate steps.

11) How to Contact Us

Data User: Signal Eight Limited

Contact role: Privacy Contact

Postal address: Unit 2A, 17/F, Glenealy Tower, Central No.1 Glenealy, Hong Kong S.A.R.

Email: hello@signaleight.ai

Subject line: Privacy Enquiry

For data access or correction requests, please include sufficient information to verify your identity and identify the relevant records, such as your name, contact email, and the nature of your request.

12) Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on our website and revise the last updated date above. Material changes will be highlighted where appropriate. Please review this Policy periodically.

Appendix A - Personal Information Collection Statement (PICS)

When we collect personal data directly from you, for example via forms, newsletter sign-ups or scheduling:

(1) Purpose of collection

  • To operate our website and deliver Services.
  • To respond to your enquiries.
  • To arrange consultations or training.
  • To manage newsletters and waitlists, including double opt-in where used.
  • To conduct analytics and improve our Services.
  • To carry out direct marketing with your consent or no objection.
  • To comply with legal and regulatory obligations.

(2) Classes of transferees

  • Service providers supporting hosting, analytics, email or newsletter delivery, scheduling, security and customer support.
  • Professional advisers.
  • Authorities or regulators where required by law.
  • Affiliates assisting with Service delivery.
  • Parties to a business transfer or reorganisation.

(3) Whether it is obligatory or voluntary to provide data

  • Providing contact or scheduling details is necessary for us to respond or arrange a meeting.
  • Providing newsletter or waitlist details is voluntary, but without them we cannot subscribe you.
  • If required fields are not provided, we may be unable to process your request.

(4) Access and correction

  • You have rights of data access and correction under the PDPO. Requests can be made to our Privacy Contact by email at hello@signaleight.ai or by post to Unit 2A, 17/F, Glenealy Tower, Central No.1 Glenealy, Hong Kong S.A.R.. A reasonable fee may be charged for data access requests, as permitted by law.

(5) Direct marketing

  • We may use your name and contact details for direct marketing of our Services only with your consent or indication of no objection. You can opt out at any time via unsubscribe links or by contacting us.

(6) Data retention

  • Personal data is retained only for so long as necessary to fulfil the purposes stated above or as required by law, after which it is securely deleted or anonymised.

(7) Transfers outside Hong Kong

  • Personal data may be transferred to locations outside Hong Kong where our service providers operate, including the United States, the European Economic Area and Asia-Pacific. We take steps to ensure a level of protection comparable to the PDPO.

If there is any inconsistency between this Privacy Policy and a translated version, the English version shall prevail.