Privacy Policy

Last updated: 9 February 2026

Policy Scope

This Privacy Policy (“Policy”) sets forth the privacy practices of Micro-Tech (H.K.) Holding Limited (“Micro-Tech HK”, “we”, “our” or “us”) regarding the collection, use, disclosure, transfer, and protection of personal data (as defined below) in connection with our websites, applications, and other digital platforms (including but not limited to mobile sites and interactive tools, collectively “Sites”) that link to or reference this Policy.

We take Hong Kong Special Administrative Region’s (“Hong Kong SAR”) **Personal Data (Privacy) Ordinance (Cap. 486, “PDPO”)** and its Six Data Protection Principles as the core regulatory framework. For users outside Hong Kong SAR, we also comply with applicable local data protection laws (e.g., Mainland China’s Personal Information Protection Law, EU’s General Data Protection Regulation, US state privacy laws) to ensure consistent protection of personal data.

This Policy describes your choices regarding our use of your personal data and how you can exercise applicable rights (e.g., request access, correction, or deletion of your data). When we refer to “Micro-Tech HK”, we include our affiliates and subsidiaries (including our parent company).

Protected Health Information

We are dedicated to maintaining the privacy and integrity of protected health information (“PHI”) or health-related personal data we collect when collaborating with healthcare providers. Such information will be used and disclosed in strict compliance with PDPO and applicable medical privacy requirements, and is subject to additional safeguards as required by law.

On This Page

– Information Collection and Use

– Disclosing Personal Data & Cross-Border Transfer

– Cookies and Similar Technologies Cookie

– Opt-Out and Deletion Processes

– Data Retention

– Security

– Links to Other Sites

– Minors

– Your Rights

– How to Exercise Your Rights

– Updates to This Policy

– Contact Us

Information Collection and Use

Definition of Personal Data

“Personal Data” refers to information that relates to a living individual and can directly or indirectly identify the individual, such as name, email address, telephone number, professional credentials, clinical affiliation, and health-related information (consistent with PDPO’s definition).

Sources of Personal Data

We collect or obtain personal data from the following sources:

1. Directly from you (e.g., when you request information via our Sites, register for events, sign up for communications, or submit feedback);

2. From your interactions with our Sites (e.g., usage data, browsing history);

3. Service providers and business partners assisting our operations (e.g., logistics, IT services);

4. Healthcare providers and research partners (e.g., professional credentials, clinical collaboration information);

5. Publicly available sources (e.g., professional directories for medical professionals).

Types of Personal Data Collected

Depending on your interactions with us, we collect and store the following types of personal data:

– **Identifiers**: Name, email address, physical address, postal code, username, password, and other registration information;

– **Professional/employment-related information**: Job title, company/hospital affiliation, department, professional license number, clinical affiliation, and credentials;

– **Health-related information**: Health data provided by healthcare professionals for product collaboration, clinical research, or after-sales support;

– **Financial information**: Payment details, transaction history, and invoice information (for product purchases);

– **Online activity information**: IP address, device identifiers, browsing history, and interaction with our digital tools (collected via web logs, cookies, etc.);

– **Communications data**: Content of inquiries, complaints, or feedback; recordings of calls with customer service (with prior notice).

Licensed medical professionals may need to provide additional credentials (e.g., professional license number, clinical affiliation) to access restricted areas of our Sites, which we use to verify eligibility.

Use of Your Personal Data

We use personal data solely for lawful and purpose-bound purposes as follows:

1. Fulfill your requests (e.g., provide product information, process registrations, deliver after-sales support);

2. Send marketing communications (only with your express consent, as required by PDPO);

3. Improve our Sites, products, and services (e.g., analyze user behavior, optimize user experience);

4. Administer accounts and verify eligibility (especially for medical professionals);

5. Conduct legitimate research and analysis (e.g., clinical collaboration, internal innovation);

6. Ensure security and compliance (e.g., prevent fraud, comply with legal obligations).

Disclosing Personal Data & Cross-Border Transfer

Disclosing Personal Data

We will only disclose your personal data in the following circumstances:

1. To our affiliates/subsidiaries for purposes consistent with this Policy;

2. To third-party service providers (e.g., logistics, IT) bound by data protection agreements;

3. To healthcare providers or research partners for legitimate collaboration (with your consent or as required by law);

4. To transaction partners in connection with corporate transactions (e.g., merger, acquisition), with the requirement to uphold this Policy;

5. To law enforcement or regulatory authorities as required by law;

6. To protect the rights, property, or safety of us, you, or others (as permitted by law).

We may share aggregate, non-identifiable data with third parties for research or marketing purposes.

Cross-Border Transfer

As our Sites are operated from Hong Kong SAR, personal data may be transferred to our affiliates or third-party service providers in other jurisdictions (e.g., Mainland China). All such cross-border transfers will strictly comply with PDPO, including via **PCPD Model Contract Clauses**, to ensure the protection level of your personal data is no lower than PDPO’s requirements.

Cookies and Similar Technologies Cookie

We use cookies and similar technologies (e.g., web beacons) on our Sites to ensure functionality, remember your preferences, analyze usage, and deliver personalized content. They are categorized as:

– **Essential Cookies**: Necessary for Site operation; no prior consent required.

– **Non-Essential Cookies**: Used for analytics or marketing; we obtain your explicit consent before using them.

You may manage or disable non-essential cookies via your browser settings. For details, refer to our **Cookie Notice** on our Sites.

Opt-Out and Deletion Processes

Opt-Out of Marketing Communications

To opt out of marketing communications, click the “unsubscribe” link in each email or contact us via the details below.

Deletion of Personal Data

To request deletion of your personal data, contact us with your name, contact information, and details of the data to be deleted. We will honor your request in compliance with PDPO, unless we are required by law to retain the data.

Data Retention

We retain your personal data only for the period necessary to fulfill the collection purpose or as required by law (e.g., 7 years for tax records under Hong Kong law). Once the purpose is fulfilled or the retention period expires, we will delete or anonymize the data (so it can no longer identify you).

Security

We implement physical, technical, and procedural safeguards compliant with international standards (ISO/IEC 27001, ISO/IEC 27701) to protect your personal data from unauthorized access, disclosure, or destruction. These include access controls, data encryption, regular security audits, and staff training.

No security measure is absolute. If you suspect a data breach, please contact us immediately. We will investigate promptly, take remedial actions, and notify you and competent authorities as required by law.

Links to Other Sites

This Policy applies only to our Sites. We are not responsible for the privacy practices of linked third-party websites. You should review their privacy policies before using them.

Minors

Our Sites are not intended for individuals under 18. We do not knowingly collect personal data from minors. If we inadvertently collect such data without parental/guardian consent, we will delete it immediately. Parents/guardians may contact us to request removal of their child’s data.

Your Rights

Under PDPO and applicable laws, you have the following core rights:

1. **Right to Access**: Request confirmation of whether we hold your personal data and obtain a copy;

2. **Right to Correction**: Request correction of inaccurate or incomplete data;

3. **Right to Withdraw Consent**: Withdraw consent for data processing (no impact on prior processing);

4. **Right to Deletion**: Request deletion of your data (where permitted by law);

5. **Right to Complaint**: Lodge a complaint with the Privacy Commissioner for Personal Data (PCPD) of Hong Kong SAR.

How to Exercise Your Rights

To exercise your rights or submit a request (including via an authorized agent), contact us via email:

– **Email**: privacy@mthk.com

You must provide sufficient information to verify your identity (e.g., registered email, professional license number). We will respond within 40 calendar days (per PDPO) and notify you of the outcome.

Updates to This Policy

We may update this Policy to reflect legal or business changes. The updated Policy will be posted on our Sites with the “Last Updated” date. For material changes, we will notify you via email or a prominent Site notice. Your continued use of our Sites after the update constitutes acceptance of the revised Policy.

For privacy-related questions, requests, or complaints, contact our Global Privacy Office:

– **Email**: privacy@mtmed.com

– **Postal Address**: [Insert Micro-Tech (H.K.) Holding Limited’s registered address]

You may also lodge a complaint with the **Privacy Commissioner for Personal Data, Hong Kong SAR**:

– Website: https://www.pcpd.org.hk

– Email: complaint@pcpd.org.hk

– Phone: +852 2827 2827

This Privacy Policy (“Policy”) explains how MICRO-TECH Medical Corporation (“we”, “our”, “us”) collects, uses, discloses, and safeguards personal data when you access or use this website (“Site”). We are committed to handling personal data in accordance with applicable data protection laws, including, where applicable, the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and other relevant global privacy laws.

By using the Site, you acknowledge that you have read and understood this Policy.