Privacy policy – MsSpringDev

Privacy policy

Version: 1.0
Last updated: 1 September 2025

This Privacy Policy explains how ECOM ONE LIMITED (“springdev”, “we”, “us”, “our”) collects, uses, discloses and protects personal data when you visit https://springdev.online, purchase our e‑learning products, or use our development services.

By using our Website or services, you agree to this Policy. If you do not agree, please do not use the Website.

1) Who we are (Controller)

Controller: ECOM ONE LIMITED
Business Registration No.: 3309925
Registered Address: UNIT 1005, 10/F, BOSS COMMERCIAL CENTRE, 28 FERRY STREET, YAU MA TEI, KOWLOON, HONG KONG
Contact (privacy): info@springdev.online
Website: https://springdev.online

We provide digital development services and e‑learning. For EU/EEA residents, we process personal data in accordance with the GDPR.

EU/EEA representative (Art. 27 GDPR): If required, we will appoint an EU representative and update this section with contact details.

2) Scope

This Policy covers personal data processed when you:

  • browse or interact with our Website;
  • purchase e‑learning or book services;
  • create or use an account, download materials, or access our learning platform;
  • contact support or communicate with us;
  • receive marketing communications (where permitted).

3) What personal data we collect

Identity & contact data — name, email, company, role, billing address, country/region.
Account data — username, hashed password, course enrolments, progress, certificates.
Order & payment data — order ID, purchase history, last 4 digits and card type (if shown to us by our PSP), payment status, refunds. We do not store full card numbers or CVV.
Service delivery data — project requirements, artefacts, logs needed to provide development services.
Communications — emails, messages, support tickets, feedback.
Device & usage data — IP address, device type, browser, pages viewed, timestamps, referral/UTM, approximate location (derived from IP).
Cookies & similar technologies — as described in our separate Cookie Policy.
Marketing preferences — opt‑in/opt‑out status.

Where permitted by law, we may combine data from different sources (e.g., account + usage).

4) Sources

  • You, when you submit forms, make a purchase, create an account, or contact us.
  • Automated collection via the Website (cookies, logs).
  • Payment service providers and payment networks (e.g., Airwallex, Bancontact) for transaction confirmations and fraud screening.

5) Purposes & legal bases (GDPR)

  • Provide the Website and services (account creation, course access, delivery of digital content, service execution).
    Legal bases: Contract (Art. 6(1)(b)), Legitimate interests to operate our Website (Art. 6(1)(f)).
  • Payments, refunds and invoicing (including Bancontact payments via PSP).
    Legal bases: Contract; Legal obligation (tax/record keeping).
  • Customer support & communications (handling requests, complaints).
    Legal bases: Contract; Legitimate interests to respond and improve services.
  • Fraud prevention & security (monitoring, detection, incident response).
    Legal bases: Legitimate interests; Legal obligation (where applicable).
  • Analytics & service improvement (aggregate usage, performance).
    Legal bases: Legitimate interests; Consent for non‑essential cookies.
  • Marketing (newsletters, product updates, offers).
    Legal bases: Consent (opt‑in); Legitimate interests for similar products to existing customers subject to local law and opt‑out.

Where we rely on consent, you can withdraw it at any time (see Section 11).

6) Payments (Airwallex & Bancontact)

We use payment service provider(s) (PSPs) such as Airwallex to process payments. For Bancontact transactions, relevant payment details are shared with the PSP and payment network to authorise, settle and refund transactions and to prevent fraud. We receive confirmation of payment status but do not receive or store full card PANs or CVVs.

Refunds: We operate a no‑questions‑asked 14‑day refund policy and process refunds through the original method of payment. For Bancontact, technical refunds are possible up to 365 days from the original transaction.

7) Sharing of personal data

We share personal data only with:

  • Payment processors / networks (e.g., Airwallex, Bancontact) for payments, refunds and fraud checks;
  • Cloud/IT and learning platform providers for hosting, storage, and course delivery;
  • Analytics and email service providers (subject to consent where required);
  • Professional advisers (legal, accounting) and authorities where legally required;
  • Successors in the event of a merger, acquisition, or reorganisation (subject to safeguards).

We require recipients to protect personal data appropriately and only process it according to our instructions or their role as independent controllers (e.g., payment networks).

8) International transfers

We operate from Hong Kong and may process/store data outside your country, including outside the EU/EEA. Where we transfer personal data from the EU/EEA to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) and implement additional safeguards where appropriate.

You can contact us for a copy of the relevant transfer mechanisms.

9) Retention

We keep personal data only as long as necessary for the purposes above:

  • Account & course records: while your account is active and up to 24 months after last activity unless you request deletion (unless we must keep longer for legal reasons).
  • Order/payment & invoicing records: up to 7 years (to comply with tax and accounting laws).
  • Support communications: up to 24 months after resolution.
  • Analytics: kept in aggregate or anonymised form where possible, otherwise for the shortest feasible period.

We will delete or irreversibly anonymise data after the retention period ends.

10) Security

We implement technical and organisational measures appropriate to risk, including encryption in transit, access controls, least‑privilege practices, MFA for admin accounts, regular backups, and vendor due diligence. No method of transmission or storage is 100% secure; we strive to protect your data but cannot guarantee absolute security.

11) Your rights (EU/EEA)

Subject to conditions and exceptions in law, you have the right to:

  • Access your personal data and obtain a copy;
  • Rectify inaccurate or incomplete data;
  • Erase data (“right to be forgotten”);
  • Restrict processing;
  • Object to processing based on legitimate interests or direct marketing;
  • Data portability (receive data in a structured, commonly used, machine‑readable format);
  • Withdraw consent at any time (where processing is based on consent).

To exercise your rights, email info@springdev.online. We will respond within 30 days (or as required by law). You also have the right to lodge a complaint with your local EU/EEA supervisory authority (e.g., Belgium’s data protection authority for Bancontact users).

12) Children

Our services are not directed to children under 16. If you believe a child provided us with personal data without parental consent, contact us and we will delete it.

13) Cookies & similar technologies

We use cookies and similar technologies for essential functionality, analytics and (where applicable) marketing. Details are provided in our Cookie Policy, including types, purposes, and how to manage preferences. Non‑essential cookies are used only with your consent.

14) Automated decision‑making

We do not engage in automated decision‑making that produces legal or similarly significant effects on you. Basic fraud checks and risk scoring may occur within our PSPs to protect transactions; these typically involve human oversight.

15) Changes to this Policy

We may update this Policy from time to time. The current version is posted at https://springdev.online/privacy with the effective date above. Material changes will be highlighted on the Website.

16) Contact

ECOM ONE LIMITED
UNIT 1005, 10/F, BOSS COMMERCIAL CENTRE, 28 FERRY STREET, YAU MA TEI, KOWLOON, HONG KONG
Email (privacy): info@springdev.online
Website: https://springdev.online

Effective date: 1 September 2025

Appendix A — Key recipients (illustrative)

  • Airwallex (PSP) — processes payments and refunds; receives limited payer and transaction data necessary for authorisation/settlement; performs fraud prevention.
  • Bancontact (payment network) — receives transaction details necessary to route and settle Bancontact payments and process refunds; may perform risk/fraud checks.
  • Cloud hosting / learning platform — stores account and course data to provide access and track progress.
  • Email service provider — sends transactional emails (receipts, confirmations) and, with consent, marketing communications.