Who we are and how to contact us
Controller: Garage Society Limited (“Garage Society”, “we”, “us”, “our”)
Registered address: 11F, Tower 535, 535 Jaffe Road, Causeway Bay
Privacy contact: hk.marketing@thegaragesociety.com | +852 3952 7200
This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our websites and submit enquiries regarding office space, memberships, and related services. It applies to our websites and any regional/country subdomains (the “Websites”).
For enquiries made in person at our locations, CCTV/access control, or member portals, see the “Physical spaces and access control” section.
What personal data we collect
We collect the minimum data needed to respond to your enquiry and manage our relationship:Identity and contact data: name, company, job title, business email, phone number.
Enquiry details: preferred location(s), team size, budget, move‑in date, notes you submit.
Communications: emails, call notes, and your marketing preferences.Technical/usage data: IP address, device/browser type, pages viewed, referral source, timestamps, and cookie identifiers. See Cookies below.
Payment and transaction data: if you make a booking or purchase (processed via our payment provider; we do not store full card numbers).
Physical spaces (if applicable): access logs and CCTV footage at our premises for safety and security.Sources of dataDirectly from you (forms, emails, phone).
Automatically via our Websites (cookies, logs).
Third parties: marketing platforms or referral partners, payment processors, event partners—only where lawful and relevant to your enquiry.
Purpose and use of personal data
We use your data to:
Respond to and manage your enquiries, provide quotes and tour bookings, and follow up (PDPO DPP1/2).
Provide services you request, process payments, and administer accounts.
Improve our Websites and services, including analytics and site security.
Send marketing communications about office space, meeting rooms, events, and memberships if you opt in or where otherwise permitted; you can opt out anytime.
Comply with legal obligations, exercise/defend legal claims, prevent fraud and misuse.
Legal bases for overseas visitorsFor EEA/UK visitors, we rely on: contract necessity; legitimate interests (service improvement, security, B2B outreach) balanced with your rights; consent for non‑essential cookies and certain marketing; legal obligation.
Sharing and disclosure
We share personal data only as necessary:
Service providers (processors): website hosting/CDN, CRM/marketing tools, analytics, payment processors, email/SMS providers, identity/security tools, IT support. We contractually require appropriate confidentiality and security.
Group companies: to support sales and service delivery in relevant markets.
Business partners: where you ask us to coordinate with a broker or referral partner.
Legal and compliance: regulators, law enforcement, courts where required by law or to protect rights, safety, and security.
Corporate transactions: in connection with a merger, acquisition, or asset transfer; we will notify you where required by law.We do not sell personal data. I
f we engage in cross‑context behavioral advertising for overseas users, we will provide required opt‑outs in those jurisdictions.
Cross‑border transfers
Our Websites and service providers may be located outside Hong Kong. Where we transfer personal data internationally, we take reasonably practicable steps to ensure recipients provide a standard of protection comparable to the PDPO. For EEA/UK personal data, we use the EU Standard Contractual Clauses and the UK IDTA/Addendum, plus supplementary measures where appropriate.
Retention
We retain personal data only as long as necessary for the purposes above or as required by law:
Enquiry and correspondence records: typically 24 months after last interaction, unless you become a member/customer or ask us to delete sooner (subject to legal obligations).Contract and account records: 6 years after end of relationship.Financial/tax records: 7–10 years per legal/accounting requirements.CCTV/access logs (if applicable): typically 30–90 days unless needed for an investigation.Marketing suppression (opt‑out) records: retained to honor your preferences.
Marketing communicationsWe send marketing only in accordance with your preferences and applicable laws. You can opt out via unsubscribe links in emails or by contacting hk.marketing@thegaragesociety.com Service and transactional messages are not marketing.Cookies and analyticsWe use cookies and similar technologies to operate the site (strictly necessary), remember your preferences, measure traffic/analytics, and, where used, to deliver or measure marketing campaigns.You can manage cookies via your browser settings. For EEA/UK visitors, we obtain consent for non‑essential cookies via our cookie banner and provide a Cookie Settings link. We provide a Cookie Policy listing cookie categories, purposes, and lifespans.Typical tools may include: Google Analytics, Meta/LinkedIn pixels (if implemented). We configure analytics to respect applicable IP and data controls.Children’s privacy
Our Websites and services are not directed to children. We do not knowingly collect personal data from individuals under 13 (US) or under the applicable age of digital consent in their jurisdiction. If you believe a child has provided personal data to us, contact hk.marketing@thegaragesociety.com to request deletion.
Your rights
Under Hong Kong’s PDPO, you may:
Request access to personal data we hold about you.Request correction of inaccurate personal data.
How to exercise: email hk.marketing@thegaragesociety.com]. We may need to verify your identity and may charge a reasonable fee permitted by law for data access requests.For EEA/UK visitors, you also have rights to delete, restrict, object to processing (including direct marketing), and data portability, subject to limits in law. You may lodge a complaint with your local supervisory authority.Security
We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, network security, and staff training. No method of transmission or storage is 100% secure. For card payments we use vetted payment processors and do not store full card numbers.
Third‑party links
Our Websites may link to third‑party sites. Their privacy practices are governed by their own policies. We encourage you to review them.
Changes to this policy
We may update this policy from time to time. Material changes will be highlighted on this page with a new “Last updated” date. If changes significantly affect your rights, we will provide additional notice where required.
Physical spaces and access control (if applicable)
We may operate CCTV in common areas and maintain access logs for safety and security, to manage incidents, and to comply with legal obligations. Signage is displayed where CCTV is in operation. Access is restricted to authorized personnel and service providers; footage is retained for the period stated in Retention.
Language
This policy is provided in English. A Chinese version may be provided for reference. In case of discrepancy, the English version prevails.
