Privacy Policy

This Privacy Policy describes how we handle personal data of visitors to lotuswebagency.com and its translated versions (together, the "Site"). It applies to all visitors.

1. Who we are

The data controller for the Site is LW AGENCY LIMITED (trading as LotusWebAgency), a company incorporated in the Hong Kong Special Administrative Region of the People's Republic of China under Business Registration Number 76684183, with its registered office at Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy, Central, Hong Kong S.A.R. You can reach us at hello@lotuswebagency.com for any matter relating to this Policy.

2. Scope

This Policy is written with the following laws in mind:

• The Hong Kong Personal Data (Privacy) Ordinance (Cap. 486).
• The Thailand Personal Data Protection Act B.E. 2562 (2019).
• The UK GDPR and the UK Data Protection Act 2018.
• The EU General Data Protection Regulation (Regulation (EU) 2016/679).

If you live somewhere else, local data-protection laws may also apply. Please contact us if you would like to exercise a right under your local law.

3. What we collect

The Site is a brochure site: no forms, no accounts, no purchases. We handle a small set of data.

3.1 Server logs (via Cloudflare)

We serve the Site through Cloudflare, Inc. as a content-delivery and edge-security provider. Ordinary HTTP/HTTPS request metadata is processed in that capacity — for example, IP address, user agent, request timestamp, requested resource, referrer, and approximate geographic location derived from the IP address. This is necessary for the Site to operate and for us to protect it against abuse.

3.2 Local storage in your browser

Two small records are stored in your own browser and are never transmitted to us:

• Cookie-consent record — stored under the key lwa.cookies, containing your choice and the time it was recorded. Kept for about twelve (12) months, or until you clear browser storage.
• Theme preference — stored under the key lwa.theme, so the Site remembers whether you prefer the light, dimmed, or dark theme. Kept until you clear browser storage or change the setting.

3.3 Analytics — only with your consent

If you accept cookies, we load Google Analytics 4 through Google Tag Manager. It sets cookies (_ga, _ga_*) and collects page views, session duration, approximate city-level location, device type, and browser. Data is retained for fourteen (14) months from your last interaction. Until you accept, no analytics script is loaded.

3.4 Email correspondence

If you write to us, we process the content of your message so we can reply. We keep that correspondence for as long as it is relevant and delete it afterwards.

3.5 Sensitive data

We do not knowingly collect any special or sensitive category of personal data. The Site offers no form by which such data could be submitted; if you send it to us voluntarily by email, we will use it only to reply.

4. Who we share it with

We share the data described above with the following providers, and only for the purpose explained:

• Cloudflare, Inc. (United States) — to deliver and protect the Site. See the Cloudflare privacy policy.
• Google LLC (United States) — for audience measurement, only if you have accepted cookies. See the Google privacy policy.

We do not sell your personal data and we do not share it with data brokers.

5. International transfers

Cloudflare and Google are based in the United States, so data processed on our behalf may be transferred outside your country of residence. Those transfers rely on the standard safeguards each provider offers (for example, the EU–US Data Privacy Framework and Standard Contractual Clauses where applicable). We do not add further transfer mechanisms of our own.

6. Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

• Access — ask whether we hold data about you and obtain a copy.
• Correction — ask us to fix inaccurate or incomplete data.
• Deletion — ask us to delete data we hold about you, where applicable law requires it.
• Objection or restriction — object to, or restrict, processing carried out on the basis of legitimate interests.
• Withdraw consent — withdraw consent to analytics at any time using the Cookie Settings button in the footer.
• Complain to a supervisory authority — see section 9.

To exercise any of these rights, email us at hello@lotuswebagency.com. We will respond within a reasonable time in line with the law that applies to you.

7. Cookies

The only cookies we set ourselves are functional — they record your cookie choice and your theme preference, and they stay in your browser. Analytics cookies (_ga, _ga_*) are set by Google Analytics and load only if you click Accept in the cookie banner. You can change your choice at any time using the Cookie Settings button in the footer. If your browser sends a Global Privacy Control signal, we treat your first visit as a rejection and do not load analytics.

8. Security

The Site is served only over HTTPS. Third-party scripts load only after you accept cookies, and only from the providers listed in section 4. We keep our systems up to date and apply ordinary access controls to the email account that receives messages sent to us.

9. Supervisory authorities

You can lodge a complaint with the supervisory authority of the place where you live, where you work, or where the alleged infringement took place. The principal authorities this Policy has in mind are:

• Hong Kong — Office of the Privacy Commissioner for Personal Data (PCPD).
• Thailand — Personal Data Protection Committee Office (PDPC).
• United Kingdom — Information Commissioner's Office (ICO).
• European Union — your national Data Protection Authority (see the European Data Protection Board directory).

10. Changes to this Policy

We may update this Policy from time to time. When we make a material change we update the version and date at the top. If the change affects how cookies are used, we will prompt you again in the cookie banner.