Legal

Privacy Policy

Privacy Policy

Last Updated: 10th of January 2026

1. Controller and Scope

The protection of personal data and the responsible handling of information are core principles of Hawk One Media LLC. As a specialized consultancy in the fields of financial market communication, investor relations and strategic capital markets advisory, we operate at the sensitive intersection of public information, market-moving data and corporate reputation.

We recognize that our clients – including listed companies, institutional investors, and regulated financial entities – expect a level of data governance that meets the highest international standards. This Privacy Policy outlines our commitment to transparency, data integrity, and the protection of individual rights.

1.1 Identity of the Controller
The controller responsible for the processing of personal data described in this Privacy Policy is:
Hawk One Media LLC
50 Davit Gurasmishvili Ave
0112 Tbilisi, Georgia
Email: privacy@hawk1media.com

1.2 Material and Territorial Scope
This Privacy Policy applies to all processing of personal data carried out by Hawk One Media LLC in the context of:

  • Operation of our websites, landing pages and other digital services (the “Website”).
  • Provision of consulting services in financial market communication, investor relations, and strategic capital markets advisory, including related research activities.
  • Engagement with professional contacts and counterparties (B2B) via email, telephone, videoconferencing, contact forms and professional networking platforms (e.g. LinkedIn).
  • Regulatory and capital markets research activities subject to German capital markets regulation, including MAR and WpHG, where applicable.

Our services are directed exclusively at professional users (corporate entities, institutional investors and regulated market participants) and are not intended for private consumers or minors.

2. Applicable Law and Compliance Framework

While Hawk One Media LLC is established outside the European Union, our operations are global and involve participants from highly regulated jurisdictions.

2.1 Georgian Law on Personal Data Protection
As a company established in Georgia, our primary legal framework is the Georgian Law on Personal Data Protection (2023), including its implementing regulations.

2.2 Voluntary Alignment with GDPR
Although Hawk One Media LLC is not established in the European Union, we regard the EU General Data Protection Regulation (“GDPR”) as the global benchmark for data protection. Hawk One Media LLC therefore voluntarily aligns its internal data governance with the core GDPR principles, in particular:

  • Lawfulness, fairness and transparency.
  • Purpose limitation and data minimization.
  • Accuracy and storage limitation.
  • Integrity and confidentiality (security).
  • Accountability and facilitation of data subject rights comparable to Articles 12–23 GDPR.

2.3 Sector-Specific Regulation (Financial Markets)
In addition to general privacy laws, our processing activities are influenced by financial market regulations:

  • German Securities Trading Act (WpHG) and EU Market Abuse Regulation (MAR)
  • National and international rules on market integrity, prevention of insider dealing and conflicts of interest.
  • German Telecommunications-Digital-Services Data Protection Act (TDDDG) regarding the use of cookies and similar technologies on our digital services.

3. Definitions and Core Principles

3.1 Key Definitions

To ensure clarity for all stakeholders, we define the following terms in line with international standards:

  • Personal Data: Any information relating to an identified or identifiable natural person (e.g. name, business email, IP address, professional role).
  • Processing: Any operation performed on personal data (e.g. collection, recording, storage, use, transmission, erasure).
  • Controller: The entity that determines the purposes and means of processing (here: Hawk One Media LLC).
  • Processor: A service provider processing personal data on behalf of the controller according to documented instructions.
  • Special Categories of Data: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for identification, health data, or data concerning a person’s sex life or sexual orientation.

Hawk One Media LLC does not intentionally collect or process special categories of personal data. If such data is exceptionally processed (e.g., if you voluntarily include it in email correspondence), it will be restricted to what is strictly necessary and erased whenever possible.

3.2 Data Protection Principles
We process personal data strictly in line with the following principles:

  • Purpose limitation: Data is collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data minimization: Only data that is adequate, relevant and limited to what is necessary for the respective purpose is processed.
  • Accuracy: We take reasonable steps to keep personal data accurate and up to date and to rectify or erase inaccurate data without undue delay.
  • Storage limitation: Personal data is stored in identifiable form only as long as necessary for the purposes pursued or to comply with legal obligations.
  • Integrity and confidentiality: Appropriate technical and organizational measures protect personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage.

4. Categories of Data and Sources

4.1 Data Provided Directly by You
In the course of our professional interactions, we may process:

  • Professional identity data: Name, academic title, job title, function, employer.
  • Business contact details: Professional email address, phone number, business address.
  • Mandate-related data: Information contained in RFPs, mandates, project documentation, capital markets transaction materials, contracts, and associated correspondence.
  • Communication data: Contents of emails and other communications, timestamps, communication history and notes documenting calls or meetings.

4.2 Data Collected Automatically When Using Our Website
When you access our website, our systems automatically collect certain technical data, including:

  • IP address (stored in pseudonymized or truncated form where feasible).
  • Date and time of access, time zone.
  • Requested URL, HTTP status code, referrer URL.
  • Browser type and version, operating system, device type.
  • Basic interaction and performance data (e.g. pages viewed, loading times, error codes).

This data is logged predominantly in server log files and used for ensuring system stability, security and technical optimization.

4.3 Data from Third Parties and Public Sources
We may also obtain personal data from:

  • Public registers and publications: Commercial registers, company filings, regulatory announcements (e.g. BaFin, ESMA, SEC), stock exchange publications, official gazettes.
  • Professional platforms: Business networks and capital markets databases (e.g. LinkedIn, Bloomberg, Reuters Eikon) used to identify and connect with relevant professional stakeholders.
  • Market intelligence providers: B2B lead databases and investor intelligence tools providing professional contact and profile data relating to institutional and corporate investors.

Where legally required, we will inform you of the source of your data upon request.

5. Purposes of Processing and Legal Bases

We process personal data based on a combination of contractual necessity, legal obligations and legitimate interests.

5.1 Contract Initiation and Performance
Legal basis: Contractual necessity and pre-contractual measures.

We process personal data to:

  • Respond to inquiries and RFPs.
  • Evaluate and negotiate potential mandates or cooperation.
  • Plan, execute and document consulting engagements, investor relations activities, roadshows, and analyst calls.
  • Manage project communication and deliverables.
  • Administer billing, payments and other contractual obligations.

5.2 Compliance with Legal and Regulatory Obligations
We must comply with strict documentation requirements. This processing is justified by our legal obligation to support market transparency and integrity. This includes the retention of research notes, communication logs with market participants, and the disclosure of potential conflicts of interest.

In particular we may process personal data to:

  • Comply with recordkeeping and transparency requirements under WpHG, MAR and related supervisory regulations.
  • Document research processes, communications with issuers and investors, and manage conflict-of-interest disclosures.
  • Fulfil audit, reporting and cooperation obligations towards competent authorities, courts and other public bodies.
  • Comply with tax, accounting and commercial law obligations (e.g. retention of business records).

5.3 Legitimate Interests

Where processing is not strictly required for contract or legal obligations, we rely on legitimate interests such as:

  • Information security and fraud prevention: Protecting our IT infrastructure, detecting and investigating security incidents and misuse of our Website.
  • Professional B2B networking and outreach: Maintaining and developing our network in the financial and capital markets community and providing relevant professional content to existing and potential clients.
  • Service quality and optimization: Analyzing the use of our Website and professional communication in aggregated or pseudonymized form to improve user experience, content relevance and service efficiency.

In such cases, we carefully weigh our legitimate interests against your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 13).

5.4 Consent
Legal basis: Your consent (where required).

For certain forms of processing, notably:

  • Non-essential cookies, advanced analytics and marketing/retargeting tools.
  • Certain types of direct marketing or event invitations in jurisdictions requiring an opt-in.

we will request your prior, informed consent. You may withdraw consent at any time with effect for the future (see Section 7 and 13).

6. Website Hosting, Logs and Infrastructure

The secure and reliable operation of our digital infrastructure is a prerequisite for our professional activities. We utilize high-standard IT environments to ensure the availability, integrity, and confidentiality of the data processed.

6.1 Hosting and Processors
Our website and digital assets are hosted on secure, professional servers. We select our hosting partners based on their ability to provide state-of-the-art security measures. Where these providers process personal data on our behalf, they do so as Data Processors under strict contractual obligations. This includes:

  • Confidentiality: Mandatory non-disclosure agreements for all staff with technical access.
  • Instruction-Based Processing: Data is handled strictly according to our documented instructions.
  • Security Audits: Regular reviews of the provider’s technical and organizational measures (TOMs).

6.2 Server Logs and Security Forensics
Every time you access our website, our systems automatically record technical data in so-called Server Log Files. This process is essential for maintaining system stability and for the forensic investigation of security incidents. The data points collected include:

  • IP Address: The network address of your device (processed in a way that respects privacy, often truncated).
  • Timestamp: The exact date and time of the access.
  • Resource Data: The specific sub-pages visited and files downloaded.
  • HTTP Status Code: Information on whether the request was successful (e.g., “200 OK” or “404 Not Found”).
  • Referrer URL: The website from which the request originated.
  • User Agent String: Information about the browser type, version, and the operating system used.

Retention of Logs: These logs are stored for a limited period (typically 7 to 30 days) to identify and mitigate cyber threats such as DDoS attacks or SQL injections. After this period, the data is deleted or anonymized, unless it is required as evidence in a legal proceeding or a security investigation.

7. Cookies and Similar Technologies

To provide a seamless user experience and to evaluate our market outreach, we use cookies and similar technologies (such as pixels, web beacons, and local storage).

7.1 Categories of Cookies and Tools

We use cookies and comparable technologies (e.g. pixels, tags, local storage) which fall into the following categories:

  • Strictly necessary: Essential for the functioning of the Website (e.g. security, load balancing, basic settings). These are used without consent as they are necessary to provide the service you request.
  • Functional: Enable enhanced functionality or personalization (e.g. remembering preferences). Used only with your consent where required.
  • Performance / Analytics: Help us understand how the Website is used (e.g. which pages are visited, technical performance, interaction flows), typically in aggregated or pseudonymized form. Used only with your consent.
  • Marketing / Retargeting: Allow us to evaluate and optimize professional campaigns (e.g. on LinkedIn) and to display content targeted at professional audiences. Used only with your consent.

7.2 Consent Management and Control

In accordance with the TDDDG and voluntary GDPR standards, we operate a “Strict Opt-In” policy for all non-essential cookies.

  • Transparency: Upon your first visit, a Consent Management Provider (CMP) informs you about the specific tools in use.
  • Granularity: You have the right to accept all, reject all, or customize your preferences for each category.
  • Withdrawal: You can change or withdraw your consent at any time via the “Privacy Settings” link in our footer. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

8. Analytics and Professional Measurement Tools

As a consultancy specializing in financial market communication, understanding the reach and impact of our analyses is vital. We use professional-grade tools for this purpose.

8.1 Google Analytics 4 (GA4)

We may use Google Analytics 4 (“GA4”) to obtain aggregated usage statistics and better understand which content is most relevant to our professional audience.

Key privacy measures include:

  • Activation of IP anonymization functionality, so that IP addresses are shortened before storage where supported.
  • Use of aggregated, pseudonymized data without linking to direct personal identifiers in our systems.
  • Conclusion of a data processing agreement with Google and use of appropriate safeguards for international data transfers (see Section 10).

8.2 Similar Tools

We may integrate similar professional analytics tools for the following purposes:

  • Measuring the reach and performance of our professional content and campaigns directed at corporate and institutional audiences.
  • Obtaining aggregated demographic insights about Website visitors (e.g. sector, seniority, company size) without identifying individual natural persons.

For certain processing activities, Hawk One Media LLC may qualify as joint controller. In such cases, the essential elements of the joint controller arrangement and further details can be found in the co-controllers own privacy documentation.

9. Recipients of Personal Data

We do not sell, rent, or trade your personal data for commercial purposes. Information is shared only with a limited group of recipients and under strict conditions.

9.1 Service Providers (Processors)

We may share personal data with third-party service providers that support our operations, such as:

  • IT Infrastructure Providers: Hosting, cloud storage, and cybersecurity services.
  • Communication Tools: Providers for email distribution, virtual meeting platforms, and CRM systems.
  • Legal and Financial Advisors: External auditors, legal counsel, and tax advisors, particularly in the context of our regulatory filings.

These providers act as processors under written contracts and are obliged to maintain confidentiality and implement adequate security controls.

9.2 Professional Advisors and Auditors

We may share personal data with external legal counsel, auditors, tax advisors or other consulting firms where necessary to protect our rights, fulfill our legal obligations or support corporate governance.

9.3 Authorities, Courts and Regulatory Bodies

In the context of our registration with BaFin and other supervisory environments, we may be required to transfer personal data to:

  • Supervisory authorities (e.g. BaFin, other financial market regulators).
  • Law enforcement agencies or courts, where required by law or court order.
  • Other public bodies where there is a legal obligation to do so.

9.4 Corporate Transactions

In the event of mergers, acquisitions, reorganizations or similar corporate transactions involving Hawk One Media LLC, personal data may be disclosed to and transferred to the involved parties and their advisors, subject to appropriate confidentiality obligations and compliance with applicable data protection laws.

10. International Data Transfers

Hawk One Media LLC is based in Georgia and operates internationally. Consequently, personal data may be processed or accessed in countries outside your jurisdiction.

10.1 Processing in Georgia

Processing activities conducted in Georgia are subject to the Georgian Law on Personal Data Protection and our internal governance, which reflects GDPR-level standards to the greatest extent possible.

10.2 Transfers to Third Countries

Where personal data is transferred from jurisdictions with specific transfer requirements (e.g. the European Economic Area, “EEA”) to countries without an adequate level of data protection, we implement appropriate safeguards, such as:

  • Use of the latest EU Standard Contractual Clauses (SCCs) with recipients.
  • Reliance on adequacy decisions where available (e.g. Data Privacy Framework for participating entities).
  • Technical and organizational measures to limit access and mitigate risks (encryption, strict access control, data minimization).
  • Transfer Impact Assessments (TIAs) to evaluate whether the laws and practices in the recipient country may negatively affect the effectiveness of the safeguards.

You may request a copy or summary of the relevant safeguards used for your data by contacting us (see Section 17), subject to redactions necessary to protect confidentiality.

11. Data Retention

We do not retain personal data indefinitely. Our retention strategy is governed by the principle of storage limitation, balanced against our extensive documentation obligations as a financial market participant.

11.1 Retention Criteria

Retention periods are determined based on:

The duration for which we store personal data is determined by the following criteria:

  • The Nature of the Relationship: Data related to active consulting mandates or B2B contracts is retained for the duration of the professional engagement.
  • Regulatory Documentation Requirements: We are subject to specialized recordkeeping duties derived from the German Securities Trading Act (WpHG) and the Market Abuse Regulation (MAR). Research notes, communication with issuers, and analysis logs may be retained for 5 to 10 years to ensure market transparency and auditability by authorities like BaFin.
  • Statutory Limitation Periods: To protect our legal position, we retain correspondence and contractual data for the duration of applicable statutes of limitation (often 3 to 6 years after the end of the year in which the relationship terminated) to defend against or assert legal claims.
  • Tax and Accounting Laws: Business records, invoices, and accounting vouchers are stored in accordance with Georgian and applicable international tax laws (typically 6 to 10 years).

11.2 Secure Archiving and Deletion

Once the primary purpose of processing is fulfilled and no further legal retention period applies:

  1. Deletion: Digital data is permanently erased from our active systems.
  2. Anonymization: If data is required for long-term statistical analysis or market trend observation, it is fully anonymized so that identification of a natural person is no longer possible.
  3. Archiving: Physical documents are shredded according to DIN standards for data destruction.

Where data is anonymized, it will no longer be considered personal data and may be used, for example, for long-term trend analysis or internal statistics.

12. B2B Communication and CRM

12.1 Professional Outreach

We operate exclusively in a B2B context. We may process professional contact details obtained from you, your employer or public/professional sources to:

  • Initiate and maintain business relationships.
  • Invite you to professional events, roadshows, or distribute investor relations content that is relevant to your role.

Such processing is based on our legitimate interest in sustaining business relationships and promoting our services to relevant professional contacts. You may object at any time (see Section 13).

12.2 CRM and Lead Management

We use professional Customer Relationship Management (CRM) systems to manage our interactions, including:

  • Documentation of meetings, calls and email communications.
  • Tracking the status of mandates, opportunities and professional leads.
  • Managing opt-outs and “do-not-contact” preferences to ensure we respect your choices.

13. Your Rights

Subject to the applicable law in your jurisdiction and our voluntary GDPR alignment, you may have the following rights in relation to your personal data:

  • Right of access: To obtain confirmation as to whether we process your personal data and, if so, receive a copy along with information on the processing.
  • Right to rectification: To request correction of inaccurate or incomplete personal data.
  • Right to erasure: To request deletion of your personal data, subject to statutory and regulatory retention obligations.
  • Right to restriction of processing: To request that processing is restricted (e.g. while we verify accuracy or in the context of a legal dispute).
  • Right to data portability: To receive personal data that you have provided to us in a structured, commonly used and machine-readable format, and to have that data transmitted to another controller where technically feasible.
  • Right to object: To object, on grounds relating to your particular situation, to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds or the processing is necessary for legal claims.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time with effect for the future.

We will handle your request in accordance with applicable legal requirements and within the legally provided timeframes. Where permitted by law, we may require proof of identity to prevent unauthorized access to your data.

To exercise your rights, please contact us at: privacy@hawk1media.com.

14. Data Security

We maintain a multi-layered security architecture designed to protect personal data from unauthorized access, loss, alteration or disclosure.

14.1 Technical Measures

These include, in particular:

  • Encryption of data in transit using state-of-the-art TLS protocols.
  • Strict access control based on the “need-to-know” principle, protected by strong authentication mechanisms (including multi-factor authentication for privileged accounts).
  • Network security measures such as firewalls, intrusion detection and prevention systems, and regular vulnerability scanning.
  • Segregation of environments and secure backup procedures.

14.2 Organizational Measures

Organizational safeguards include:

  • Confidentiality obligations for all employees and contractors with access to personal data.
  • Regular training on data protection, information security and handling of confidential capital markets information.
  • Documented incident response procedures, including escalation, assessment, mitigation and notification of supervisory authorities and affected individuals where required by law.
  • Regular review and improvement of our data protection and security controls.

15. Automated Decision-Making

We do not use personal data to carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. All strategic advice, investment-related assessments and financial analyses we prepare are based on professional human judgment.

16. Minors and External Links

Our services and Website are intended exclusively for adults in a professional capacity. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that such data has been collected inadvertently, we will delete it without undue delay.

Our Website may contain links to third-party websites and services. This Privacy Policy does not apply to such external sites. We recommend that you carefully review the privacy policies of any third-party services you access.

17. Contact and Complaints

For any questions, concerns or requests relating to this Privacy Policy or to your personal data, please contact:

Hawk One Media LLC
Internal Data Governance Team
Email: privacy@hawk1media.com

If you believe that the processing of your personal data violates applicable data protection law, you may also have the right to lodge a complaint with a competent supervisory authority. The competent authority depends on your place of residence, your workplace or the place of the alleged infringement.