Last updated: 15 April 2026.

Privacy, Cookies and Data Protection

This page combines the website privacy notice, cookie notice, data protection policy and practice summary, and a Hong Kong style personal information collection statement. It is written for a public website with an international audience and should be read together with the Disclaimer and the Terms of Use.

Scope and role

This notice applies to personal data processed through this website, including when you browse pages, use site features, click outbound links, submit correspondence, or otherwise communicate with the site operator. It does not govern third-party websites or platforms that you access after leaving this site.

For privacy-law purposes, the site operator acts as the controller, or the closest equivalent concept used under applicable law, in relation to website-originated personal data handled for the operator’s own publishing, analytics, security, and correspondence purposes.

Jurisdiction map

• United Kingdom, including Scotland: where UK data protection law applies, this notice is intended to support transparency under the UK GDPR and the Data Protection Act 2018 framework, together with applicable PECR-style cookie and online tracking rules.
• European Union and EEA: where EU law applies, this notice is intended to support transparency under the EU GDPR and related ePrivacy requirements as implemented locally.
• Hong Kong: the sections on collection purpose, classes of transferees, retention, and access or correction rights are intended to function as a Personal Information Collection Statement and transparency notice under the Personal Data (Privacy) Ordinance.
• Singapore: where the Personal Data Protection Act 2012 applies, this notice is intended to describe the collection, use, disclosure, and care of personal data at a baseline level.
• United States and other jurisdictions: local federal, state, sectoral, or consumer laws may create additional rights, notices, or obligations depending on residence, context, and the nature of interaction.

Jurisdiction and dispute-resolution note

This notice and the wider website legal framework are drafted for cross-border use. For baseline contractual interpretation, the site operator intends the laws of England and Wales to govern the website terms where that choice is legally permitted. Disputes connected with this notice or website use are intended to fall within the non-exclusive jurisdiction of the courts of England and Wales, so that urgent local relief or mandatory local procedures can still be used where required.

Nothing in this section is intended to remove or restrict rights that cannot be excluded under mandatory consumer, data protection, privacy, or unfair-terms law in the place where a user is habitually resident or where mandatory law otherwise applies. If such mandatory law conflicts with this baseline allocation, the mandatory rule prevails to that extent.

Where a contract-specific document separately includes a valid arbitration clause, that clause may govern dispute process for that specific contract only. Public-web visitors should assume court-based resolution applies unless a separately agreed written contract states otherwise.

Personal data we may collect

Depending on how you use the site, the following categories may be collected or generated:

• technical and usage data, such as IP address, browser type, device characteristics, pages viewed, referrer information, approximate geolocation, and timestamps;
• analytics and event data, such as page visits, on-site interactions, and outbound link click events;
• preference data stored on your device, such as theme preference in local or session storage and language-related settings or cookies;
• correspondence data, such as your name, email address, organisation, and the contents of messages you send voluntarily;
• professional or business context you choose to provide when making an enquiry.

This site is not intended to collect special category or similarly sensitive personal data through ordinary browsing. Please do not send unnecessary sensitive personal data through open web forms, email, or other uncontrolled channels.

How we use personal data

Personal data may be used to:

• operate, secure, maintain, and improve the website;
• understand readership, traffic sources, and content performance;
• remember user preferences such as theme or language choices;
• attribute outbound traffic and backlinks through tagged referral links where configured;
• respond to enquiries, proposals, speaking requests, or legitimate business communications;
• detect abuse, defend legal claims, comply with legal obligations, and protect the integrity of site infrastructure and content.

Cookies, storage technologies, and online tracking

This website may use cookies or similar technologies directly or through third-party services. They may include:

• essential or functional items used to remember theme or interface preferences and support user experience;
• language-related cookies or settings where translation features are used, including browser- or service-generated language preferences;
• analytics technologies used to understand page usage, referrals, and click behaviour;
• link attribution parameters appended to outbound links so destination sites and analytics platforms can identify the referring campaign or source.

Cookies and similar technologies may be session-based or persistent. Some are first-party. Others may be set or read by third-party services such as Google services used for analytics or translation-related functionality.

If your jurisdiction requires consent for non-essential cookies or similar tracking, your continued use of such features should be read subject to the consent controls that apply in that jurisdiction. You can usually control cookies through browser settings, extension controls, device settings, or relevant third-party privacy controls. Blocking some technologies may reduce site functionality.

Current website-specific practices

At the date of this notice, the site may use or expose the following classes of functionality:

• Google Analytics or Google tag-based usage measurement (in production environments);
• outbound link tracking events for analytics and backlink attribution;
• local or session storage for theme preferences;
• Google Translate or similar translation-related preferences where enabled.

Configuration may change. Material changes will be reflected in an updated notice.

Legal bases where UK GDPR or EU GDPR applies

Where UK GDPR or EU GDPR applies, processing may rely on one or more of the following legal bases, depending on context:

• legitimate interests in operating, securing, measuring, and improving the website and protecting content and infrastructure;
• consent where required for optional cookies, analytics, or similar tracking technologies;
• steps prior to contract or performance of a contract where you request services or enter into a direct engagement;
• legal obligation where retention, disclosure, or incident handling is required by law;
• establishment, exercise, or defence of legal claims where relevant.

Where consent is the basis relied on, you may withdraw it prospectively using available technical controls or by contacting the site operator where appropriate.

Hong Kong Personal Information Collection Statement

If you are a data subject in Hong Kong and you provide personal data directly, the following additional points apply:

• provision of personal data is generally voluntary unless the site operator states that a requested item is necessary to respond to your enquiry or perform a requested service;
• the principal purposes of collection are site operation, analytics, security, correspondence handling, professional communication, and service assessment;
• personal data may be transferred to service providers that support hosting, analytics, communications, security monitoring, productivity, or professional administration, whether in or outside Hong Kong;
• failure to provide data that is reasonably necessary for a specific request may limit the ability to respond or deliver that request;
• you may request access to, or correction of, personal data held about you, subject to applicable law and lawful exemptions.

This section is intended to support DPP1-style transparency, not to displace any more specific notice that may be given for a particular service, event, or engagement.

Data sharing and transfers

Personal data may be shared with trusted processors or service providers that support website hosting, analytics, communications, security, or administration. Data may also be disclosed where reasonably necessary to investigate misuse, enforce rights, comply with law, respond to lawful requests, or protect the safety, rights, and property of the site operator or others.

Because web services operate internationally, personal data may be processed or accessed outside the place where you are located. Where cross-border transfer rules apply, the site operator intends to use proportionate safeguards appropriate to the service context. Public-web visitors should nevertheless recognise that internet communications and global service providers inherently involve cross-border exposure and infrastructure dependencies.

Retention

Personal data is kept only for as long as reasonably necessary for the purposes described above, including analytics evaluation, security monitoring, correspondence management, legal recordkeeping, and dispute handling. Retention periods vary by data type, sensitivity, operational need, and legal obligation.

Security and data protection practice

The site operator aims to apply reasonable technical and organisational measures proportionate to the nature of the site. Those measures may include access controls, service-provider selection, authentication controls, software maintenance, and monitoring for misuse or abuse. No internet-facing system can be guaranteed fully secure, and you should transmit information accordingly.

Your rights

Depending on applicable law, you may have rights to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, or complaint to a supervisory authority or regulator. Those rights are not absolute and may depend on the jurisdiction, role of the parties, legal basis, exemptions, and the nature of the data involved.

For Hong Kong data subjects, access and correction rights are subject to the PDPO framework. For UK or EU data subjects, rights are subject to the relevant GDPR regime and applicable exemptions. For Singapore and the United States, available rights depend on the applicable statutory framework and the facts of interaction.

Children

This site is not directed at children. If you believe personal data relating to a child has been provided inappropriately, please make contact so that the matter can be reviewed.

Contact and requests

For privacy or personal-data requests, use the contact details published on this site or email the site operator at hello@zenithlaw.com. To help process a request responsibly, include enough information to identify the interaction and verify that you are the relevant person or an authorised representative.

Official reference points

The following public sources are relevant starting points for readers who want the official legal or regulatory background:

• ICO UK GDPR guidance and resources
• Regulation (EU) 2016/679 on EUR-Lex
• Hong Kong PCPD overview of the PDPO
• Singapore PDPC overview of the PDPA