STA Link Limited’s logo
Verify Certificate
STA Link Limited’s logo

Privacy Policy

We value your privacy and are committed to safeguarding it in accordance with this Privacy Policy (the “Policy”). This Policy explains what categories of information we may collect from you or that you may provide to us (“Personal Information”) on the stalinkltd.com website (the “Website” or “Service”) and any related products or services (together, the “Services”). It also describes how we collect, use, store, protect and disclose Personal Information, and the choices available to you, including how you may access and update certain information.

This Policy is a legally binding agreement between you (“User”, “you”, or “your”) and STA Link (“STA Link”, “we”, “us”, or “our”). If you accept this Policy on behalf of a company or other legal person, you represent that you are authorised to bind that entity, and references to “you” are to that entity. If you are not so authorised, or if you do not agree with this Policy, you must not use the Website or the Services. By accessing or using the Website or the Services, you confirm that you have read and understood this Policy and agree to be bound by it. This Policy does not extend to practices of organisations we do not own or control, or to individuals we do not employ or manage.

Information Collected Automatically

When you visit the Website, our servers may automatically log data that your browser or device makes available. This may include your device’s Internet Protocol (IP) address, browser type and version, operating system and version, language setting, the web page that referred you to the Website, the pages you view and the time spent on them, search queries, access dates and times, and other technical statistics.

We use automatically collected data solely for detecting potential abuse, administering the Website, and compiling statistical information regarding traffic and usage. Such statistics are not aggregated or analysed in a way that would allow us to identify any particular User.

Our Role as Controller and Processor

Depending on the context, STA Link may act as a “data controller” or a “data processor” in respect of Personal Information. Where we request Personal Information that is necessary for you to access and use the Website or Services, we act as a controller because we determine the purposes and means of processing. Where you submit Personal Information through the Website or Services for your own purposes, we process that information only on your documented instructions; in those circumstances you are the controller and STA Link acts as your processor (unless a separate data processing agreement states otherwise).

Purposes for Which We Use Personal Information

To provide the Website and the Services to you and to meet our legal obligations, we may need to collect and process certain Personal Information. If you choose not to provide requested information, we may be unable to deliver the relevant product or service. We may use Personal Information for the following purposes:

• to send administrative notices and important service communications;
• to respond to enquiries and provide support; and
• to operate, maintain and improve the Website and the Services.

Legal Bases for Processing

The lawful basis on which we process your Personal Information depends on what you use and where you are located. In general, processing will take place where one or more of the following applies: (a) you have given clear consent for one or more specific purposes; (b) processing is necessary for the performance of this Policy or for steps at your request before entering into a contract; (c) processing is necessary for us to comply with a legal obligation; (d) processing is carried out in the public interest or in exercise of official authority vested in us; or (e) processing is necessary for our legitimate interests or those of a third party.

Some jurisdictions permit processing unless you object (opt out). We will gladly clarify the legal basis applicable to a particular activity, including whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Disclosure

To preserve your privacy to the fullest extent, we do not disclose your Personal Information to any third party for any reason.

Retention

We retain Personal Information for as long as necessary to fulfil the purposes described in this Policy, to comply with our legal obligations, to resolve disputes and to enforce our agreements, unless a longer period is required or permitted by law. We may continue to use aggregated data derived from Personal Information after you update or delete your information, provided such aggregated data does not identify you. Once the relevant retention period expires, Personal Information will be deleted. After deletion, rights such as access, erasure, rectification and portability cannot be exercised in respect of that data.

Children’s Privacy

The Services are not intended for persons under 18 years of age, and we do not knowingly collect Personal Information from anyone under 18. If you are under 18, please do not submit Personal Information through the Website or Services. If you believe a child under 18 has provided Personal Information to us, please contact us so that we may delete it.

Do Not Track (DNT)

Some browsers send “Do Not Track” signals. As there is no common industry or legal standard governing how websites should respond to such signals, the Website and Services currently do not interpret or respond to DNT requests. “Tracking” for these purposes refers to collecting personally identifiable information about a user’s online activities across different websites over time.

Email Communications

We may offer electronic newsletters or similar communications that you may choose to receive. We keep your email address confidential and do not disclose it except as described in this Policy. In accordance with applicable anti‑spam laws, messages we send will clearly identify the sender and provide contact information. You can opt out at any time by following the unsubscribe instructions in our emails or by contacting us.

Links to Third‑Party Resources

The Website and Services may contain links to websites or resources not owned or controlled by STA Link. We are not responsible for the privacy practices of such third parties, and we encourage you to review the privacy statements of every site that collects Personal Information.

Information Security

We maintain administrative, technical and physical safeguards designed to protect Personal Information that we hold against unauthorised access, use, alteration or disclosure. Information you provide is stored on systems in a controlled environment. Nevertheless, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Data Incidents

If we become aware of a security incident affecting the Website or Services that results in unauthorised access to Personal Information, we may investigate and take appropriate remedial steps, including notifying law‑enforcement authorities and, where required by law, notifying affected individuals when there is a real risk of harm.

GDPR/UK GDPR – Additional Information for Individuals in the EEA and UK

If you are located in the European Economic Area or the United Kingdom, the General Data Protection Regulation (EU) 2016/679 or the UK GDPR may apply. Subject to certain limitations, you may have the right to: (i) request access to your Personal Information; (ii) request rectification of inaccurate data; (iii) request erasure; (iv) request restriction of processing; (v) object to processing, including direct marketing; (vi) request data portability; and (vii) withdraw consent at any time (without affecting the lawfulness of processing before withdrawal). You also have the right to lodge a complaint with your local supervisory authority. We will handle requests within the timeframes required by applicable law.

Hong Kong PDPO Notice

For users in Hong Kong, we handle Personal Information in accordance with the Personal Data (Privacy) Ordinance (Cap. 486). You may make a data access request or a data correction request by contacting us using the details below. We may charge a reasonable fee permitted by law for processing a data access request.

Changes to This Policy

We may amend this Policy from time to time. When we do, we will update the “last updated” date at the foot of this page and may provide additional notice as appropriate. Unless stated otherwise, the revised Policy takes effect when posted. Your continued use of the Website or Services after the effective date constitutes your acceptance of the revised Policy.

Acceptance

By accessing or using the Website or Services, or by submitting Personal Information to us, you acknowledge that you have read this Policy and agree to its terms.

Contact

If you have questions, concerns or complaints regarding this Policy or the Personal Information we hold about you, or if you wish to exercise your rights, please contact us. We will seek to resolve your concerns promptly and within the time limits set by applicable data protection laws.