Legal · Privacy
Privacy Policy.
How Motark Enterprise Limited collects, uses, retains, and shares personal data submitted through this website. Aligned to the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.
Last updated · 19 May 2026
01 · Controller
Who we are.
The entity responsible for personal data submitted through this site is the Hong Kong-incorporated company below.
- Registered name
- Motark Enterprise Limited (摩達企業有限公司)
- Hong Kong CR
- 2338553
- Registered office
- Unit J, 9/F., King Palace Plaza, 55 King Yip Street, Kwun Tong, Kowloon, Hong Kong
- Data enquiries
- info@motarkenterprise.com
02 · Data
What we collect and why.
Motark's site has four surfaces that collect personal data — the contact enquiry form, the sample request flow, the wholesale quote flow, and the Updates signup. We also collect minimal technical data automatically for security purposes.
Contact enquiry data
- Fields
- Name · business email · company · phone (optional) · enquiry topic · free-text message
- Purpose
- Respond to your enquiry and route it to the relevant team (wholesale, custom development, IP licensing, regulatory, banking, media, or other).
Sample request data
- Fields
- All contact enquiry fields plus compound of interest · sample quantity · full shipping address (street, city, state/region, postal code, country)
- Purpose
- Confirm intended use, importer of record, and any required jurisdiction-specific documentation, then dispatch the sample where compliant.
Quote request data
- Fields
- Contact enquiry fields plus compound and specification · annual volume · origin region preference · destination market
- Purpose
- Prepare a commercial quotation through the relevant Motark partner network.
Updates signup data
- Fields
- Business email · first name (optional) · explicit subscription consent
- Purpose
- Send occasional Motark Updates — opt-in notifications when we add to the compound register, publish new insights, or change regulatory posture. No committed cadence; we email when there is something worth noting. You may unsubscribe at any time using the link in any Update email.
Technical data (automatic)
- Fields
- IP address · user-agent string · request timestamps · referrer (for our security middleware and rate-limit enforcement)
- Purpose
- Detect and block abusive submissions, bot traffic, and other security events. Not used for marketing or profiling.
03 · Lawful basis
On what basis we process.
Performance of, or steps prior to, a B2B contract
Where you submit an enquiry, sample request, or quote request, we process your data to respond to and progress that commercial engagement.
Explicit consent
Motark Updates are sent on the basis of explicit opt-in consent. We do not add contact-form submitters to the Updates list automatically.
Legitimate business interest
Minimal technical data (IP, user-agent, request timestamp) is collected and short-lived for the purpose of operating site security and rate limits. We balance this against your privacy interests and use only what is necessary.
Legal obligation
Where personal data is retained as part of counterparty diligence records to meet Motark's banking, AML, and audit obligations — see the AML/KYC section on Operations & Compliance.
04 · Third parties
Who we share data with.
Personal data is shared only with the service providers below, only for the purposes stated, and only to the extent necessary. Motark does not sell or rent personal data, and does not use third-party advertising or behavioural tracking.
Service
SendGrid (Twilio Inc.)Jurisdiction
United States
Purpose
Transactional email delivery for enquiry confirmations and internal notifications; marketing-contacts list for Updates subscribers.
Data shared
Email address, name, company, phone (when supplied), message content for transactional delivery; email and first name for the marketing list.
Jurisdiction
United States
Purpose
Bot-traffic detection on all form submissions. Renders a score, not a challenge; submissions below the score threshold are rejected.
Data shared
Device, browser, IP, mouse-movement and interaction signals collected by Google's script as part of the bot-detection model.
Jurisdiction
United States
Purpose
Anonymous aggregate web analytics — page views, referrers, browser/device categories. No cross-site tracking, no cookies.
Data shared
Anonymised request data; no persistent identifiers.
Jurisdiction
United States
Purpose
Renders the static map of our Hong Kong HQ on the Contact page. The iframe is loaded by your browser directly from Google.
Data shared
Standard request data sent by your browser to Google when the iframe loads (IP, user-agent, referrer).
International transfers: the providers above are US-incorporated and may process personal data outside Hong Kong. Where transferred, the data is processed under each provider's own privacy and security commitments. We review these arrangements periodically.
05 · Cookies
Cookies we set.
Strictly necessary only. We do not use advertising, retargeting, or cross-site tracking cookies.
CSRF token cookie
Strictly necessary
- HttpOnly · SameSite=Strict · scoped to /api · ~1 hour lifetime. Required for the double-submit cookie pattern that protects form submissions against cross-site request forgery.
Google reCAPTCHA cookies
Strictly necessary (bot detection)
- Set by Google when the reCAPTCHA script runs on form pages. Used to detect automated traffic. Governed by Google's privacy policy.
06 · Retention
How long we keep it.
The seven-year horizon matches Motark's broader documentation retention policy — counterparty correspondence is treated as part of the audit trail.
- Contact enquiry records
- Retained for 7 years from the date of last related correspondence, consistent with Motark's documentation retention policy.
- Sample request records
- Retained for 7 years. Where a sample shipment occurred, dispatch records are retained for the same period.
- Updates list
- Retained until you unsubscribe. After unsubscribe, an email-suppression record is retained indefinitely so we do not re-add you.
- Security logs (IP, user-agent, rate-limit events)
- Short-lived — rotated according to platform defaults. Not retained alongside contact records.
- Analytics data
- Retained per Vercel Analytics policy; Motark holds no separate analytics database.
07 · Your rights
Your rights under the PDPO.
The Personal Data (Privacy) Ordinance (Cap. 486) gives you the following rights in respect of personal data we hold about you. Requests are handled by the address listed under Controller above.
Right of access
You may request a copy of the personal data we hold about you. We will respond within the statutory PDPO timeframe.
Right of correction
If anything we hold is inaccurate, you may request correction. We will action verified corrections without delay.
Right to withdraw consent
For marketing communications, you may withdraw consent at any time using the unsubscribe link in any digest or by contacting us directly. Withdrawal does not affect prior lawful processing.
Right to object to direct marketing
Under section 35G of the PDPO, you may at any time require us to cease using your personal data for direct marketing. We will action such requests without charge.
Right to lodge a complaint
If you believe we have not handled your personal data appropriately, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD).
08 · Changes
Updates to this policy.
We may update this policy from time to time to reflect changes in our practices, legal requirements, or the third-party services we engage. The "Last updated" date at the top of this page reflects the most recent revision. Material changes affecting how we use existing personal data will be notified to subscribers and counterparties whose data is held.
Data requests
Access, correction, or unsubscribe.
Requests in respect of personal data held by Motark are handled within the statutory PDPO timeframe. Email us directly or use the contact form.