Legal notices,
in plain English.
Three documents that govern how HC Core Tech works with clients and how we handle data. Written by me directly, not copied from a template. Last updated 5 July 2026.
Terms of Service
These Terms of Service govern engagements between HC Core Tech (an independent Dutch practice by Hilary Azimoh) and clients who commission work through this website, a written scoping document, or a signed proposal.
1. Engagements are contract-based
Every engagement begins with a written scoping document that defines; the work in scope, the work out of scope, the fixed price or hourly rate, the timeline, the milestones, the deliverables, and the payment schedule. Nothing is agreed by chat or verbal understanding. If it is not in the written scope, it is not in the engagement.
2. Payment
Payment terms are stated in the scoping document. Standard terms are 50 percent upfront (before work begins) and 50 percent on completion, unless otherwise agreed. Invoices are payable within 14 days of issue. Late payment may incur statutory interest as permitted under Dutch law (Article 6:119a BW).
For engagements longer than six weeks, milestone-based invoicing is used, with each milestone invoiced on delivery.
3. Intellectual property
All custom work (code, designs, copy, brand assets, documentation) produced during an engagement transfers to the client on receipt of final payment. HC Core Tech retains no rights to specifically commissioned work once paid for.
HC Core Tech may reuse generic techniques, patterns, and skills developed during the engagement in other client work. This does not include client-specific code, data, brand assets, or confidential information.
Third-party components (open source libraries, paid software, fonts, stock imagery) remain licensed under their respective licences. HC Core Tech will disclose all such components in the handover documentation.
4. Confidentiality
Any information marked as confidential, or reasonably understood to be confidential, will be treated as such indefinitely. HC Core Tech will not disclose, publish, or reuse confidential client information outside of the engagement. A mutual non-disclosure agreement is available on request.
5. Warranties and limitation of liability
HC Core Tech warrants that work will be performed with professional competence and reasonable care. HC Core Tech makes no other warranties, express or implied, including warranties of merchantability or fitness for a particular purpose beyond what is specified in the scoping document.
Total liability under any engagement is limited to the fees actually paid by the client for that engagement. HC Core Tech is not liable for indirect, consequential, or lost-profit damages. This limitation does not apply to damages caused by gross negligence or wilful misconduct.
6. Termination
Either party may terminate an engagement with 14 days written notice. On termination, the client pays for all work completed and in progress up to the termination date. Client-owned assets and documentation delivered before termination remain the client's property.
7. Handover and post-engagement
On completion of an engagement, HC Core Tech provides a written handover document listing all deliverables, credentials, code repositories, and any third-party services used. HC Core Tech provides one round of post-launch clarifications at no charge within 30 days of completion. Ongoing support is available under a separately quoted retainer.
8. Governing law and jurisdiction
These Terms are governed by Dutch law. Any dispute arising from an engagement will first be attempted to be resolved through good-faith negotiation. Failing that, disputes fall under the exclusive jurisdiction of the courts of Amsterdam, Netherlands.
9. Changes to these Terms
These terms may be updated from time to time and will be posted on this page with a last updated date. Changes do not apply retrospectively to engagements already in progress under an executed scoping contract.
Privacy Policy
HC Core Tech takes data protection seriously. This policy explains what personal data we collect, why, how we use it, how long we keep it, and your rights under the General Data Protection Regulation (GDPR).
1. Who is responsible
HC Core Tech, operated by Hilary Azimoh in Amsterdam, Netherlands, is the data controller for personal data collected through this website and during client engagements. For any privacy question, email hc@hccoretech.com.
2. What we collect on the website
When you submit the quote form on this website, we collect the information you provide: name, email address, company (optional), services requested, budget, timeline, and project brief. That data is used only to respond to your inquiry.
When you visit this website, our hosting provider (Vercel) collects minimal technical logs (IP address, browser type, referring page). These are used to prevent abuse and are retained for a maximum of 30 days.
We use Vercel Analytics to understand aggregate website traffic (page views, top pages, referring sources, country-level location). Vercel Analytics is cookieless and does not track individual visitors across sessions. No personal data is collected through analytics.
We do not use Google Analytics, Facebook Pixel, LinkedIn Insight Tag, or any other tracking service that would send visitor data outside the EU. We do not use tracking cookies. You do not need to give cookie consent because we are not doing anything that requires it.
3. What we collect during engagements
During a client engagement, we may process personal data provided by the client. This may include: contact information for the client's team, credentials for shared services, business information necessary to deliver the work, and any data the client shares with us for processing (which is governed by a separate Data Processing Agreement, see below).
4. Legal basis
Under GDPR Article 6, we process personal data on the following legal bases:
- ·Contract performance (Article 6(1)(b)) for all engagement-related processing
- ·Legitimate interest (Article 6(1)(f)) for quote form submissions, technical logs, and cookieless analytics
- ·Legal obligation (Article 6(1)(c)) for retention required under Dutch tax law
5. Who we share data with
We use the following processors to operate this website and respond to inquiries:
- ·Vercel (hosting and analytics): EU region where configurable
- ·Resend (email delivery for quote form responses): EU region (Ireland)
- ·Zoho Mail (for our email inbox): EU region
We do not sell, rent, or share personal data with third parties for marketing purposes.
6. How long we keep data
- ·Quote form submissions: 24 months, then deleted unless we have an active engagement with you
- ·Engagement records (contracts, invoices, correspondence): 7 years, as required by Dutch tax law (Article 52 AWR)
- ·Website server logs: 30 days maximum
- ·Analytics data: retained by Vercel per their policy, no personal identifiers
7. Your rights
Under GDPR, you have the right to:
- ·Access your personal data we hold
- ·Correct inaccurate data
- ·Request deletion (subject to our legal retention obligations)
- ·Restrict processing
- ·Data portability
- ·Object to processing based on legitimate interest
- ·Withdraw consent where consent was the legal basis
To exercise any of these rights, email hc@hccoretech.com. We respond within 30 days.
If you believe your data has been mishandled, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.
8. International transfers
All processors listed above are configured to process data within the European Economic Area where possible. Where a processor operates from a third country, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
9. Changes to this policy
We may update this policy. Material changes will be communicated to active clients by email. The updated policy will be posted on this page with a new "Last updated" date.
Data Processing Agreement
This Data Processing Agreement (DPA) applies when HC Core Tech processes personal data on behalf of a client ("Controller") during an engagement. It complements and forms part of the Terms of Service and the specific scoping document for the engagement.
1. Subject matter and duration
HC Core Tech acts as a Processor for personal data provided by the Controller for the purpose of delivering the services described in the engagement scoping document. Processing continues for the duration of the engagement plus 30 days for handover, unless otherwise agreed in writing.
2. Nature and purpose of processing
Processing includes: storage, access, transformation, deletion, and any other operations necessary to deliver the agreed services. Processing purposes are limited to those necessary to fulfil the engagement.
3. Categories of data subjects and personal data
The specific categories are defined per engagement in the scoping document. Common categories include: the Controller's employees, the Controller's clients or customers, and any other individuals whose data the Controller shares with us for processing.
4. Controller obligations
The Controller warrants that: personal data shared with HC Core Tech has been collected lawfully, with the necessary legal basis under GDPR Article 6, and that the Controller has provided all required notices to data subjects. The Controller is responsible for responding to data subject requests, unless separately agreed.
5. Processor obligations
HC Core Tech will:
- ·Process personal data only on documented instructions from the Controller
- ·Ensure persons authorised to process the data have committed themselves to confidentiality
- ·Implement appropriate technical and organisational measures to secure the data (see Section 7)
- ·Assist the Controller in responding to data subject requests
- ·Notify the Controller without undue delay upon becoming aware of a personal data breach
- ·Return or delete all personal data at the end of the engagement, unless retention is required by law
6. Sub-processors
HC Core Tech may engage sub-processors to assist with the engagement. Current standing sub-processors are:
- ·Vercel Inc. (hosting for HC Core Tech infrastructure)
- ·Resend (transactional email)
- ·Hetzner Online GmbH (hosting for CoreDesk platform, if used)
- ·Supabase Inc. (database for CoreDesk platform, if used)
- ·Anthropic PBC and/or OpenAI (LLM providers, if the engagement uses AI)
Additional or replacement sub-processors will be communicated to the Controller in writing with reasonable notice. The Controller may object to specific sub-processors, in which case the parties will discuss alternatives in good faith.
7. Security measures
HC Core Tech implements the following technical and organisational measures:
- ·Encryption of data in transit (TLS 1.2 or higher) and at rest where supported by the underlying platform
- ·Access control with unique credentials, multi-factor authentication where available
- ·Regular software updates and vulnerability monitoring
- ·Documented incident response procedure
- ·Physical security through use of certified data centre providers (Vercel, Hetzner)
- ·Written retention and deletion policies
8. Personal data breaches
HC Core Tech will notify the Controller in writing without undue delay (and in any event within 72 hours) upon becoming aware of a personal data breach involving Controller data. Notification will include the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed.
9. International transfers
Where personal data is transferred outside the European Economic Area, HC Core Tech will ensure appropriate safeguards under GDPR Chapter V, including Standard Contractual Clauses adopted by the European Commission.
10. Audit
On written request with reasonable notice (typically 30 days), HC Core Tech will provide the Controller with information reasonably necessary to demonstrate compliance with this DPA. On-website audits are available for engagements exceeding a value threshold agreed in the scoping document.
11. Return or deletion of data
On termination of the engagement, HC Core Tech will, at the Controller's choice, return or securely delete all personal data. HC Core Tech may retain personal data where required by law, in which case HC Core Tech will continue to protect it as described in this DPA.
12. Liability
Liability under this DPA is subject to the limitations set out in the Terms of Service, except where GDPR mandates otherwise.
13. Governing law
This DPA is governed by Dutch law and the exclusive jurisdiction of the courts of Amsterdam, Netherlands, consistent with the Terms of Service.