Privacy Policy

I. Data Controller

Data Controller: Wallon Consulting and Software Development Limited
Address: 5/F, Beverley Commercial Centre, 87-105 Chatham Road South, Kowloon, Hong Kong
E-mail address:

II. Data Protection Officer

We do not engage in any activities that would require a Data Protection Officer.

III. Principles and lawful bases for data processing

The purpose of this policy is to enable visitors of this site and our future partners and clients to understand – in a transparent and clear form – what personal data we are handling and for what purpose we use them.

1. Contact form

The contact form on this site is intended to provide online communication. Your name and email address is required on the form. We treat this data as a contribution, by providing these information you are consenting to the processing of these data.

2. Facebook page

We use Facebook page to advertise our company, where you are able to like, share or comment. When you do this, we will be able to see your name and your comment.

3. Billing

If you order any of our services we will issue an invoice which is mandatory by low. We will ask for your billing name and address and your email address for communication.

4. Communication with business partners and clients

In the course of our business, we handle personal data and contacts of our partners on a legitimate basis: name, phone number, email address.

5. Cookies

The cookie is a font and number information package usually sent to your browser for the purpose of saving certain settings, facilitating the use of the site, and contributing to collecting some relevant, statistical information about visitors. Cookies do not contain personal data and are not suitable for individual user authentication. Cookies often contain a unique identifier – randomly generated numbers – that your device stores. Some cookies will disappear after the website is closed and some will be stored for longer on your computer.

You can prevent all activities related to cookies and delete all files that you have saved during your previous visits. To learn more please visit the following pages:
Clear, enable, and manage cookies in Chrome
Enable and disable cookies in Firefox
Manage cookies in Internet Explorer and Edge

Some browsers also allow you to delete browsing data automatically each time you close it.

When downloading parts of this website, the analysis software we use (Google Analytics operated by Google Inc.) automatically places small data files containing your personal data on your computer. You are notified about this when you first visit this website and we ask your consent. These data files are required for the operation of some of website, and information from previous data files that you receive during your visits is sent to the Data Controller. You will find detailed information about these files (_ga, _gat, _gid) and its function on this page. Google Analytics retrieves anonymous IP (anonymously) from the browser and can not connect it to the user. The data is stored for 26 months, the start of the time period restarts when a new event occurs (eg, user starts a new session).

If you want to prevent Google Analytics from adding your visit on any website to its analytics, use this extension (available on any browser).

If you have previously received a cookie from Facebook – either because you have an account or because you have visited – your browser will send data about this cookie whenever you click the “Like” button or visit a website with a social plugin. For more information, see here.

Cookies used on this website

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you have provided to them or that they have collected from your use of their services. You consent to our cookies if you continue to use our website.

Cookies are small text files that can be used by websites to make a user’s experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

Necessary (1)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

CookieConsent Stores the user’s cookie consent state for the current domain HTTP Session

Statistics (3)

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website. HTTP 2 year
_gat Used by Google Analytics to throttle request rate. HTTP Session
_gid Registers a unique ID that is used to generate statistical data on how the visitor uses the website. HTTP Session

Marketing (1)

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

collect Used to send data to Google Analytics ab out the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels. Pixel Session

IV. Consent withdrawal

Data processing (see above) for the following activities is based on your consent:

– contact through the contact form of the website
– operating a Facebook page
– comment on a blog post
– visitors statistics

Consenting can be withdrawn at any time as simply as it was provided.

On Facebook, you can withdraw you consent by unliking the page or deleting your private message or comment.

For other consent-based data processing, please write a short message to

Data processing prior to the withdrawal of consent is considered legitimate.

V. Contract and legal obligations

Keeping the billing information and issuing invoices is our statutory obligation. If the requested data is not provided by the client, it is impossible to fulfill the service.

After ordering our services, a contract with the client is concluded in writing or verbally. Personal data may be included in the contracts, such as contact name, phone number, e-mail address or the name of the legal representative. The condition of the contract is to have these information provided. Without providing the required information, we consider the contract invalid and can not fulfill the service.

VI. Legitimate interest

We handle contact information and names of our business partners, business associates or contacts based on legitimate interest.
This personal data has been provided to us by those who have been involved in our past correspondence and encounters for many years, and have already been convinced of our confidentiality.
We provide the right to request the restriction or suppression of their personal data to all our partners.

VII. Duration of data storage

Contact form (name, email address) – business relationship duration, but reviewed every six months

Comments received on the blog (name, email address, comment) – until erasure is requested

Facebook page (name, comment) – until page deletion, until the page is unliked or comment is deleted

Billing name and address – for statutory time, not less than 7 years

Website / Social Media maintenance work / Footprint Analysis – until the contract is valid

Clients/partners information (name, email address, phone number) – business relationship duration or until erasure is requested

Cookies coming from the website – until the validity of the cookies or until the user deletes them from their browser

GA statistics – 26 months

VIII. Security measures

We take appropriate security measures to protect personal data against unauthorized access, misrepresentation or unauthorized modification. These measures include an electronic firewall and various other protection measures that involve virus scanning, installation of security patches, vulnerability testing, backup and recovery planning, security audits and other steps designed constantly to improve the data protection posture.

IX. Recipients

We engage data processors to fulfill certain tasks.

Hosting Service:, LLC
Corporate Headquarters 14455 N. Hayden Rd., Ste. 226, Scottsdale, AZ 85260 USA
(Access to the full content of the website and forwarding emails.)

Receiving and sending emails:
Gmail – Google Inc., Mountain View, California, USA
(Access to emails and all their data.)

Facebook page:
Facebook Inc.
Menlo Park, California, USA
Privacy Policy:
(Access to user name and comment.)

Google Analytics:
Google Inc., Mountain View, California, USA
(Access to the website visitors’ anonymous, unrelated IP address.)

X. Transmission to a third country

The United States of America is the only third country to which data is transmitted. A US Declaration of Conformity was issued on 12. July 2016. ( which is also kept Google (, and Facebook (

XI. Individual rights

1. Right to access

Our users/clients/parners are entitled to request feedback on whether their personal data is being processed and, if so, entitled to have access to the following information:

– purpose of data processing
– the categories of personal data
– recipients with whom personal data is shared, including third country recipients and international organizations
– the intended duration of storage of the data. Where this is not possible, the criteria for determining that period
– the right to request the data controller to correct, delete or restrict the personal data

We provide a copy of the personal data subject to data processing. For additional copies, we charge a reasonable fee for the administrative costs. If the request is submitted electronically, we provide the information in a widely used electronic format (.doc, .pdf, .xls, .jpg, etc.) unless requested otherwise.

The right to request a copy should not adversely affect the rights and freedoms of others.

2. Right to rectification

Our users/clients/parners have the right to have inaccurate personal data rectified, or completed if it is incomplete. We must contact each recipient and inform them of the rectification or completion of the personal data – unless this proves impossible or involves disproportionate effort. We will inform the person concerned about these recipients upon request.

3. Right to erasure

Our users/clients/parners have the right to have their personal data erased if:

– personal data is no longer necessary for the purpose of originally collected or processed for
– we are relying on consent as our lawful basis for holding the data, and you withdraw your consent
– we are relying on legitimate interests as our basis for processing, and you object to the processing of your data, and there is no overriding legitimate interest to continue this processing
– we have processed the personal data unlawfully
– we have to do it to comply with a legal obligation

When we have disclosed the personal data to others, we must contact each recipient and inform them of the erasure, unless this proves impossible or involves disproportionate effort. We will inform the person concerned about these recipients upon request.

Where personal data has been made public in an online environment reasonable steps should be taken to inform other controllers who are processing the personal data to erase links to, copies or replication of that data. When deciding what steps are reasonable we take into account available technology and the cost of implementation.

We do not need to delete personal data if data processing is necessary for the submission, validation or protection of legal claims. If we receive a request for deletion of such information, we will consider it and will inform about our decision in writing.

4. Right to restrict processing

Our users/clients/parners have the right to request the restrict of processing of their personal data in the following circumstances:

– dispute of the accuracy of personal data until clarification
– the data has been unlawfully processed and our user/client/parner opposes erasure and requests restriction instead
– we no longer need personal data for data processing but visitor of this website, client or partner requires to keep it in order to establish, exercise or defend a legal claim
– user/client/parner has objected to processing their data and we are considering whether our legitimate grounds override those of the user/client/parner

We must not process the restricted data in any way except to store it unless:

– we have the consent of user/client/parner
– it is for the establishment, exercise or defence of legal claims
– it is for the protection of the rights of another person (natural or legal)
– it is for reasons of important public interest.

We will inform our user/client/parner before we lift the restriction.

We must contact each recipient and inform them of the restriction – unless this proves impossible or involves disproportionate effort. We will inform the person concerned about these recipients upon request.

5. Right to data portability

The right to data portability gives our users/clients/parners the right to receive personal data they have provided to us in a structured, commonly used and machine readable format. It also gives our users/clients/parners the right to request that we transmit this data directly to another controller.

The right to data portability should not adversely affect the rights and freedoms of others.

6. The right to object

Our users/clients/parners may object to processing their personal data

if the processing is for their legitimate interest, the processing based upon public task or legitimate interest. Our users/clients/parners must give specific reasons why they are objecting to the processing of their data. These reasons should be based upon their particular situation.

In these circumstances we cannot continue processing until we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the user/client/parner or the processing is for the establishment, exercise or defence of legal claims.

7. Rights related to automated decision making including profiling

Since we do not do automated decision making and profiling, we do not provide a legal basis on it.

XII. In case of a complaint

We handle your personal data with the utmost care. Should you still feel that we have not done all the measures it can be expected to protect your personal data or simply have questions, please email us to

If our business breaches the data processing principles, the parties concerned may exercise their rights in court in a civil lawsuit.

XIII. Automated decision making

We do not use automated individual decision-making.

XIV. When defining the lawful basis for the data handling, we considered these legal provisions

European Parliament and Council (EU) 2016/679. Article 6(1)(a) provides a lawful basis where data processing is related to the contacting through the website, commenting, operating a Facebook page, website visitor statistics and conversion measurements, cookies and business contacts data.

European Parliament and Council (EU) 2016/679. Article 6(1)(c) and Section 51C of the Inland Revenue Ordinance Hong Kong provides a lawful basis where data processing is related to billing and record keeping.

Other provisions

This Privacy Policy will take effect on 25. May 2018. Should any new guidelines or regulations will become known, making it necessary to modify current policy, we will review its content. In case of changing the nature of our businessor should we introduc any new marketing tools, we will also modify this policy accordingly.