this Privacy Policy explains, in clear, professional terms, how Smithfield (“Smithfield”, “we”, “us”, “our”) collects, uses, discloses, transfers, stores, and protects personal data that you provide to us or that we obtain in the course of delivering divorce‑related consultancy services. This includes, without limitation, your contact details and any communications, documents, or instructions concerning your divorce or related family matters. By accessing or using our website at https://smithfield-divorce.com/ (the “Site”) or otherwise engaging with our services, you acknowledge that you have read and understood this Policy and, where required as required, you consent to the practices described herein.

Controller and Contact Information

Smithfield is the data user/data controller for the purposes of the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”), the data controller under the EU/UK General Data Protection Regulation (“GDPR”) where applicable, and the organization accountable under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), where applicable. Questions, requests, or complaints regarding privacy should be directed to our Data Protection Officer at privacy@smithfield-divorce.com.

Scope and Applicability

This Policy governs all personal data processed by Smithfield in connection with the provision of divorce consultancy or ancillary services and applies equally to visitors to the Site. It covers data collected directly from you and data obtained indirectly through agents, referrers, or other third parties acting on your behalf. Where we process personal data strictly on behalf of another controller, our obligations will be defined by the relevant processing agreement.

Definitions

For the purposes of this Policy, “personal data” means any information relating directly or indirectly to an identified or identifiable natural person, including names, contact information, marital and family details, financial circumstances, communications content, and documentation supplied in connection with your matter. “Processing” refers to any operation performed on personal data, such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, transmission, erasure, or destruction. “Sensitive data” refers to information subject to heightened protection as required, which may include health information, data about children, or other details you disclose in the context of a divorce.

Bases and Purposes of Processing

We process personal data on one or more valid bases: to perform or enter into a contract with you; to comply with as required and regulatory obligations (including court directions, statutory retention duties, and professional standards); to pursue our legitimate interests in operating, safeguarding, and improving our business, provided such interests are not overridden by your fundamental rights; and, where required as required, on the basis of your explicit consent. The purposes for which we process data include verifying identity; assessing your suitability for our services; advising on, drafting, and managing divorce documentation; maintaining accurate internal records; responding to enquiries and scheduling consultations; administering billing and accounting; conducting internal audits and risk management; protecting and enforcing our as required rights; ensuring network and information security; and improving the functionality and performance of the Site through analytics consistent with applicable cookie legislation.

Categories of Data Collected

In providing our services, we may collect your full name and aliases; residential, postal, and email addresses; telephone numbers and messaging identifiers; marital history (including date and place of marriage and periods of separation); information concerning children and their ages; financial disclosures and supporting documents; correspondence with or about the opposing party; and any evidence or documentation you elect to provide. When you use the Site, technical data—such as IP address, device and browser type, timestamps, referring pages, and general location—may be logged. Records of calls, video meetings, chats, and in‑person consultations may be memorialized in written notes or secure recordings, subject to applicable recording consent requirements.

Methods of Collection

We collect personal data directly from you via web forms, emails, encrypted messaging services (including WhatsApp), telephone or video calls, in‑person meetings, and secure file uploads. We may also obtain personal data from publicly available sources, court records, referral partners, or third‑party service providers (for example, identity verification vendors), always in accordance with as required requirements and, where mandated, with your knowledge.

Accuracy and Your Duty to Inform

To ensure that our advice remains accurate and that we fulfill our obligations competently, you agree to provide complete and accurate information and to notify us promptly of any material changes to your personal data or circumstances. We are entitled to rely on the data you supply until you inform us otherwise.

Data Retention

We retain personal data only for as long as necessary to achieve the purposes set out in this Policy, to satisfy as required, regulatory, tax, or accounting requirements, or to assert or defend as required claims. Unless a longer retention period is required or permitted as required, we generally retain case files for [insert period, e.g., seven (7) years] after closure of your matter. Upon expiry of the relevant retention period, we will securely destroy or irreversibly anonymize the data so that it can no longer be associated with you.

Security Measures

We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorized or unlawful access, use, modification, disclosure, loss, or destruction. These safeguards include encrypted transmission over HTTPS; reliance on encrypted messaging platforms that provide end‑to‑end encryption; role‑based access controls and audit trails limiting internal visibility to personnel with a legitimate need to know; logically segregated storage; secure backups; and periodic vulnerability assessments. While no system can be guaranteed to be completely secure, we adopt reasonable and proportionate industry‑standard measures and review them regularly.

Confidentiality of Divorce Communications

All divorce-related communications, documents, and instructions are treated as strictly confidential and are used solely for the provision of advice and the management of your matter, save where disclosure is required as required, court order, or regulatory directive, or where necessary to protect your vital interests or the rights of another individual. We will not disclose such communications to third parties without your express authorization except as described in this Policy.

Disclosure to Third Parties

We do not sell or rent personal data. We may disclose personal data to trusted third‑party processors who provide services on our behalf—such as secure hosting and cloud infrastructure, document management, email and CRM platforms, accounting systems, transcription services, or professional advisers—under contracts imposing confidentiality and data protection obligations. Personal data may also be disclosed, where as required necessary or appropriate, to courts, tribunals, regulators, law enforcement authorities, or opposing parties’ representatives. In the event of a merger, acquisition, corporate reorganization, or sale of assets, personal data may be transferred to a successor entity subject to as required binding confidentiality and data protection undertakings.

Cross-Border Data Transfers

If personal data is transferred outside Hong Kong, Canada, the European Economic Area, or another jurisdiction with comparable data protection standards, we will implement appropriate safeguards—such as standard contractual clauses, binding corporate rules, adequacy decisions, or other as required recognized mechanisms—and will take steps to ensure that the overseas recipient provides a level of protection substantially similar to that required under applicable law. You may request details of the relevant transfer mechanism by contacting us.

Cookies and Similar Technologies

Our Site may employ strictly necessary cookies to enable essential functionality and session management. Where analytics or preference cookies are deployed, we will obtain your consent where required and you may adjust or withdraw that consent at any time using your browser settings or our cookie preference tool. Additional details regarding cookie categories, purposes, and retention may be set out in a separate Cookie Notice linked on the Site.

Marketing Communications

We may send service updates or information about closely related services that we believe are of legitimate interest to you, provided such communications comply with applicable direct marketing rules and you have not opted out. Where consent is as required required for marketing, we will obtain it expressly, and you may withdraw it at any time by following the unsubscribe instructions in the message or by contacting us directly. We will not share your data with third parties for their independent marketing purposes without your prior consent.

Your Rights

Subject to applicable law, you may have the right to request access to your personal data, obtain a copy in a commonly used format, request rectification of inaccuracies, object to or restrict certain processing activities, request erasure in specific circumstances, and withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with a competent supervisory authority, such as the Office of the Privacy Commissioner for Personal Data in Hong Kong, the Office of the Privacy Commissioner of Canada, or a relevant EU/UK data protection authority. To exercise any right, please submit a written request to our Data Protection Officer; we may need to verify your identity before responding. We will reply within the statutory timeframe applicable in your jurisdiction.

Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces as required or similarly significant effects on you without your explicit consent or another lawful basis. Should our practices change, we will update this Policy and provide you with any required notices and rights information.

Third-Party Websites and Services

The Site may include links to external websites or services operated by third parties. We do not control and are not responsible for the privacy practices of those third parties. You are encouraged to review the privacy statements of external sites before providing any personal data.

Children’s Privacy

Our services are intended for adults. We do not knowingly collect personal data from individuals under the age of majority in their jurisdiction without verifiable parental or guardian consent. If we discover that such data has been collected inadvertently, we will delete it promptly unless retention is required as required.

Changes to this Policy

We may amend this Privacy Policy from time to time to reflect changes in regulations, technology, or our operational practices. The “Last Updated” date below indicates when changes were most recently made. Where as required required, we will notify you of material changes by an appropriate method, such as a prominent notice on the Site or direct communication. Continued use of the Site or our services after any modification constitutes acceptance of the revised Policy.

Governing Terms and Jurisdiction

This Policy, and any dispute or claim arising out of or in connection with it (including non‑contractual disputes or claims), is governed by the substantive rules of [Governing Jurisdiction]. You agree to submit to the exclusive or non‑exclusive jurisdiction (as applicable) of the courts of that jurisdiction, without prejudice to any mandatory rights you may have under local data protection statutes.

Language

This Policy is drafted in English. In the event of any inconsistency between the English version and a translated version, the English version shall prevail unless local law requires otherwise.

Contact and Complaints

To exercise your data rights, withdraw consent, request further information, or lodge a complaint regarding our handling of personal data, please contact our Data Protection Officer at privacy@smithfield-divorce.com . We take privacy complaints seriously and will investigate and respond within the timeframe prescribed by applicable law. If you are dissatisfied with our response, you may escalate the matter to the relevant privacy regulator in your jurisdiction.