Scope and definitions

This Privacy Policy explains how Hitrons Intelligence Limited ("Hitrons", "we", "us") processes personal information when you use hitrons.ai (the "Website").

The Website is a corporate and product information site. It does not provide medical diagnosis, treatment, or e-commerce checkout. The DR H consumer brand site (doctorhhh.com) is operated separately and has its own privacy policy.

"Personal information" means information relating to an identified or identifiable individual. Processing means any operation performed on personal information, such as collection, storage, use, disclosure, or deletion.

This policy should be read together with our Cookie Notice and Terms of Use. Where local law grants you additional rights, we will honour them to the extent required.

Who we are (data controller)

Hitrons Intelligence Limited is a company incorporated in Hong Kong.

Registered office: Unit 620, 6/F, Building 16W, Phase Three, Hong Kong Science Park, Pak Shek Kok, New Territories, Hong Kong.

For privacy enquiries, data subject requests, or questions about this policy, contact us at [email protected]. Please include enough detail for us to identify your request and respond within applicable time limits.

We have not appointed a separate Data Protection Officer for the Website; privacy matters are handled by our sales and operations team until a dedicated contact is published here.

What information we collect

Information you provide voluntarily. When you use our contact or cooperation forms, we may collect your name, company, email address, phone number (if provided), inquiry type, message content, and any other fields you choose to submit.

Technical information collected automatically. When you visit the Website, our hosting and security infrastructure may log your IP address, browser type and version, device type, operating system, referring URL, pages viewed, approximate date and time of access, and similar technical metadata.

Cookie and consent data. If you use our cookie banner, we store your consent choices locally in your browser (and may record the fact that consent was given, depending on configuration). See our Cookie Notice for details.

We do not intentionally collect special categories of personal data (such as health records or government ID numbers) through the Website. Please do not submit sensitive information unless necessary for your inquiry.

Children. The Website is not directed at children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us and we will take steps to delete it.

Purposes and legal bases (GDPR)

We process personal information only where we have a valid legal basis. The table below summarises typical processing on the Website; specific activities may vary as features evolve.

Contact and cooperation inquiries — Purpose: respond to your message, follow up on partnership or sales discussions, maintain business records. Legal basis: your consent when you tick the agreement box and submit the form (GDPR Art. 6(1)(a)); processing necessary to take steps at your request prior to a contract (Art. 6(1)(b)) where applicable.

Website security and fraud prevention — Purpose: protect the Website, detect abuse, ensure integrity of our systems. Legal basis: legitimate interests (Art. 6(1)(f)), balanced against your rights.

Operation and improvement of the Website — Purpose: deliver pages, measure performance, fix errors, understand aggregate usage. Legal basis: legitimate interests for strictly necessary operations; consent for analytics cookies (Art. 6(1)(a)) where required.

Legal and compliance — Purpose: comply with law, respond to lawful requests, establish or defend legal claims. Legal basis: legal obligation (Art. 6(1)(c)) or legitimate interests (Art. 6(1)(f)).

You may withdraw consent at any time where processing is consent-based. Withdrawal does not affect processing that was lawful before withdrawal.

How we use information

We use contact form data to read and respond to your inquiry, route it to the appropriate team, evaluate commercial or partnership opportunities, and keep a record of our correspondence.

We use technical logs to operate CDN and hosting services, troubleshoot outages, monitor security events, and produce aggregated statistics that do not identify you directly.

We do not use your information for automated decision-making that produces legal or similarly significant effects about you.

We do not sell your personal information. We do not use your contact details for unrelated third-party marketing without your separate consent.

How long we keep information

We keep personal information only as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law.

Contact and cooperation records: typically up to twenty-four (24) months after the inquiry is closed or last meaningful contact, unless a longer period is needed for contract performance, dispute resolution, or legal hold.

Server and security logs: typically up to twelve (12) months, unless needed for an active security investigation.

Cookie consent preferences: stored in your browser until you change them or clear site data; we do not retain a separate server copy unless analytics configuration requires it.

When retention ends, we delete or anonymise information using reasonable technical measures.

Cookies and analytics

We use cookies and similar technologies (local storage, pixels) as described in our Cookie Notice.

Strictly necessary cookies support delivery of the Website, security, and load balancing. These do not require consent under many laws but you may still block them in your browser at the cost of reduced functionality.

Analytics cookies (for example Cloudflare Web Analytics or Google Analytics, when enabled in our deployment) help us understand how visitors use the Website. They are disabled until you accept them through the cookie banner.

You can change your choices at any time via the cookie banner, the footer Cookie settings link, or your browser controls.

Recipients and processors

We share personal information only with service providers that process data on our instructions, under contracts that require confidentiality, security, and use limitations.

Categories of recipients may include: website hosting and CDN providers (e.g. Cloudflare), email delivery services (e.g. Amazon SES for contact form notifications), and analytics providers when you have consented.

Our providers may process data in Hong Kong, the United States, the European Union, or other countries where they maintain infrastructure. We assess transfers and implement appropriate safeguards where required.

We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Hitrons, our users, or others.

If Hitrons is involved in a merger, acquisition, or asset sale, personal information may transfer subject to continued protection consistent with this policy.

International transfers

Hitrons is based in Hong Kong. Your information may be processed in Hong Kong and in other countries where our processors operate.

If you are in the European Economic Area, United Kingdom, or Switzerland, transfers to countries without an adequacy decision may rely on Standard Contractual Clauses, supplementary measures, or other mechanisms recognised under applicable law, as documented in our vendor agreements.

You may request more information about safeguards for international transfers by contacting [email protected].

Your rights

Depending on your location, you may have the following rights regarding your personal information, subject to exceptions under local law:

Right of access — request a copy of personal information we hold about you.

Right to rectification — request correction of inaccurate or incomplete information.

Right to erasure — request deletion in certain circumstances (for example where data is no longer necessary or you withdraw consent).

Right to restrict processing — request that we limit how we use your information in certain cases.

Right to data portability — receive information you provided in a structured, commonly used format where technically feasible.

Right to object — object to processing based on legitimate interests, including direct marketing where applicable.

Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

If you are in the EU or UK, you may lodge a complaint with your local data protection supervisory authority. Hong Kong residents may contact the Office of the Privacy Commissioner for Personal Data (PCPD) regarding applicable local rights.

To exercise your rights, email [email protected] with sufficient detail to verify your identity and describe your request. We will respond within the timeframe required by applicable law (often within one month under GDPR).

Security measures

We implement technical and organisational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

Measures may include HTTPS encryption in transit, access controls for administrative systems, use of reputable hosting providers, and limiting access to personal information to personnel who need it for their role.

No method of transmission or storage is completely secure. If you believe your interaction with us is no longer secure, please notify us promptly.

Automated decision-making

We do not use automated decision-making, including profiling, that produces legal effects or similarly significantly affects you in connection with the Website.

Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. The Last updated date at the top of this page indicates when the policy was last revised.

Material changes will be posted on this page. Where required by law, we may provide additional notice (for example a banner on the Website).

We encourage you to review this policy periodically.