Consultant Login

Global Data Privacy Notice

Summary of Key Privacy Principles & Your Rights

  • Our Commitment to Compliance: HGA is committed to protecting your personal data and complies with global data privacy laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable African Union data protection standards. We also follow regional and national data protection regulations in Africa and worldwide, adhering to global best practices even where laws may not yet require it[1].
  • Transparency & Fair Use: We collect and use personal data only for specific, legitimate purposes explained in this Notice. We do not sell your personal information to third parties, and we only share it as needed to provide our services or comply with the law.
  • Data Minimization: We limit the personal data we collect to what is relevant for the purposes of our Digital Platform services (such as creating consultant profiles, matching consultants with opportunities, processing payments, etc.). You will see detailed categories of data we collect (e.g. CV details, banking info, documents, etc.) in this Notice.
  • Security: We apply strong technical and organizational security measures (encryption, access controls, multi-factor authentication, backups, etc.) to safeguard your data[3][4]. Only authorized personnel and partners with a need-to-know can access your information, and all access is role-based[5].
  • Individual Rights: You have rights regarding your personal data. These include the right to access your data, correct inaccuracies, delete data, restrict or object to certain processing, and data portability, among others. You can also withdraw consent where processing is based on consent. We honor these rights globally, so whether you are in the EU, California, Africa, or elsewhere, you can exercise controls over your data (within the bounds of applicable law). A summary of key rights:
  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can ask us to update or correct your information if it’s inaccurate.
  • Deletion: You can request deletion of your data (e.g. “right to be forgotten”), subject to our legal obligations to retain certain records.
  • Objection: You may object to certain processing (such as for direct marketing or in some cases when we process based on legitimate interests).
  • Restriction: You can ask us to limit processing of your data in certain cases (for example, while a complaint about accuracy or usage is being resolved).
  • Portability: You can request your data in a portable format to transfer to another service.
  • No Discrimination: If you exercise your privacy rights (for example under CCPA), you will not receive discriminatory treatment from HGA. We provide the same quality of service regardless of your privacy choices.

(We explain these rights in more detail in a later section, along with how to exercise them.)

  • Contact & Accountability: HGA is responsible for your data as a “data controller” when using our Digital Platform. We have designated contacts for privacy inquiries (see the Contact Us section). If you have questions or concerns about how we handle your data, you can reach out and we will address them. You also have the right to contact relevant data protection authorities or regulators if you believe your rights have been infringed.

Introduction and Scope

Who We Are: Humanics Global Advisors LLC (“HGA”, “we”, “us” or “our”) is an international consulting services provider that operates a digital platform to connect independent consultants, partner organizations, and clients (such as development agencies or other organizations) for consulting opportunities. This Global Data Privacy Notice explains how we collect, use, share, and protect personal data in the course of our operations.

Scope of this Notice: This Privacy Notice applies to all personal data processed by HGA through our websites and the HGA digital platform (“Platform”), including data of individual consultants who use our Platform, representatives of client organizations and partners, and any other individuals whose personal information we handle in the context of our services. It covers personal data collected through the Platform’s interfaces, mobile or web applications, and any related online services or communications with HGA. It is intended both for public website users and for our registered consultants and partners accessing the Platform internally.

By using HGA’s Platform or submitting personal information to us, you acknowledge that your data will be handled as described in this Notice. We may provide additional privacy disclosures or terms for certain features, but unless those specifically override this Notice, this document is the primary description of our privacy practices.

Our Compliance with Global Privacy Laws: We maintain compliance with key data protection laws and principles around the world. This includes adhering to the transparency, lawfulness, and accountability requirements of GDPR (for users in the European Union and beyond) and honoring the rights and choices it gives to individuals[1]. We likewise abide by the CCPA (and its amendments) for California residents, including giving consumers rights to access or delete data and not “selling” personal information. In Africa, we comply with applicable data protection frameworks such as the African Union Convention on Cyber Security and Personal Data Protection (the “Malabo Convention”) and relevant national laws, which emphasize the right to privacy and secure processing of personal data[2]. Even in regions that are still developing privacy regulations, HGA commits to global best practices for data privacy[6]. We apply stringent protection measures and honor reasonable privacy requests regardless of where you are located.

Lawful Processing: All personal data we handle is processed on a lawful basis. We will only process your data if at least one of the following applies: you have given consent, the processing is necessary for a contract with you (or to take steps at your request before entering a contract), the processing is required by law, or the processing is in our legitimate interests (or those of a third party) and not overridden by your data protection rights. We explain the specific bases for our data uses in the relevant sections below.

Important: Our services are intended for adults in a professional context. We do not knowingly collect personal data from children (typically defined under privacy laws as under 13 or under 16, depending on jurisdiction). If you are under the age of 16, please do not use the Platform or provide any personal data. If we learn that we have inadvertently collected information from a minor, we will delete it promptly.

Personal Data We Collect

We collect various categories of personal data from and about our consultants, clients, partners, and website users in order to operate our Platform and services. This data is collected either directly from you (through forms and uploads on the Platform), automatically through your interactions with our services, or from third parties (for example, references you provide). We limit our collection to what is necessary for the stated purposes. Below are the types of personal data we handle:

  • Contact and Identity Information: This includes basic personal details such as your full name, title, postal address, email address, phone number, username or account ID, and login credentials. For consultants, this also includes nationality and possibly an identification number (e.g., if needed for contracts or background checks). We may also collect your photograph or professional headshot if you choose to provide one for your profile.
  • Professional Profile and CV Data: Information related to your professional qualifications and experience, much of which you would typically include on a CV (curriculum vitae) or professional profile. This can include your job history, work experience details, education and degrees, certifications, languages spoken, skills, and any professional references you provide[7]. You might input this data into structured profile fields on the Platform (e.g., employment history, education history, current position, areas of expertise). We also collect any biography or summary you write about yourself on the Platform.
  • Consultant References: If you provide references or referees as part of your profile, we collect their contact details and any information they provide about you. Important: If you give us personal information of third parties (for example, reference contact information), you are responsible for ensuring you have permission to share it with us and that those individuals are informed their data is being provided to HGA for these purposes.
  • Documents and Credentials: We collect and store documents that you choose to upload or that are required for consulting engagements. This includes resumes/CVs (if uploaded as files), cover letters, certifications, diplomas, professional licenses, identification documents (such as a passport or ID card, if ever requested for verification or travel purposes), work portfolio samples, or any other documents relevant to your qualifications. These documents are stored securely in our cloud storage (Amazon S3) with encryption and access controls[8]. We also retain any project deliverables you upload to the Platform (e.g. reports or outputs you create as part of an assignment), as these may contain personal identifiers (like your name as author) or other personal data.
  • AI-Generated Application Materials: Our Platform offers an AI-assisted tool to help consultants draft applications or proposals for consultancy listings. If you use this feature, the AI system will generate text (such as cover letters or capability statements) based on the personal and professional information in your profile. Those generated application materials, which may incorporate your personal data (e.g. your work history or skills), are stored in our system as part of your application records. You can review and edit these AI-generated applications before submission. Note: These materials are treated as your personal data and protected accordingly. (The AI does not independently make decisions about you; it only produces draft content for your convenience.)
  • Financial and Payment Information: If you are a consultant expecting to receive payments through HGA, we will collect the information needed to facilitate those payments. This may include your bank account details (account holder name, account number, bank name, SWIFT/BIC or routing number, etc.) which you provide for direct deposit of your fees, or details needed for alternative payment methods. We may also collect tax identification numbers or other necessary billing information where legally required (for example, completing tax forms or invoices). For clients or organizations paying through the Platform, we (or our payment processor) may collect your payment card details or bank information. Important: HGA uses a secure third-party payment gateway (Stripe) to process financial transactions on the Platform[9]. This means credit card information and certain sensitive payment data are collected directly by Stripe via secure forms, and Stripe does not share the full card numbers with us. We receive transaction confirmations and basic details (like the last four digits of a card, card type, or a Stripe transaction ID) for record-keeping[10]. All payment processing is PCI-DSS compliant[11]. We also store records of payments, invoices, and transaction history in our system (e.g. amounts paid, dates, and associated projects) as part of our Financial Transactions log, but we do not store your credit card numbers or security codes on HGA servers.
  • Organization and Client Data: If you are a representative of a client organization or a partner, we will collect your business contact information in order to manage the relationship and enable use of the Platform. This can include your name, work email, work phone, job title, and the organization’s name, address, industry, and other profile information. We may also collect details about the projects or consultancy listings you post and any evaluations or feedback you provide on consultants (which might include personal opinions or ratings about individuals). Similarly, if you are a consultant, data about organizations you interact with (e.g. the projects you’ve worked on, the client’s name and location) will be associated with your profile.
  • Communication Records: Any communications you send to us or through the Platform may be collected. This includes emails you send to HGA, messages or chat communications within the Platform (if such a feature exists for consultant-client communication), and support requests or inquiries. Our Support Ticket system will record the details of any support issues you report, along with our responses. These communications may contain personal data such as your contact information and any other details you choose to include. We use these records to address your inquiries and improve our services.
  • Usage Data and Device Information: We automatically collect certain data about your use of our website and Platform via cookies, log files, and similar technologies. This may include:
  • Technical Information: such as your IP address, browser type and version, device type, operating system, and device identifiers.
  • Usage Statistics: such as pages or screens you view, actions you take (e.g. search queries, clicks, features used), time and date of access, and referring webpage.
  • Cookies and Similar Technologies: We use cookies and tracking technologies to enhance your experience (for example, keeping you logged in, remembering preferences) and to analyze usage of our Platform. Some cookies are essential for site functionality, while others (like analytics cookies) are optional. Where required by law, we will obtain your consent for non-essential cookies. You can manage cookie preferences through your browser settings and our cookie management tool (if available). For more information, please see our Cookie Notice (if provided) or contact us.
  • Analytics Data: We use analytics services (for instance, Google Analytics) to understand how users engage with our Platform[12]. These services may collect information such as your IP address, location (approximate, derived from IP), and usage patterns. We configure such tools to respect privacy – for example, Google Analytics can be set to anonymize IP addresses. The data we get from analytics helps us improve site design, understand user needs, and troubleshoot issues.
  • Sensitive Personal Data: In general, we do not actively seek to collect sensitive personal data through the Platform unless necessary. “Sensitive” data can include information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric or genetic data, or precise information about criminal offenses. Our focus is on professional data. However, some sensitive details might incidentally be collected in certain scenarios – for example, if you voluntarily disclose health information relevant to a project or if a government identification document reveals your ethnicity or religion. We treat any such sensitive data with extra care and only process it where needed for the specific purpose (e.g., fulfilling a contract with appropriate safeguards or if required by law). We will seek explicit consent if required by law for handling any sensitive personal data.

No Sale of Personal Data: We want to clarify that we do not sell personal information to third parties for their own commercial use. “Selling” in this context means exchanging personal data for money or other valuable consideration for the third party’s independent use. HGA only shares personal data in the ways described in this Notice (for business and legal purposes, or at your direction). If in the future we ever considered a practice that could be deemed a “sale” under laws like CCPA, we would implement opt-out mechanisms. As of now, there is nothing in our data practices that falls under that category.

How We Use Your Personal Data (Purposes and Legal Bases)

We use the personal data collected for various legitimate business purposes in connection with HGA’s consulting platform and services. This section describes what we do with the data and the legal grounds that allow us to do so. HGA will not process your personal data in a manner that is incompatible with these purposes without your knowledge or consent. The main purposes for which we process personal data include:

  • Providing and Managing the Platform Services: We use your information to create and administer your user account, enable your access to the Platform, and allow you to utilize features such as building a consultant profile, searching or posting consulting opportunities, submitting applications, and communicating with other users. For example, we use your login credentials to authenticate you, your profile and CV details to populate your consultant profile and match you to suitable projects, and your contact info to send you necessary account or service communications. Legal basis: This is generally based on contractual necessity – to fulfill our obligations under the user agreement with you (or to take steps at your request before entering into a contract). Where a contract is not directly with you (e.g. you are an employee of a client organization), our legal basis may be our legitimate interest in providing services to your organization and ensuring the Platform functions effectively, in a way that is not overridden by your privacy rights.
  • Matching Consultants with Opportunities: HGA’s platform is used to connect consultant profiles with consulting opportunities (projects) posted by clients/partners. We will use the information in consultant profiles (such as skills, experience, location, availability) to algorithmically or manually match consultants to relevant project listings, and conversely use project information to inform consultants of suitable opportunities. We may also use personal data to customize and generate proposal materials (for instance, using our AI tool to draft an application for you based on your profile, as described above). Legal basis: This is part of providing our core service, so contractual necessity applies for registered consultants and for clients posting opportunities. It is also in our legitimate interest (and that of our users) to ensure the best candidates are matched with opportunities. We perform these matchmaking and application-generation activities with your consent in practice (since you actively use the Platform features to apply to projects).
  • Communications and Notifications: We use contact information (email, phone) to communicate with you about your account, transactions, and opportunities. For example, we will send service emails to confirm your registration, notify you about updates on projects (such as being shortlisted or selected for a consultancy), send announcements about changes to the Platform or this Privacy Notice, and alert you about security or support issues. We might also send you newsletters or marketing communications about new services, webinars, or opportunities at HGA. Legal basis: For essential service or transactional communications, the basis is contract (fulfilling our service to you) or legitimate interests in keeping you informed about your account and ensuring customer satisfaction. For marketing emails not related to an active service, we will rely on consent where required by law (for example, if you are an EU individual, we will only send you promotional emails if you’ve opted-in, unless they relate to a product similar to one you already have with us and local law allows an opt-out mechanism instead). In all cases, you can opt out of marketing messages at any time by using the unsubscribe link or contacting us, and we will honor such requests.
  • Facilitating Consulting Contracts and Projects: When a client selects a consultant for a project, we use the consultant’s personal data to prepare any necessary agreements (e.g. Work Orders or contracts) and to facilitate the execution of the project. This may include sharing the consultant’s CV and profile with the client for proposal/contract purposes, coordinating introductions and meetings, and managing deliverables and timelines through the Platform. We also use personal data to administer project workflows – for instance, tracking consultant work progress, enabling the submission of deliverables, and collecting client feedback (which might be linked to the consultant’s profile). Legal basis: Contractual necessity – once you agree to undertake a Work Order or project via HGA, we must process relevant personal data to carry out that contract. Additionally, HGA has a legitimate interest in ensuring projects are successfully executed and all parties stay informed, which benefits consultants, clients, and HGA alike. We limit personal data sharing to what is needed for these purposes (see “Data Sharing” below).
  • Payment Processing and Financial Operations: We process personal data to manage payments due to consultants and payments due from clients. For consultants, we use your financial details to send your compensation (fee payments) through our secure payment systems. For clients, we use provided payment information to collect fees or subscription charges. We also maintain transaction records (which include personal identifiers and amounts) for accounting and audit purposes. Legal basis: Processing payments is a contractual necessity (to pay consultants as agreed and charge clients as agreed). It’s also our legal obligation to maintain proper financial records and comply with tax laws. We ensure all financial data is handled securely, engaging trusted payment processors like Stripe for the actual handling of payment credentials[9]. As noted, HGA itself does not store credit card numbers; we receive confirmation from Stripe and retain only what is needed for receipts and auditing.
  • Platform Analytics and Improvements: We analyze usage data and feedback to improve our Platform’s functionality, user experience, and security. This can involve processing log data and cookies to understand how users navigate the interface, which features are most used, where users encounter errors, etc. We may also conduct user surveys or solicit feedback that involve personal opinions. Legal basis: Our legitimate interest in improving our services and ensuring the quality and security of our Platform. We take care to use aggregated or de-identified data for analytics wherever possible. When analytics tools (like Google Analytics) are employed, we do so in compliance with applicable laws (e.g., obtaining consent for analytics cookies in jurisdictions that require it, and using privacy-friendly settings such as IP anonymization).
  • Security and Fraud Prevention: We process personal data as needed to maintain the security of our Platform, protect against fraud, and ensure compliance with our terms and the law. This includes using login history and IP addresses to detect suspicious logins, using email/phone verification or multi-factor authentication to verify user identity[4], and monitoring activities on the Platform to prevent misuse. We may conduct checks against sanctions or watch-lists if required (for example, verifying that consultants or clients are not prohibited parties under trade law, as part of compliance and “Know Your Customer” due diligence[13][14]). If we suspect fraudulent or malicious activity, we may use personal information to investigate and take action. Legal basis: Legitimate interests in safeguarding our business, users, and the integrity of the Platform; in some cases legal obligation (for example, anti-money laundering (AML) regulations or sanctions laws may require us to screen certain individuals[14]). These activities benefit all users by creating a secure environment. We do not use personal data for any automated decision-making that produces legal or similarly significant effects without human review – any automated fraud flags or match recommendations are reviewed by HGA staff.
  • Legal Compliance and Reporting: We will use and disclose personal data where necessary to comply with our legal obligations. This includes using data to respond to lawful requests by public authorities, to meet national security or law enforcement requirements, to comply with subpoenas or court orders, to satisfy tax and accounting obligations (e.g., keeping records of payments to consultants for IRS or other tax authorities), and to cooperate with audits or regulatory inquiries. We also use data to enforce our contracts and to protect our legal rights (for example, using relevant data to handle any disputes or legal claims involving HGA). Legal basis: Compliance with legal obligations when applicable (such as retaining and producing information as required by law) and legitimate interests in protecting our rights and handling legal issues.
  • Other Purposes with Consent: If we need to process your personal data for a purpose materially different from the above, we will obtain your consent (if required by law) or provide you with notice and a chance to opt out. For example, if we ever wanted to feature a consultant’s profile or success story on our website for marketing, we would ask for permission. You have the right to withdraw consent at any time for any processing that is based on your consent, and we will then stop that processing going forward.

We make sure that any personal data we collect is used in a transparent manner and only as necessary for the intended function of our Platform and services. If you have questions about specific uses or legal justifications, you can always contact us for more information.

How We Share and Disclose Personal Data

We do not disclose your personal data to unaffiliated third parties for their own marketing or commercial purposes. However, in order to run our operations and provide the Platform services, we need to share information with certain categories of recipients. We do so under strict conditions to ensure your data remains protected. The main circumstances in which we share personal data are:

  • Client and Partner Organizations (Business Necessity): If you are a consultant, we will share your personal data with client organizations or partner agencies when necessary to pursue or perform consulting engagements. For example, when you apply to or are proposed for a consulting project, HGA will share your CV, profile information, and relevant documents with the prospective client (such as an international development organization or donor) that is offering the opportunity[15]. This is done to present your qualifications and is a core function of the service. Similarly, if a client selects you for a project, we will share necessary contact information to facilitate onboarding (e.g. so the client can communicate with you about the work). We limit what is shared to what the client or partner needs to know for decision-making or contract execution (typically your professional background and contact info). Clients and partners are required to use such data only for the purposes of the project and to protect it in accordance with applicable laws. We do not allow them to use consultant data for unrelated purposes. Conversely, if you are a client representative, we may share your contact information with a consultant who has been engaged on your project (for coordination purposes). Everyone using the Platform is bound by user agreements to handle personal information confidentially and securely.
  • Service Providers and Vendors: We use trusted third-party companies to help us operate our Platform and deliver services on our behalf. These service providers only access personal data as needed to perform specific tasks under our instructions, and they are obligated to keep it confidential and secure. Key service providers we use include:
  • Cloud Hosting and Storage: We host our Platform and databases on secure cloud infrastructure. For instance, we utilize Amazon Web Services (AWS) for cloud hosting and file storage[16]. All uploaded documents (CVs, certificates, etc.) are stored in Amazon S3 storage buckets with encryption[8]. AWS may therefore hold encrypted personal data on our behalf, but AWS has no access to decrypt or use it for any other purpose.
  • Payment Processing: As noted, we partner with Stripe for payment processing[9]. When you enter payment details, you are interacting directly with Stripe’s system via integration; Stripe then provides us with the transaction results. Stripe is a PCI-DSS compliant payment processor, and it may act as an independent controller of your payment data for compliance purposes. We only share with Stripe the information required to process transactions (e.g. payment amount, your name and email, and an identifier to match the payment to your account) and in turn receive confirmation and payer info from them[17]. For payouts to consultants, Stripe may also receive your banking details. We have agreements in place to ensure Stripe protects your data. (Please refer to Stripe’s privacy policy for more on their data handling.)
  • Email and Communications Services: We may use services to send emails, platform notifications, or SMS messages. This could include services like AWS Simple Email Service or other email delivery providers for bulk emails (e.g. system alerts, marketing newsletters), and potentially SMS gateways (for MFA codes or alerts). These providers would receive your contact info and message content as needed to deliver communications to you. They are not permitted to use your info for other purposes.
  • Analytics and Monitoring: We utilize analytics tools such as Google Analytics to collect usage information on our website[12]. Google may process certain data (like IP addresses and cookie identifiers) for analytics on our behalf. We have configured Google Analytics to comply with privacy requirements (including data retention limits and IP masking). We do not share any directly identifying personal data (like your name or email) with Google Analytics. Additionally, we might use infrastructure monitoring services (e.g. New Relic, Datadog, or similar as per our tech stack) to monitor system performance; those may incidentally process some user IDs or metadata for monitoring, but not for any separate use.
  • AI Service Providers: If our AI application feature uses a third-party AI engine (for example, an AI API such as OpenAI’s GPT or similar), then some of your profile data (the input to the AI) and the generated output might be processed by that AI provider. We ensure that any AI integration is subject to a contract that safeguards your data (for instance, not using it to train their models if that’s our preference, and respecting confidentiality). We will inform users if an external AI service is being used for generating content. In any case, the output is only used within our Platform for your benefit.
  • IT Support and Development: We may share data as needed with third-party developers or IT support technicians if they are troubleshooting an issue for us, but this is done under strict controls (e.g., with data anonymization where possible, and under NDAs). For example, if we use a contract development firm to build new Platform features, they might have access to the database in a controlled environment. All such access is limited and supervised by HGA with confidentiality obligations in place.
  • HGA Affiliates and Personnel: We may share personal data with affiliated companies within the Humanics Group (if any) or with our internal consultants and staff who need the information to perform their duties. For example, HGA’s recruitment team or business development staff will have access to consultant profiles in order to match them with projects; our finance team will have access to payment information to process payouts. All HGA personnel are bound by confidentiality agreements and data protection policies[18]. If HGA is working in partnership with another firm on a joint project proposal, we would only share consultant data with that partner firm if necessary and with appropriate confidentiality protections (and ideally with the consultant’s knowledge).
  • Legal and Compliance Recipients: We may disclose personal data when required by law or necessary for compliance or protection purposes:
  • Authorities and Legal Requests: If we receive a court order, subpoena, or lawful demand from government authorities (such as law enforcement or regulatory agency), we may be obligated to disclose certain data. We will only do so after verifying the request’s validity and scope. Whenever permitted, we will notify affected users of such requests.
  • Protecting Rights and Safety: We may share information to enforce our contracts or terms of service, to investigate potential violations or security issues, or to protect the rights, property, and safety of HGA, our users, or others. For example, we might share information with our legal counsel and advisors in the event of a dispute or with law enforcement if we believe an account is being used for fraudulent or illegal activity.
  • Audit and Compliance: Occasionally, our projects (especially those with government or donor funding) might be subject to audits or reviews that require examining records which could include personal data (for example, verifying that consultants meet certain qualifications or that payments were made correctly). We ensure any third-party auditors are bound to confidentiality and only use data for the audit purposes.
  • Business Transfers: If HGA undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, personal data may be transferred as part of that deal. We would ensure the acquiring entity is bound to respect the personal data in a manner consistent with this Privacy Notice. Similarly, if HGA is involved in a bankruptcy or insolvency proceeding, your information could be considered an asset, but any transfer would only occur in compliance with applicable privacy laws.
  • With Your Consent or At Your Direction: Aside from the above, we will share your personal data with third parties only if you have provided consent or requested us to do so. For instance, if you ask us to provide a reference or verification of your work to a prospective employer, we would share data with that party at your direction. Or, if you utilize integrations that allow you to export or share your data to another platform, we will do so only with your authorization.

We strive to keep any sharing of personal data to the minimum required, and we choose reputable partners who are obliged to protect your information. Whenever we share your data, we do so under the principle of “need to know” – the third party receives only what they need for the task and no more. HGA remains accountable for the protection of your data even when it’s transferred to or processed by others on our behalf.

International Data Transfers

HGA is a global organization, and as such, we may need to transfer or access personal data across international borders. Specifically, Humanics Global Advisors is based in the United States (incorporated in Delaware, USA), and our Digital Platform infrastructure is also primarily hosted in the U.S. (and/or other locations as needed for reliability). Additionally, our consultants, clients, and partners are located worldwide, including in the European Union (EU), African nations, and other regions. This means that your personal data may be transferred to or stored in countries different from your home country.

For example: – If you are an EU-based consultant, your profile data will be stored on our secure servers in the U.S. (or another country outside the EU). It may also be accessed by HGA staff in the U.S. or by a client in another country in the context of a project[19]. – If you are in Africa, your data may be transferred outside your country, including to the U.S. or EU, since our systems and many clients are international[19]. – Communications or support tickets you submit from anywhere in the world are handled by our team in the U.S. (or potentially other countries where we have support staff).

Privacy Safeguards for International Transfers: We understand that different countries have different data protection laws, and we take steps to ensure that your personal data is adequately protected wherever it is processed. In particular, for personal data originating from the European Economic Area (EEA), the UK, or Switzerland, which have strict rules on data exports, we implement one or more of the following safeguards: – Standard Contractual Clauses (SCCs): We can enter into EU-approved standard data protection clauses with the recipient of the data (if the recipient is HGA in the US or a third-party service provider in a country without an EU adequacy decision). These contractual clauses impose data protection obligations on the receiver and give you rights, ensuring a level of protection essentially equivalent to EU standards. – Adequacy Decisions: If data is transferred to a country that the European Commission has determined offers adequate data protection (such as, hypothetically, if we store some data in a country deemed adequate), then we rely on that decision for transfer. – African Union Convention & Local Transfer Rules: In Africa, we comply with applicable transfer rules such as those outlined in the AU’s Malabo Convention, which requires that personal data transferred out of an AU member state go to countries with “an adequate level of protection”[20]. In practice, this means we treat cross-border transfers from African countries with similar care as EU data – using contractual safeguards and ensuring the recipient country (like the US) has robust data security practices. Where required by certain national laws (e.g., some countries may require explicit consent for cross-border transfer), we will obtain your consent for the transfer. – Privacy Shield or Successor (if applicable): (Note: The EU-U.S. Privacy Shield was invalidated in 2020, but a new framework, like the EU-U.S. Data Privacy Framework, was adopted in 2023. If HGA or any service provider is certified under such a framework, we can mention it.) HGA will adhere to any such frameworks for relevant transfers, to the extent applicable. – Explicit Consent and Necessity: In some cases, we rely on your explicit informed consent to transfer your data across borders, especially for sensitive data. For example, the consultant contract you agree to explicitly states that you consent to the transfer and storage of your data across international borders as needed for our services[21]. Additionally, international transfers may be necessary for the performance of a contract between us (e.g., if a project is in a foreign country, we must send your data there to engage you) or necessary to implement pre-contractual measures at your request. These are recognized derogations under GDPR (Art. 49) and similar laws for specific situations when other safeguards are not in place.

Regardless of the mechanism, HGA ensures that your data will receive a high level of protection wherever it is processed. We apply the same technical and organizational security measures described in this Notice across all locations. Our service providers are contractually bound to protect your data to standards commensurate with those required by GDPR and other strict laws, even if they are in jurisdictions with different regulations.

Access from Various Countries: Note that even if data is stored in one central region, it might be remotely accessed by authorized personnel or clients in other countries. Such access is also considered a form of transfer. We manage access rights carefully (using role-based access control and authentication) so that only authorized parties can retrieve the data, and they must handle it according to our policies and applicable law.

If you have questions about international data transfers or need a copy of applicable transfer safeguards (such as a copy of the standard contractual clauses we use), please contact us at the address provided. We will be happy to provide more information, subject to legal and confidentiality considerations.

Data Security Measures

HGA takes the security of personal data very seriously. We have implemented a comprehensive set of technical and organizational measures to prevent unauthorized access, loss, or misuse of your information. These measures are continually reviewed and updated to meet evolving security standards. Below are some key elements of our security program:

  • Encryption in Transit and at Rest: All data transmitted between your browser/device and our Platform is protected using strong encryption protocols like SSL/TLS, ensuring that personal data (including financial information) is encrypted while it travels over the internet[22]. Likewise, sensitive personal data stored in our databases is encrypted at rest (using industry-standard encryption algorithms such as AES-256)[23]. For example, passwords are stored in hashed form, and other sensitive fields (like banking details) are encrypted in the database. This means that even in the unlikely event of unauthorized access to the data storage, the information would be unreadable without the encryption keys.
  • Secure Infrastructure (Cloud Security): We host our applications and databases on secure cloud services (e.g., AWS). Our servers are protected by firewalls and network security controls to restrict access[24]. All uploaded documents and files are stored in Amazon S3 secure storage, which automatically encrypts data at rest and in transit[8]. Access to the storage buckets is tightly controlled – only the application and authorized admins can access the files. Additionally, document access events are logged and monitored[25]. AWS maintains robust physical security at its data centers, including 24/7 monitoring, biometric access controls, and redundancy for power and cooling.
  • Access Control and Authentication: We have implemented role-based access control (RBAC) throughout the Platform[5]. This means users (and internal staff) can only access the data and features necessary for their role. For instance, a consultant can view and edit their own profile but not others’, clients can only see consultant data when consultants apply to their project or are engaged with them, and HGA staff have tiered access depending on their job function (with only select authorized personnel able to access high-level data). All user accounts are protected by password authentication with requirements for strong passwords. We also offer (and encourage) Multi-Factor Authentication (MFA) for logins[4] – adding a one-time code via email, SMS, or authenticator app during login to verify identity. Internal admin access to systems requires MFA as well. We enforce secure password practices (e.g., minimum length, complexity) and periodically prompt users to update credentials[26].
  • Monitoring and Threat Detection: Our systems are equipped with logging and monitoring tools that track access and actions. We maintain an audit log of key activities on the Platform (like account changes, data exports, admin actions). We also use automated security tools and intrusion detection systems to alert us of unusual patterns or potential intrusions[27]. For example, repeated failed login attempts or access from unusual locations may trigger alerts or temporary account lockouts. We utilize services like web application firewalls (WAF) to protect against common web exploits (e.g., SQL injection, XSS). Regular review of logs helps us quickly identify and respond to any suspicious behavior.
  • Regular Security Audits and Testing: We conduct regular security audits and assessments of our Platform[28]. This includes vulnerability scanning and periodic penetration testing by security professionals to probe for weaknesses. Any findings are promptly addressed with remediation actions. We also review our compliance with standards (like GDPR, CCPA, PCI DSS for payments[11]) on an ongoing basis[29]. Where appropriate, we certify or attestate to relevant security standards. For instance, while HGA as an entity may not be a PCI-certified service provider, we ensure that all payment processing is outsourced to a PCI-certified processor (Stripe)[11], and we follow PCI guidelines in our handling of payment data (e.g., never storing sensitive card details).
  • Data Backup and Recovery: We perform regular backups of our critical databases and files to guard against data loss[30]. Backups are encrypted and stored securely (including off-site or in geo-redundant locations) to ensure that even in the event of a system failure or disaster, data can be restored. We have a disaster recovery plan that outlines steps to be taken in case of major incidents (like a server outage or data breach)[31]. We periodically test our backups and recovery procedures to ensure they work effectively, thus maintaining business continuity and data integrity.
  • Organizational Measures: Security isn’t just about technology; we also implement organizational controls. HGA employees and contractors are trained on data privacy and security practices[32]. We have internal policies governing how personal data is handled (for example, rules against downloading data to unsecured devices, requirements to use VPN and encryption for remote work, etc.). All staff with access to personal data must sign confidentiality agreements. We limit access to personal data to those who need it for their job. For example, our consulting coordination team sees profiles and project data, but only our finance team sees full bank account details, etc. When staff leave or no longer need access, credentials are revoked promptly. We also maintain up-to-date anti-malware protection and system patches on our devices and servers to defend against threats.
  • Incident Response: Despite all precautions, no system is absolutely foolproof. HGA has a detailed incident response plan to deal with security breaches or data incidents should they occur[33]. The plan includes steps for containment, investigation, user notification, and remediation. We have designated an incident response team that will spring into action if an issue is detected. In the unfortunate event of a data breach involving your personal information, we will notify affected individuals and relevant authorities as required by law, and we will provide guidance on protective steps to take. We practice “responsible disclosure” – encouraging security researchers to report vulnerabilities to us and not to the public, so we can fix them quickly.

In summary, we employ state-of-the-art security measures (encryption, access controls, monitoring, backups, etc.)[3][30] to protect your data, and we foster a culture of security awareness in our organization. While we cannot guarantee 100% security, we are committed to doing everything reasonably possible to protect your personal data against threats. We also encourage you as a user to play a role in security: use a strong, unique password for your account, enable MFA, and notify us immediately if you suspect any unauthorized activity on your account.

Data Retention and Disposal

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Notice, and to comply with applicable legal, accounting, or reporting requirements. The exact duration for which we keep different categories of data can vary based on the type of data and the context. Here are some general guidelines we follow regarding retention:

  • Active Account Data: If you have an account on our Platform (e.g., as a consultant or client), we will keep your profile information, content, and other personal data while your account is active and for a reasonable period thereafter. We do this to maintain continuity of service – for example, so you can pause and come back to use our platform without losing your profile. If your account remains inactive for an extended period, we may contact you to confirm if you wish to maintain it. Inactive accounts: After a prolonged inactivity (e.g., 2 years or as determined by HGA policy), we may deactivate or delete the account and associated personal data, after attempting to notify you. You always have the option to request deletion of your account sooner (see “Your Rights” below), in which case we will remove or anonymize your data (except for information we must keep for legal reasons).
  • Consultant Profiles and CVs: We retain consultant profile data and CVs for as long as the individual remains in our consultant network. If you decide to stop seeking opportunities through HGA and request deletion of your profile, we will remove your profile from the active database and stop presenting you to clients. However, we may retain certain elements (like your name, projects worked) for historical record-keeping (to avoid duplicating records if you re-register, or to reference in project archives) unless you specifically request complete erasure. If you had been engaged in any projects, basic information about those projects and your involvement may be retained in project records (e.g., in the client’s contract file or in financial logs), but that data would be minimized and kept only as necessary for legal and business records.
  • Client and Partner Data: We keep information about client organizations and contacts for as long as we have an ongoing relationship and for a period thereafter to maintain business records and potentially to re-engage. If you are a client contact and leave your organization or request removal, we will update or remove your contact details, though we might keep a record of the organization’s history with us.
  • Support and Communications: Communications such as support tickets, emails, and chat logs are retained as long as needed to resolve your inquiry and for internal training or quality assurance. Typically, support tickets are stored for a couple of years in case similar issues recur or for audit purposes. Email correspondences might be retained longer in our mail archives which are secured and limited to need-to-know access.
  • Transaction and Financial Records: We retain financial and transaction records (invoices, payments, banking details) for a period mandated by financial regulations and tax laws. In many jurisdictions, financial records must be kept for 7 years (or sometimes 5 years) for audit and tax purposes. Therefore, even if you delete your account, we may need to keep certain financial data (like invoices issued to you or payment records) until the end of the required period. This data will be maintained securely and only used for those compliance purposes.
  • Legal Compliance and Protection: If certain personal data is relevant to a legal obligation or a dispute, we will retain it for the duration of the obligation or dispute (including any statute of limitations period during which a claim could be brought). For example, if a project you worked on is subject to a donor audit after 3 years, we might need to have retained your timesheets or credentials for that audit. Similarly, if we ban a user for misconduct, we may retain identifying information to prevent re-registration or to cooperate with law enforcement, as appropriate.
  • Backup Copies: Our systems perform routine backups. Backup files are retained for a short duration before being overwritten with newer backups. Thus, even after we delete your data from our primary systems, it may remain in encrypted backups for a short period until those backups cycle out. We apply strict access control to backups, and if we restore a backup for disaster recovery, we will re-delete any data that had previously been requested for deletion, to the extent feasible.

Data Disposal: When personal data is no longer required and is scheduled for deletion, we ensure it is erased in a secure manner. For digital data, deletion involves removing the data from our active databases and, where possible, from all media such that it cannot be readily reconstructed. We may use techniques like secure overwriting or cryptographic erasure for particularly sensitive information. For physical records (if any exist, such as a printed agreement or ID copy), we use secure shredding or incineration. Our disposal procedures follow industry standards to prevent any possibility of data being recovered. Additionally, we may choose to anonymize certain data instead of deleting it, if it can serve legitimate business analytics purposes without identifying individuals. For instance, we might keep aggregated statistics about consultant skills in demand, but those statistics would no longer be tied to your name once anonymized.

Once the retention period expires, or upon verified request for deletion, we will either permanently delete or irreversibly anonymize your personal data, except for any residual amounts stored on backup media which will be overwritten in due course. If deletion is not immediately possible (for example, data stored in archives), we will ensure it is isolated and protected until deletion is possible.

If you have specific questions about our retention practices for a particular type of data, you may contact us (see Contact section). We can provide more detail or accommodate reasonable requests, such as deleting certain information sooner, provided we do not have a legal obligation or overriding interest to keep it.

Your Rights as a Data Subject

As outlined in the summary, individuals (data subjects) have a number of rights regarding their personal data. HGA is committed to respecting and facilitating these rights. The availability of certain rights may depend on your residency or citizenship (for example, GDPR grants these rights broadly to EU data subjects, CCPA grants specific rights to California residents), but HGA’s policy is generally to honor these core rights for all users to the extent possible. Below we describe each right and how you can exercise it:

  1. Right to Access: You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it. This is sometimes called a “Data Subject Access Request.” Upon request, we will confirm if we are processing your personal data and provide you with a copy of that data, as well as details such as the purposes of processing, the categories of data, any third parties it’s shared with, and the planned retention period, all as required by law. We will provide this in a commonly used electronic form (unless you request otherwise). For California residents, the right to access includes the right to know the categories of personal information collected, the sources of that information, the business purpose for collection, the categories of third parties with whom it is shared, and if applicable, the specific pieces of personal information obtained. We aim to provide as much detail as reasonably possible.
  2. Right to Rectification (Correction): If any of your personal data that we have is incorrect or incomplete, you have the right to have it corrected. You can also update many pieces of information yourself directly on your account profile (for example, you can log in and edit your contact information, CV details, etc.). For any data not editable by you, contact us with the specifics of the correction needed and we will rectify our records. We may need to verify the accuracy of the new information you provide, but we will update it promptly and inform any third parties as required (if, for instance, we had previously shared incorrect data with someone, we’ll inform them of the correction if required by law).
  3. Right to Deletion (Right to be Forgotten): You may request that we delete your personal data. This right is not absolute – it applies in certain circumstances, for example if the data is no longer needed for the purposes it was collected, or if you withdraw consent and we have no other legal basis to keep it, or if we processed your data unlawfully. We will honor valid deletion requests by erasing your personal data from our active systems, and instructing our processors to do the same. However, we will notify you if there are categories of data we cannot fully delete because of legal obligations or other exceptions. Common examples include where we must retain transaction records for tax purposes, or where data is needed to establish or defend legal claims. In such cases, we will restrict the data so it is no longer actively processed. California residents: The CCPA grants a right to request deletion of personal information collected from you (with similar exceptions). If you request deletion, we will remove the data we are not obligated to keep, and we will tell you the outcome of your request.
  4. Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain cases – for instance, if you contest the accuracy of the data, you can ask us to pause processing (other than simply storing it) until we verify and correct it; or if you object to our processing (see the right to object below) and we are considering that objection; or if the processing is unlawful but you prefer restriction instead of deletion; or if we no longer need the data but you need us to keep it for a legal claim. When processing is restricted, we will store the data securely and not use it except to the extent allowed (e.g., to exercise legal rights or with your consent). We will inform you before lifting any restriction. We also inform any third parties who received the data (if required) so they don’t continue processing it.
  5. Right to Object: You have the right to object to our processing of your personal data in certain situations: – Legitimate Interests: If we are processing your data based on our legitimate interests (or those of a third party), you can object to that processing if you feel it impacts your fundamental rights and freedoms. If you raise an objection, we will evaluate it. We may continue processing if we can demonstrate compelling legitimate grounds that override your interests, or if the processing is for the establishment, exercise, or defense of legal claims. Otherwise, we will cease the processing in question. – Direct Marketing: You can always object to your data being used for direct marketing. If, for example, you no longer wish to receive our newsletter or promotional emails, you can opt out by clicking “unsubscribe” in those emails or by contacting us. Once you object or opt-out, we will stop using your data for marketing purposes immediately. (There’s no exception to this – we will honor all such requests.)
  6. Right to Data Portability: For data that you have provided to us, you have the right to receive it in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller (for example, to another platform), where technically feasible. This right applies when the processing is based on your consent or on a contract with you, and the processing is carried out by automated means. In practice, this might include things like the core profile information you provided, your CV details, etc. If you request it, we will provide a digital file (for example, a CSV or JSON file) containing the personal data that you provided to us and that we process electronically. If you prefer and it’s feasible, we can also directly transmit the data to another service provider at your direction (though often it’s simpler for you to handle the file).
  7. Right to Withdraw Consent: In cases where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. For example, if you gave consent for us to use your testimonial on our website, you can withdraw it and we will remove your testimonial. Or if you consented to optional cookies, you can change your preference. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to the withdrawal, and it won’t affect processing under other legal bases. However, if consent was the only legal basis for certain processing, we will stop that processing. Note that if you withdraw consent for data that is necessary for us to provide the Platform services, it may impact our ability to serve you. For instance, a consultant who withdraws consent for us to share their CV with any clients would essentially disable our core service; we would inform you of the implications at that time (as the consultant contract notes, withdrawing consent might affect our ability to secure engagements for you[34]).
  8. Rights Related to Automated Decision-Making: HGA does not make any solely automated decisions (with no human involvement) that produce legal or similarly significant effects about individuals (like decisions on eligibility for jobs or credit solely by algorithm without human review). If we ever implement automated decision-making, you would have the right to not be subject to such decisions in certain cases, and to request human intervention. Currently, any automated processes (like consultant-project matching suggestions) involve humans in the loop and/or do not have final decision authority without review.
  9. Right to Non-Discrimination (CCPA specific): If you exercise any of your rights under CCPA as a California resident, we will not discriminate against you for doing so. This means we will not deny you our services, charge you different prices, or provide a different quality of service just because you exercised your privacy rights. HGA provides equal service to all users regardless of any privacy choices you make (within the bounds of being able to actually provide the service).
  10. Right to Lodge a Complaint: If you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. For EU residents, this would be the Data Protection Authority in the member state of your habitual residence or where an alleged infringement occurred. For example, in France it’s the CNIL, in Nigeria it’s the NITDA for data protection, in Kenya the Office of the Data Protection Commissioner, etc. In the UK, it’s the ICO; in California, you can contact the California Attorney General’s office or the CPPA; in other jurisdictions, there will be an equivalent regulator. We encourage you to first reach out to us so we can attempt to address your concerns directly, but you are free to contact the authorities at any time.

How to Exercise Your Rights: To exercise any of your data subject rights, please contact us using the contact information provided in the Contact Us section below. If you have an account, you may also have access to self-service tools for some rights (for example, an account settings page to update info or download data, or a deletion function). When you contact us, please clearly describe your request – for example, “I want to access my data” or “Please delete X information” – and include enough information for us to verify your identity. We take the privacy of all accounts seriously, so we will need to ensure that the person making a request is actually the person to whom the data belongs (or their authorized representative). For verification, we may ask you to provide certain information or identification that matches our records. If you are using an authorized agent (like a lawyer or someone with power of attorney) to make the request on your behalf (as allowed under CCPA for instance), we will need proof of that authorization.

Response Time: We will respond to your request as soon as possible and within the timeframe required by law. Under GDPR, this is generally within 1 month (with a possible extension of 2 further months for complex requests, in which case we will inform you of the need for more time). Under CCPA, we aim to respond within 45 days (and can extend once by another 45 days if necessary, with notice). Our response will typically be free of charge, but note that for unfounded or excessive requests (especially repeated requests), data protection laws allow us to charge a reasonable fee or refuse to act. We will, of course, inform you if any fee or refusal is applicable and why.

Limitations: Please be aware that some rights have limitations. For example, if fulfilling your deletion request would prevent us from complying with a legal obligation (such as keeping certain financial data), we may deny that part of the request and will inform you of the reason. Similarly, the right to data portability covers only data you provided, not data we generated, and only when technically feasible. We will always explain our reasoning if we cannot fully comply with a request.

HGA is dedicated to upholding your rights. We have internal procedures to handle such requests and a team that reviews them. You will not have to wonder about the status – we will keep you updated.

If you have any questions about your rights or how to exercise them, please reach out to us. Your privacy and control over your information are top priorities for us.

Cookies and Tracking Technologies

(This section provides a brief overview of our use of cookies; for more details, see our separate Cookie Policy if available.)

Our Platform and website use cookies and similar tracking technologies to provide, personalize, and improve the service, as well as to protect the Platform and analyze usage.

  • What are Cookies? Cookies are small text files stored on your device by websites you visit. They contain information that the website can later read back. Cookies can be “first-party” (set by HGA’s website) or “third-party” (set by others, such as analytics providers). They can persist only for the browsing session or remain longer for remembering preferences.
  • Types of Cookies We Use:
  • Essential Cookies: These are necessary for the Platform to function correctly. For example, authentication cookies keep you logged in as you navigate between pages, and session cookies remember items you fill in forms. Without these, the service may not work properly.
  • Preference Cookies: These remember choices you make to give you a more personalized experience (e.g., your language or timezone preferences).
  • Analytics Cookies: We use these to collect information about how users use our site, which pages are popular, what path users take, etc. For instance, we use Google Analytics which sets cookies to gather usage data (like how long you stay on a page, interactions on that page)[12]. This helps us improve the Platform. We have configured Google Analytics to not collect personally identifying info and to anonymize IP addresses where applicable.
  • Security Cookies: These help identify and prevent security risks. For example, we might use a cookie to determine if it’s the same device making a lot of requests, which could indicate malicious activity.
  • Advertising Cookies: At present, HGA’s Platform is not ad-supported and we do not use advertising cookies or share data for advertising purposes. If this ever changes, we will update our policies and obtain appropriate consent.
  • Cookie Consent: In jurisdictions where consent is required for certain cookies (like in the EU for non-essential cookies under the ePrivacy Directive), we will present a cookie consent banner or interface on your first visit. You can choose to accept or reject analytics cookies. Essential cookies that are strictly necessary will be used regardless, as they do not require consent.
  • Managing Cookies: You have the ability to control cookies through your browser settings. You can usually set your browser to notify you before cookies are placed, or to block them altogether. You can also delete cookies that have already been set. Please note that if you disable cookies, some parts of our site or service might not function properly (for instance, you might not be able to log in or use certain interactive features).
  • Other Tracking Technologies: We may use web beacons (pixel tags) in our HTML emails to know if an email has been opened or if certain links were clicked, which helps us gauge the effectiveness of our communications. We may use local storage or session storage in the web browser for certain preferences or caching, which are similar to cookies. If our mobile app (if any) uses unique device identifiers or SDKs for analytics, we handle those similarly to cookies, obtaining consent where needed.

For a detailed list of cookies and trackers in use, please refer to our Cookie Policy or reach out to us with any questions. By using our site and Platform, you consent to our use of cookies and tracking technologies as described (subject to any settings or consents you have exercised).

Changes to This Privacy Policy

We may update this Global Data Privacy Notice from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated Notice on our website and update the “Last Updated” date at the top. If the changes are significant, we will provide a more prominent notice or may notify you via email or through the Platform (for example, through a notification banner or message).

We encourage you to review this Privacy Notice periodically to stay informed about how we are protecting your information. If you continue to use the HGA Platform after an updated Privacy Notice takes effect, it indicates that you have read and understood the current version of the Notice.

If we were to change the purposes of processing your personal data in a material way, we would seek your consent where required or provide you an opportunity to opt out, as needed under applicable laws.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or our handling of your personal data, please contact us:

Humanics Global Advisors LLC (HGA)
Attn: Privacy Officer / Data Protection Inquiry
Email: privacy@humanicsgroup.org (or info@humanicsgroup.org)
Postal Mail: 123 Example Street, Wilmington, DE 19801, USA (Note: this is an example address; please use the actual business address of HGA.)

(If you are contacting us by mail, please include attention to “Privacy” so it can be directed appropriately.)

We will respond to your inquiries as soon as possible, generally within a few business days. For security and privacy reasons, we may need to verify your identity before fulfilling certain requests (such as access or deletion requests) – we will inform you of what is needed.

Your privacy is important to us, and we welcome your feedback. If you have suggestions or feel that any aspect of our service or this policy is not adequately addressing your concerns, please let us know. We appreciate the opportunity to communicate and resolve any issues directly.

Thank you for trusting HGA with your personal data. We are dedicated to safeguarding it and using it responsibly in line with all obligations and best practices[1][18].

[1] [6] [7] [13] [14] [15] [18] [19] [21] [34] HGA_Consultant_Contract_Template.docx

file://file-GA7v2hdnXhXEYmWj3q3gXG

[2] [20] AU Convention on Cyber Security and Personal Data Protection | Malabo Convention – Michalsons

https://www.michalsons.com/blog/au-convention-on-cyber-security-and-personal-data-protection-malabo-convention/65281

[3] [4] [5] [8] [9] [10] [11] [12] [16] [17] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] HGA_Digital_Platform_Technical_Specifications.pdf

file://file-LERZnDM52Sh8kLN2RatZB5