Privacy Policy

2. Scope and Applicability

This Privacy Policy governs the collection, use, storage, disclosure and protection of personal data obtained through the Website, including but not limited to information submitted through contact forms, newsletter subscriptions, email correspondence, and analytics technologies.

By accessing or using the Website, users acknowledge and agree that their personal data may be processed in accordance with this Privacy Policy. Submission of personal data through the Website does not create any contractual, advisory, fiduciary or professional relationship.

3. Categories of Personal Data Processed

In the course of operating the Website and responding to inquiries, we may collect and process personal data including, without limitation, identification data (such as name and professional title), contact data (including email address and telephone number), employer or company information, professional background details voluntarily provided, and technical information such as IP address, browser type, device identifiers, and website usage metrics.

We do not intentionally collect special categories of personal data within the meaning of Article 9 GDPR. Users are expressly advised not to transmit confidential, privileged, classified or transaction-sensitive materials through the Website unless and until a formal written engagement agreement and, where applicable, a confidentiality agreement have been executed.

4. Legal Basis for Processing

Personal data is processed on the basis of one or more lawful grounds under Article 6 GDPR, including where processing is necessary for the performance of pre-contractual steps requested by the data subject, where processing is necessary for compliance with legal obligations, where processing is based on consent, and where processing is necessary for the purposes of legitimate interests pursued by the Operator, including maintaining professional communications, ensuring Website security, preventing fraud, and evaluating potential advisory engagements.

Where consent constitutes the legal basis for processing, such consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Purpose of Processing

Personal data is processed strictly for legitimate and proportionate purposes connected with the professional activities of the Operator. These purposes include responding to inquiries, evaluating potential advisory mandates, maintaining professional correspondence, administering newsletter communications where applicable, ensuring Website functionality and cybersecurity, and complying with applicable legal and regulatory requirements.

No automated decision-making processes producing legal or similarly significant effects within the meaning of Article 22 GDPR are conducted through the Website.

6. Confidential Information and NDA Limitations

Certain case descriptions, transaction references or illustrative examples appearing on the Website may relate to mandates subject to non-disclosure agreements or statutory confidentiality obligations. Such descriptions are presented in anonymized, aggregated or non-identifiable form solely for illustrative purposes.

Nothing on the Website shall be construed as disclosure of confidential information. Users acknowledge that submission of information via the Website does not create any confidentiality obligation beyond those imposed by applicable law unless expressly agreed in writing.

7. Disclosure and International Transfers

Personal data will not be sold or commercially traded.

Personal data may be disclosed where necessary to service providers acting as processors under written contractual arrangements that require appropriate technical and organisational safeguards. Such providers may include hosting providers, IT infrastructure providers, cybersecurity vendors, analytics providers, legal advisers, compliance consultants and other professional service providers.

Personal data may also be disclosed where required by law, court order, regulatory authority, or other lawful governmental request, or where disclosure is necessary to protect legal rights, prevent fraud, enforce contractual terms, or defend against legal claims.

Where personal data is transferred outside the European Economic Area, such transfer shall occur only where adequate safeguards under Chapter V GDPR are implemented, including Standard Contractual Clauses or reliance on adequacy decisions where applicable.

Users acknowledge that electronic communications and internet-based transmissions inherently carry risks and that no method of transmission or storage can be guaranteed to be fully secure.

THE OPERATOR ASSUMES NO LIABILITY FOR DISCLOSURE OF PERSONAL DATA RESULTING FROM UNAUTHORIZED THIRD-PARTY ACCESS, CYBER INCIDENTS, ERRORS IN TRANSMISSION, SYSTEM FAILURES, OR EVENTS BEYOND THE OPERATOR'S REASONABLE CONTROL.

8. Storage, Retention and Security

The Operator implements appropriate technical and organisational measures designed to ensure a level of security appropriate to the risk, including measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

Such measures may include controlled access protocols, encryption where appropriate, secure hosting environments, internal confidentiality procedures, contractual safeguards with service providers, and periodic review of security practices.

Notwithstanding these measures, users acknowledge that no system can guarantee absolute security and that residual risks remain inherent in digital communications.

Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory obligations, to resolve disputes, and to enforce agreements. Upon expiration of the applicable retention period, personal data shall be securely deleted, anonymized, or rendered permanently unreadable.

Users bear responsibility for safeguarding any authentication credentials and acknowledge that instructions received using such credentials will be deemed authorized.

9. Data Subject Rights

Subject to applicable law, individuals may request access to their personal data, request rectification or erasure, request restriction of processing, object to processing, request data portability, or lodge a complaint with a competent supervisory authority.

Requests may be submitted to privacy contact. The Operator reserves the right to verify the identity of any requesting party and to refuse requests that are manifestly unfounded or excessive as permitted under GDPR.

10. Third-Party Websites

The Website may contain links to external websites. The Operator does not control, endorse or assume responsibility for the content, security practices or privacy policies of such third-party sites. Access to such sites is at the user's own risk.

11. Children's Data

The Website is directed exclusively toward professional adult audiences and is not intended for individuals under the age of eighteen. The Operator does not knowingly collect personal data from minors and will delete such data upon becoming aware of its existence.

12. Amendments

The Operator reserves the right to amend this Privacy Policy at its sole discretion. Updated versions will be published on the Website with a revised effective date. Continued use of the Website after such publication constitutes acknowledgment of the updated terms.

13. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Member State of the European Union in which the Operator is established, without prejudice to mandatory provisions of applicable data protection law.

14. Contact

For any questions regarding this Privacy Policy or personal data processing, please contact: privacy contact