What We Do
Expat & Lifestyle
Citizenships & Passports
Trading & Crypto
E-commerce & Online Business
Asset Protection & Privacy
Location

Unit 1603, 16/F,
The L. Plaza
367-375 Queen's Road Central, Sheung Wan,
Hong Kong SAR

Contact us
+31 6 423 600 18info@entitysmart.com
Location
icon Close
Utility Page

Privacy Policy

Effective Date: June 1st, 2025.

This Privacy Policy (“Policy”) is issued by Van Ree International Ltd., a company incorporated in the Hong Kong Special Administrative Region (“Hong Kong SAR”), operating under the brand name “EntitySmart” (hereafter referred to as “EntitySmart,” “we,” “us,” or “our”). This Policy outlines how we collect, use, disclose, and safeguard personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong (“PDPO”), the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and other applicable laws.

This Policy applies to all individuals whose personal data is processed by EntitySmart in the context of their use of our website, services, communications, and professional engagements. By accessing or using our website or services, you acknowledge and agree to the terms of this Policy.

ARTICLE I – DEFINITIONS

For the purposes of this Policy:

1.1 “Personal data” means any data (whether true or not) about an individual who can be identified from that data, or from that data and other information to which EntitySmart has, or is likely to have, access.

1.2 “Processing” means any operation or set of operations performed on personal data, including collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.

1.3 “Data subject” means a natural person whose personal data is processed by EntitySmart.

1.4 “Data controller” means EntitySmart when it determines the purposes and means of the processing of personal data.

1.5 “Applicable law” means all laws, regulations, rules, and official directives applicable to the processing of personal data, including but not limited to the PDPO and the GDPR.

ARTICLE II – LEGAL BASES FOR PROCESSING

EntitySmart processes personal data pursuant to the following legal bases:

2.1 Consent: Where you have provided explicit consent for a specified purpose.

2.2 Contractual necessity: Where processing is necessary for the performance of a contract to which you are a party.

2.3 Legal obligation: Where processing is required to comply with legal or regulatory obligations.

2.4 Legitimate interests: Where processing is necessary for the legitimate interests pursued by EntitySmart or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

ARTICLE III – CATEGORIES OF PERSONAL DATA PROCESSED

Depending on your interactions with us, we may collect and process the following categories of personal data:

3.1 Identification and contact information: Name, email address, telephone number, and residency or business location.

3.2 Technical data: IP address, browser type and settings, device information, cookies, and online usage data.

3.3 Transactional and service data: Communications, requests, documents, consultations, and service-related information.

3.4 Sensitive personal data: EntitySmart does not intentionally collect sensitive personal data (as defined in Article 9 of the GDPR), unless provided voluntarily by the data subject.

ARTICLE IV – PURPOSES OF PROCESSING

We process personal data for the following purposes:

4.1 Provision of services and fulfilment of contracts.

4.2 Client communication and support.

4.3 Identity verification and account management.

4.4 Analytics, internal research, and service improvements.

4.5 Compliance with legal and regulatory requirements.

4.6 Marketing communications (with prior consent, where required).

ARTICLE V – DATA SHARING AND THIRD PARTIES

5.1 EntitySmart may disclose personal data to the following categories of recipients:
(a) Professional service providers (e.g., IT support, legal, accounting);
(b) Payment processors and infrastructure vendors;
(c) Independent consultants or advisors, strictly as necessary to deliver contracted services;
(d) Regulatory bodies, courts, or law enforcement agencies, when required by law.

5.2 EntitySmart does not sell or rent personal data to third parties under any circumstance.

5.3 Where a referral to a third-party service provider is made, any engagement is between the data subject and such provider. EntitySmart assumes no responsibility or liability for the actions, omissions, or advice of third parties.

5.4 EntitySmart may engage trusted third-party service providers to process personal data on our behalf. These subprocessors support our business infrastructure and operations and are contractually required to implement appropriate safeguards in accordance with applicable law. Categories of subprocessors may include:
(a) Web hosting and infrastructure providers (e.g., Webflow, Amazon Web Services)
(b) Email and communication platforms (e.g., Google Workspace)
(c) Payment processors (e.g., Stripe, PayPal)
(d) Analytics tools (e.g., Google Analytics, Plausible)

EntitySmart ensures that all such providers operate under strict data protection agreements and are only given access to personal data as necessary to perform their services.

ARTICLE VI – INTERNATIONAL DATA TRANSFERS

6.1 Due to the global nature of our services, your personal data may be transferred to, stored in, and accessed from jurisdictions outside your country of residence, including Hong Kong SAR, the European Union, or the United States.

6.2 Such transfers shall be conducted in accordance with applicable law, including the use of standard contractual clauses or equivalent legal safeguards under Article 46 of the GDPR.

ARTICLE VII – DATA RETENTION

7.1 Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by legal, contractual, or regulatory obligations.

7.2 Upon expiry of the applicable retention period, personal data will be securely erased or anonymised, unless retention is required for legal proceedings or compliance purposes.

7.3 The following are typical retention periods:
(a) Inquiry and contact form submissions: retained for up to 12 months after the last communication.
(b) Client documents and onboarding records: retained for up to 5 years from the completion of service or termination of the relationship.
(c) Website analytics and usage logs: retained for up to 26 months.
(d) Billing and transaction records: retained for the legally required accounting period.

ARTICLE VIII – RIGHTS OF DATA SUBJECTS

Subject to applicable law, you may have the following rights:

8.1 Right of access to your personal data

8.2 Right to rectification of inaccurate or incomplete personal data

8.3 Right to erasure (“right to be forgotten”)

8.4 Right to restrict or object to processing

8.5 Right to data portability

8.6 Right to withdraw consent at any time

8.7 Right to lodge a complaint with a supervisory authority

8.8 We encourage you to contact us directly at info@entitysmart.com for any questions or complaints regarding the handling of your personal data. If you remain unsatisfied, you have the right to escalate the matter to your local data protection authority.

Requests should be submitted to info@entitysmart.com. We may require verification of identity before acting on such requests.

ARTICLE IX – DATA SECURITY

9.1 EntitySmart implements appropriate technical and organisational measures to safeguard personal data against unauthorised or unlawful access, processing, accidental loss, destruction, or damage.

9.2 However, no method of transmission over the internet or method of electronic storage is completely secure. We disclaim liability for any unauthorised access unless caused by our gross negligence or wilful misconduct.

9.3 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, EntitySmart will notify the affected individuals and relevant authorities without undue delay, in accordance with applicable law.

ARTICLE X – COOKIES AND TRACKING

10.1 Our website uses cookies and similar tracking technologies for functionality, performance, analytics, and advertising.

10.2 You may disable cookies through your browser settings; however, doing so may affect the availability and functionality of the website.

10.3 For visitors from the European Union, EntitySmart may implement a cookie consent mechanism in compliance with the ePrivacy Directive and the GDPR. Users will be provided with the option to accept or decline non-essential cookies.

ARTICLE XI – MINORS

11.1 Our services are not directed to individuals under the age of 18.

11.2 We do not knowingly collect personal data from minors. If you believe a minor has provided data to us, please contact us immediately.

ARTICLE XII – CHANGES TO THIS POLICY

12.1 EntitySmart reserves the right to amend this Policy at any time.

12.2 Changes will be posted on this page and identified by a new “Effective Date.” Continued use of our services after such updates constitutes your acceptance of the revised Policy.

ARTICLE XIII – GOVERNING LAW AND DISPUTE RESOLUTION

13.1 This Policy shall be governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region.

13.2 Any disputes relating to this Policy shall be subject to the exclusive jurisdiction of the courts of Hong Kong.

ARTICLE XIV – CONTACT INFORMATION

If you have any questions, requests, or concerns regarding this Policy or your personal data, please contact:

Van Ree International Ltd. (operating under the brand “EntitySmart”)
Email: info@entitysmart.com
WhatsApp: +316 4236 0018
Registered in: Hong Kong Special Administrative Region

Whether it’s structuring smarter, protecting assets, or building global freedom, EntitySmart is your partner for smarter growth.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Privacy PolicyTerms & Conditions

Some visuals sourced under free commercial licenses.
© 2025 EntitySmart