Skip to main content
Point Advisory
LEGAL

Privacy Policy

Point Advisory Ltd is committed to protecting your privacy and handling your personal data with transparency and care.

1. Introduction

Point Advisory Ltd ("Point Advisory", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our services.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions about this policy, please contact our Data Protection Officer using the details provided at the end of this document.

2. Information We Collect

We may collect and process the following categories of personal data:

Personal Data You Provide

  • Identity data: Your name, job title, and employer.
  • Contact data: Your email address, telephone number, and business address.
  • Communication data: Messages, enquiries, and feedback you send us.
  • Professional data: Information relevant to your engagement with us, including organisational context and strategic objectives.

Usage Data

We automatically collect information about how you interact with our website, including your IP address, browser type and version, time zone setting, operating system, and platform. This data helps us understand how visitors use our site and to improve its functionality.

Cookies

We use cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and understand where our visitors come from. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of our website may not function properly without cookies.

3. How We Use Your Information

We use your personal data only when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Service delivery: To provide the consulting services you have engaged us to perform and to manage our relationship with you.
  • Communication: To respond to enquiries, provide information you request, and send updates about our services where you have consented to receive them.
  • Legal obligations: To comply with applicable laws, regulations, court orders, or other legal processes.
  • Legitimate interests: To improve our website, services, and client experience; to maintain the security of our systems; and for business development activities.

4. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases for processing your personal data:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications.
  • Contract: Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.
  • Legitimate interest: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal obligation: Where we need to comply with a legal or regulatory obligation.

5. Data Sharing and Third Parties

We do not sell, trade, or otherwise transfer your personal data to third parties for marketing purposes. We may share your data with trusted third parties in the following limited circumstances:

  • Service providers: Professional advisers, IT service providers, and cloud storage providers who assist us in operating our business and delivering our services. All such providers are bound by confidentiality obligations and data processing agreements that comply with UK GDPR requirements.
  • Legal requirements: Where we are required to disclose your information to comply with applicable law, regulation, legal process, or governmental request.
  • Business transfers: In connection with any merger, acquisition, or sale of assets, where personal data may be transferred as a business asset.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Industry-standard encryption for data in transit (TLS 1.3) and at rest (AES-256).
  • Access controls: Strict role-based access controls limiting data access to authorised personnel with a legitimate business need.
  • Security assessments: Regular security audits, penetration testing, and vulnerability assessments.
  • Staff training: Comprehensive data protection and information security training for all employees.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. Client engagement records are typically retained for seven years following the conclusion of the engagement, in accordance with professional indemnity insurance and legal obligations. Marketing data is retained until you withdraw your consent or we determine it is no longer accurate.

7. Your Rights

Under data protection law, you have rights including:

  • Right of access: You have the right to request copies of your personal data from us.
  • Right to rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
  • Right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to restriction of processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to data portability: You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

If you wish to exercise any of these rights, please contact our Data Protection Officer using the details below. We will respond to all legitimate requests within one month.

8. Cookies Policy

Our website uses cookies to distinguish you from other users. This helps us provide you with a good experience when you browse our website and also allows us to improve our site.

Types of Cookies We Use

  • Essential cookies: These are necessary for the website to function properly and cannot be switched off in our systems.
  • Analytics cookies: These help us understand how visitors interact with our website by collecting and reporting information anonymously.
  • Preference cookies: These enable the website to remember information that changes the way the website behaves or looks.

Managing Cookies

You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. Most web browsers allow some control of cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit aboutcookies.org.

9. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or applicable law. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

For material changes that significantly affect your rights or how we process your data, we will provide notice through our website or direct communication where appropriate.

10. Contact Information

If you have any questions about this privacy policy or our data practices, or if you wish to exercise any of your rights, please contact our Data Protection Officer:

Data Protection Officer

Point Advisory Ltd

25 Finsbury Circus

London EC2M 7EE

Email: dpo@pointadvisory.co.uk

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your data in accordance with applicable law. Visit ico.org.uk for more information.

Last updated: 30 June 2026