Privacy Policy

PeakPath Hong Kong Adventures (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data in connection with our hiking and adventure services in Hong Kong.

1. Introduction and Company Information

This Privacy Policy applies to personal data collected by PeakPath Hong Kong Adventures in the course of operating our hiking, guided trail, outdoor activity, booking, customer support, marketing, and related services.

Data Controller / Operator:
PeakPath Hong Kong Adventures
18 Stanley Main Street, Stanley, Hong Kong, 999077
Email: [email protected]
Phone: +852 2814 7396

We process personal data in accordance with the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) and the six Data Protection Principles, as applicable.

2. Data Collection and Processing

We may collect and process the following categories of personal data:

• Identification and contact data: name, email address, phone number, postal address, emergency contact details.
• Booking and transaction data: reservation details, payment status, billing information, purchase history, refund requests.
• Participation and safety data: age, fitness-related information you choose to provide, medical or accessibility information relevant to hiking safety, dietary restrictions, emergency information, and special assistance needs.
• Communication data: messages, inquiries, feedback, complaint records, and customer service correspondence.
• Technical and usage data: IP address, browser type, device information, website interaction data, cookies, and analytics data.
• Marketing preferences: subscription choices, consent records, and communication preferences.
• Media data: photographs or videos taken during tours or events, where applicable and subject to notice or consent requirements.

We generally collect personal data directly from you, such as when you:

• make a booking or inquiry;
• sign up for newsletters or promotions;
• participate in a hiking tour or related activity;
• contact us by phone, email, or online forms;
• interact with our website or social media pages.

In some cases, we may also receive personal data from third parties, such as payment processors, booking platforms, travel agents, or emergency contacts you have provided.

3. Purpose of Data Processing

We process personal data for the following purposes:

• to manage bookings, registrations, and customer accounts;
• to provide hiking and adventure services, including route planning and tour administration;
• to assess suitability, safety, and participation requirements for outdoor activities;
• to communicate with you about your booking, service updates, and customer support;
• to process payments, refunds, and accounting records;
• to respond to inquiries, complaints, and feedback;
• to send marketing communications where permitted and, where required, with your consent;
• to improve our services, website, and customer experience;
• to comply with legal obligations, regulatory requirements, and lawful requests;
• to protect the safety, rights, property, and security of our customers, staff, and operations;
• to manage insurance, claims, and incident reporting.

4. Legal Basis for Processing

Where applicable under the PDPO and related privacy principles, we process personal data on the following bases:

• Performance of a contract: to provide booked services, handle reservations, and fulfill our obligations to you.
• Consent: where you have given clear consent, for example for certain marketing communications or optional health-related disclosures.
• Legitimate interests: to operate and improve our business, ensure safety, prevent fraud, and maintain service quality, provided these interests are not overridden by your privacy rights.
• Legal obligation: to comply with applicable laws, regulations, tax, accounting, safety, or law enforcement requirements.
• Vital interests: where necessary to protect the life or safety of an individual, such as in an emergency during a hiking activity.

5. Data Sharing and Third Parties

We may share personal data with the following categories of recipients, only where necessary and appropriate:

• Service providers: IT hosting providers, website analytics providers, email service providers, customer support tools, and cloud storage providers.
• Payment processors and financial institutions: to process payments, refunds, and fraud prevention checks.
• Tour and safety partners: guides, transport providers, equipment suppliers, first-aid or emergency support providers, and venue or trail-related service partners.
• Professional advisers: lawyers, accountants, auditors, insurers, and claims handlers.
• Authorities and regulators: where required by law or to respond to lawful requests.
• Business transferees: in connection with a merger, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality protections.

We require third parties who process personal data on our behalf to protect it and to use it only for the purposes we specify.

6. Data Transfer to Third Countries

Some of our service providers or partners may be located outside Hong Kong. Where personal data is transferred to jurisdictions outside Hong Kong, we will take reasonable steps to ensure that the data is afforded a level of protection comparable to that required under Hong Kong privacy principles, including through contractual safeguards and due diligence where appropriate.

By using our services, you acknowledge that your personal data may be processed in countries or regions outside Hong Kong where data protection laws may differ from those in Hong Kong.

7. Storage Duration

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law, contractual obligations, dispute resolution, and legitimate business needs.

Retention periods are determined by factors such as:

• the nature of the data and the purpose of processing;
• the duration of our relationship with you;
• legal, tax, accounting, and insurance requirements;
• the need to resolve disputes or enforce agreements;
• safety and incident-record retention requirements relevant to hiking activities.

When personal data is no longer required, we will securely delete, anonymize, or de-identify it where appropriate.

8. User Rights

Subject to applicable law, you may have the following rights regarding your personal data:

• Access: to request confirmation of whether we hold your personal data and to obtain a copy of it.
• Rectification: to request correction of inaccurate or incomplete personal data.
• Erasure: to request deletion of personal data in certain circumstances, subject to legal and operational retention obligations.
• Restriction: to request limitation of processing in certain circumstances.
• Data portability: to request a copy of certain data in a structured, commonly used format where applicable.
• Objection: to object to certain processing, including direct marketing where applicable.

To exercise any of these rights, please contact us using the details in Section 12. We may need to verify your identity before responding. We will respond within a reasonable time and in accordance with applicable law.

9. Withdrawal of Consent

Where we rely on your consent to process personal data, you may withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

If you withdraw consent, we may no longer be able to provide certain optional services or communications, such as marketing emails or the use of specific health-related information for participation planning. We will inform you if this affects your booking or safety arrangements.

10. Right to Complain

If you believe that we have handled your personal data in a way that does not comply with applicable privacy laws, you may contact us first so that we can address your concern.

You also have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD):

Office of the Privacy Commissioner for Personal Data, Hong Kong
Address: 12/F, 248 Queen’s Road East, Wan Chai, Hong Kong
Website: https://www.pcpd.org.hk/

11. Data Security

We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures may include:

• access controls and role-based permissions;
• encryption where appropriate;
• secure storage and transmission practices;
• staff confidentiality obligations and training;
• regular review of security procedures;
• incident response and breach management procedures.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

12. Contact Information

If you have any questions, requests, or concerns regarding this Privacy Policy or our handling of personal data, please contact:

PeakPath Hong Kong Adventures
18 Stanley Main Street, Stanley, Hong Kong, 999077
Email: [email protected]
Phone: +852 2814 7396

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any updated version will be posted on our website with a revised effective date where appropriate.

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes are posted will constitute your acknowledgment of the updated Privacy Policy, to the extent permitted by law.

Effective Date: 20 May 2026