Privacy notice.

This notice describes how TSC Consulting — operating as VARIO MARTI LIMITED — processes personal data when prospective and existing clients interact with us, when we deliver consulting engagements, and when visitors use this website. It applies to all activities of the firm, whether performed from our Hong Kong headquarters or by our delivery teams in the European Union.

In the ordinary course of business we process a limited and proportionate set of personal data:

• Identification and contact data submitted through our intake form or by email (name, organization, role, business email).
• Engagement-related correspondence and meeting notes produced during the course of a project.
• Technical and architectural information about your IT estate necessary to perform the engagement, which may incidentally include identifiers of administrators or named system owners.
• Server-side request logs (IP address, user-agent, timestamp) kept for security and abuse-prevention purposes.

We do not knowingly collect special categories of personal data, and we ask clients not to share end-user personal data with us unless strictly necessary for the engagement and covered by a separate Data Processing Agreement.

We process personal data only where one of the following lawful bases applies under the EU General Data Protection Regulation (GDPR) and, in Hong Kong, the Personal Data (Privacy) Ordinance (PDPO):

• Performance of a contract — to respond to engagement requests, draft proposals, and deliver consulting services.
• Legitimate interests — to operate, secure and improve our website, and to maintain a record of professional correspondence.
• Legal obligation — to retain records required by accounting, tax, and anti-money-laundering law.
• Consent — where you have explicitly opted in to receive a specific communication.

We keep our supplier chain deliberately short. Personal data may be accessed by:

• Our consultants and administrative staff, on a need-to-know basis and under written confidentiality obligations.
• Infrastructure and software providers used to operate the firm (business email, document storage, accounting, this website).
• Professional advisors (legal, audit, banking) and competent authorities where required by law.

A current list of sub-processors and their location is available on request. We do not sell personal data and we do not use it for advertising or profiling.

Because the firm is headquartered in Hong Kong and delivers across the European Union, personal data may be transferred between these jurisdictions. Transfers from the European Economic Area are made under the European Commission’s Standard Contractual Clauses, with supplementary technical and organisational measures where appropriate. A copy of the clauses is available on request.

Engagement records, correspondence, and supporting documents are retained for the duration of the engagement and for a period of seven years thereafter, to satisfy professional, accounting, and statutory obligations. Website request logs are retained for up to ninety days. Personal data we no longer have a lawful basis to keep is deleted or anonymised.

We apply the same architectural discipline to our own estate that we recommend to our clients: least-privilege access, hardware-backed multi-factor authentication, encrypted storage and transport, documented joiner-mover-leaver processes, and routine review of third-party access. Incidents that affect personal data are notified to affected clients without undue delay and, where applicable, to the competent supervisory authority.

Subject to applicable law, you have the right to request access to your personal data, rectification, erasure, restriction or objection to processing, and portability. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing. Requests can be sent to contact@tsc-consulting.com. You also have the right to lodge a complaint with the supervisory authority of your habitual residence in the European Union, or with the Office of the Privacy Commissioner for Personal Data in Hong Kong.

This website uses only the cookies and local-storage entries strictly necessary for navigation and security. We do not deploy third-party advertising trackers. If we introduce optional analytics in the future, a consent banner will be shown and your choice will be honoured before any non-essential cookie is set.

We will update this notice as our practice evolves or as the law requires. The effective date below reflects the latest revision. Material changes will be communicated to active clients in writing.