Privacy Policy

1. Introduction

Mirio Technologies Limited ("Mirio," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services or visit our website. This policy is compliant with the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong, the General Data Protection Regulation (GDPR), and other applicable data protection laws as of 2026.

2. Data Controller

Mirio Technologies Limited is the data controller responsible for your personal data. Our contact details are:

3. Information We Collect

We may collect and process the following types of personal data:

3.1 Information You Provide

• Contact information (name, email address, phone number, company name)
• Business information (job title, industry, company size)
• Project requirements and specifications
• Payment and billing information
• Communications with our team

3.2 Information Collected Automatically

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, referral source)
• Cookies and similar tracking technologies
• Analytics data from third-party services (Vercel Analytics, Google Analytics)

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interests: For business operations, security, and service improvement
• Legal Obligations: Compliance with applicable laws and regulations
• Consent: Where you have provided explicit consent for specific processing activities

5. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve our services
• Communicate with you about projects, updates, and support
• Process payments and manage billing
• Send marketing communications (with your consent)
• Analyze usage patterns to improve user experience
• Comply with legal obligations and protect our rights
• Detect and prevent fraud or security incidents

6. AI and Automated Decision-Making (2026 Compliance)

In compliance with the EU AI Act (2024) and Hong Kong's AI Governance Framework (2025), we inform you that:

• We do not use automated decision-making systems that produce legal or similarly significant effects on individuals without human oversight
• Any AI-powered features used in our services are clearly disclosed
• You have the right to request human review of any AI-assisted decisions
• We maintain transparency records for all AI systems used in our operations

7. Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: Third-party vendors who assist in providing our services (cloud hosting, payment processing, analytics)
• Business Partners: Companies we collaborate with on projects (with your consent)
• Legal Authorities: When required by law or to protect our legal rights
• Corporate Transactions: In connection with mergers, acquisitions, or asset sales

We do not sell your personal data to third parties.

8. International Data Transfers

Your data may be transferred to and processed in countries outside Hong Kong, including within the European Economic Area (EEA), the United States, and other jurisdictions. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Retention periods vary based on the type of data:

• Client records: 7 years after the end of the business relationship
• Financial records: As required by Hong Kong tax law (typically 7 years)
• Marketing data: Until you withdraw consent or unsubscribe
• Website analytics: 26 months

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Request limitation of processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@miriotech.com. We will respond within 30 days (or 40 days for complex requests under Hong Kong PDPO).

12. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience. You can control cookie preferences through your browser settings. We use:

• Essential Cookies: Required for website functionality
• Analytics Cookies: To understand how visitors use our site (Vercel Analytics)
• Preference Cookies: To remember your settings and preferences

13. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

15. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@miriotech.com. You also have the right to lodge a complaint with:

• Office of the Privacy Commissioner for Personal Data (Hong Kong): www.pcpd.org.hk
• Your local data protection authority (for EEA residents)

16. Contact Us

For any questions or concerns about this Privacy Policy or our data practices, please contact us: