01. PURPOSE AND SCOPE
1.1. Purpose of this Policy
This Cookie Policy explains how the HSO Venezuela Consortium (hereinafter, "HSO Consorcio", "the Consortium", or "we") uses cookies and similar tracking technologies when you access or use our website https://www.hsoconsortium.com (the "Website"). This policy should be read together with our Privacy Policy and the Work Framework and Internal Regulations of the Consortium.
1.2. Technologies Covered
This policy applies to:
- Cookies (HTTP cookies)
- Local and session storage
- Pixels, web beacons, and tracking pixels
- Device fingerprinting (only for security and fraud prevention purposes)
- Any other similar tracking technology
1.3. Regulatory Basis
This Policy complies with:
- In the United States: California Consumer Privacy Act (CCPA), FTC guidelines, and OFAC regulations (General Licenses 46B, 48A, 49A, 50A and Executive Order 14373).
- In Venezuela: Constitution of the Bolivarian Republic of Venezuela (arts. 28 and 60), Organic Law on Protection of Personal Data (LOPDP), Infogobierno Law, and Special Law against Computer Crimes.
02. WHAT ARE COOKIES?
2.1. Technical Definition
Cookies are small text files placed on your device (computer, tablet, mobile phone) when you visit our Website. They allow the Website to recognize your device and store certain information about your preferences or past actions.
2.2. Types of Cookies Used
- First-party cookies: Set directly by HSO Consorcio for the operation of the Website.
- Third-party cookies: Set by domains other than ours (e.g., analytics or compliance service providers).
- Session cookies: Temporary, deleted when you close your browser.
- Persistent cookies: Remain on your device for a set period or until you manually delete them.
03. CATEGORIES OF COOKIES WE USE
| Category | Purpose | Examples | Duration | Opt-out |
|---|---|---|---|---|
| Strictly Necessary | Required for basic Website functionality: authentication, security, load balancing, consent management. | session_id, csrf_token, consent_prefs | Session or short-term (max 24h) | Not available (Website would not function) |
| Functional | Remember your preferences and settings to enhance your experience. | language, region, layout_pref | Up to 12 months | Available via browser settings or our preference panel |
| Analytics & Performance | Collect anonymous or pseudonymized usage data to improve Website performance and detect errors. | page_views, feature_usage, error_logs | Up to 24 months (data anonymized after 12 months) | Available via cookie banner |
| Targeting / Advertising | The Consortium currently does not use advertising or remarketing cookies. If implemented in the future, explicit consent will be requested. | N/A | N/A | N/A |
04. LEGAL BASIS AND CONSENT MANAGEMENT
4.1. Jurisdictional Requirements
- European Union and UK: Not directly applicable, but as an international standard, explicit consent is required for non-essential cookies via an interactive banner.
- California (CCPA): Right to opt out of the sale or sharing of personal information (the Consortium does not sell personal data).
- Venezuela: The LOPDP requires prior, free, informed, and unequivocal consent for the processing of personal data, including data obtained through cookies.
4.2. Consent Mechanism
Our Website includes a cookie banner that allows you to:
- Accept all cookies.
- Reject all non-essential cookies.
- Configure personalized preferences by category.
- Withdraw your consent at any time via the "Cookie Preferences" link in the footer.
4.3. Compliance with OFAC Sanctions
In compliance with Chapter 2 of the Internal Framework and General Licenses 46B, 48A, and 49A, the Consortium automatically blocks access to the Website from IP addresses, domains, or jurisdictions associated with China, Russia, Iran, North Korea, or Cuba. Consequently, no cookies will be installed on such devices, nor will any information be processed from those locations.
05. COOKIE INVENTORY
5.1. Current List
An up-to-date, complete list of all cookies used on our Website is available at: https://www.hsoconsortium.com/cookies-list
5.2. Inventory Updates
- Monthly for routine changes.
- Immediately for significant additions or removals.
- With version control for historical reference.
5.3. Third-Party Cookies
If we use external providers (e.g., analytics services such as Matomo or Google Analytics configured in anonymous mode), the inventory will provide:
- Identity of the third party.
- Purpose of the cookie.
- Link to their privacy policy.
- Specific opt-out mechanism.
06. COOKIE MANAGEMENT
6.1. Browser Controls
You can manage cookies through your browser settings:
- Chrome: Settings → Privacy and security → Cookies and other site data.
- Firefox: Options → Privacy & Security → Cookies and Site Data.
- Safari: Preferences → Privacy → Cookies and website data.
- Edge: Settings → Cookies and site permissions → Cookies and site data.
6.2. Global Opt-Out Mechanisms
- NAI Opt-Out: http://optout.networkadvertising.org
- DAA Opt-Out: http://optout.aboutads.info
6.3. Service-Specific Controls
- Cookie preference center accessible from any page (cookie settings icon).
- Export/import of preferences (upon request).
- Automatic annual reminder to review preferences.
07. SIMILAR TECHNOLOGIES
7.1. Local and Session Storage
- Used to maintain application state (e.g., project cart, authentication).
- Typical capacity: up to 5–10 MB.
- Deleted according to user preference or automatically after inactivity.
7.2. Server Logs
- Record technical information about each request (IP address, browser type, referrer URL, timestamp).
- Retained for 90 days for security and regulatory compliance purposes (OFAC, sanctions prevention).
- Anonymized after 30 days for internal analytics.
7.3. Device Fingerprinting
- Used only for fraud prevention and sanctions compliance verification.
- Requires explicit consent in jurisdictions where required.
- Limited to essential security purposes and never shared with unauthorized third parties.
08. DATA RETENTION AND SECURITY
8.1. Retention Periods
- Strictly necessary cookies: session duration.
- Functional cookies: up to 12 months.
- Analytics cookies: up to 24 months (data anonymized after 12 months).
- Server logs: 90 days.
8.2. Security Measures
- Transmission of cookies exclusively via HTTPS (TLS 1.3).
- Use of Secure and HttpOnly flags where applicable.
- Regular security audits of cookie practices.
- Encryption of stored cookie data (AES-256 for sensitive values).
8.3. Incident Notification
In the event of a security breach affecting cookies or tracking data, affected users and regulatory authorities will be notified in accordance with applicable laws (CCPA, LOPDP) and the Internal Framework protocols.
09. POLICY UPDATES
9.1. Notification of Changes
Any material modification to this Policy will be communicated through:
- A prominent notice on the Website at least 30 days in advance (where possible).
- Email to registered users (if any).
- Announcement in the cookie preferences panel.
9.2. Version Control
- A version history of this Policy will be maintained.
- Previous versions will be available upon request to privacy@hsoconsortium.com
- A summary of changes will be provided with each update.
9.3. Effective Date
Changes become effective 30 days after notification, unless immediate implementation is required for legal or security reasons.
10. CONTACT INFORMATION
For any questions, requests, or concerns regarding this Cookie Policy or the processing of your data via cookies, you may contact us at:
Email: privacy@hsoconsortium.com
Web form: available on the Website in the "Contact Us / Privacy" section
Data Protection Officer (DPO): You may contact the DPO at the same email address.
CONTROLLED DOCUMENT – This document forms an integral part of the Work Framework and Internal Regulations of the HSO Consortium. Any unauthorized modification, copying, or distribution is prohibited and will be sanctioned in accordance with the provisions of the Consortium Agreement and applicable laws.
HURON SMITH OIL CO and HSO PETROLEUM SERVICE