This Privacy Policy (“Policy”) explains how ARTHISTOIRE (“we”, “us”, “our”) collects, uses, stores, discloses and protects personal data obtained through our website ARTHISTOIRE.hk and any related online services (collectively, the “Website”).

We are committed to protecting personal data in accordance with the laws of the Hong Kong Special Administrative Region (“Hong Kong”), including the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”), and, where applicable, data protection principles inspired by international standards such as the EU General Data Protection Regulation (“GDPR”).

By accessing or using the Website, you acknowledge that you have read, understood and agreed to the terms of this Policy. If you do not agree with any part of this Policy, you should stop using the Website.

2.1 This Policy applies to all personal data that we collect or process from:

- visitors to the Website;

- subscribers to our newsletters or content;

- individuals who contact us for enquiries, collaboration or business purposes; and

- any other persons whose personal data is collected through the Website or in connection with our online services.

2.2 This Policy does not apply to:

- third-party websites, platforms or services that may be accessed through links on our Website; or

- activities of third parties that we do not own, control or manage.

For the purposes of this Policy:

- “Personal data”means any data relating directly or indirectly to a living individual, from which it is practicable to ascertain the identity of that individual, as defined under the PDPO.

- “Processing”means any operation performed on personal data, including collection, use, storage, disclosure, transfer, deletion or destruction.

- “Cookies”means small text files stored on your device when you visit a website, used to recognise your browser or device and to store certain information.

- “GA4” refers to Google Analytics 4, a web analytics service provided by Google LLC or its affiliates.

We may collect and process the following categories of personal data, depending on your interaction with us:

4.1 Information you provide directly, such as:

- Name, email address and other contact details;

- Information provided when you subscribe to newsletters or updates;

- Information provided in enquiry forms, collaboration proposals or feedback;

- Any other information you voluntarily submit to us.

4.2 Information collected automatically through your use of the Website, including but not limited to:

- IP address and approximate geographic location;

- Device type, operating system and browser type/version;

- Pages viewed, time spent on pages, navigation paths and referring URL;

- Clicks, scrolls and other interactions with Website content;

- Unique identifiers such as Cookies ID, Client ID and Session ID;

- Data generated via GA4, including event-based interaction statistics.

4.3 Technical and log information, such as:

- server logs, error logs and usage logs;

- timestamps of visits and access;

- language preferences and display settings.

We do not intentionally collect highly sensitive personal data (such as health data, political opinions, religious beliefs, etc.) via the Website. If you choose to provide such information, you do so voluntarily and at your own discretion.

We may collect personal data in the following ways:

- Directly from you, when you fill in forms, subscribe to content, contact us by email or other channels, or otherwise communicate with us.

- Automatically, when you browse or use the Website, through Cookies, GA4 and similar technologies.

- From third-party service providers, where necessary for analytics, hosting, email delivery, or other operational purposes.

- From publicly available sources, where permitted by applicable law.

We may use personal data for one or more of the following purposes:

6.1 Operation of the Website and provision of services

- to operate, administer, maintain and improve the Website;

- to provide content, features and functions requested by you;

- to respond to your enquiries, feedback or requests.

6.2 Analytics and improvements (including GA4)

- to analyse traffic, usage patterns and user behaviour on the Website;

- to understand how users interact with our content and to improve user experience;

- to compile aggregated and anonymised statistics and reports.

6.3 Communications and updates

- to send you notifications, announcements or updates relating to the Website or our services;

- to send you newsletters or promotional materials, where you have given your consent (see Section 10).

6.4 Security and fraud prevention

- to monitor for, detect and prevent unauthorised access, cyberattacks, abuse or misuse of the Website;

- to protect the rights, property and safety of our users and of ARTHISTOIRE.

6.5 Legal and compliance

- to comply with applicable laws, regulations, court orders, regulatory requirements or requests from competent authorities;

- to establish, exercise or defend legal claims.

Where principles similar to the GDPR are relevant, we may rely on one or more of the following legal bases when processing personal data:

- Consent – where you have given clear consent for us to process your personal data for a specific purpose (e.g. receiving marketing communications).

- Contractual necessity – where processing is necessary for us to provide services you requested.

- Legitimate interests – where processing is necessary for our legitimate business interests (e.g. improving the Website, ensuring security), and such interests are not overridden by your fundamental rights and freedoms.

- Legal obligations – where processing is necessary for compliance with legal obligations.

8.1 Use of Cookies

The Website uses Cookies and similar technologies to:

- enable essential functionality (e.g. navigation, basic features);

- remember your preferences and settings;

- perform analytics via GA4 and similar tools;

- improve the performance and usability of the Website.

8.2 Types of Cookies Used

- Strictly necessary Cookies – required for the Website to function properly.

- Analytics and performance Cookies – used to understand how visitors use the Website, including via GA4.

- Functionality Cookies – used to remember user preferences and enhance user experience.

- Third-party Cookies – set by external service providers (e.g. embedded videos, social media plug-ins, analytics providers).

8.3 Your Choice: Managing or Disabling Cookies

You may configure your browser settings to:

- block all Cookies;

- accept certain types of Cookies only;

- notify you before Cookies are stored; or

- delete existing Cookies.

Please note that disabling or deleting certain Cookies may affect your ability to use some features of the Website.

9.1 We use GA4 to collect and analyse statistical information about how visitors use the Website. GA4 may collect information such as:

- IP address (which may be anonymised, depending on configuration);

- device and browser information;

- pages visited, time spent, and navigation patterns;

- interaction events (e.g. clicks, scrolls, video plays).

9.2 How You Can Limit or Opt Out of GA4

You may reduce or prevent GA4 from collecting data about you by:

- adjusting your browser settings to block or limit third-party Cookies;

- using any GA-specific opt-out tools or browser add-ons made available by Google (if and where available);

- configuring settings separately on each device and browser you use, as such preferences are typically device- and browser-specific.

We do not control and are not responsible for the availability, effectiveness or compatibility of any opt-out tools developed by Google or other third parties.

10.1 We may use your name, email address or other contact details to send you information about:

- our articles, content, talks, events or educational programmes;

- collaborations, exhibitions or activities that we consider may be of interest to you.

10.2 We will only use your personal data for direct marketing where permitted under the PDPO and, where required, with your consent.

10.3 Opting Out of Direct Marketing

You may opt out of receiving marketing or promotional communications from us at any time by:

- clicking the “unsubscribe” link in our email (if provided); or

- contacting us via the contact details provided in Section 15.

Once we receive your request, we will process it within a reasonable period. Opting out will not affect the lawfulness of processing based on your consent before its withdrawal.

We do not sell or trade your personal data. We may, however, disclose personal data to the following parties where necessary and lawful:

- service providers who assist us in operating the Website or providing services (e.g. hosting, analytics, email delivery, IT support);

- professional advisers (e.g. lawyers, auditors) under a duty of confidentiality;

- regulatory authorities, law enforcement agencies, courts or other governmental bodies, where required by law or in response to valid requests;

- any actual or proposed assignee, transferee or successor of our rights in connection with a restructuring, merger, transfer or other disposition of our business.

We will take reasonable steps to ensure that any third party receiving personal data is subject to confidentiality obligations and only processes data for the purposes specified by us.

12.1 Storage and Retention

We store personal data in electronic form on systems operated by us or our service providers. We will retain personal data only for as long as is necessary to:

- fulfil the purposes for which it was collected;

- comply with applicable legal, regulatory or contractual requirements; or

- protect our legitimate interests (e.g. to resolve disputes, enforce agreements).

When personal data is no longer required, we will take reasonable steps to erase, anonymise or securely destroy it.

12.2 Transfer Outside Hong Kong

Personal data may be transferred to, stored in or accessed from jurisdictions outside Hong Kong (for example, where our hosting, cloud or analytics providers are located). Such transfers will be undertaken in compliance with the PDPO and applicable data protection requirements. By using the Website, you acknowledge and consent to such transfers.

We implement reasonable technical, administrative and physical safeguards to protect personal data against unauthorised access, use, disclosure, alteration or destruction. However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your data.

The Website is not primarily directed at children. If you are under the age at which you can provide consent under applicable law (e.g. under 16 in certain jurisdictions), you should obtain the permission of your parent or legal guardian before providing any personal data to us.

We do not knowingly collect personal data from minors without appropriate consent. If you believe that a minor has provided personal data to us without such consent, please contact us so that we can take appropriate steps.

15.1 Your Rights

Subject to the PDPO and other applicable laws, you may have the right to:

- request access to personal data we hold about you;

- request correction of inaccurate or incomplete personal data;

- request deletion or cessation of use of your personal data, where applicable;

- withdraw consent to processing (including direct marketing), where processing is based on consent.

We may charge a reasonable fee (where permitted by law) for processing data access requests.

15.2 Contact Details

If you wish to exercise any of your rights, or if you have any questions about this Policy, please contact us at:

- Email: arthistoire.hk@gmail.com

Please clearly state your name, contact details, and the nature of your request.

We may update or amend this Policy from time to time. Any changes will be posted on the Website with an updated “Last updated” date. Your continued use of the Website after any such changes constitutes your acceptance of the updated Policy.

In the event of any inconsistency or ambiguity between the English and Chinese versions of this Policy, the English version shall prevail.

本私隱政策（「本政策」）說明 ARTHISTOIRE（「本公司」、「我們」）如何透過本公司網站 ARTHISTOIRE.hk 及任何相關網上服務（統稱「本網站」）收集、使用、儲存、披露及保護個人資料。

我們致力依照香港特別行政區（「香港」）之適用法例，包括 《個人資料（私隱）條例》（第 486 章）（下稱「私隱條例」），以及在適用情況下參考國際標準（例如歐盟《一般資料保障規例》（GDPR））之原則，處理及保障個人資料。

閣下一經登入或使用本網站，即表示閣下已閱讀、明白並同意受本政策約束。若閣下不同意本政策之任何部分，請即停止使用本網站。

2.1 本政策適用於以下人士之個人資料收集及處理：

- 瀏覽或使用本網站之訪客；

- 訂閱我們通訊或內容之人士；

- 就合作、查詢或商務事宜與我們聯絡之人士；

- 其他因使用本網站或相關服務而向我們提供個人資料之人士。

2.2 本政策 不適用於：

- 由第三方營運、並可經本網站連結進入之其他網站、平台或服務；

- 任何非由本公司擁有、控制或管理之第三方行為。

就本政策而言：

- 「個人資料」指直接或間接與一名在世人士有關，並可藉此資料實際識別該人士身份之任何資料，並以私隱條例所界定者為準。

- 「處理」指對個人資料作出的任何操作，包括收集、使用、儲存、披露、傳送、刪除或銷毀。

- 「Cookies」指當閣下瀏覽網站時儲存於閣下裝置上的小型文字檔，用以識別閣下的瀏覽器或裝置及記錄某些資料。

- 「GA4」指 Google Analytics 4，即由 Google 所提供之網站分析服務。

視乎閣下與我們之互動方式，我們可能收集及處理下列類別之個人資料：

4.1 閣下直接提供的資料，包括但不限於：

- 姓名、電郵地址及其他聯絡方式；

- 閣下訂閱通訊或內容時所提供的資料；

- 閣下於查詢表格、合作建議或意見反映中提交的資料；

- 任何閣下主動向我們提供的其他資訊。

4.2 透過使用本網站自動收集之資料，包括但不限於：

- IP 位址及大約地理位置；

- 裝置種類、作業系統及瀏覽器種類／版本；

- 被瀏覽之頁面、停留時間、瀏覽路徑及來源網址；

- 閣下對內容之互動（例如點擊、捲動、播放影片等）；

- Cookies ID、Client ID、Session ID 等唯一識別碼；

- 由 GA4 所產生之事件及統計數據。

4.3 技術及記錄資料，例如：

- 伺服器紀錄檔、錯誤記錄及使用紀錄；

- 存取時間及日期；

- 語言設定、顯示偏好等。

我們並非刻意透過本網站收集高度敏感之個人資料（例如健康資料、政治立場、宗教信仰等）。若閣下選擇提供此類資料，將屬閣下自行決定及承擔相關風險。

我們可透過以下方式收集個人資料：

- 直接向閣下收集：例如閣下填寫表格、訂閱內容、透過電郵或其他渠道與我們聯絡；

- 透過閣下使用本網站時自動收集：包括使用 Cookies、GA4 及類似技術；

- 透過協助我們營運之第三方服務供應商：例如網站寄存、分析、電郵發送等；

- 從公開資料來源（在法例容許範圍內）。

我們可就以下一項或多項目的使用個人資料：

6.1 提供及營運本網站

- 營運、管理、維護及改進本網站；

- 提供閣下所要求之內容、功能及服務；

- 回應閣下之查詢、意見或請求。

6.2 分析及改善（包括 GA4）

- 分析網站流量、使用模式及用戶行為；

- 了解用戶如何瀏覽及使用我們的內容，以改善體驗；

- 編制綜合及匿名化統計及報告。

6.3 通訊及更新

- 向閣下發出與本網站或我們服務相關之通知、公告或更新；

- 在閣下同意下，向閣下發送通訊、電子刊物或推廣資料（詳見第 10 節）。

6.4 安全及防止濫用

- 監察、偵測及防止未獲授權之存取、網絡攻擊或其他濫用行為；

- 保障本網站用戶及本公司之權益及安全。

6.5 法律及合規用途

- 遵守適用法律、法規、法院命令或監管要求；

- 建立、行使或維護法律權利或抗辯。

在參考類似 GDPR 之原則時，我們或會基於以下一項或多項法律基礎處理個人資料：

- 閣下之同意：例如就收取市場推廣電郵等情況；

- 履行合約或提供服務之需要；

- 本公司之合法利益：例如改善網站、確保系統安全等，且不損害閣下之基本權利；

- 履行法律責任：例如遵守法定要求或監管規定。

8.1 Cookies 的使用

本網站使用 Cookies 及類似技術，以：

- 令本網站基本功能得以運作；

- 記住閣下之偏好及設定；

- 使用 GA4 或類似工具進行分析；

- 改善本網站之效能及使用體驗。

8.2 Cookies 類型

- 必要性 Cookies：維持網站基本運作所需；

- 分析及效能 Cookies：包括 GA4 用於分析網站使用情況；

- 功能性 Cookies：記錄閣下偏好及增強使用體驗；

- 第三方 Cookies：由嵌入之第三方服務（例如影片、社交媒體插件、分析服務）所設定。

8.3 閣下如何管理或停用 Cookies

閣下可於瀏覽器內調整設定，以：

- 拒絕所有或部分 Cookies；

- 在 Cookies 儲存前顯示提示；

- 刪除已儲存於閣下裝置之 Cookies。

請注意，如閣下停用或刪除特定 Cookies，本網站部分功能或服務可能無法正常運作。

9.1 我們使用 GA4 收集及分析網站使用之統計資料。GA4 或會收集包括：

- IP 位址（在某些設定下或作匿名處理）；

- 裝置及瀏覽器資訊；

- 已瀏覽頁面、停留時間及瀏覽模式；

- 互動事件（例如點擊、捲動、播放影片等）。

9.2 閣下如何限制或拒絕 GA4 收集資料

閣下可透過以下方式，減少或阻止 GA4 收集與閣下有關之資料：

- 於瀏覽器設定中限制或阻止第三方 Cookies；

- （如適用）安裝及使用由 Google 提供之「Google Analytics 退出瀏覽器外掛程式」或類似工具（其可用性及兼容性由 Google 或相關第三方決定）；

- 就閣下每一部裝置及每一款瀏覽器分別設定，因相關偏好通常為裝置及瀏覽器層面。

上述工具及設定由第三方提供或控制，我們不保證其可用性、有效性或兼容性，亦不就此承擔任何責任。

10.1 我們或會使用閣下之姓名、電郵地址或其他聯絡資料，向閣下提供有關：

- 我們之文章、內容、講座、活動或教育項目；

- 我們認為可能符合閣下興趣之合作計劃、展覽或活動。

10.2 我們將於私隱條例所容許之情況下，並在法律要求時於取得閣下同意後，方會將閣下個人資料用作直接促銷用途。

10.3 拒絕接收直接促銷資料

閣下可隨時要求我們停止向閣下發出任何市場推廣或宣傳資料。方法包括：

- 按電郵內之「取消訂閱」連結（如有）；或

- 依本政策第 15 節所列聯絡方式通知我們。

在法律容許範圍內，我們將於合理時間內處理有關要求。閣下撤回同意，並不影響撤回前基於該同意而進行之資料處理之合法性。

我們不會出售或以交易形式提供閣下之個人資料。但在必要及合法情況下，我們或會向下列人士或機構披露個人資料：

- 協助我們營運本網站或提供服務之第三方服務供應商（例如：網站寄存、雲端服務、分析工具、電郵發送、資訊科技支援）；

- 專業顧問（例如律師、核數師），並受保密義務約束者；

- 監管機構、執法機關、法院或其他具合法權限之政府部門（在法律要求或合規需要下）；

- 在合併、重組、轉讓或其他涉及我們業務或權益之交易中，任何實際或潛在受讓人或承繼人。

我們會採取合理措施，確保上述第三方僅於履行其職能所需範圍內使用個人資料，並受適當之保密及私隱保護義務約束。

12.1 儲存及保留

個人資料或會以電子形式儲存於由我們或代表我們行事之服務供應商所營運之系統內。我們只會在達成本政策所述之目的、遵守法律或合約要求、及保障本公司合法權益所需期間內，保留相關個人資料。

當個人資料不再需要時，我們會在合理可行情況下，採取措施刪除、匿名化或以其他安全方式銷毀有關資料。

12.2 境外傳輸

個人資料或會被傳輸至香港境外之司法管轄區（例如：我們之雲端服務或分析服務供應商所在之地）。有關傳輸將會符合私隱條例及其他適用資料保障要求。閣下透過使用本網站，即表示閣下同意上述資料轉移安排。

我們採取合理之技術性、管理性及實體保安措施，保障個人資料免受未經授權之存取、使用、披露、修改或銷毀。然而，互聯網傳輸及電子儲存並非絕對安全，我們無法保證資料之絕對安全性。

本網站並非以兒童為主要對象。如閣下未達適用法律所訂可自行提供同意之年齡（例如某些司法管轄區為 16 歲），閣下在向我們提供任何個人資料前，應取得家長或監護人之同意。

我們並不刻意於未獲家長或監護人同意之情況下，向未成年人收集個人資料。如閣下認為未成年人士在未得適當同意下向我們提供資料，請盡快與我們聯絡，以便我們採取適當措施。

15.1 閣下之權利

在私隱條例及其他適用法律規定下，閣下或有權：

- 查閱我們所持有關於閣下之個人資料；

- 要求更正不準確或不完整之個人資料；

- 在適用情況下，要求刪除或停止使用閣下之個人資料；

- 就基於同意之處理（包括直接促銷）撤回其同意。

我們可根據法例允許於處理查閱資料要求時收取合理費用。

15.2 聯絡方式

如閣下欲行使上述權利、查詢本政策內容或我們的私隱措施，請以以下方式與我們聯絡：

- 電郵：arthistoire.hk@gmail.com

請於查詢或要求中載明閣下姓名、聯絡方法及所提出之要求性質，以便我們處理。

我們可不時修訂或更新本政策。任何更新將刊登於本網站，並標示最新更新日期。閣下於修訂後繼續使用本網站，即表示閣下同意受更新後之政策約束。

如本政策之中、英文版本有任何歧異或不一致之處，概以英文版本為準。