Skip to content

Privacy Policy

Asomerit's Privacy Police

Purpose and Scope  

Asomerit Consulting, a private company limited by shares, registered in China (Company registration number: 91110116MACM3M2LX6), hereinafter referred to as the “Company”, complies with global data protection laws including GDPR and PIPL.  

Company’s Website  

The Company controls the website https://www.asomerit.com/  

Definitions of Legal Bases  

1. Consent - your clear agreement to the processing of your personal data for a specific purpose.

2. Contract - the reason why the processing is necessary based on a contract you have with the Company, or because the Company has asked you to take specific steps before entering into that contract.

3. Legitimate Interests - the reason why the processing your data is necessary which is based on the legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:

  • gaining insights from your behaviour on the Website;
  • delivering, developing and improving the Website;
  • enabling the Company to enhance, customise or modify the Website and services;
  • determining whether marketing campaigns are effective;
  • enhancing data security.

Consent Rule 

Withdraw consent at any time by emailing: tommy.zhang@asomerit.com  

Collected Data  

Categories collected:  

  • Contact & business details  
  • Usage data (IP, browser, clickstreams)  
  • Communication records  

Purposes and Legal Basis  

The Company processes data for:  

1. Providing business consulting & visa services  

  • Legal basis: Consent; Contract  

2. Website operations & payment processing  

  • Legal basis: Contract; Legitimate Interests  

3. Website optimization (via HubSpot/Google Analytics)  

  • Legal basis: Legitimate Interests  
4. Customer support  
  • Legal basis: Contract  

5. Marketing (with consent)  

  • Legal basis: Consent  

Third Parties Processing Data  

1. **HubSpot, Inc.**  

  • Hosting & CRM services  
  • Privacy Shield certified  
  • DPA: https://legal.hubspot.com/dpa  

2. **Google LLC**  

  • Website analytics & cloud storage  
  • GDPR compliant (Standard Contractual Clauses)  
  • DPA: https://business.safety.google/adscontrollerterms/  

Data Security  

  • 256-bit SSL encryption  
  • ISO 27001 certified servers  
  • Regular security audits  

Your Rights  

Exercise rights via email: tommy.zhang@asomerit.com, includes:  

  • Access & portability  
  • Correction & erasure  
  • Objection to profiling  
  • Lodge complaints with supervisory authority  

Principles of Processing  

The data protection principles outline the basic responsibilities for the Company handling your personal data. Article 5(2) of the GDPR stipulates that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles”. As the Company is the controller, the Company follows the following principles:

  • Lawfulness, Fairness and Transparency. Personal data will be processed lawfully, fairly and in a transparent manner in relation to you.
    Purpose Limitation. Personal data will be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Data Minimization. Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. The Company applies pseudonymization to personal data if possible to reduce the risks to your privacy.
  • Accuracy. Personal data will be accurate and, where necessary, kept up to date; reasonable steps will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified in a timely manner.
  • Storage Period Limitation. Personal data must be kept for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and confidentiality. Taking into account the state of technology and other available security measures, the implementation cost, and likelihood and severity of personal data risks, the Company uses appropriate technical or organizational measures to process personal data in a manner that ensures appropriate security of personal data, including protection against accidental or unlawful destruction, loss, alternation, unauthorized access to, or disclosure.
  • Accountability. The Company will be responsible for and be able to demonstrate compliance with the principles above.

Policy Updates  

Last revised: 28th July, 2025