Contact us
About
For agencies
For advertisers

Privacy Policy

Last Update 07/05/2026

1. Who we are?

This website is operated by Marelink Limited (a private company limited by shares incorporated under the laws of Hong Kong, with Business Registration Number 79408213 and registered office at Suite 1701–02, 17/F, 308 Des Voeux Road Central, Hong Kong). We are a data user of the data collected through this website, and this privacy policy (“Privacy Policy” or “Policy”) will explain how our organisation uses the personal data we collect from you when you use our website.
All references to ‘Marelink’, ‘our’, ‘us’ or ‘we’ within this policy are deemed to refer to Marelink Limited and/or associates which provide services to us, as appropriate.
Marelink respects the privacy of all individuals whose personal data we collect and process. This Privacy Policy explains how we handle your personal data in accordance with the Personal Data (Privacy) Ordinance (Cap 486) of Hong Kong ("PDPO") and the six Data Protection Principles set out in Schedule 1 to that Ordinance.

This Policy applies to the following categories of individuals whose personal data we may collect and process:
  • customers and prospective customers of Marelink;
  • personnel and representatives of those customers;
  • visitors to our Website;
  • suppliers, contractors, and prospective suppliers of Marelink; and
  • personnel and representatives of those suppliers and contractors.

This Policy describes:
  • the personal data we collect about you and how it is collected;
  • the purposes for which we use your personal data;
  • the legal and regulatory basis on which we process it;
  • the parties with whom we may share it;
  • how we store and protect it; and
  • how we use cookies and similar tracking technologies on our Website.

2.Your rights

Under the Personal Data (Privacy) Ordinance (Cap 486) and other applicable law, you have certain rights in relation to the personal data we hold about you. These rights are described below. If you wish to exercise any of them, or would like further information, please contact us using the details set out at the end of this Policy.
Subject to any exemptions permitted by applicable law, you have the following rights:

Right of access and correction.
You have the right to request access to any personal data we hold about you and to request that we correct any personal data that is inaccurate or out of date. A formal request for access to personal data is known as a Data Access Request ("DAR"). To make a DAR, please contact us at by info@marelink.co. We are entitled under the PDPO to charge a reasonable fee for complying with a DAR, directly related to and necessary for complying with the request, and we will notify you of any applicable fee before proceeding. We will respond to your DAR within 40 days of receipt, or notify you if we require a longer period as permitted by the PDPO.

Right to stop direct marketing.
You have the right to require us at any time to stop using your personal data for direct marketing purposes, including sending you promotional communications by email, post, or other means. If you exercise this right, we will cease using your personal data for that purpose promptly and without charge. You may exercise this right by contacting us at the details set out at the end of this Policy, or by using the unsubscribe link in any marketing communication we send you.

Right to object.
Where we process your personal data on the basis of our legitimate interests or those of a third party, or where we use your personal data for profiling purposes, you have the right to ask us to consider any valid objection you have to that processing. We will review your objection and cease or restrict the relevant processing where your objection is well-founded. Please contact us using the details set out at the end of this Policy to exercise this right.

Right to withdraw consent.
Where we rely on your consent as the basis for processing your personal data, you may withdraw that consent at any time by contacting us or, in the case of marketing communications, by using the unsubscribe link provided. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to withdrawal. Depending on the purpose for which consent was given, withdrawal may affect our ability to provide certain services to you, and we will inform you of this before acting on your request.
We will consider all requests received under this Section and will provide our response within the applicable statutory period. Please note that certain personal data may be exempt from access or correction requests in specific circumstances (for example, where disclosure would be likely to prejudice the prevention or detection of crime, where the data is subject to legal professional privilege, or where we are required to retain it to comply with a legal obligation or to establish, exercise, or defend legal claims). If an exemption applies, we will inform you of this when responding to your request.
We may ask you to provide information sufficient to verify your identity before responding to any request made under this Section. This is to ensure we do not disclose personal data to an unauthorised person.

3. Data Collection

You can share your personal information with us in several ways: by filling out forms on our website, placing orders, registering an account, or reaching out via phone, email, or any other available channel. This covers situations where you or your employer supply your details to access the services we offer. Additionally, your personal information may be passed on to us by you or any third-party sources in connection with services being offered or delivered to us.
The personal data we collect about you will vary depending on the nature of your relationship with us. It may include the following categories:

Data about you as an individual:
  • your full name and job title;
  • the name and address of your company or organisation;
  • your business email address and telephone number;
  • data you provide when you correspond or communicate with us, whether by email, telephone, or other means; and
  • any updates or corrections to data you have previously provided to us.

Data about your use of our Website:
  • your IP address and device information;
  • your username or login credentials where you access any client portal or restricted area of our Website; and
  • data about your behaviour on our Website, including the pages you visit, links you click, time spent on pages, and other interactions with our content or tools.

Data relating to the services we provide to you or your organization:
  • data necessary to establish and administer your account with us, including details provided on account opening or engagement forms;
  • details of services requested, project history, and correspondence relating to those services;
  • data relating to invoicing, payment, and financial administration;
  • customer services data arising from queries, complaints, or feedback you provide to us; and
  • customer relationship management data, including records of communications and marketing preferences.

Data collected in connection with our research and advisory services
Where you participate in any benchmarking exercise, survey, agency assessment, or other research activity conducted by Marelink, we may additionally collect:
  • responses, feedback, and opinions you provide in connection with that activity; and
  • data about your organisation's marketing expenditure, agency relationships, or procurement processes, to the extent you provide this to us voluntarily.

Important notice regarding necessary data
Certain categories of personal data are required in order for us to provide our services to you or your organisation, or for you or your organisation to provide services to us. Where this is the case, we will endeavour to make this clear at the point of collection. If you do not provide us with such data, or if you subsequently ask us to delete it, we may no longer be able to provide you with some or all of our services, or to maintain our engagement with you. We will inform you of the likely consequences before acting on any such request.

4.Use of data

We, and where applicable our service providers and technology partners acting on our behalf, collect, use, and store the personal data for the purposes set out below. In accordance with the Personal Data (Privacy) Ordinance (Cap 486), we will not use your personal data for any new purpose without either obtaining your consent or satisfying ourselves that the new purpose is directly related to the original purpose of collection.

Website visitors. Where you visit our Website, we use your personal data:
  • to enable you to access and navigate our Website and any client portal or restricted area;
  • to provide technical support and ensure the security and integrity of our Website and services;
  • to store your preferences and recognise you when you return, so that we can provide a more consistent experience;
  • to process any requests for information or services submitted through our Website;
  • to monitor and analyse usage patterns for the purposes of improving and maintaining our Website; and
  • to comply with our obligations regarding network and information security.

Where data is collected solely for Website analytics purposes, we will anonymise it to the extent reasonably practicable so that individual users are not identifiable from the data retained.
Providing services to you or your organisation. Where we provide consultancy, benchmarking, research, or other services to you or your organisation, we use your personal data:
  • to register you as a user of our services and administer your account with us;
  • allow you to access and use our website and to provide you with a technical support if necessary;
  • to confirm, deliver, and manage the services you or your organisation have engaged us to provide, including for invoicing, tax, and debt collection purposes;
  • to respond to any enquiries, issues, or complaints you raise about our services, including any requests to access or correct personal data we hold about you;
  • to send you service-related communications, including administrative notices, updates to our terms and conditions, and information about our fees: these communications form part of our service and are not optional; and
  • for legitimate business development and marketing purposes, to contact you with information about Marelink's services and thought leadership content that we believe may be of interest to you, based on your role and relationship with us. You may opt out of such communications at any time by contacting us at the details set out at the end of this Policy.

Profiling and analytics. We may combine different categories of personal data we hold about you (for example, data from your interactions with our Website and information you have shared with us directly) to build a profile that allows us to tailor our communications and services to your interests and role. You have the right at any time to object to the processing of your personal data for profiling purposes, as described in Section 2 of this Policy.
Internal business operations. We use your personal data for internal corporate reporting, business planning and administration, ensuring adequate insurance coverage, and identifying and implementing operational efficiencies, where this is necessary for the legitimate operation of our business.
Legal and regulatory compliance. We use your personal data where necessary to comply with any applicable laws, regulations, codes of practice, or regulatory guidance, including where we are legally required to do so or where we consider it necessary to protect our legitimate legal interests or those of a third party.
Establishing and defending legal rights. We may use your personal data where necessary to establish, exercise, or defend legal claims or rights arising in connection with our services or business operations, whether in judicial, administrative, or alternative dispute resolution proceedings.
We will not use your personal data for any purpose that is incompatible with the purposes described in this Section without first notifying you. Under the PDPO, use of personal data for a new purpose that is not directly related to the original purpose of collection requires your express consent. If you have questions about whether a particular use of your data is compatible with these purposes, or wish to understand the analysis we have carried out, please contact us using the details at the end of this Policy.

5.Legal Bases for Processing

We process your personal data on one or more of the following legal bases, depending on the context in which the data is collected and used. In accordance with the Personal Data (Privacy) Ordinance (Cap 486), we will only collect and use your personal data for purposes that are lawful, necessary, and proportionate. We will not use your personal data for any purpose other than the purpose for which it was collected or a purpose directly related thereto unless we have obtained your express consent. 

Contract. We may process your personal data where it is necessary to enter into, or perform, a contract with you or with your organisation (for example, to provide our consultancy services, manage your account, process payments, or respond to a service request made prior to engagement).

Legal obligation. We may process your personal data where we are required to do so to comply with a legal or regulatory obligation applicable to us in Hong Kong or any other relevant jurisdiction (for example, obligations relating to tax, anti-money laundering, or regulatory reporting).

Consent. We may process your personal data where you have given us your express consent to do so for a specific purpose (for example, subscribing to our mailing list, or making certain cookie choices).
Where we rely on consent, you may withdraw it at any time by contacting us at the details set out at the end of this Policy, or by using the unsubscribe link in any marketing communication. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to withdrawal. However, depending on the purpose for which consent was given, withdrawal may affect our ability to provide certain services to you, and we will inform you of this before acting on your withdrawal request.

Legitimate interests. We may process your personal data where it is necessary for our legitimate interests, or those of a third party, provided those interests are not overridden by your rights, interests, or fundamental freedoms. Before relying on this basis, we identify the legitimate interest pursued, confirm that processing is necessary for that purpose, and conduct a balancing assessment. Our legitimate interests include:
  • operating, maintaining, and improving our Website and services;
  • developing and growing our consultancy business;
  • conducting marketing, market research, and business development activities;
  • selecting appropriately qualified suppliers and contractors;
  • managing and maintaining client and supplier relationships;
  • ensuring the security of our systems, networks, and data; and
  • fulfilling internal administrative, reporting, and governance purposes.

You may ask us for information about the balancing assessment we have conducted in respect of any specific processing activity by contacting us at the details set out at the end of this Policy.
Where we intend to use your personal data for a new purpose that is not directly related to the purpose for which it was originally collected, and where we cannot rely on an existing legal basis, we will notify you in advance and, where required under the PDPO, seek your consent before proceeding.
We will not use your personal data in any way that is incompatible with the purposes set out in this Policy. If you wish to understand how we have determined that a particular use is compatible, or to raise an objection, please contact us using the details at the end of this Policy.

6.Disclosure of Personal Data

We do not sell your personal data to any third party. We will only share your personal data where it is necessary to do so, in accordance with the Personal Data (Privacy) Ordinance (Cap 486) and in particular Data Protection Principle 3, which requires that personal data not be used for a new purpose without your consent unless that new purpose is directly related to the original purpose of collection.
We share your personal data with the following categories of third parties where necessary for the operation of our business and the delivery of our services:
  • CRM platform providers, project management tools, and other software-as-a-service providers used in our operations;
  • payment processors and financial administration providers;
  • artificial intelligence tools, automated analytics providers, and technology partners used in the delivery of our services, subject to our AI governance practices described in our Terms of Use;
  • marketing, advertising, and promotional service providers;
  • analytics and search engine providers that assist in the improvement and optimisation of our Website; and
  • providers of technical support, IT infrastructure, and cybersecurity services.

Any third party with whom we share your personal data is limited by law and by contract in their ability to use your personal data for any purpose other than to provide services to us. We take reasonable steps to ensure that all third-party recipients of your personal data are subject to privacy and security obligations consistent with this Policy and applicable law.

We may also disclose your personal data to third parties in the following circumstances:
  • Business transfers. If we sell or acquire any business or assets, or if substantially all of Marelink's assets are acquired by a third party, we may disclose your personal data to the prospective buyer or seller as part of that transaction. In such cases, the acquiring party will be required to handle your personal data in accordance with this Policy.
  • Legal obligations. Where we are required by law, court order, or lawful request from a government authority, regulator, or law enforcement body to disclose your personal data, including where required to meet national security or crime prevention obligations.
  • Protection of rights. Where disclosure is necessary to enforce our terms and conditions or any other agreement with you, to respond to legal claims, or to protect the rights, property, or safety of Marelink, our staff, our clients, or other persons, including the exchange of personal data with other organisations for fraud prevention or credit risk purposes.

Save as expressly described in this Section, we will not share, sell, or rent your personal data to any third party without notifying you and, where required under the PDPO, obtaining your prior consent. If you have given consent for us to use your personal data in a particular way and subsequently change your mind, you may withdraw your consent by contacting us using the details at the end of this Policy.

Cross-border transfers
Where third parties and group companies with whom we share your personal data are located outside Hong Kong and we transfer your personal data outside Hong Kong, we will take reasonable steps to ensure that the recipient is subject to a law, or is bound by enforceable obligations, that provide a standard of protection for that personal data that is broadly comparable to the protections afforded under the PDPO. For guidance on cross-border data transfers under the PDPO, please refer to the guidance published by the Office of the Privacy Commissioner for Personal Data at www.pcpd.org.hk.

7.Retention of Personal Data

In accordance with Data Protection Principle 2 of the Personal Data (Privacy) Ordinance (Cap 486), we will not retain your personal data for longer than is necessary to fulfil the purposes for which it was collected, or for such longer period as is required or permitted by applicable law. Once your personal data is no longer required for any of those purposes, we will take reasonable steps to securely delete or anonymise it.
The length of time we retain your personal data depends on the nature of our relationship with you and the purposes for which your data is held. Our retention practices are guided by the following:
  • Active clients and ongoing relationships. Where you hold an account with us or we are providing services to you or your organisation, we will retain your personal data for the duration of that relationship and for a reasonable period thereafter, to allow for the resolution of any post-engagement queries, disputes, or audit requirements.
  • Legal and regulatory obligations. We retain personal data for such periods as are required by applicable Hong Kong law (for example, financial and accounting records are retained for a minimum of seven years in accordance with the Inland Revenue Ordinance (Cap 112), and records relevant to potential legal claims are retained for at least six years in accordance with the Limitation Ordinance (Cap 347)).
  • -Inactive contacts. Where you have previously interacted with us but have not engaged with us, our Website, or any of our communications or materials for an extended period, we will delete our contact record of you. We will endeavour to notify you before doing so where it is practicable.
  • Prospective contacts. Where we hold your personal data in anticipation of a potential business relationship but no engagement has materialised within a reasonable period, we will delete our contact record of you.
  • Website and analytics data. Personal data collected through cookies and website analytics tools is retained only for as long as necessary for the analytical purposes described in our Cookies section, after which it is deleted or anonymised. Aggregated and anonymised analytics data, from which no individual can be identified, may be retained indefinitely.
  • AI-processed data. Where your personal data has been processed using AI tools or automated analytics as part of our service delivery, we apply the same retention periods as apply to the underlying data. We do not retain AI-generated outputs containing personal data beyond the applicable retention period for that data.

Notwithstanding the periods set out above, we may retain personal data for a longer period where it is necessary to establish, exercise, or defend legal rights (for example, in connection with a dispute, regulatory inquiry, or legal proceeding). In such cases, data will be retained only for as long as necessary for those purposes.
When personal data is no longer required and no legal basis exists for its continued retention, we will take reasonable steps to ensure it is securely deleted, destroyed, or anonymised in a manner that prevents unauthorised access or reconstruction.
If you have any questions about our data retention practices, or wish to understand how long we hold a specific category of your personal data, please contact us using the details at the end of this Policy.

8.Security of Your Personal Data

The principal risk arising from our holding your personal data is that it could be lost, stolen, or accessed without authorisation. This could result in your personal data falling into the hands of a third party who might use it fraudulently, disclose it without your consent, or otherwise cause harm to your interests. We take this risk seriously and are committed to protecting your personal data accordingly.
In accordance with Data Protection Principle 4 of the Personal Data (Privacy) Ordinance (Cap 486), Marelink takes all reasonable steps to protect personal data against unauthorised or accidental access, collection, use, disclosure, copying, modification, disposal, or similar risks. The measures we take include the following:

Organisational measures:
  • physical access controls to our premises and restricted areas;
  • internal data protection policies and procedures governing the handling of personal data;
  • staff training on data protection obligations and security awareness;
  • confidentiality obligations imposed on employees, contractors, and other personnel with access to personal data; and
  • defined responsibilities for data protection oversight within Marelink.

Technical measures:
  • password protection and access controls for all systems holding personal data;
  • encryption of personal data in transit and, where appropriate, at rest;
  • use of up-to-date anti-virus, anti-malware, and firewall software;
  • logical separation of personal data from other categories of data within our systems; and
  • security configuration standards applied to AI tools and third-party cloud platforms used in the delivery of our services, consistent with our AI governance practices.

Where we engage third-party service providers or technology partners to process personal data on our behalf, we take reasonable steps to ensure that they maintain data security standards comparable to our own and are contractually bound to protect your personal data. We do not permit third-party processors to use your personal data for their own purposes.
Where we have issued you, or you have created, a password to access your account or any client portal on our Website, you are responsible for keeping that password confidential. You must not share your password with any other person. If you believe your password has been compromised, please contact us immediately using the details at the end of this Policy so that we can take appropriate steps to secure your account.

Transmission of Data
While we make every reasonable effort to protect the personal data you provide to us, the transmission of data over the internet is not completely secure and we cannot guarantee the security of data transmitted to our Website. Any such transmission is made at your own risk. Once we have received your personal data, we apply strict security procedures and access controls to protect it against unauthorised access.

Data breach response
In the event of a data breach affecting your personal data, Marelink will take prompt action to contain the breach, assess its nature and scope, and implement remedial measures. Where a breach is likely to result in a real risk of harm to any affected individual, we will notify the relevant parties, including, where appropriate, the affected individual and the Office of the Privacy Commissioner for Personal Data, in accordance with applicable law and the PCPD's guidance on data breach handling.

9.Accuracy of Your Personal Data

In accordance with Data Protection Principle 2 of the Personal Data (Privacy) Ordinance (Cap 486), Marelink takes all practicable steps to ensure that personal data we hold about you is accurate, complete, and kept up to date, having regard to the purposes for which it is used.
Where personal data is collected directly from you, we rely on you to provide accurate and current information at the point of collection. We encourage you to notify us promptly of any changes to your personal data, such as a change of name, job title, employer, or contact details, so that our records may be updated accordingly. You may do so by contacting us using the details set out at the end of this Policy.
Where we obtain personal data about you from third-party sources, such as publicly available databases, referrals, or industry directories, we take reasonable steps to satisfy ourselves as to the accuracy of that data at the time of collection. We acknowledge, however, that the accuracy of third-party sourced data is partly dependent on the practices of the source, and we will take reasonable steps to correct any inaccuracy we become aware of without undue delay.
Where personal data about you is derived or inferred through the use of AI tools, automated analytics, or profiling, we take reasonable steps to verify that such derived data is accurate before using it in a way that affects you. All AI-assisted outputs that relate to you are subject to human review by qualified Marelink personnel, consistent with our AI governance practices.
Where we become aware that personal data we hold about you is inaccurate or out of date, whether through notification by you or by any other means, we will take reasonable steps to correct or update it without undue delay. Please note, however, that where personal data forms part of a record that is required to be retained in its original form for legal, regulatory, or audit purposes, we may not be able to alter that record, but we may be able to add a note to the record indicating the correction.
Under DPP6 of the PDPO, you have the right to request that we correct any personal data we hold about you that is inaccurate. Details of how to exercise this right, and the procedure we follow in responding to correction requests, are set out in this Policy.

10. Cookies Policy

Like many websites, we use cookies on our Website. A cookie is a small text file placed on your computer or mobile device by your web browser when you visit our Website. We use cookies and similar tracking technologies to collect certain information automatically when you visit our Website, including your IP address, browser type and language, the URL you came from, pages viewed, activities undertaken whilst using our services, and the date and time of your visit. We use this information to analyse trends, improve our Website, enhance your browsing experience, and customise the communications and information you receive from us. Cookies also allow us to streamline your experience by reducing the need to log in repeatedly to access certain content.

We use both session cookies, which expire when you close your browser, and persistent cookies, which remain on your device for a set period or until you delete them. The cookies we use fall broadly into the following categories:
Essential cookies are necessary for the Website to function and cannot be switched off. They are usually set in response to actions you take, such as logging in or filling in forms.
Analytics and performance cookies allow us to recognise and count visitors and understand how users navigate our Website, so that we can improve the way it works.
Functionality cookies enable us to remember your preferences and personalise your experience.
Marketing cookies may be used to deliver content and communications relevant to your interests.
Where non-essential cookies are used, we will require your consent.

11. Artificial Intelligence Use.

We may use artificial intelligence and machine learning technologies in the operation of our business and the delivery of our services, including for purposes of security, fraud prevention, operational efficiency, and service improvement. Where such technologies are applied to personal data, we will do so only on a lawful basis and in accordance with this Policy. Further information about how we use these technologies is set out in our Terms of Use.

Where we use artificial intelligence or automated systems to process personal data, including for purposes such as fraud prevention, service optimisation, or risk management, we will do so in accordance with applicable data protection law and this Policy. Where such processing involves profiling or automated analysis that may affect you, we will ensure appropriate safeguards are in place, including providing you with clear information about that processing and, where applicable, the ability to request that a decision be reviewed by a qualified member of our staff.

Where the use of artificial intelligence or automated tools in the delivery of our services requires the transfer of personal data outside Hong Kong, we will ensure that appropriate safeguards are in place to protect that data, including where necessary the use of contractual protections or other mechanisms recognised under applicable law and the guidance of the Office of the Privacy Commissioner for Personal Data.

Where a decision is made about you based solely on automated processing, including profiling, and that decision produces legal or similarly significant effects concerning you, you may have the right to request that the decision be reviewed by a qualified member of our staff, to express your point of view in relation to that decision, and to contest the outcome. To exercise this right, please contact us using the details set out at the end of this Policy. We will acknowledge your request promptly and respond within the period required by applicable law.

12. How You Can Contact Us?

Should you have any questions regarding our Privacy Policy, wish to enquire about the personal data we hold on you, or seek to exercise any of your data protection rights, please do not hesitate to reach out to us by email: by info@marelink.co.


13. Changes to this Policy

This Policy may be updated periodically to reflect changes in our practices or applicable law. The most current version will always be available on this page. We recommend checking back periodically to stay informed of any changes. Continuing to use our Website or engage with our services after an update has been posted will be taken as your acknowledgement of the revised Policy.

© Marelink, 2026.

Main page