Privacy Policy

EquiMed Hong Kong Limited ("EquiMed," "we," "our," or "us") is committed to safeguarding the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our website at equimedhk.com and the EquiMed Portal at portal.equimedhk.com (collectively, the "Services").

This Policy is governed by and compliant with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong SAR ("PDPO"). By using our Services, you agree to the collection and use of your information as described in this Policy.

We collect the following categories of information when you use our Services:

Account Information

• Full name and email address
• Phone number
• Login credentials (password stored in hashed form)
• Sex

Health & Sample Information

• Saliva sample submitted via the Liva Test kit
• Biomarker results generated from laboratory analysis of your sample
• Historical health reports stored in your portal account
• Any health information you voluntarily provide when contacting us

Technical & Usage Information

• IP address and device type
• Browser type and operating system
• Pages visited and time spent on the platform
• Cookies and similar tracking technologies (see Cookie section below)

We use your information solely to operate and improve our Services. Specifically, we use your data to:

• Create and manage your EquiMed portal account
• Process your saliva sample and deliver your health report
• Send your health report via WhatsApp or email
• Respond to your enquiries and provide customer support
• Send service notifications, account updates, and important alerts
• Improve the accuracy and features of our platform
• Conduct aggregated, de-identified analysis to improve our service (no individual is identifiable from this analysis)
• Comply with applicable laws and regulatory obligations in Hong Kong

We do not sell, rent, or trade your personal health data. We may share your information only in the following limited circumstances:

Service Providers

We engage trusted third-party providers who perform services on our behalf, including cloud infrastructure, laboratory partners, and communication platforms. These providers are bound by confidentiality obligations and are prohibited from using your data for any other purpose.

Legal Requirements

We may disclose your information to regulators, law enforcement, or government authorities when required by law, court order, or to protect the rights, property, or safety of EquiMed, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of EquiMed's assets, your information may be transferred to the successor entity, subject to the same privacy protections described in this Policy.

With Your Consent

We may share your information with healthcare providers or other parties where you have given us explicit written consent to do so.

We implement technical and administrative safeguards to protect your personal and health data:

• All data is encrypted with AES-256 at rest
• All data transmitted between your device and our servers is encrypted via TLS
• Row-Level Security (RLS) policies are enforced — only your authenticated account can access your records
• Passwords are never stored in plain text — Database handles secure hashing
• Access to production data by EquiMed staff is strictly limited and logged

In the event of a data breach that affects your personal information, EquiMed will notify you via the email address associated with your account as soon as reasonably practicable after becoming aware of the breach. We will also notify the Office of the Privacy Commissioner for Personal Data (PCPD) in accordance with our obligations under the PDPO.

Under Hong Kong's Personal Data (Privacy) Ordinance, you have the following rights in respect of your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of any inaccurate or incomplete data
• Deletion: Delete your account and associated health records from your portal account settings at any time
• Objection: Object to the use of your personal data for direct marketing purposes
• Withdrawal: Withdraw any previously given consent, where applicable

To exercise any of these rights, please contact us at general@equimedhk.com. We will respond within 40 days as required by the PDPO.

We retain your personal data for as long as your account is active or as necessary to provide the Services. Health reports and biomarker records are retained for a minimum of 7 years in accordance with general medical record-keeping best practices in Hong Kong. If you delete your account, we will securely delete or de-identify your personal data within 30 days, except where retention is required by law or legitimate business purposes (such as resolving disputes or preventing fraud).

We use essential cookies to maintain your login session and ensure the portal functions correctly. We do not use third-party advertising or tracking cookies.

• Session cookies: Required for authentication and security. Deleted when you close your browser.
• Preference cookies: Remember your language setting (EN/ZH). Stored for 30 days.

You may disable cookies through your browser settings, but this may affect the functionality of the portal.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the email address associated with your account or through a prominent notice on our website at least 14 days before the change takes effect. Continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Policy.

If you have any questions about this Privacy Policy, wish to exercise your rights, or wish to make a complaint about how we handle your personal data, please contact us:

• Email: general@equimedhk.com
• Address: Rm 1002, 10/F, Tung Lee Industrial Building, Kwun Tong, Kowloon, Hong Kong
• Phone: +852 9848 5805