I. Data Controller
Data Controller: Wallon Consulting and Software Development Limited
Address: 5/F, Beverley Commercial Centre, 87-105 Chatham Road South, Kowloon, Hong Kong
E-mail address: firstname.lastname@example.org
II. Data Protection Officer
We do not engage in any activities that would require a Data Protection Officer.
III. Principles and lawful bases for data processing
The purpose of this policy is to enable visitors of this site and our future partners and clients to understand – in a transparent and clear form – what personal data we are handling and for what purpose we use them.
1. Contact form
The contact form on this site is intended to provide online communication. Your name and email address is required on the form. We treat this data as a contribution, by providing these information you are consenting to the processing of these data.
2. Facebook page
We use Facebook page to advertise our company, where you are able to like, share or comment. When you do this, we will be able to see your name and your comment.
If you order any of our services we will issue an invoice which is mandatory by low. We will ask for your billing name and address and your email address for communication.
4. Communication with business partners and clients
In the course of our business, we handle personal data and contacts of our partners on a legitimate basis: name, phone number, email address.
The cookie is a font and number information package usually sent to your browser for the purpose of saving certain settings, facilitating the use of the site, and contributing to collecting some relevant, statistical information about visitors. Cookies do not contain personal data and are not suitable for individual user authentication. Cookies often contain a unique identifier – randomly generated numbers – that your device stores. Some cookies will disappear after the website is closed and some will be stored for longer on your computer.
You can prevent all activities related to cookies and delete all files that you have saved during your previous visits. To learn more please visit the following pages:
Clear, enable, and manage cookies in Chrome
Enable and disable cookies in Firefox
Manage cookies in Internet Explorer and Edge
Some browsers also allow you to delete browsing data automatically each time you close it.
When downloading parts of this website, the analysis software we use (Google Analytics operated by Google Inc.) automatically places small data files containing your personal data on your computer. You are notified about this when you first visit this website and we ask your consent. These data files are required for the operation of some of website, and information from previous data files that you receive during your visits is sent to the Data Controller. You will find detailed information about these files (_ga, _gat, _gid) and its function on this page. Google Analytics retrieves anonymous IP (anonymously) from the browser and can not connect it to the user. The data is stored for 26 months, the start of the time period restarts when a new event occurs (eg, user starts a new session).
If you want to prevent Google Analytics from adding your visit on any website to its analytics, use this extension (available on any browser).
If you have previously received a cookie from Facebook – either because you have an account or because you have visited facebook.com – your browser will send data about this cookie whenever you click the “Like” button or visit a website with a social plugin. For more information, see here.
Cookies used on this website
Cookies are small text files that can be used by websites to make a user’s experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|CookieConsent||wallonconsulting.com||Stores the user’s cookie consent state for the current domain||HTTP||Session|
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
|_ga||wallonconsulting.com||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||HTTP||2 year|
|_gat||wallonconsulting.com||Used by Google Analytics to throttle request rate.||HTTP||Session|
|_gid||wallonconsulting.com||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||HTTP||Session|
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
|collect||google-analytics.com||Used to send data to Google Analytics ab out the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.||Pixel||Session|
IV. Consent withdrawal
Data processing (see above) for the following activities is based on your consent:
– contact through the contact form of the website
– operating a Facebook page
– comment on a blog post
– visitors statistics
Consenting can be withdrawn at any time as simply as it was provided.
On Facebook, you can withdraw you consent by unliking the page or deleting your private message or comment.
For other consent-based data processing, please write a short message to email@example.com
Data processing prior to the withdrawal of consent is considered legitimate.
V. Contract and legal obligations
Keeping the billing information and issuing invoices is our statutory obligation. If the requested data is not provided by the client, it is impossible to fulfill the service.
After ordering our services, a contract with the client is concluded in writing or verbally. Personal data may be included in the contracts, such as contact name, phone number, e-mail address or the name of the legal representative. The condition of the contract is to have these information provided. Without providing the required information, we consider the contract invalid and can not fulfill the service.
VI. Legitimate interest
We handle contact information and names of our business partners, business associates or contacts based on legitimate interest.
This personal data has been provided to us by those who have been involved in our past correspondence and encounters for many years, and have already been convinced of our confidentiality.
We provide the right to request the restriction or suppression of their personal data to all our partners.
VII. Duration of data storage
Contact form (name, email address) – business relationship duration, but reviewed every six months
Comments received on the blog (name, email address, comment) – until erasure is requested
Facebook page (name, comment) – until page deletion, until the page is unliked or comment is deleted
Billing name and address – for statutory time, not less than 7 years
Website / Social Media maintenance work / Footprint Analysis – until the contract is valid
Clients/partners information (name, email address, phone number) – business relationship duration or until erasure is requested
Cookies coming from the wallonconsulting.com website – until the validity of the cookies or until the user deletes them from their browser
GA statistics – 26 months
VIII. Security measures
We take appropriate security measures to protect personal data against unauthorized access, misrepresentation or unauthorized modification. These measures include an electronic firewall and various other protection measures that involve virus scanning, installation of security patches, vulnerability testing, backup and recovery planning, security audits and other steps designed constantly to improve the data protection posture.
We engage data processors to fulfill certain tasks.
Corporate Headquarters 14455 N. Hayden Rd., Ste. 226, Scottsdale, AZ 85260 USA
(Access to the full content of the website and forwarding emails.)
Receiving and sending emails:
Gmail – Google Inc., Mountain View, California, USA
(Access to emails and all their data.)
Menlo Park, California, USA
(Access to user name and comment.)
Google Inc., Mountain View, California, USA
(Access to the website visitors’ anonymous, unrelated IP address.)
X. Transmission to a third country
The United States of America is the only third country to which data is transmitted. A US Declaration of Conformity was issued on 12. July 2016. (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en) which is also kept Google (https://policies.google.com/privacy/frameworks), and Facebook (https://www.facebook.com/about/privacyshield).
XI. Individual rights
1. Right to access
Our users/clients/parners are entitled to request feedback on whether their personal data is being processed and, if so, entitled to have access to the following information:
– purpose of data processing
– the categories of personal data
– recipients with whom personal data is shared, including third country recipients and international organizations
– the intended duration of storage of the data. Where this is not possible, the criteria for determining that period
– the right to request the data controller to correct, delete or restrict the personal data
We provide a copy of the personal data subject to data processing. For additional copies, we charge a reasonable fee for the administrative costs. If the request is submitted electronically, we provide the information in a widely used electronic format (.doc, .pdf, .xls, .jpg, etc.) unless requested otherwise.
The right to request a copy should not adversely affect the rights and freedoms of others.
2. Right to rectification
Our users/clients/parners have the right to have inaccurate personal data rectified, or completed if it is incomplete. We must contact each recipient and inform them of the rectification or completion of the personal data – unless this proves impossible or involves disproportionate effort. We will inform the person concerned about these recipients upon request.
3. Right to erasure
Our users/clients/parners have the right to have their personal data erased if:
– personal data is no longer necessary for the purpose of originally collected or processed for
– we are relying on consent as our lawful basis for holding the data, and you withdraw your consent
– we are relying on legitimate interests as our basis for processing, and you object to the processing of your data, and there is no overriding legitimate interest to continue this processing
– we have processed the personal data unlawfully
– we have to do it to comply with a legal obligation
When we have disclosed the personal data to others, we must contact each recipient and inform them of the erasure, unless this proves impossible or involves disproportionate effort. We will inform the person concerned about these recipients upon request.
Where personal data has been made public in an online environment reasonable steps should be taken to inform other controllers who are processing the personal data to erase links to, copies or replication of that data. When deciding what steps are reasonable we take into account available technology and the cost of implementation.
We do not need to delete personal data if data processing is necessary for the submission, validation or protection of legal claims. If we receive a request for deletion of such information, we will consider it and will inform about our decision in writing.
4. Right to restrict processing
Our users/clients/parners have the right to request the restrict of processing of their personal data in the following circumstances:
– dispute of the accuracy of personal data until clarification
– the data has been unlawfully processed and our user/client/parner opposes erasure and requests restriction instead
– we no longer need personal data for data processing but visitor of this website, client or partner requires to keep it in order to establish, exercise or defend a legal claim
– user/client/parner has objected to processing their data and we are considering whether our legitimate grounds override those of the user/client/parner
We must not process the restricted data in any way except to store it unless:
– we have the consent of user/client/parner
– it is for the establishment, exercise or defence of legal claims
– it is for the protection of the rights of another person (natural or legal)
– it is for reasons of important public interest.
We will inform our user/client/parner before we lift the restriction.
We must contact each recipient and inform them of the restriction – unless this proves impossible or involves disproportionate effort. We will inform the person concerned about these recipients upon request.
5. Right to data portability
The right to data portability gives our users/clients/parners the right to receive personal data they have provided to us in a structured, commonly used and machine readable format. It also gives our users/clients/parners the right to request that we transmit this data directly to another controller.
The right to data portability should not adversely affect the rights and freedoms of others.
6. The right to object
Our users/clients/parners may object to processing their personal data
if the processing is for their legitimate interest, the processing based upon public task or legitimate interest. Our users/clients/parners must give specific reasons why they are objecting to the processing of their data. These reasons should be based upon their particular situation.
In these circumstances we cannot continue processing until we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the user/client/parner or the processing is for the establishment, exercise or defence of legal claims.
7. Rights related to automated decision making including profiling
Since we do not do automated decision making and profiling, we do not provide a legal basis on it.
XII. In case of a complaint
We handle your personal data with the utmost care. Should you still feel that we have not done all the measures it can be expected to protect your personal data or simply have questions, please email us to firstname.lastname@example.org
If our business breaches the data processing principles, the parties concerned may exercise their rights in court in a civil lawsuit.
XIII. Automated decision making
We do not use automated individual decision-making.
XIV. When defining the lawful basis for the data handling, we considered these legal provisions
European Parliament and Council (EU) 2016/679. Article 6(1)(a) provides a lawful basis where data processing is related to the contacting through the website, commenting, operating a Facebook page, website visitor statistics and conversion measurements, cookies and business contacts data.
European Parliament and Council (EU) 2016/679. Article 6(1)(c) and Section 51C of the Inland Revenue Ordinance Hong Kong provides a lawful basis where data processing is related to billing and record keeping.