// legal

cat privacy_policy.md

Last updated: November 2025 · Effective: November 2025

privacy_policy.md

01 Introduction

Frontier Advisory Ltd ("we", "us", or "our") is committed to protecting your privacy and ensuring that your personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, use our services, or otherwise interact with us.

Data Controller: Frontier Advisory Ltd acts as a Data Controller in managing our advisory client relationships. We are registered with the Information Commissioner's Office (ICO) under registration number ZC046531.

Data Processor: In advisory projects involving your data and customers, Frontier Advisory Ltd acts as a Data Processor on your behalf. We have extensive experience working to ICO standards and are committed to treating your data with the utmost care, confidentiality, and security.

02 Information We Collect

We may collect and process the following categories of personal data:

Information you provide directly

  • Contact information: name, email address, phone number
  • Professional information: company name, job title, industry
  • Communication records: correspondence via email or contact forms
  • Meeting information: notes and records from advisory sessions

Information collected automatically

  • Technical data: IP address, browser type, device information
  • Usage data: pages visited, time spent on site, referral source
  • Cookie data: as described in our cookie notice below

03 How We Use Your Information

We process your personal data for the following purposes and legal bases:

  • To provide our services: Processing is necessary for the performance of a contract or to take steps prior to entering into a contract
  • To respond to enquiries: Processing is based on your consent or our legitimate interests in responding to communications
  • To send relevant updates: Where you have consented to receive marketing communications
  • To improve our website: Based on our legitimate interests in understanding how visitors use our site
  • To comply with legal obligations: Where processing is necessary for compliance with a legal obligation

04 Legal Basis for Processing

Under UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Contract: Where processing is necessary for the performance of a contract with you
  • Legal obligation: Where processing is necessary to comply with the law
  • Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests

05 Data Sharing and Transfers

We do not sell your personal data. We may share your data with:

  • Service providers: Third parties who provide services on our behalf (e.g., hosting, analytics), subject to appropriate data processing agreements
  • Professional advisors: Lawyers, accountants, and other advisors where necessary
  • Legal requirements: Where required by law, regulation, or court order

Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

06 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

  • Contact form submissions: 2 years from last contact
  • Client records: 7 years after the end of the business relationship
  • Website analytics: 26 months

07 Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data in certain circumstances
  • Right to restrict processing: Request limitation of processing in certain circumstances
  • Right to data portability: Request transfer of your data to another organisation
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Rights related to automated decision-making: Not to be subject to decisions based solely on automated processing

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month.

08 Cookies

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device that help us understand how you use our site.

  • Essential cookies: Required for the website to function properly
  • Analytics cookies: Help us understand how visitors interact with our site

You can control cookies through your browser settings. Note that disabling certain cookies may affect your experience on our website.

09 Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

10 Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

11 Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your data, please contact us:

Frontier Advisory Ltd

Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

Email: privacy@frontieradvisory.net

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated:

Information Commissioner's Office

Website: ico.org.uk

Helpline: 0303 123 1113