Privacy Policy

Global Horizon Medical Limited (“GHM”, “we”, “us”) is the data controller for personal information processed through ghmmedical.com and its associated commercial channels. GHM is incorporated in the Hong Kong Special Administrative Region, with its registered office at Room 5003, 5/F, Yau Lee Centre, 45 Hoi Yuen Road, Kwun Tong, Hong Kong.

This policy explains what personal data we collect about you, why we collect it, how long we keep it, and what rights you have over it. Where the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, or the Personal Data (Privacy) Ordinance of Hong Kong applies to your enquiry, this policy is read together with the additional protections of those laws.

When you request a quote, contact us, or apply for a distribution partnership, we collect the information you provide voluntarily — company name, contact person, email, phone, country, and the commercial details of your request (such as the product, intended use, destination market, quantity, and target delivery window).

When you visit the site without submitting a form, we retain server logs (IP address, user agent, request timestamp, response status) for security, fraud prevention, and operational integrity purposes. These logs are kept for a period not exceeding 90 days, after which they are deleted.

We use Plausible Analytics, a privacy-respecting analytics service that does not set advertising cookies, does not fingerprint visitors, and does not share data with third-party ad networks. Aggregated visit data is retained at the country level, not the individual level.

Performance of a contract — when you request a quote or place an order, we process your data to respond to that request and execute any resulting transaction.

Legitimate interest — for security logging, fraud prevention, and basic site analytics, we rely on our legitimate interest in operating a secure and reliable commercial website.

Compliance with legal obligations — Hong Kong, EU, and destination-country trade law obliges us to retain commercial correspondence linked to medical-device transactions for ten years. We process and retain that data on this basis.

Consent — for any marketing communication that is not part of an active commercial enquiry, we ask for your explicit consent first, and we make the unsubscribe path one click long.

We share commercial enquiry data with the manufacturer or OEM partner whose product is the subject of your enquiry, where doing so is necessary to respond to your request — for example, to confirm regional availability, lead time, or technical configuration.

We share documentation with HSBC Hong Kong as our principal banking partner where the transaction requires bank-verifiable trade documentation.

We share customs and clearance data with the freight forwarders, customs brokers, and destination-country agents whose involvement is necessary to deliver your order. These parties are bound by their own data-protection obligations and act as our processors.

We do not sell data to third parties. We do not share contact lists with partner manufacturers for marketing purposes without your explicit consent.

Commercial correspondence linked to a completed transaction is retained for 10 years following the conclusion of that transaction, in accordance with Hong Kong regulatory obligations for medical trade documentation and the documentation requirements of our destination markets.

Unsolicited enquiries that do not result in a commercial relationship are retained for 24 months, after which they are deleted.

Server logs are retained for a maximum of 90 days. Aggregated analytics data (visit counts, country breakdowns) is retained indefinitely in non-identifiable form.

Because GHM operates from Hong Kong and serves manufacturers and buyers across Europe, the GCC, North Africa, and Asia, your personal data may be transferred outside your country of residence in the course of responding to your enquiry or fulfilling a commercial transaction.

Where data is transferred from the EU/EEA, we rely on the European Commission’s Standard Contractual Clauses or equivalent safeguards. Where data is transferred from the UK, we rely on the UK International Data Transfer Agreement.

You may request access to, correction of, deletion of, or restriction on the processing of your personal data by emailing privacy@ghmmedical.com. We will respond within 30 days.

Where GDPR applies, you also have the right to data portability, the right to object to processing based on legitimate interests, and the right to lodge a complaint with a supervisory authority — typically the data-protection authority of your country of residence.

Where the Hong Kong PDPO applies, you may also lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD).

We protect personal data with technical and organisational measures proportionate to the risk of the processing. These measures include encryption in transit (HTTPS), access controls on internal systems, audit logging of administrative actions, and staff training on data-handling obligations.

No system is perfectly secure. If we discover a personal data breach that is likely to result in a risk to you, we will notify the relevant supervisory authority within 72 hours where required, and we will notify you directly without undue delay where the risk to your rights is high.

We may update this policy to reflect changes in our practices, our service providers, or applicable law. The “Updated” date at the top of this page reflects the most recent material revision.

Material changes will be highlighted on this page for at least 30 days following their effective date.

Data Protection contact: privacy@ghmmedical.com. General correspondence: info@ghmmedical.com. Postal address: Room 5003, 5/F, Yau Lee Centre, 45 Hoi Yuen Road, Kwun Tong, Hong Kong.