Data Handling Policy

Data handling follows minimization, purpose limitation, and least-retention principles.

Only data required for communication, engagement qualification, and service execution is processed.

Typical data categories include contact information, communication content, project context, and non-sensitive operational metadata.

Sensitive data should not be submitted through open website forms unless explicitly agreed through secure channels.

Data is processed solely for professional communication, engagement evaluation, service delivery, and security operations.

Data is not processed for unrelated profiling or third-party resale.

Selected infrastructure and service providers may process data as subprocessors to support hosting, forms, analytics, and communication flows.

Providers are selected with security and reliability considerations appropriate to project scope.

Records are retained for the minimum period necessary for legitimate business operations, legal obligations, and security requirements.

Data can be deleted or anonymized when retention is no longer justified.

Requests regarding access, correction, deletion, or processing restrictions can be submitted through the professional contact channel.

Requests are reviewed and handled in line with applicable legal obligations.