​This privacy policy for Integrus (HK) Limited (“Company,” “we,” “us,” or “our”), describes how and why we collect, store, use, and share (“process”) your personal information when you use our business intelligence consulting and risk advisory services (“Services”), such as when you:
 

• Visit our website at https://www.integrus-solutions.com, https://www.openadverse.ai/ or any website or web application of ours that links to this privacy policy

• Engage with us in other related ways — including sales, marketing, consultations, events, or professional interactions
   

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services or provide us with your personal information. If you still have questions or concerns, please contact us at privacy@integrus-solutions.com.
 

1. WHAT INFORMATION DO WE COLLECT?
 

Personal information you disclose to us.
 

We collect personal information that you voluntarily provide to us when you register for our Services, express an interest in obtaining information about us or our products and Services, participate in activities related to our Services, or otherwise contact us.
 

The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the features you use. The personal information we collect may include:
 

• Names

• Job titles and professional information

• Email addresses

• Phone numbers

• Business addresses

• Payment information (such as credit card details, processed via secure third-party providers)

• Other similar information necessary for providing the Services
   

Sensitive Information We do not routinely process sensitive personal information (e.g., racial or ethnic origin, political opinions, religious beliefs, health data). If necessary for specific Services (e.g., in relation to certain risk assessments), we will only do so with your explicit consent or as otherwise permitted by applicable law.
 

Payment Data We collect and process payment-related information only as necessary to facilitate transactions related to our Services. All payment processing is handled by secure, reputable third-party payment service providers that comply with relevant industry security standards (such as PCI DSS). We do not store complete payment card details on our own systems. For more information about how your payment data is handled, please refer to the privacy notices of the respective payment processors we use.
 

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

 

Information automatically collected
 

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
 

Information collected from other sources
 

We may obtain limited information from public databases, partners, or other third parties where necessary and lawful to support Service delivery.
 

2. HOW DO WE PROCESS YOUR INFORMATION?
 

We process your personal information for the following purposes:
 

• To deliver and facilitate delivery of the Services

• To respond to user inquiries and offer support

• To send administrative information to you (e.g., details about our Services, changes to our terms and policies)

• To fulfill and manage your orders and payments

• To protect our Services, including fraud monitoring and prevention

• To comply with legal obligations, such as regulatory reporting in the risk advisory sector

• For internal purposes such as quality assurance, auditing, and analytics
   

We do not process your information for behavioral marketing or automated decision-making that produces legal effects.
 

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
 

For residents in the EU/EEA or UK (under the GDPR and UK GDPR), we rely on the following legal bases to process your personal information:
 

• Performance of a Contract — Processing is necessary to fulfill our contractual obligations to you or to take steps at your request prior to entering into a contract.

• Legitimate Interests — Processing is necessary for our legitimate business interests (e.g., improving our Services, ensuring security, fraud prevention, managing client relationships), provided these interests are not overridden by your rights and freedoms. We conduct legitimate interest assessments as required.

• Consent — Where you have given us explicit consent (e.g., for processing sensitive personal information or certain sharing arrangements). You may withdraw consent at any time.

• Legal Obligations — Processing is necessary to comply with our legal or regulatory obligations.
   

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
 

We share personal information only when necessary and with appropriate safeguards:
 

• Vendors, Consultants, and Service Providers — Including cloud computing services, data analytics providers, payment processors, and IT support, who are bound by data processing agreements that ensure GDPR compliance and SOC 2-equivalent security.

• Business Transfers — In connection with a merger, acquisition, or sale of company assets.

• Legal Requirements — Where required by law, regulation, or court order, or to protect our rights, safety, or property.
   

We do not sell personal data.
 

5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
 

The Services may link to third-party websites, online services, or mobile applications that are not affiliated with us. We are not responsible for the safety or privacy practices of such third parties. Any data collected by them is not covered by this privacy notice. You should review their privacy policies directly.
 

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
 

We may use cookies and similar tracking technologies for essential operational and security purposes. For more details, please refer to our Cookie Notice (if applicable). We do not use them for behavioral marketing or interest-based advertising.
 

7. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
 

Our Services are delivered using cloud-based infrastructure and global service providers. As a result, your personal information may be transferred to, stored, and processed in countries outside your country of residence, including outside the European Economic Area (EEA) or United Kingdom.
 

We ensure that all international transfers comply with applicable data protection laws, including the GDPR, through appropriate safeguards such as:
 

• Standard Contractual Clauses (SCCs), supplemented by transfer impact assessments where necessary

• Adequacy decisions issued by the European Commission

• Other approved transfer mechanisms
   

8. HOW LONG DO WE KEEP YOUR INFORMATION?
 

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy notice, or as required by law (for example, tax, accounting, or regulatory retention periods, typically up to 7 years for financial records).

​

When we no longer have an ongoing legitimate business need to process your personal information, we will delete or anonymize it, or securely isolate it until deletion is possible.

​

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

​

We have implemented appropriate technical and organizational security measures designed to protect your personal information, in alignment with SOC 2 standards for security, availability, processing integrity, confidentiality, and privacy. These measures include encryption of data in transit and at rest, access controls, regular security audits, vulnerability assessments, and employee training.

While we strive to protect your information, no electronic transmission or storage system can be guaranteed 100% secure.

​

10. WHAT ARE YOUR PRIVACY RIGHTS?

​

Depending on your location and applicable law (such as the GDPR for EEA/UK residents), you may have the following rights regarding your personal information:

​

• Access your personal information

• Request rectification of inaccurate or incomplete data

• Request erasure in certain circumstances

• Restrict processing

• Object to processing based on legitimate interests

• Data portability (receive your data in a structured format)

• Withdraw consent where processing is based on consent

• Lodge a complaint with your local supervisory authority
  ​

To exercise these rights, please contact us at privacy@integrus-solutions.com. We will respond in accordance with applicable data protection laws.

​

For residents in the EEA or UK: You may also contact our appointed GDPR representative: gdpr@integrus-solutions.com.

​

11. DO WE MAKE UPDATES TO THIS NOTICE?

​

We may update this privacy notice from time to time. The updated version will be indicated by a revised “Last updated” date. Material changes will be notified via email or prominent posting on our website.

​

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

​

Email: privacy@integrus-solutions.com

​

For residents in the EEA or UK: You may also contact our appointed GDPR representative: gdpr@integrus-solutions.com.

​

13. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

​

To request access to, correction of, or deletion of your personal information, please contact us at privacy@integrus-solutions.com. We will consider and act upon your request in accordance with applicable data protection laws.

​