Cookie Policy.

Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website. They allow that website to recognize your device on subsequent visits and to function correctly, securely, and efficiently. Throughout this Policy, the term "cookies" refers not only to traditional HTTP cookies but also to a broader set of similar tracking technologies, as defined below.

First-party vs. third-party cookies

First-party cookies are set directly by HL Hunt on the hlhunt.org domain. Third-party cookies are set by domains other than the one you are visiting — typically by service providers we engage to deliver functionality, security, analytics, or to support our regulated activities. A complete list of third parties is set out in Sections 4 and 5.

Session vs. persistent cookies

Session cookies exist only for the duration of your browsing session and are deleted automatically when you close your browser. Persistent cookies remain on your device for a defined retention period or until you delete them. Specific retention periods are disclosed in the Detailed Cookie Schedule (Section 4).

The legal basis on which HL Hunt deploys cookies depends on the category of cookie and the jurisdiction from which you access our services. We apply, at a minimum, the following frameworks:

European Economic Area & United Kingdom

For users in the EEA, the United Kingdom, and Switzerland, our practices are governed by the EU General Data Protection Regulation (Regulation (EU) 2016/679), the UK Data Protection Act 2018, and the ePrivacy Directive (Directive 2002/58/EC) as implemented in national law. We rely on the following legal bases:

• Strictly necessary cookies are placed under our legitimate interest in providing a secure, reliable service (Art. 6(1)(f) GDPR) and as required to deliver a service you have requested (ePrivacy "strictly necessary" exemption).
• All other categories require your prior, freely given, specific, informed, and unambiguous consent (Art. 6(1)(a) GDPR). Consent is collected via our Cookie Preference Center and may be withdrawn at any time.

United States — State Privacy Laws

For users in the United States, we comply with applicable state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA / CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act. Where these laws apply, you have the right to opt out of the "sale" or "sharing" of personal information and the use of personal information for targeted advertising or significant profiling.

Global Privacy Control

HL Hunt honors the Global Privacy Control (GPC) signal. When detected, the GPC signal is treated as a valid opt-out request for the sale or sharing of personal information under applicable U.S. state laws. We do not currently treat browser-level Do Not Track (DNT) signals as a consent-withdrawal mechanism, in line with prevailing industry practice.

Financial regulatory framework

Certain cookies are deployed for the purposes of fraud prevention, identity verification, and recordkeeping consistent with our obligations as a regulated financial-services group, including the Fair Credit Reporting Act (FCRA), the Credit Repair Organizations Act (CROA), the Bank Secrecy Act (BSA), and applicable state lending and money-transmission laws. These cookies are categorized as strictly necessary and cannot be disabled without materially impairing service delivery.

We classify the cookies and similar technologies we use into four categories. Each category is described in detail below, and a row-level disclosure of representative cookies is provided in Section 4.

The following schedule sets out representative cookies and similar technologies we deploy. Cookie names and durations may change as our service providers update their products; the Cookie Preference Center always reflects the current configuration.

HL Hunt engages reputable third-party service providers ("subprocessors") that may set cookies or receive data from cookies on our behalf. A current list of all subprocessors is maintained at hlhunt.org/subprocessors. Each subprocessor is bound by a written agreement, including, where applicable, a Data Processing Addendum compliant with Article 28 of the GDPR.

International transfers

Certain subprocessors are established in the United States or other jurisdictions outside the EEA. Where personal data is transferred from the EEA, United Kingdom, or Switzerland to such jurisdictions, HL Hunt relies on one or more of the following safeguards under Chapter V of the GDPR:

• The EU-U.S. Data Privacy Framework and the corresponding UK Extension, where the receiving organization is certified;
• The European Commission's Standard Contractual Clauses (2021/914), supplemented where required by a transfer impact assessment;
• The UK International Data Transfer Addendum issued by the Information Commissioner's Office;
• Other lawful transfer mechanisms permitted under applicable law.

Third-party cookie controls

Cookies set by third parties are governed by the privacy policies of those parties. We encourage you to review them. We do not exercise control over the privacy practices of any third party, but we contractually require each to maintain data protection standards consistent with our own.

You have multiple, redundant means of managing the cookies set on your device. Withdrawing consent is always available and is as straightforward as granting it.

1. HL Hunt Cookie Preference Center

The primary mechanism for managing your preferences is the Cookie Preference Center, accessible at any time via the "Manage Preferences" button at the top of this page, in the footer of every page on hlhunt.org, and on first visit through the cookie banner. Changes take effect immediately on your current session and persist across sessions until withdrawn.

2. Browser controls

Most browsers allow you to view, manage, delete, and block cookies entirely or selectively. Instructions vary by browser; please refer to the documentation for Google Chrome, Apple Safari, Mozilla Firefox, and Microsoft Edge. Note that blocking strictly necessary cookies will impair core functionality, including the ability to log in and complete transactions.

3. Global Privacy Control (GPC)

If your browser or browser extension transmits a valid Global Privacy Control signal, we will treat it as a request to opt out of the sale and sharing of personal information under applicable U.S. state laws, and to disable analytics and marketing cookies that rely on consent.

4. Mobile device controls

On iOS, you may reset or limit ad tracking via Settings → Privacy & Security → Tracking. On Android, equivalent controls are available via Settings → Google → Ads. We honor App Tracking Transparency (ATT) prompts in our iOS applications where applicable.

5. Industry opt-out programs

For interest-based advertising, you may use the following industry-administered tools: the Digital Advertising Alliance (DAA), the Network Advertising Initiative (NAI), and the European Interactive Digital Advertising Alliance (EDAA).

The rights available to you regarding cookies and the personal information they may collect vary by jurisdiction. The summary below is non-exhaustive; for the complete enumeration of rights, please refer to our Privacy Policy.

This Cookie Policy is reviewed on a quarterly basis and may be updated to reflect changes in our practices, technology, applicable law, or other operational, legal, or regulatory reasons. Material changes will be communicated in advance via prominent notice on our website and, where appropriate, by direct notification to registered members. The version number and effective date at the top of this Policy will always identify the operative version.

If you have any questions regarding this Policy, our use of cookies, or your rights, please contact us at the address below. All cookie-related inquiries are routed to our Privacy team and receive a substantive response within fifteen (15) business days.