Get Started

Privacy Policy

Northern Lights Capital > Privacy Policy

Last Updated: February 1, 2026

 

1. INTRODUCTION AND COMPANY INFORMATION

 

Northern Lights Capital Partners Limited (“we,” “us,” or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website nlightscapital.com and interact with our digital marketing services.

 

Please read this Privacy Policy carefully. By accessing or using our website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the website.

 

The data controller responsible for your personal data is:

Northern Lights Capital Partners Limited

Registration Number: 79347649

Registered Address: Unit 915, 9/F, Concordia Plaza, 1 Science Museum Road, Tsim Sha Tsui, Kowloon, Hong Kong

Director: Roman Kozhushko

Contact Email: [email protected]

General Inquiries: [email protected]

Website: nlightscapital.com

 

2. WHAT INFORMATION WE COLLECT AND HOW WE USE IT

 

Personal Data You Voluntarily Provide

 

We may collect the following personal information that you voluntarily provide to us:

 

Contact Information: We collect your name, email address, phone number, and company name when you fill out contact forms, request information about our digital marketing services, or subscribe to our newsletter. We use this information to respond to your inquiries, provide information about our services, maintain client relationships, and send you marketing communications where you have subscribed or provided consent.

Communication Data: Any information you provide when communicating with us via email, contact forms, or other messaging platforms regarding our digital marketing services. We use this to respond to your communications, provide customer support, and understand your business needs and marketing objectives.

Newsletter Subscription: When you subscribe to receive our marketing communications and industry insights, we collect your email address and name. We use this information to send you newsletters, marketing communications, digital marketing tips, and updates about our services.

Inquiry Data: Information about your business needs, marketing objectives, and project requirements when you request consultations or service proposals. We use this to understand your requirements, prepare customized service proposals, and provide relevant recommendations.

 

Information We Collect Automatically

 

When you visit our website, we may automatically collect certain information about your device and browsing behavior:

 

Technical Data: We collect your IP address, browser type and version, operating system, device information, time zone settings, and referring website addresses. This helps us understand our audience demographics, optimize our website for different devices and browsers, and maintain website security.

Usage Data: Information about how you use our website, including pages visited, time spent on pages, links clicked, and navigation patterns. We analyze this data to improve our website functionality, enhance user experience, and understand which content is most valuable to our visitors.

Location Data: Approximate geographic location derived from your IP address to understand where our audience is located and provide relevant content and service information.

 

We currently do not use cookies or similar tracking technologies beyond essential website functionality. Should we implement analytics or marketing tools in the future, we will update this Privacy Policy accordingly and seek your consent where required by law.

 

Legal Basis for Processing

 

We process your personal data based on the following legal grounds under Hong Kong’s Personal Data (Privacy) Ordinance (PDPO) and, where applicable, the EU General Data Protection Regulation (GDPR), UK GDPR, and California Consumer Privacy Act (CCPA):

 

    • Contract Performance and Pre-contractual Measures: Processing your inquiries, preparing service proposals, and delivering consultations you have requested

    • Legitimate Interests: Responding to communications, maintaining client relationships, improving our website and services, understanding market needs, and ensuring website security

    • Consent: Sending newsletters and marketing communications where you have subscribed or provided explicit consent

    • Legal Obligations: Complying with tax requirements, legal obligations, preventing fraud, and protecting our legal rights

 

3. HOW WE SHARE YOUR INFORMATION

 

We may share your personal information with third parties in the following circumstances:

 

Service Providers: We may share your data with trusted third-party service providers who assist us in operating our website, conducting business, or providing services to you. This may include website hosting providers, email communication service providers, IT support and security providers, and professional advisors such as lawyers, accountants, and auditors. We ensure that all third-party service providers are contractually obligated to protect your personal data, use it only for the purposes for which it was disclosed, and comply with applicable data protection laws.

Business Transfers: Your personal data may be transferred in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. In such cases, we will ensure that the acquiring party agrees to protect your personal data in accordance with this Privacy Policy and applicable data protection laws.

Legal Requirements: We may disclose your information when required by law, regulation, legal process, governmental request, court order, or to comply with Hong Kong or international legal obligations. We may also disclose your information to protect our rights, property, or safety, or that of others, or to prevent fraud or other illegal activities.

Professional Advisors: We may share your data with our lawyers, accountants, auditors, and other professional advisors who are bound by confidentiality obligations and need access to your information to provide their services to us.

With Your Consent: When you have given explicit consent for us to share your information with specific third parties for particular purposes, we will do so in accordance with your instructions.

 

4. INTERNATIONAL DATA TRANSFERS AND SAFEGUARDS

 

Your personal data may be transferred to and processed in countries outside Hong Kong, the European Economic Area (EEA), and the United Kingdom where our service providers are located. When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your information:

 

For GDPR Compliance: We use Standard Contractual Clauses (SCCs) approved by the European Commission, or we transfer data to countries that have received adequacy decisions from the European Commission, confirming they provide an adequate level of data protection.

For UK GDPR Compliance: We use the International Data Transfer Agreement (IDTA) or Addendum to the European Commission’s Standard Contractual Clauses, or we transfer data to countries with UK adequacy regulations.

For Hong Kong PDPO Compliance: We comply with Section 33 of Hong Kong’s Personal Data (Privacy) Ordinance regarding cross-border data transfers, ensuring that transferred data receives protection that is substantially similar to that provided under the PDPO.

Additional Safeguards: We may also use Binding Corporate Rules, approved certification mechanisms, or other legally approved transfer mechanisms under applicable data protection laws. We conduct thorough due diligence on all third-party service providers to ensure they provide adequate protection for your personal data in accordance with Hong Kong, EU, UK, and California data protection standards.

 

5. DATA RETENTION AND SECURITY

 

How Long We Keep Your Data

 

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period depends on the nature of the data and the purposes for which it was collected, the duration of our business relationship with you, legal, regulatory, tax, accounting, or other legal obligations requiring retention, and whether there are legitimate business reasons for retention such as dispute resolution or contract enforcement.

 

Specific Retention Periods:

    • Contact Form Inquiries: We retain inquiries and related correspondence for up to 3 years from the date of inquiry to maintain records of potential client relationships and for business development purposes.

    • Newsletter Subscriptions: We retain your subscription data until you unsubscribe or request deletion. After unsubscription, we may retain your email address on our suppression list to ensure we do not inadvertently contact you again.

    • Communication Records: We retain records of our communications with you for up to 7 years for legal, accounting, and dispute resolution purposes.

    • Technical and Usage Data: We retain technical and usage data for up to 2 years for website improvement and security purposes.

When your personal data is no longer required for the purposes collected, we will securely delete or anonymize it in accordance with the PDPO Data Protection Principles and international data protection standards. Deletion or anonymization will be carried out in a way that prevents the data from being reconstructed or identified.

 

How We Protect Your Data

 

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction in accordance with the PDPO Data Protection Principles, GDPR, UK GDPR, and industry best practices. These measures include:

 

Encryption: We encrypt data in transit using SSL/TLS protocols to protect information as it travels between your device and our servers. We also encrypt sensitive data at rest to protect stored information.

Access Controls: We implement strict access controls ensuring that only authorized personnel have access to personal data on a need-to-know basis. Access is granted based on job responsibilities and is regularly reviewed.

Authentication: We use multi-factor authentication and strong password requirements for access to systems containing personal data. All access attempts are logged and monitored.

Network Security: We maintain secure server infrastructure protected by firewalls, intrusion detection systems, and regular security monitoring to detect and prevent unauthorized access attempts.

Regular Assessments: We conduct periodic security assessments, vulnerability testing, and penetration testing to identify and address potential security weaknesses before they can be exploited.

Employee Training: We provide regular training for employees and contractors on data protection principles, security practices, and confidentiality obligations to ensure everyone handling personal data understands their responsibilities.

Incident Response: We maintain documented incident response procedures to address potential data breaches promptly and effectively, including notification procedures in compliance with applicable laws.

Vendor Management: We conduct due diligence and ongoing monitoring of third-party service providers to ensure they maintain adequate security measures and comply with their contractual obligations.

 

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data using commercially reasonable means, we cannot guarantee absolute security. In the event of a data breach that poses risks to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

 

6. YOUR RIGHTS AND HOW TO EXERCISE THEM

 

You have comprehensive rights regarding your personal data under Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), the EU General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act (CCPA). These rights are designed to give you control over your personal information and how it is used.

 

Your Rights Under PDPO, GDPR, and UK GDPR

 

Right to Access: You have the right to request a copy of the personal data we hold about you, including details about how we process it, the categories of data we collect, the purposes of processing, and the recipients with whom we share your data. This allows you to verify the accuracy and lawfulness of our processing activities.

Right to Rectification: You can request correction of inaccurate, incomplete, or outdated personal data. We want to ensure that the information we hold about you is accurate and up-to-date, so please inform us if any of your details change.

Right to Erasure: You can request deletion of your personal data under certain circumstances, including when it is no longer necessary for the purposes collected, when you withdraw consent (where processing was based on consent), when you object to processing and there are no overriding legitimate grounds, when the data has been unlawfully processed, or when erasure is required to comply with legal obligations. This is also known as the “right to be forgotten.”

Right to Restriction: You can request restriction of processing of your personal data under certain circumstances, such as when you contest the accuracy of the data (we will restrict processing until we verify accuracy), when processing is unlawful but you prefer restriction over erasure, when we no longer need the data but you need it for legal claims, or when you have objected to processing pending verification of whether our legitimate grounds override yours.

Right to Data Portability: Under GDPR and UK GDPR, you have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another data controller where technically feasible. This right applies when processing is based on consent or contract and is carried out by automated means.

Right to Object: You can object to processing of your personal data based on legitimate interests, for direct marketing purposes (including profiling related to direct marketing), or for research or statistical purposes. When you object to direct marketing, we will stop processing your data for those purposes immediately.

Right to Withdraw Consent: Where we process your data based on consent, you can withdraw that consent at any time without affecting the lawfulness of processing based on consent before withdrawal. After you withdraw consent, we will stop processing your data for those purposes unless we have another legal basis for processing.

Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Privacy Commissioner for Personal Data in Hong Kong, the Information Commissioner’s Office (ICO) in the UK, or your local Data Protection Authority in the EU.

 

Additional Rights for California Residents

 

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the sources from which we collected it, the business or commercial purposes for collection, and the categories of third parties with whom we share it.

Right to Delete: You can request deletion of personal information we have collected from you, subject to certain exceptions such as when we need to retain the information to complete a transaction, detect security incidents, comply with legal obligations, or for other specified purposes.

 

Right to Opt-Out: You have the right to opt-out of the “sale” of your personal information. However, we do not sell personal information and have not sold personal information in the preceding 12 months.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights. We will not deny you services, charge different prices, provide a different level of service, or suggest that you will receive a different price or level of service for exercising your rights.

 

How to Exercise Your Rights

 

To exercise any of these rights, please contact us at [email protected] or write to our registered address. When submitting a request, please provide sufficient information to allow us to verify your identity and locate your data in our systems. We may need to request additional information to confirm your identity and ensure we are disclosing data to the correct person.

 

 

We will respond to your request within the timeframes required by applicable law: – PDPO: Within 40 days of receiving your request – GDPR and UK GDPR: Within one month, which may be extended by two additional months for complex requests – CCPA: Within 45 days, which may be extended by an additional 45 days where reasonably necessary

 

 

We will not charge a fee for processing valid requests unless they are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse to act on the request. If we refuse your request, we will explain why and inform you of your right to lodge a complaint with the relevant supervisory authority.

 

7. SPECIAL SITUATIONS

 

Children’s Privacy

 

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18 without parental consent. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at [email protected]. If we become aware that we have collected personal data from a child under 18 without parental consent, we will take immediate steps to delete that information from our systems and discontinue any further processing.

 

Newsletter and Marketing Communications

 

If you subscribe to our newsletter, we will use your email address and name to send you marketing communications, industry insights, digital marketing tips, case studies, and updates about our services. You have the right to opt-out of receiving marketing communications at any time without providing a reason.

You may unsubscribe from our newsletter at any time by:

 

    • Clicking the “unsubscribe” link included in every newsletter email

    • Sending a written request to our registered address

Once you unsubscribe, we will stop sending you marketing communications within 10 business days. However, we may retain your email address on our suppression list to ensure we do not inadvertently contact you again in the future. We may also continue to send you non-marketing communications related to our business relationship, such as responses to your inquiries or service-related announcements.

 

Third-Party Links and Services

 

Our website may contain links to third-party websites, plugins, and applications that are not owned or controlled by us. These links are provided for your convenience and reference only. We are not responsible for the privacy practices, content, or security measures of these third parties.

 

 

When you click on a third-party link, you will be directed to that third party’s website, which has its own privacy policy and terms of service. We encourage you to review their policies carefully before providing any personal information or using their services. This Privacy Policy applies solely to information collected by our website and does not apply to information collected by third parties, even if accessed through links on our website.

 

 

We have no control over and assume no responsibility for the content, privacy policies, terms of service, or practices of any third-party websites or services. You acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with your use of or reliance on any third-party content, products, or services.

 

8. UPDATES AND CONTACT INFORMATION

 

Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the “Last Updated” date at the top of this Privacy Policy.

 

 

We will notify you of any material changes that significantly affect your rights or how we process your personal data by: – Posting the updated Privacy Policy on our website with a new “Last Updated” date – Sending an email notification to the address you provided if you are subscribed to our newsletter – Displaying a prominent notice on our website homepage

 

 

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information and your rights. Your continued use of our website after any changes to this Privacy Policy constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, you should stop using our website and contact us to exercise your data protection rights.

 

How to Contact Us

 

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us using the information below. We will make reasonable efforts to respond to your inquiries promptly and in any event within the timeframes required by applicable law.

 

Northern Lights Capital Partners Limited

Registration Number: 79347649

Address: Unit 915, 9/F, Concordia Plaza, 1 Science Museum Road, Tsim Sha Tsui, Kowloon, Hong Kong

Director: Roman Kozhushko

Email for Privacy Matters: [email protected]

General Inquiries: [email protected]

Website: nlightscapital.com

 

Filing Complaints with Supervisory Authorities

 

If you are not satisfied with our response to your privacy concerns or believe that we have violated your data protection rights, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction:

Hong Kong: Privacy Commissioner for Personal Data (https://www.pcpd.org.hk)

European Union: Your local Data Protection Authority (find yours at https://edpb.europa.eu)

United Kingdom: Information Commissioner’s Office (https://ico.org.uk)

California: California Attorney General (https://oag.ca.gov)

These supervisory authorities are independent public bodies that oversee the application of data protection law and have the power to investigate complaints, impose fines, and order corrective actions.

 

 

 

By using our website, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal data as described herein. This Privacy Policy works in conjunction with our Terms of Service to govern your use of our website and services.

Your Future Customers Are Looking For You Right Now

Digital Marketing Isn’t A Quick Fix - It’s A Strategic Investment. We’ll Help You Build A Foundation That Generates Consistent, Scalable Growth.

    We are dedicated to empowering brands to succeed in the digital landscape. With extensive experience and a passionate team, we deliver results.

    Quick Links

    Contact Information

    • [email protected]
    • Unit 915, 9/F, Concordia Plaza, 1 Science Museum Road, Tsim Sha Tsui, Kowloon, Hong Kong

    ⓒCopyright 2025 Northern Lights Capital Partners. All rights reserved