Privacy Policy

1.0 Introduction

HNK Cosmetic is a computer systems design firm based in Miami, Florida. We provide systems architecture, cybersecurity, cloud infrastructure, data engineering, and IT strategy services to organizations across multiple industries. This Privacy Policy applies to all information collected through our website, email communications, and service engagements.

By accessing or using our website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this policy, please discontinue use of our website and services.

2.0 Information Collection

We may collect the following categories of personal information:

1. Contact Information: Full name, email address, phone number, and company name when you submit our contact form or communicate with us directly.
2. Communication Data: The content of messages you send through our website contact form, email correspondence, and any attachments you provide.
3. Technical Data: IP address, browser type and version, operating system, referring URLs, pages visited, time and date of visits, and other diagnostic data automatically collected when you browse our website.
4. Service Engagement Data: Information related to projects, system specifications, infrastructure details, and business requirements shared during consulting engagements.

We do not knowingly collect sensitive personal data (such as government identifiers, biometric data, or health information) through our website.

3.0 Use of Information

We use the information we collect for the following purposes:

1. Service Delivery: To respond to inquiries, provide requested information about our services, and deliver computer systems design and consulting services.
2. Business Operations: To manage client relationships, process agreements, and maintain internal business records.
3. Website Improvement: To analyze website usage patterns, diagnose technical issues, and improve user experience.
4. Communications: To send service-related updates, respond to inquiries, and — with your consent — share relevant technical insights or service announcements.
5. Legal Compliance: To comply with applicable legal obligations, respond to lawful requests, and protect our rights and interests.

4.0 Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area (EEA), we rely on the following legal bases under the General Data Protection Regulation (GDPR):

1. Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as responding to a contact form submission.
2. Legitimate Interests: Where processing is necessary for our legitimate business interests — including improving our services, securing our systems, and responding to inquiries — and those interests are not overridden by your data protection rights.
3. Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request.
4. Legal Obligation: Where we are subject to a legal obligation that requires processing of your personal data.

5.0 Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following limited circumstances:

1. Service Providers: With trusted third-party vendors who assist us in operating our website, conducting business, or providing services — subject to contractual obligations to maintain confidentiality and security.
2. Legal Requirements: When required by applicable law, regulation, legal process, or enforceable governmental request.
3. Business Transfers: In connection with a merger, acquisition, restructuring, or sale of assets — provided the receiving party agrees to respect your personal information in a manner consistent with this policy.
4. With Your Consent: In any other circumstance with your explicit prior consent.

6.0 Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device by your web browser.

We use the following types of cookies:

1. Essential Cookies: Necessary for the basic functionality of our website, such as maintaining session state.
2. Analytics Cookies: To understand how visitors interact with our website — including pages visited, time on site, and referral sources. We use this data in aggregate form to improve our content and user experience.

You may control cookie preferences through your browser settings. Please note that disabling certain cookies may affect website functionality. By continuing to use our website without adjusting your browser settings, you consent to our use of cookies as described herein.

7.0 Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Retention periods vary depending on the nature of the data:

1. Contact form submissions: Retained for up to 24 months from the date of last communication, unless an ongoing client relationship is established.
2. Client engagement records: Retained for the duration of the engagement plus 7 years, consistent with standard business record-keeping practices.
3. Website analytics data: Retained in aggregate form for up to 26 months. Individual session data is anonymized after 14 months.

When personal information is no longer required, we securely delete or anonymize it.

8.0 Security

We implement and maintain administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include — but are not limited to — encryption in transit (TLS 1.3), access controls, regular security assessments, and secure development practices.

While we strive to protect your personal information, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security, and you share information with us at your own risk. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

9.0 Your Rights (GDPR and CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Under the GDPR (EEA residents):

1. Right of Access: Request a copy of the personal data we hold about you.
2. Right to Rectification: Request correction of inaccurate or incomplete personal data.
3. Right to Erasure: Request deletion of your personal data under certain circumstances (right to be forgotten).
4. Right to Restriction: Request restriction of processing under certain conditions.
5. Right to Data Portability: Request transfer of your data to another organization or directly to you in a structured, commonly used format.
6. Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
7. Right to Withdraw Consent: Withdraw previously given consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Under the CCPA (California residents):

1. Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months.
2. Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
3. Right to Opt-Out: We do not sell personal information. Should this change, you will be notified and provided an opportunity to opt out.
4. Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us using the information in Section 14.0. We will respond to verified requests within the timeframes required by applicable law — typically 30 days under GDPR and 45 days under CCPA.

10.0 International Data Transfers

HNK Cosmetic is based in the United States. If you are accessing our website from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.

When we transfer personal data from the EEA, UK, or Switzerland to the United States, we implement appropriate safeguards — such as Standard Contractual Clauses approved by the European Commission — to ensure an adequate level of protection for your data.

11.0 Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us immediately.

12.0 Third-Party Links

Our website may contain links to third-party websites, plugins, or services that are not owned or controlled by HNK Cosmetic. We are not responsible for the privacy practices, content, or security of these third-party sites. We encourage you to review the privacy policy of each website you visit before providing any personal information.

13.0 Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Changes will be effective immediately upon posting to this page, and the Last Updated date at the top of this document will be revised accordingly.

We encourage you to review this Privacy Policy periodically. Your continued use of our website following the posting of changes constitutes your acceptance of those changes. For material changes, we will provide a more prominent notice — such as a notification on our homepage or an email to existing clients.

14.0 Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-specific inquiries, you may also contact your local data protection supervisory authority. For CCPA inquiries, you may contact the California Attorney General's office.