Kombai Portal

隐私政策

Sokrate Hong Kong Limited

Last updated: 10 June 2026

Sokrate Hong Kong Limited is committed to protecting the privacy and personal data of everyone who visits our website at https://sokratehk.hk (the “Website”), contacts us, applies for a role with us, or uses our services and client portal.


This Privacy Policy:

  • explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, and what rights you can exercise;
  • is drawn up in compliance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong (“PDPO”) and, where applicable, the EU General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”) for individuals in the European Economic Area (“EEA”) and the United Kingdom.

1. Who we are (Data Controller)

The entity responsible for your personal data is:

  • Sokrate Hong Kong Limited
  • Room 1-2, 17/F, 135 Bonham Strand Trade Centre, 135 Bonham Strand, Sheung Wan, Hong Kong SAR, China
  • General email: info@sokratehk.com
  • Privacy contact: v.maffei@sokratesos.com
  • Telephone: +852 5286 0155
  • Mobile: +39 348 140 5974

For any question relating to this Privacy Policy or to the handling of your personal data, please contact us using the details above, in particular the privacy contact email.

2. What personal data we collect

We collect personal data that you provide directly to us, data generated automatically when you use the Website, and data we receive from third parties in the course of providing our services.

Data you provide directly

  • Contact and enquiry data: when you complete the contact form, your full name, email address and the content of your message.
  • Recruitment data: when you apply for a role through our Careers page or by email, your name, contact details, CV/résumé, cover letter and any other information you choose to share.
  • Client portal (Kombai) data: account credentials, contact details and compliance-related information you or your organisation upload to our portal.
  • Service and business data: information exchanged with us when we provide audit, ESG, certification and supply-chain services, which may include contact details of your personnel.

Data collected automatically

  • Technical data: IP address, browser type and version, device information and operating system.
  • Usage data: pages visited, date and time of access and similar log information.
  • Cookies and similar technologies: see the “Cookies” section below.

We do not intentionally collect special categories of personal data (such as data revealing health, religion or political opinions) through the Website.

Please do not submit such data.

3. How and why we use your data (purposes and legal bases)

We process your personal data for the following purposes. Where applicable, we indicate the relevant legal basis under the GDPR.

  • To respond to your enquiries and communicate with you.

Legal basis: Our legitimate interest, as data controller, in responding to the requests we receive (Art. 6(1)(f) GDPR) and the performance of pre-contractual measures taken at the data subject’s request before entering into a contract (Art. 6(1)(b) GDPR).

  • To provide, manage, maintain and improve our services and the Kombai client portal.

Legal basis: The performance of a contract to which the data subject is party, or pre-contractual measures taken at the data subject’s request (Art. 6(1)(b) GDPR), as well as our legitimate interest in improving our services and the user experience (Art. 6(1)(f) GDPR).

  • To process recruitment applications and assess suitability for a role.

Legal basis: Pre-contractual measures taken at the data subject’s request before entering into a possible employment contract (Art. 6(1)(b) GDPR) and our legitimate interest in the selection and recruitment of staff (Art. 6(1)(f) GDPR).

  • To operate, secure and improve the Website, including the prevention of spam, fraud and abusive use.

Legal basis: Our legitimate interest in keeping the Website secure, functional and protected from unauthorised access or fraudulent activity (Art. 6(1)(f) GDPR).

  • To comply with legal, regulatory, tax and accounting obligations.

Legal basis: Compliance with a legal obligation to which the data controller is subject (Art. 6(1)(c) GDPR).

  • To send you service updates, newsletters or marketing communications, where you have agreed to receive them.

Legal basis: The data subject’s consent (Art. 6(1)(a) GDPR), which may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Under the PDPO, we collect and use your personal data solely for purposes directly related to those set out above and will not use such data for any new purpose without your consent, except as otherwise permitted or required by law.

4. Cookies and similar technologies

The Website uses cookies and similar technologies to function correctly, to remember your language preference (our site is available in English and Chinese via WPML) and to help us understand how the Website is used.

  • Strictly necessary cookies: required for core functionality, such as session management and security.
  • Functional cookies: remember choices such as your language preference.
  • Security cookies: set by Google reCAPTCHA on our contact form to distinguish humans from automated submissions.

Most browsers allow you to refuse or delete cookies through their settings. Disabling certain cookies may affect the functionality of the Website.

5. Who we share your data with

We do not sell your personal data. We share it only with the following categories of recipients, and only as necessary:

  • Service providers and processors who host the Website, provide IT and email services, and operate the Kombai client portal on our behalf.
  • Google LLC, in connection with reCAPTCHA used on our contact form to prevent spam and abuse.
  • Our European and Asian partners, where necessary to deliver the compliance, audit and certification services you have engaged us for.
  • Professional advisers, auditors and insurers, where reasonably required.
  • Public authorities, regulators or law enforcement, where required by applicable law or to protect our legal rights.

All processors are required to handle personal data in accordance with our instructions and applicable data protection law.

6. International transfers of data

Sokrate operates as a bridge between Asia and Europe, and your personal data may be transferred to, stored in, or accessed from countries outside your own, including Hong Kong and countries in the EEA.

Where we transfer personal data of individuals in the EEA or the UK to a country that has not been recognised as providing an adequate level of protection, we put appropriate safeguards in place, such as the European Commission’s Standard Contractual Clauses, together with additional measures where required. You may request a copy of the safeguards we use by contacting us.

7. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting or reporting requirements.

  • Enquiry and contact form data: typically kept for up to 24 months after our last contact, unless a business relationship develops.
  • Recruitment data: kept for the duration of the recruitment process and, where unsuccessful, for a limited period afterwards unless you consent to longer retention.
  • Client and service data: kept for the duration of the engagement and as required by law thereafter.
  • Technical and log data: kept for a limited period for security and diagnostic purposes.

When personal data is no longer required, we securely delete or anonymise it.

8. Your rights

Under the Hong Kong PDPO

You have the right to request access to and correction of the personal data we hold about you, and to ascertain our policies and practices in relation to personal data. We may charge a reasonable fee for complying with a data access request, as permitted by the PDPO.

Under the GDPR (for individuals in the EEA / UK)

Where the GDPR applies, you also have the right to:

  • access the personal data we hold about you;
  • request rectification of inaccurate or incomplete data;
  • request erasure of your data in certain circumstances;
  • restrict or object to certain processing;
  • data portability, where applicable;
  • withdraw consent at any time where processing is based on consent;
  • lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us using the details in Section 1. We will respond within the timeframes required by applicable law.

9. Children’s privacy

The Website and our services are intended for businesses and professionals and are not directed at children. We do not knowingly collect personal data from individuals under the age of 18. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The current version will always be available on this page, with the “Last updated” date revised accordingly. We encourage you to review it periodically.

11. How to contact us and complaints

If you have any questions, requests or complaints regarding this Privacy Policy or our handling of your personal data, please contact us:

  • Sokrate Hong Kong Limited
  • Room 1-2, 17/F, 135 Bonham Strand Trade Centre, 135 Bonham Strand, Sheung Wan, Hong Kong SAR, China
  • General email: info@sokratehk.com
  • Privacy contact: v.maffei@sokratesos.com
  • Telephone: +852 5286 0155
  • Mobile: +39 348 140 5974

If you are not satisfied with our response, you may lodge a complaint with a competent data protection supervisory authority, including:

  • Hong Kong: the Office of the Privacy Commissioner for Personal Data (PCPD), www.pcpd.org.hk;
  • Italy: the Garante per la protezione dei dati personali (Italian Data Protection Authority), www.garanteprivacy.it;
  • EEA / UK: your local data protection supervisory authority.
© 2026 Sokrate 香港有限公司。保留所有权利。