Privacy Policy for VitaCore

(HKSAR Specific)

Last Updated: 11 Jan 2026

Effective Date: 11 Jan 2026

1. Introduction and Legal Basis

VitaCore ("we," "our," "us," or "the Partnership") is committed to protecting your privacy in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of the Hong Kong Special Administrative Region (the "PDPO"). This Privacy Policy Statement explains our policies and practices regarding the collection, use, retention, disclosure, transfer, security, and access of your personal data.

This Privacy Policy applies to our website [www.vitacore.hk] and all services provided by VitaCore, including online consultations and booking of face-to-face consultations.

By using our services, you consent to the data practices described in this policy in accordance with HKSAR laws.

2. Kinds of Personal Data Collected

In compliance with Data Protection Principle 1(1) of the PDPO, we collect personal data that is necessary for and directly related to our functions and services.

2.1 Personal Identifiers and Contact Information

  • Full name (in English and/or Chinese)
  • Hong Kong Identity Card Number (optional) or other identification document number
  • Date of birth
  • Correspondence address in Hong Kong (or overseas if applicable)
  • Contact phone number (Hong Kong mobile or landline preferred)
  • Email address

2.2 Health and Dietary Information (Sensitive Personal Data)

  • Detailed descriptions of symptoms, health concerns, and medical history
  • Dietary habits, preferences, and restrictions
  • Health goals and consultation objectives
  • Any other health-related information voluntarily provided

Note: Health data is considered sensitive personal data under the PDPO. We collect this only with your explicit consent and for specified purposes.

2.3 Financial and Payment Information

  • Bank account details for Faster Payment System (FPS) transfers
  • AliPayHK or PayMe account identifiers
  • Payment reference numbers and transaction records

Important: We do not store complete credit/debit card details. All payment processing complies with Hong Kong Monetary Authority guidelines.

2.4 Technical and Log Information

  • IP address (which may indicate general location in Hong Kong or elsewhere)
  • Browser type and version
  • Device information
  • Access times and dates
  • Pages viewed and navigation paths

3. Purposes of Collection and Legal Grounds

Under Data Protection Principle 1(2) and 3 of the PDPO, we collect and use your personal data for the following specified purposes:

3.1 Primary Purposes

  • To provide nutritional consultation services (both online and face-to-face)
  • To schedule, manage, and confirm appointments
  • To develop personalized dietary suggestions and general wellness information
  • To process payments for services rendered
  • To communicate with you regarding your consultations and follow-up care
  • To maintain proper business records as required by Hong Kong laws

3.2 Secondary Purposes (with your consent)

  • To send educational materials about nutrition and healthy living
  • To conduct client satisfaction surveys
  • To improve our services and website functionality
  • For internal statistical analysis and business planning

3.3 Legal Bases under PDPO

  • Your explicit prescribed consent for collection and use (particularly for health data)
  • Contractual necessity for providing requested services
  • Legal obligations under Hong Kong laws (e.g., record keeping)
  • Legitimate interests of our business, provided these do not override your rights

4. Data Retention and Deletion

In accordance with Data Protection Principle 2(2) of the PDPO:

4.1 Retention Periods

  • Consultation records and health data: Retained for 7 years from last service date, following general guidelines for health service records in Hong Kong
  • Financial and payment records: Retained for 7 years as required by the Inland Revenue Ordinance (Cap. 112)
  • Contact information for marketing: Retained until consent is withdrawn
  • Website access logs: Retained for 90 days unless required for investigation

4.2 Secure Destruction

After the retention period expires, we will securely destroy or anonymize your personal data using methods approved by the Office of the Privacy Commissioner for Personal Data (PCPD).

5. Data Security Measures

We implement appropriate security measures as required by Data Protection Principle 4 of the PDPO:

5.1 Administrative Measures

  • Designated Data Protection Officer responsible for compliance
  • Staff training on PDPO requirements and data protection
  • Confidentiality agreements with all employees and contractors
  • Regular privacy compliance audits

5.2 Technical Measures

  • Encryption of sensitive data (health information, financial data)
  • Secure socket layer (SSL) technology for data transmission
  • Firewall protection and intrusion detection systems
  • Regular security updates and vulnerability assessments
  • Access controls and authentication requirements
  • Secure disposal of hardware containing personal data

5.3 Physical Measures

  • Secure storage of physical records (if any) in locked cabinets
  • Access control to premises and server locations
  • Secure disposal of paper records through cross-cut shredding

6. Data Access and Correction Rights

Under Data Protection Principle 6 and Section 18 of the PDPO, you have the right to:

6.1 Access Request

Request access to your personal data held by us. We will respond within 40 days as required by law and may charge a reasonable fee as permitted under Section 28 of the PDPO.

6.2 Correction Request

Request correction of inaccurate personal data. We will respond within 40 days as required by law.

6.3 Request Procedure

To make an access or correction request, please:

  1. Submit a written request to our Data Protection Officer
  2. Provide sufficient information to identify yourself and locate your data
  3. Specify the data you wish to access or correct
  4. Pay any applicable fee (for access requests only)

7. Data Transfer and Disclosure

7.1 Within Hong Kong

We may disclose your personal data to:

  • Service providers bound by contractual confidentiality obligations (e.g., IT support, payment processors)
  • Professional advisors (e.g., lawyers, accountants) as necessary
  • Government authorities when required by Hong Kong laws (e.g., court order, law enforcement request)

7.2 Cross-border Transfers

If we need to transfer your personal data outside Hong Kong, we will:

  • Ensure the destination has laws providing substantially similar protection to the PDPO, OR
  • Obtain your explicit prescribed consent for the transfer, OR
  • Implement contractual measures to protect your data as recommended by the PCPD

8. Direct Marketing

In compliance with the 2012 Amendments to the PDPO regarding direct marketing:

8.1 Consent Requirement

We will not use your personal data for direct marketing purposes without your prior consent.

8.2 Consent Mechanism

When seeking your consent for direct marketing, we will:

  • Inform you that your data will be used for direct marketing
  • Specify the types of marketing materials to be sent
  • Specify the classes of marketing subjects (nutrition, wellness products, etc.)
  • Provide an "opt-out" mechanism for you to withdraw consent at any time

8.3 Marketing Channels

If you consent, we may contact you via:

  • Email
  • SMS
  • Telephone
  • Postal mail

9. Use of Cookies and Tracking Technologies

9.1 Types of Cookies Used

  • Necessary cookies: For website functionality
  • Preference cookies: To remember your settings
  • Statistical cookies: To understand how visitors use our site
  • Marketing cookies: Only with your explicit consent

9.2 Cookie Consent

We obtain consent for non-essential cookies through a clear cookie banner when you first visit our website, in line with PCPD guidance.

10. Important Health Service Disclaimer

VitaCore Nutritional Consultancy Services Notice:

Our services are provided by qualified nutrition professionals in accordance with Hong Kong regulations. However, please note:

  1. Not Medical Practice: Our consultations provide nutritional information and lifestyle advice only. We do not diagnose, treat, or cure medical conditions.
  2. No Doctor-Patient Relationship: Our services do not establish a doctor-patient relationship as defined in Hong Kong medical laws.
  3. Referral to Medical Professionals: We may recommend consulting a registered medical practitioner for medical conditions.
  4. Emergency Care: For medical emergencies, please call 999 or go to the nearest Accident & Emergency Department.
  5. Hong Kong Health Services: We can provide information about public and private healthcare services in Hong Kong if needed.

11. Changes to This Privacy Policy

We may revise this Privacy Policy to comply with changes in the PDPO or other Hong Kong laws. When we make material changes, we will:

  1. Update the "Last Updated" date
  2. Post the revised policy on our website
  3. For significant changes affecting your rights, provide additional notice as appropriate

12. Contact Information and Complaints

12.1 Data Protection Officer

For privacy-related matters, please contact our designated Data Protection Officer:

VitaCore Data Protection Officer

Address: 2011 Gala Place, 56 Dundas Street, Mong Kok, Hong Kong

Email: [email protected]

Phone: +852 6951 2167

12.2 Making a Complaint

If you believe we have violated the PDPO, you may:

  1. First, complain to our Data Protection Officer
  2. If unsatisfied, complain to the Privacy Commissioner:

Office of the Privacy Commissioner for Personal Data, Hong Kong

Address: Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong

Phone: (852) 2827 2827

Fax: (852) 2877 7026

Email: [email protected]

Website: www.pcpd.org.hk