Privacy Policy

Effective Date: May 21, 2026 (Last Updated: May 21, 2026)

1. Introduction

Welcome to Icarus Asia ("Icarus Asia", "we", "our", or "us"). We are committed to protecting the privacy, confidentiality, and security of personal data entrusted to us by clients, counterparties, website visitors, and business contacts. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you visit our website, contact us, subscribe to communications, engage our services, participate in events or webinars, or otherwise interact with us. This Policy is intended to comply with applicable privacy and data protection laws, including the Hong Kong Personal Data (Privacy) Ordinance ("PDPO"), the EU General Data Protection Regulation ("GDPR"), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA"), the People's Republic of China Personal Information Protection Law ("PIPL"), Singapore's Personal Data Protection Act ("PDPA"), Brazil's Lei Geral de Proteção de Dados ("LGPD"), Canada's PIPEDA, and other applicable international privacy laws. Region-specific notices for the EEA/UK, California, Hong Kong, and Mainland China are set out at the end of this Policy.

2. Who We Are

Icarus Asia is a risk advisory, operational due diligence, investigative, compliance, and financial intelligence advisory firm headquartered in Hong Kong. For purposes of applicable data protection laws, Icarus Asia is generally the "data controller" of personal data collected through this website and in connection with our services. Contact: Icarus Asia, 2/F., Tern Centre, Tower 1, 237 Queen's Road Central, Hong Kong SAR. Email: privacy@icarusasia.com. Website: www.icarusasia.com.

3. Information We Collect

A. Information You Provide Directly — name, company name, job title, email address, telephone number, business address, communications and correspondence, and information submitted through contact forms. B. Professional & Business Information — corporate affiliations, due diligence documentation, regulatory or compliance-related information, and public-source professional information. C. Technical & Usage Information — IP address, browser type, device identifiers, operating system, referring URLs, website interaction data, cookies and analytics data. D. Sensitive Information — in limited circumstances and only where legally permitted or necessary for legitimate business purposes, we may process sensitive or enhanced-risk information in connection with compliance reviews, investigations, sanctions screening, anti-money laundering reviews, politically exposed person (PEP) assessments, or litigation support matters.

4. How We Use Information

We may use personal data to provide advisory and consulting services; conduct operational or financial due diligence; communicate with clients and prospects; respond to inquiries; improve website functionality; maintain cybersecurity and fraud prevention; comply with legal and regulatory obligations; perform sanctions and compliance checks; manage contractual relationships; conduct analytics and internal research; and send professional updates and marketing communications where permitted.

5. Legal Bases for Processing (GDPR/UK GDPR)

Where applicable under GDPR or UK GDPR, we process personal data under one or more of the following lawful bases: consent; performance of a contract; compliance with legal obligations; legitimate interests; and the establishment, exercise, or defense of legal claims. Our legitimate interests include protecting our business, maintaining network security, conducting professional advisory services, preventing fraud, and improving operational efficiency.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and secure the website, analyze website traffic, remember preferences, improve user experience, and support communications and marketing activities. For more information, please see our Cookie Policy.

7. Sharing of Information

We may disclose information to professional advisers; regulators and government authorities; courts and law enforcement agencies; technology vendors and cloud providers; analytics and communications providers; affiliated entities and subcontractors; and counterparties involved in advisory engagements. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

8. International Data Transfers

Given the international nature of our operations, personal data may be transferred to and processed in jurisdictions outside your country of residence, including jurisdictions that may not provide the same level of legal protection. Where required, we implement appropriate safeguards including contractual protections, standard contractual clauses, access restrictions, and encryption and cybersecurity controls.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, to comply with legal obligations, to resolve disputes, enforce agreements, or maintain business records. Retention periods vary depending on the nature of the data and applicable regulatory requirements.

10. Your Rights

Depending on applicable law, you may have rights to access personal data; correct inaccurate data; request deletion; object to processing; restrict processing; withdraw consent; request portability; and lodge complaints with regulators. To exercise these rights, contact privacy@icarusasia.com.

11. Security

We implement reasonable technical, organizational, and administrative safeguards designed to protect personal data against unauthorized access, disclosure, misuse, alteration, or destruction. However, no system can be guaranteed to be completely secure.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of external websites.

13. Children's Privacy

This website is not directed toward children under 16 years of age, and we do not knowingly collect personal information from children.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes become effective upon posting to this page with an updated "Last Updated" date.

15. Contact Us

For questions regarding this Privacy Policy or data protection matters: privacy@icarusasia.com.

Regional Notices

The following region-specific disclosures supplement the policy above. Select your region for the rights and contact channels that apply to you.

European Economic Area & United Kingdom

Under the EU GDPR and UK GDPR, you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw consent at any time without affecting the lawfulness of prior processing. Where we transfer personal data outside the EEA or UK, we rely on adequacy decisions or Standard Contractual Clauses with supplementary measures where required. You may lodge a complaint with your local supervisory authority (e.g. the Irish Data Protection Commission, the UK Information Commissioner's Office). We do not have an EU representative requirement applicable to our processing; for queries contact privacy@icarusasia.com.