Last updated:  May 5, 2026

This Privacy Policy describes how Easy Peasy Group Limited collects, uses, shares, and protects personal data when you visit easypeasyecom.com or engage with our services.

1. Who we are

The Easy Peasy Ecom brand is operated by:

Easy Peasy Group Limited Flat/Rm A, 15/F, Goldfield Industrial Building 144-150 Tai Lin Pai Road Kwai Chung Hong Kong

The Easy Peasy Ecom name and intellectual property are held under license from Minted Group Ltd. Client engagements, data processing, and service delivery are performed by Easy Peasy Group Limited, which is the data controller for all personal data described in this Policy.

If you have any questions about this Policy or wish to exercise any of your rights, contact us at: info@easypeasyecom.com

2. What this Policy covers

This Policy covers personal data we collect and process in connection with:

• Your visit to easypeasyecom.com (including subdomains and connected pages)

• Inquiries you send us through our contact forms, email, or other channels

• Client services we provide under signed service agreements

• Marketing communications you have subscribed to receive from us

This Policy does not cover personal data we process on behalf of our clients under separate Data Processing Agreements. In those cases, our clients are the data controllers and Easy Peasy Group Limited acts as a data processor under their instructions.

3. What personal data we collect

We may collect the following categories of personal data:

Data you provide to us:

• Name and surname

• Email address

• Company name and role

• Phone number (when you choose to provide it)

• Country and time zone

• Information you include in messages or inquiries sent to us

• Account information when you enter into a service agreement (billing details, business information)

Data we collect automatically when you use our website:

• IP address

• Browser type, language, and operating system

• Device information (type, screen resolution)

• Pages visited and time spent on each page

• Referring URL

• Date and time of access

• Cookie identifiers (see Section 9)

Data from third parties:

• Information from public business directories or LinkedIn profiles (when researching prospective clients)

• Information from referrals, when a third party introduces you to us

We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact info@easypeasyecom.com and we will delete it.

4. Why we collect personal data

We process personal data for the following purposes:

Responding to inquiries

Answering form submissions, email questions, and discovery requests

Providing services to clients

Delivering audits, campaigns, reporting, and account management under signed agreements

Marketing communications

Sending updates, content, and offers to subscribers who have consented

Website analytics

Understanding traffic patterns and improving user experience

Legal and compliance

Meeting tax, accounting, and regulatory obligations

Security and fraud prevention

Protecting our systems and users

5. Legal bases for processing (GDPR)

If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar laws, we rely on the following legal bases for processing your personal data:

• Consent: for marketing emails, optional cookies, and any processing where consent is the most appropriate basis. You can withdraw consent at any time.

• Contractual necessity: to deliver services to clients who have signed service agreements with us

• Legitimate interests: to operate and improve our business, respond to inquiries, prevent fraud, and pursue our commercial activities, provided these interests are not overridden by your rights

• Legal obligation: to comply with tax, accounting, anti-money-laundering, and other legal requirements

If you are located in Hong Kong, we comply with the Personal Data (Privacy) Ordinance (PDPO). If you are located in another jurisdiction, we apply the protections of this Policy and additional local protections where required by law.

6. Who we share personal data with

We share personal data only with the parties listed below, and only as needed to operate our business and provide our services:

Service providers (data processors acting on our instructions):

• Google LLC (Google Workspace for email and storage, Google Analytics for website analytics, Google Ads for advertising)

• Klaviyo Inc. (email marketing platform we use internally and for clients who use Klaviyo)

• Hostinger International Ltd (website hosting)

• Stripe Inc. (payment processing for invoices, where applicable)

• HubSpot Inc. (CRM and lead management, where applicable)

Each of these providers processes personal data under contractual obligations to protect it and use it only for the purposes we specify.

Professional advisors: lawyers, accountants, and auditors, when required for legal or compliance reasons.

Authorities: when required by law, court order, or to protect our rights or the safety of others.

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.

7. International data transfers

Easy Peasy Group Limited is based in Hong Kong and our service providers are located in multiple jurisdictions, including the United States, the European Union, and Asia. When we transfer personal data outside your country of residence, we rely on the following safeguards:

• Standard Contractual Clauses approved by the European Commission (for transfers from the EEA/UK)

• Adequacy decisions where applicable

• Contractual commitments from our service providers to apply equivalent levels of protection

If you would like more information about the specific safeguards applied to your personal data, contact us at info@easypeasyecom.com.

8. How long we keep personal data

We retain personal data only for as long as needed for the purpose for which it was collected, after which we delete or anonymize it. Specific retention periods:

Type of data

Retention period

Website visitor analytics

24 months (Google Analytics default)

Inquiry messages and contact form submissions

24 months after last interaction

Marketing subscriber data

Until unsubscribe, then 6 months for audit

Client account data

For the duration of the service agreement, plus 6 years for legal and accounting obligations

Invoicing and tax records

7 years (Hong Kong tax requirement)

After the applicable retention period, personal data is permanently deleted or fully anonymized.

9. Cookies and similar technologies

Our website uses cookies and similar tracking technologies. A separate Cookies Policy is available at easypeasyecom.com/cookies and explains:

• What cookies we use

• What each cookie does

• How long cookies remain on your device

• How you can manage or refuse cookies

You can manage your cookie preferences through your browser settings or through the cookie consent banner on our website.

10. Your rights

You have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you

• Rectification: ask us to correct inaccurate or incomplete data

• Erasure: ask us to delete your personal data, subject to legal retention requirements

• Restriction: ask us to limit how we process your data

• Portability: receive your data in a structured, commonly used format

• Objection: object to processing based on legitimate interests, including direct marketing

• Withdrawal of consent: withdraw consent at any time for processing based on consent

• Complaint: lodge a complaint with the data protection authority in your jurisdiction

To exercise any of these rights, contact us at info@easypeasyecom.com. We will respond within 30 days (or sooner if required by your local law).

If you are in the EEA, you may also lodge a complaint with your local Data Protection Authority. If you are in Hong Kong, you may complain to the Office of the Privacy Commissioner for Personal Data (PCPD).

11. How we protect personal data

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include:

• Encrypted connections (HTTPS) for our website

• Access controls and authentication for internal systems

• Regular security reviews and updates

• Confidentiality obligations on staff and contractors

• Vetted service providers with documented security practices

No system is perfectly secure. If we become aware of a personal data breach that may pose a risk to your rights, we will notify you and the relevant authorities as required by law.

12. Marketing communications

If you have subscribed to receive marketing communications from us, we will send you content, updates, and offers we believe may interest you. You can unsubscribe at any time using the link at the bottom of every marketing email, or by contacting info@easypeasyecom.com.

If you are an existing client, we may send you service-related communications even if you have not subscribed to marketing emails. These are necessary for the operation of our services.

13. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We recommend you review the privacy policies of any third-party sites you visit.

14. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. When we make material changes, we will notify you through the website or by email (for active clients and subscribers) and update the "Last updated" date at the top of this Policy.

We encourage you to review this Policy periodically.

15. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, contact us:

Easy Peasy Group Limited Flat/Rm A, 15/F, Goldfield Industrial Building 144-150 Tai Lin Pai Road Kwai Chung, Hong Kong

Email: info@easypeasyecom.com