Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide to us, including:

• Contact Information: Name, email address, company name, and phone number when you contact us or request our services
• Communication Data: Messages, inquiries, and other communications you send to us
• Newsletter Subscriptions: Email addresses for our newsletter and blog updates
• Service Inquiries: Information about your technology needs and project requirements

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information:

• Usage Data: Pages visited, time spent on site, and navigation patterns
• Technical Data: IP address, browser type, device information, and operating system
• Cookies and Tracking: Information collected through cookies and similar technologies (see our Cookie Policy)

2. How We Use Your Information

We use your personal information for the following legitimate business purposes:

2.1 Service Delivery

• Responding to your inquiries and providing consultation services
• Delivering our technology advisory and M&A due diligence services
• Communicating about project progress and deliverables

2.2 Business Operations

• Improving our website and services based on usage analytics
• Conducting market research and business development
• Complying with legal and regulatory obligations

2.3 Marketing and Communications

• Sending newsletters and blog updates (with your consent)
• Providing information about our services and industry insights
• Inviting you to relevant events and webinars

3. Legal Basis for Processing

Under GDPR and other applicable data protection laws, we process your personal information based on:

• Consent: When you subscribe to our newsletter or explicitly agree to receive communications
• Legitimate Interest: For business development, service improvement, and fraud prevention
• Contract Performance: To fulfill our obligations under service agreements
• Legal Compliance: To meet regulatory and legal requirements

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Email delivery and newsletter management
• Website analytics and performance monitoring
• Cloud hosting and data storage
• Customer relationship management

4.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our terms of service

5. Data Security

We implement comprehensive security measures to protect your personal information in compliance with ISO 27001 standards:

5.1 Technical Safeguards

• Encryption of data in transit and at rest
• Secure cloud infrastructure with regular security updates
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing

5.2 Administrative Safeguards

• Staff training on data protection and security practices
• Regular review and update of security policies
• Incident response procedures for data breaches
• Vendor security assessments and agreements

6. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Contact Information: Retained for 3 years after last contact or until you request deletion
• Newsletter Subscriptions: Retained until you unsubscribe or request deletion
• Service Records: Retained for 7 years for legal and compliance purposes
• Website Analytics: Aggregated data retained for up to 2 years

7. Your Rights

Under applicable data protection laws, you have the following rights regarding your personal information:

7.1 Access and Portability

• Request access to your personal information
• Receive a copy of your data in a portable format
• Obtain information about how we process your data

7.2 Correction and Deletion

• Request correction of inaccurate or incomplete information
• Request deletion of your personal information
• Object to processing based on legitimate interests

7.3 Consent Management

• Withdraw consent for marketing communications at any time
• Opt out of newsletter subscriptions
• Request restriction of processing in certain circumstances

8. International Data Transfers

As a global technology advisory firm, we may transfer your personal information to countries outside your jurisdiction. When we do so, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by relevant data protection authorities
• Certification under recognized privacy frameworks
• Binding corporate rules for intra-group transfers

9. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to newsletter subscribers
• Updating the "Last Updated" date at the top of this policy

11. Contact Information

If you have questions about this privacy policy or wish to exercise your rights, please contact us: