Skip to content

Legal

Privacy Policy

Last updated: 23 May 2026

HQ CFO Limited ("HQ CFO", "we", "us", "our") operates the website hqcfo.com (the "Site") and provides strategic CFO, accounting, tax, compliance, and corporate-services advisory (the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit the Site, request information, or engage us for Services.

HQ CFO is incorporated in Hong Kong and our processing of personal data is governed by the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"). Where we serve clients or visitors based in the EU/UK, we also observe the relevant principles of the GDPR / UK GDPR.

1. Who we are

Data controller: HQ CFO Limited, Room #40, 10/F, Wah Hing Industrial Mansions, 36 Tai Yau St, San Po Kong, Hong Kong. Contact: hello@hqcfo.com.

2. Information we collect

  • Information you give us, your name, business name, email address, phone number, monthly revenue band, number of payment processors, and any context you share via our consultation form, contact email, or call.
  • Engagement information, once you engage HQ CFO, we collect financial data necessary to deliver the Services, including (with your read-only authorisation) data from Stripe, PayPal, AMEX, CheckoutChamp, Shopify, Amazon, Airwallex, Payoneer, HSBC, Xero, QuickBooks Online, and similar platforms; entity-structure information; payroll and headcount data; and any other information you choose to provide.
  • Information collected automatically, IP address, browser type, device type, referring URL, pages visited, time spent on pages, and similar log data. We use Cloudflare as our CDN; Cloudflare may process this data on our behalf.
  • Cookies, see our Cookie Policy for details.

3. Why we collect it (legal basis)

  • To respond to your enquiry, schedule a consultation, and provide quotations (legitimate interest; consent).
  • To perform the engagement letter we sign with you (contract).
  • To comply with our legal, tax, regulatory, and audit obligations (legal obligation).
  • To improve and secure our Site (legitimate interest).
  • To send you operational updates or newsletter content where you have opted in (consent).

4. Who we share it with

  • Service providers acting on our instruction, hosting (HostGator), CDN and edge security (Cloudflare), email (Google Workspace), scheduling, e-signature, and accounting software vendors. They process personal data only on documented instructions and under contractual confidentiality.
  • Engagement partners, where your engagement requires corporate-law, tax-filing, or jurisdiction-specific work, we may share information with partner firms strictly as needed to deliver the Services. We tell you in advance.
  • Authorities, where required by law, court order, or regulatory request (e.g., the Hong Kong Inland Revenue Department, Companies Registry, equivalent foreign authorities).

We do not sell your personal data. We do not share it for third-party marketing.

5. International transfers

Because we serve founders worldwide, your data may be handled outside Hong Kong. When we move data across borders, we rely on the recipient's adequacy status, our engagement contract, or standard contractual clauses, whichever fits. We take reasonable steps to keep protection equivalent.

6. How long we keep it

We keep personal data only as long as we need it: to deliver the Services, to meet legal and tax record rules (in Hong Kong, business records usually must be kept for at least 7 years), and to resolve disputes. After that, we securely delete or anonymise it.

7. Your rights

Under the PDPO (and, where applicable, GDPR / UK GDPR) you may: request access to your personal data; ask us to correct it; ask us to delete it where legally permissible; withdraw any consent you have given; object to certain processing; and complain to the Hong Kong Privacy Commissioner for Personal Data (PCPD) or your local supervisory authority. To exercise any right, email hello@hqcfo.com.

8. Security

We protect personal data with administrative, technical, and physical safeguards suited to how sensitive it is. That includes read-only access to client platforms where possible, encryption in transit (TLS 1.3 on this Site), access controls, and confidentiality terms with everyone who handles client data. No system is perfectly secure. If a breach materially affects you, we will notify you as the law requires.

9. Children

The Services are not directed to anyone under 18. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new "Last updated" date. Material changes will be notified by email where we have your address.

11. Contact

Questions, requests, or complaints relating to this policy or your personal data:

HQ CFO Limited
Room #40, 10/F, Wah Hing Industrial Mansions
36 Tai Yau St, San Po Kong
Hong Kong
Email: hello@hqcfo.com