hello@28one.com
Company News
Contact
  • CLIV

      Meet CLIV

      Learn how CLIV can help you manage your quality control anytime, nnywhere

      Visit CLIV.io

      Visit the CLIV website

  • About Us

      About Us​

      Find out more about TWO EIGHT ONE​

      Case Studies​

      Read about our work with customers​

      News

      Read the latest news from TWO EIGHT ONE

      Careers

      Find out what its like to work at TWO EIGHT ONE and check out the latest job vacancies

  • Services

      Quality Advisory & Support

      Senior QC advisory for complex sourcing challenges, strategic quality planning and root cause analysis.

      TWO EIGHT ONE QC Training

      Build QC capability within your teams and factories through structured, expert-led training programmes.

      CAPA Programme

      End-to-end corrective and preventive action delivery combining expert service with AI-powered tools in CLIV.

      Inspection Services

      Comprehensive inspection coverage delivered by certified QC professionals across your global supply chain.

      Factory Technical Audits

      Full factory technical assessments to identify systemic risks and build a path to improvement.

  • Contact
  • CLIV

      Meet CLIV

      Learn how CLIV can help you manage your quality control anytime, nnywhere

      Visit CLIV.io

      Visit the CLIV website

  • About Us

      About Us​

      Find out more about TWO EIGHT ONE​

      Case Studies​

      Read about our work with customers​

      News

      Read the latest news from TWO EIGHT ONE

      Careers

      Find out what its like to work at TWO EIGHT ONE and check out the latest job vacancies

  • Services

      Quality Advisory & Support

      Senior QC advisory for complex sourcing challenges, strategic quality planning and root cause analysis.

      TWO EIGHT ONE QC Training

      Build QC capability within your teams and factories through structured, expert-led training programmes.

      CAPA Programme

      End-to-end corrective and preventive action delivery combining expert service with AI-powered tools in CLIV.

      Inspection Services

      Comprehensive inspection coverage delivered by certified QC professionals across your global supply chain.

      Factory Technical Audits

      Full factory technical assessments to identify systemic risks and build a path to improvement.

  • Contact
Get In Touch

Privacy Policy

How we use and store your data

Last updated: 23 March 2026

Effective date: 23 March 2026

1. Who we are

This Privacy Notice explains how Source2Market Limited, trading as 28one / Two Eight One, and its related products and services including CLIV, collect, use, disclose and protect personal data when you visit our websites, contact us, request information, book a demo, use our services, or otherwise interact with us.

For the purposes of applicable data protection laws, the data controller is:

Source2Market Limited

Trading as: 28one / Two Eight One

Registered office: 15/F Caltex House 258 Hennessy Road Wan Chai, Hong Kong

Email: marketing@28one.com

Telephone: +852 281 00795

2. Scope of this notice

This Privacy Notice applies to:

  • the 28one website
  • CLIV product and information pages
  • contact forms, enquiry forms and demo requests
  • business development, marketing and sales communications
  • consultancy, inspections, audits, training and related services
  • email, phone, online meetings and other communications
  • any other interaction where we provide or link to this notice

This notice does not apply to third-party websites, services or platforms that we do not control, even where we link to them.

3. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data.

Contact and identity data

  • name
  • job title
  • company name
  • business email address
  • business telephone number
  • postal address
  • account login details, where relevant

Enquiry and relationship data

  • the content of your enquiry
  • information you provide in contact forms or demo requests
  • records of meetings, calls and correspondence
  • service history and account notes
  • preferences relevant to our relationship with you

Website and technical data

  • IP address
  • browser type and version
  • device type
  • operating system
  • referral source
  • pages viewed
  • timestamps
  • navigation behaviour
  • cookie identifiers and similar online identifiers

Marketing and communications data

  • whether you open or click our emails
  • event registrations and attendance
  • subscription preferences
  • suppression or unsubscribe records

CLIV and operational service data

Where relevant to CLIV or related services, we may process:

  • user account details
  • inspection and audit records
  • uploaded files, images and notes
  • workflow actions
  • location or GPS-related data where enabled and necessary for the service

Recruitment data

If you apply for a role with us, we may collect:

  • CVs and résumés
  • employment history
  • qualifications
  • interview notes
  • references where relevant

4. How we collect personal data

We collect personal data:

  • directly from you when you contact us, submit a form, request a demo, subscribe to updates or engage our services
  • automatically through cookies and similar technologies when you use our website, subject to your settings and applicable law
  • from your employer or colleagues where you are a business contact
  • from public sources such as company websites, directories and professional networking platforms
  • from service providers, event organisers, partners or referrers
  • from clients where you are a nominated user or business contact

5. How we use personal data

We use personal data to:

  • respond to enquiries and requests
  • arrange calls, meetings, demos and proposals
  • provide consultancy, inspections, audits, training and related services
  • create and manage customer and user accounts
  • operate, support and improve CLIV
  • manage client and supplier relationships
  • provide customer support and troubleshoot issues
  • send operational and service-related communications
  • maintain records and manage our business operations
  • secure our systems and prevent fraud or misuse
  • analyse website performance and improve user experience
  • send marketing communications where permitted by law
  • comply with legal, regulatory and contractual obligations

6. Lawful bases under GDPR and UK GDPR

Where the GDPR or UK GDPR applies, we rely on one or more of the following lawful bases.

Contract

We process personal data where necessary to enter into or perform a contract with you or your organisation.

Pre-contract steps

We process personal data to respond to enquiries, quotes, proposals and demo requests before a contract is entered into.

Legitimate interests

We process personal data where necessary for our legitimate interests, including:

  • responding to business enquiries
  • managing client and prospect relationships
  • improving our website, services and communications
  • maintaining information security
  • keeping internal records
  • conducting B2B marketing where permitted by law
  • protecting our legal rights
  •  

Consent

We rely on consent where required, including for certain cookies and tracking technologies and in certain marketing situations.

Legal obligation

We process personal data where necessary to comply with applicable laws, regulatory obligations or lawful requests from public authorities.

The ICO says organisations should decide and document their lawful bases before processing begins and explain them in their privacy notice

7. Direct marketing

We may send you updates about our services, thought leadership, events, CLIV developments and related content where permitted by law.

If GDPR or UK GDPR applies, we will ensure that we have an appropriate lawful basis for direct marketing and that you can opt out at any time.

If Hong Kong PDPO applies, we will comply with the direct marketing rules under the Ordinance. The PCPD states that before using personal data for direct marketing, a data user must notify the individual of that intention, identify the kinds of data to be used, the classes of marketing subjects, and provide a response channel through which consent can be communicated without charge. Silence or non-response does not count as valid consent.

You can opt out of marketing at any time by:

  • clicking the unsubscribe link in our emails
  • updating your preferences where available
  • emailing us

8. Cookies and similar technologies

We use cookies and similar technologies to operate our site, remember preferences, improve performance, understand usage and, where permitted, support analytics and related functions.

If you are visiting from the UK, the ICO states that organisations must provide clear and comprehensive information about cookies and obtain consent for any cookies that are not strictly necessary.

If you are visiting from the EEA, similar consent requirements may apply under the applicable national implementation of ePrivacy rules.

If you are visiting from Hong Kong, the PCPD guidance recommends that organisations explain in their Privacy Policy Statement whether they use tools such as cookies, what is collected, how it is used and any related disclosure practices.

Please see our Cookie Policy for more detail.

9. Who we share personal data with

We may share personal data with:

  • IT and hosting providers
  • cloud storage and software providers
  • CRM, email and customer support platforms
  • analytics and cookie consent providers
  • professional advisers including legal, accounting and audit advisers
  • payment and finance providers where relevant
  • operational partners, inspectors, trainers and auditors where relevant to the service
  • regulators, authorities, courts or law enforcement where required
  • a purchaser, investor or successor in connection with a business sale, merger or reorganisation

We require our service providers to protect personal data appropriately and to process it only as authorised.

10. International transfers

Because we are based in Hong Kong and operate internationally, your personal data may be stored in or accessed from countries outside your own, including Hong Kong, the UK, the EEA and other jurisdictions where we or our service providers operate.

Where GDPR or UK GDPR applies and we transfer personal data internationally, we will use a valid transfer mechanism such as:

  • an adequacy decision
  • standard contractual clauses
  • the UK Addendum or UK IDTA
  • or another lawful safeguard or derogation where applicable

Under Hong Kong PDPO, the PCPD guidance on cross-border transfer states that transfers of personal data outside Hong Kong should be handled in a way that ensures comparable protection, and that the data user remains responsible for the data after transfer. The PCPD also recommends due diligence and, where appropriate, contractual safeguards.

11. Data retention

We keep personal data only for as long as necessary for the purposes described in this notice, including to meet legal, regulatory, accounting and contractual obligations.

As a general guide, we may retain:

  • website enquiries: up to 24 months from last meaningful contact
  • prospect and marketing records: until you opt out or for up to 24 months from last engagement
  • client records: for the duration of the relationship and for up to 7 years afterwards where justified
  • service and audit records: according to contractual, legal and operational requirements
  • recruitment records: up to 12 months after the relevant recruitment process, unless longer retention is justified
  • cookie preference records: for as long as needed to evidence consent choices

12. Security

We use appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, loss, destruction, misuse, alteration or disclosure. These measures may include access controls, encryption, staff training, secure hosting, monitoring and vendor due diligence.

13. Your rights

If GDPR or UK GDPR applies

You may have the right to:

  • access your personal data
  • correct inaccurate data
  • erase your data in certain circumstances
  • restrict processing
  • object to certain processing, including direct marketing
  • withdraw consent where processing is based on consent
  • receive a portable copy of certain personal data
  • complain to a supervisory authority

If Hong Kong PDPO applies

You have the right to:

  • request access to your personal data
  • request correction of your personal data

To exercise any of these rights, contact us.

14. Complaints

If you are in the EEA, you may complain to your local data protection authority.

If you are in the UK, you may complain to the Information Commissioner’s Office.

If you are in Hong Kong, you may complain to the Office of the Privacy Commissioner for Personal Data, Hong Kong.

15. Children

Our website and services are intended for business users and are not directed at children. We do not knowingly collect personal data from children through the website.

16. Changes to this notice

We may update this Privacy Notice from time to time to reflect changes in our services, technology, vendors or legal obligations. The updated version will be posted on this page with a revised “Last updated” date.

17. Contact us

If you have questions about this Privacy Notice or want to exercise your rights, contact:

Source2Market Limited

Address: 15/F Caltex House, 258 Hennessy Road, Wan Chai, Hong Kong,

Telephone: +852 2810 0795

Email: contact us