Privacy Policy

Effective Date: 1 January 2024 • Last Updated: 15 March 2026

Green Horizon Studio, a trade name of ONN GLOBAL LIMITED, is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, disclose, and safeguard your data when you interact with our website at greenhorizon.buzz, engage with our services, or communicate with us through any channel. It also explains your rights regarding that data and how you can exercise them.

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of it, please refrain from using our website and services.

1. Who We Are

The data controller responsible for your personal information is:

ONN GLOBAL LIMITED
1/F 11E CHE HA VILLAGE
SAI SHA ROAD
Sai Sha, Hong Kong

Email: ys@greenhorizon.buzz
Phone: +14722415189

Green Horizon Studio is the operating name under which ONN GLOBAL LIMITED provides computer systems design, architecture consulting, and related technology services. Throughout this policy, references to Green Horizon Studio, we, us, and our refer to ONN GLOBAL LIMITED.

2. Information We Collect

2.1 Information You Provide Voluntarily

We collect information that you choose to share with us directly. This includes:

  • Contact and identity information: your full name, email address, telephone number, job title, and the name of your organization, which you provide when you fill out the contact form on our website, send us an email, schedule a consultation, or otherwise reach out to us.
  • Project and business information: details about your technical infrastructure, business requirements, project scope, timelines, budget parameters, and any documentation or materials you share with us during the course of evaluating or engaging our services.
  • Communication records: the content and metadata of emails, messages through our website contact form, meeting notes, and any other correspondence between you and Green Horizon Studio.
  • Payment and contractual information: invoicing details, bank account information for wire transfers, purchase order references, and signed statements of work or service agreements. We do not store full credit card numbers or payment card details on our own systems; payment processing is handled through third-party financial institutions.

2.2 Information Collected Automatically

When you visit our website, certain information is collected automatically through standard internet protocols and technologies:

  • Technical usage data: your IP address, browser type and version, operating system, device type, screen resolution, referring URL, pages visited, time spent on each page, and the date and time of your visit.
  • Server logs: our web server maintains access logs that record each request made to the site, including the requested URL, HTTP status code, bytes transferred, and user-agent string. These logs are retained for a maximum of thirty days and are used exclusively for security monitoring, debugging, and traffic analysis.
  • Minimal analytics: we may use a self-hosted, privacy-respecting analytics tool that does not use cookies, does not fingerprint visitors, and does not track individuals across sessions or websites. It collects only aggregated metrics such as page view counts and referrer summaries. No personal identifiers are stored.

2.3 Information We Do Not Collect

We do not collect or process special categories of personal data as defined under applicable data protection laws, including racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health information, or information concerning an individuals sex life or sexual orientation. We do not knowingly collect data from children under the age of sixteen. Our website does not use third-party advertising networks, behavioral tracking cookies, or social media tracking pixels.

3. How We Use Your Information

We use the information we collect for the following purposes, each grounded in a specific lawful basis under applicable data protection regulations:

3.1 Contractual Necessity

  • To respond to inquiries about our services and to determine whether we are a good fit for your project.
  • To prepare proposals, statements of work, and service agreements.
  • To deliver the computer systems design, architecture consulting, and related services that you have engaged us to perform.
  • To process invoices, payments, and any financial transactions related to our engagement.

3.2 Legitimate Interests

  • To maintain and improve the security of our website and internal systems, including monitoring for malicious activity, unauthorized access attempts, and denial-of-service attacks.
  • To analyze aggregated, anonymized website traffic patterns in order to understand which content is most useful to visitors and to identify technical performance issues.
  • To manage our client relationships, including keeping records of past engagements, communications, and preferences so that we can provide continuity of service.
  • To send occasional, relevant communications about our services to existing clients or to individuals who have expressed interest, provided that such communications include a clear and simple mechanism to opt out.

3.3 Legal Obligation

  • To comply with applicable laws, regulations, and legal processes, including tax reporting, anti-money laundering requirements, and responses to lawful requests from government authorities.
  • To establish, exercise, or defend legal claims.

3.4 Consent

  • Where we rely on consent as the lawful basis for processing, such as sending marketing communications to individuals who are not existing clients, we will obtain your explicit, informed consent before doing so. You may withdraw your consent at any time by contacting us at ys@greenhorizon.buzz. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

4. Data Retention

We retain personal information only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention practices are as follows:

  • Inquiry and contact form submissions: retained for up to twenty-four months from the date of last correspondence, after which they are securely deleted unless a client relationship is established.
  • Client engagement records: retained for seven years following the conclusion of the engagement, in accordance with Hong Kong tax and commercial record-keeping requirements, as well as professional liability considerations.
  • Website server logs: retained for a maximum of thirty days before being automatically purged.
  • Payment and financial records: retained for the period required under Hong Kong Inland Revenue Ordinance and other applicable financial regulations, typically seven years.

When personal data is no longer required, we securely delete or anonymize it. Deletion methods include cryptographic erasure of digital records and secure shredding of any physical documents.

5. How We Share Your Information

We do not sell, rent, trade, or otherwise commercialize your personal information. We share your data only in the following limited circumstances:

  • Service providers and subcontractors: we may engage trusted third-party providers to support our operations, such as cloud infrastructure hosting, email delivery services, payment processing, and accounting software. These providers are bound by data processing agreements that require them to protect your data to standards at least as stringent as those in this policy, and they may only process the data according to our documented instructions.
  • Professional advisors: we may share information with our legal counsel, auditors, and insurers where reasonably necessary for the operation of our business and the protection of our interests.
  • Legal compliance and protection: we may disclose information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, to investigate fraud, or to respond to a government request.
  • Business transfers: in the event that ONN GLOBAL LIMITED is involved in a merger, acquisition, reorganization, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. You will be notified via email and a prominent notice on our website of any change in ownership or the use of your personal information.

6. International Data Transfers

Green Horizon Studio is based in Hong Kong. The personal information we collect may be transferred to, stored in, and processed from locations outside your country of residence, including servers located in Hong Kong, Singapore, the United States, and the European Union.

When we transfer personal data internationally, we implement appropriate safeguards in accordance with applicable data protection laws. These safeguards include:

  • Transferring data only to countries that have been recognized as providing an adequate level of data protection by the relevant regulatory authority.
  • Entering into standard contractual clauses or equivalent data transfer agreements with recipients in countries that have not received an adequacy decision.
  • Ensuring that any third-party service providers handling data on our behalf maintain equivalent technical and organizational security measures.

7. Data Security

We implement and maintain appropriate technical, administrative, and physical safeguards designed to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption of data in transit using TLS 1.3 and encryption of data at rest using AES-256.
  • Strict access controls based on the principle of least privilege, with multi-factor authentication enforced for all administrative access to systems storing personal data.
  • Regular security assessments, vulnerability scanning, and penetration testing of our infrastructure.
  • Continuous monitoring and logging of access to systems containing personal data, with automated alerts for anomalous activity.
  • A documented incident response plan that is tested annually and includes procedures for notifying affected individuals and relevant authorities within legally required timeframes in the event of a data breach.
  • Employee training on data protection obligations, conducted at onboarding and refreshed annually.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is absolutely secure. We cannot guarantee the absolute security of your data, but we are committed to responding promptly to any security incidents and mitigating their impact.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. We will honor these rights to the fullest extent required by applicable law:

  • Right of access: you may request a copy of the personal data we hold about you, along with information about how we process it.
  • Right of rectification: you may request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right of erasure: in certain circumstances, you may request that we delete your personal data. This right is not absolute and may be overridden by our legal obligations or legitimate interests in retaining the data.
  • Right to restrict processing: you may request that we limit the processing of your personal data in specific situations, such as while we verify the accuracy of data you have contested.
  • Right to data portability: where processing is based on consent or contractual necessity and carried out by automated means, you may request that we provide your personal data to you or to another controller in a structured, commonly used, machine-readable format.
  • Right to object: you may object to processing based on our legitimate interests, including processing for direct marketing purposes. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to complain: you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction if you believe that our processing of your personal data violates applicable law. In Hong Kong, this authority is the Office of the Privacy Commissioner for Personal Data.

To exercise any of these rights, please contact us at ys@greenhorizon.buzz with the subject line Data Subject Request. We will respond to your request within thirty calendar days. We may need to verify your identity before processing your request, which may require you to provide additional information. There is no fee for exercising your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or decline to act on the request.

9. Cookies and Similar Technologies

Our website is designed to function with minimal reliance on cookies and tracking mechanisms. Specifically:

  • We do not use advertising cookies, third-party tracking cookies, social media pixels, or any form of cross-site tracking.
  • Our website does not set any persistent cookies by default. Any temporary session cookies that may be set by our hosting infrastructure are strictly necessary for the technical delivery of the website, expire when you close your browser, and do not store personal information.
  • We do not use cookie walls, consent banners, or any mechanism that coerces consent in exchange for access to content.

If we introduce any optional cookies in the future (for example, to remember display preferences), we will provide clear information about their purpose and seek your explicit consent before setting them.

10. Third-Party Services and Links

Our website may include links to external websites, platforms, or services that are not operated by us. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party services you interact with. We are not responsible for the privacy practices, content, or security of external websites.

Where we integrate third-party services into our own operations (such as cloud providers or email platforms), we conduct due diligence on their privacy and security practices before engagement and bind them through data processing agreements as described in Section 5 of this policy.

11. Childrens Privacy

Our website and services are directed at business professionals and organizations. We do not knowingly collect, use, or disclose personal information from anyone under the age of sixteen. If we become aware that we have inadvertently collected personal data from a child under sixteen without verifiable parental consent, we will take prompt steps to delete that information. If you believe that a child under sixteen has provided us with personal data, please contact us immediately at ys@greenhorizon.buzz.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or the services we offer. When we make material changes, we will:

  • Post the updated policy on this page with a revised effective date.
  • For significant changes that materially affect how we process your data, provide a more prominent notice on our website for a period of at least thirty days.
  • If you are an active client with whom we have an ongoing engagement, notify you directly via email of material changes.

We encourage you to review this Privacy Policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.

13. Jurisdiction-Specific Provisions

13.1 European Economic Area and United Kingdom

If you are located in the European Economic Area or the United Kingdom, the processing of your personal data is subject to the General Data Protection Regulation, Regulation (EU) 2016/679, or the UK GDPR as applicable. The lawful bases on which we rely for processing are set out in Section 3 of this policy. You have the rights enumerated in Section 8, and you may lodge a complaint with the supervisory authority in your member state or with the UK Information Commissioners Office.

13.2 California Residents

If you are a California resident, you have certain rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020. We do not sell personal information as that term is defined under the CCPA. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA. You may request access to, correction of, or deletion of your personal information by contacting us at ys@greenhorizon.buzz. We will not discriminate against you for exercising your CCPA rights.

13.3 Hong Kong Special Administrative Region

As a Hong Kong-based entity, we comply with the Personal Data (Privacy) Ordinance, Cap. 486 of the Laws of Hong Kong. The data protection principles set out in the Ordinance are reflected throughout this policy. Individuals may contact the Office of the Privacy Commissioner for Personal Data, Hong Kong, with any concerns about our data practices.

13.4 Singapore

Where the Personal Data Protection Act 2012 of Singapore applies, we adhere to its obligations regarding consent, notification, access, correction, accuracy, protection, retention, and transfer of personal data. Our Data Protection Officer can be reached at ys@greenhorizon.buzz for PDPA-related inquiries.

13.5 Mainland China

Where the Personal Information Protection Law of the Peoples Republic of China applies to our processing activities, we comply with its requirements regarding notice, consent, data minimization, storage limitation, security safeguards, and cross-border transfer mechanisms. Individuals located in mainland China may contact us to exercise their PIPL rights, including the rights to access, correct, delete, and port their personal information, as well as the right to request an explanation of our processing rules.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the details below. We aim to acknowledge all privacy-related inquiries within two business days and to provide a substantive response within fourteen calendar days.

Data Protection Officer
ONN GLOBAL LIMITED
1/F 11E CHE HA VILLAGE
SAI SHA ROAD
Sai Sha, Hong Kong

Email: ys@greenhorizon.buzz
Phone: +14722415189

For data subject requests, please use the subject line Data Subject Request in your email to ensure prompt routing to the appropriate team member.

Back to Home