GDPR Policy
Our commitment to your data privacy rights under the GDPR and UK GDPR.
Last updated: June 2026
1. Overview
This GDPR Policy explains how HYNOGO LLC ("HynoGo") complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018.
HynoGo processes personal data in connection with business formation and consultancy services provided to clients globally. This policy describes our lawful basis for processing, the data subject rights we uphold, and our data protection practices.
2. Data Controller
HYNOGO LLC acts as the Data Controller for personal data collected through our website and client portal.
Registered address: HYNOGO LLC, 1001 S Main St, Ste 500, Kalispell, MT 59901, USA Data Protection enquiries: privacy@hynogo.com
3. Personal Data We Collect
We collect and process the following categories of personal data:
**Identity Data:** Full name, date of birth, nationality, government-issued ID **Contact Data:** Email address, phone number, WhatsApp number, postal address **Financial Data:** Payment card information (processed via PCI-DSS compliant processors; not stored by HynoGo) **Business Data:** Business name, registration details, tax identification information **Technical Data:** IP address, browser type, device identifiers, cookies **Usage Data:** Pages visited, services viewed, form submissions **Communications:** Correspondence, support tickets, consultation records
4. Lawful Basis for Processing
HynoGo processes personal data under the following lawful bases:
• **Contract performance** — To fulfil the business formation or consultancy services you ordered • **Legal obligation** — To comply with KYC, AML, tax, and regulatory requirements • **Legitimate interests** — Service improvement, fraud prevention, and business administration • **Consent** — Marketing communications, where you have opted in explicitly
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
5. Your Rights Under GDPR
As a data subject, you have the following rights:
• **Right of access** — Request a copy of the personal data we hold about you • **Right to rectification** — Request correction of inaccurate data • **Right to erasure** — Request deletion of your data where there is no compelling reason to continue processing • **Right to restrict processing** — Request temporary restriction of processing • **Right to data portability** — Receive your data in a structured, machine-readable format • **Right to object** — Object to processing based on legitimate interests or for direct marketing • **Rights related to automated decision-making** — Not to be subject to solely automated decisions with significant effects
To exercise any of these rights, contact: privacy@hynogo.com. We will respond within 30 days.
6. International Data Transfers
HynoGo is headquartered in the United States. Personal data may be transferred to and processed in countries outside the EEA and UK. Where such transfers occur, HynoGo ensures appropriate safeguards are in place, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission • UK International Data Transfer Agreements (IDTAs) for transfers from the UK • Adequacy decisions where applicable
Data is not transferred to third parties for marketing purposes without explicit consent.
7. Data Retention
HynoGo retains personal data only for as long as necessary for the purposes for which it was collected:
• Client formation records: 7 years (legal and tax compliance) • KYC/AML documentation: 5 years after relationship ends • Marketing consent records: Until consent is withdrawn • Technical/log data: 12 months • Support correspondence: 3 years
After retention periods expire, data is securely deleted or anonymised.
8. Data Security
HynoGo implements appropriate technical and organisational measures to protect personal data, including:
• Encrypted data storage and transmission (TLS/SSL) • Access controls and authentication for internal systems • Regular security reviews and penetration testing • Staff training on data protection and information security • Incident response procedures for personal data breaches
In the event of a personal data breach that poses a risk to data subjects, HynoGo will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.
9. Supervisory Authority Complaints
If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with your local data protection supervisory authority:
• **EU residents:** Your national supervisory authority (e.g., CNIL for France, BfDI for Germany) • **UK residents:** Information Commissioner's Office (ICO) — ico.org.uk • **US residents:** California Privacy Rights Act (CPRA) rights apply where applicable
11. Policy Updates
This GDPR Policy is reviewed annually and updated when there are material changes to our data processing activities or applicable law. Significant changes will be communicated via email or prominent notice on our website.
Last updated: June 2026
Data Protection Contact: privacy@hynogo.com · HYNOGO LLC, 1001 S Main St, Ste 500, Kalispell, MT 59901, USA
