Client data protection policy

This Client Data Protection Policy applies to personal data relating to you and, where relevant, to individuals connected with you in the course of our work, including your employees, officers, directors, agents, contractors and consultants, as well as individuals at your customers, suppliers and other counterparties, in each case where you provide their details to us or we receive their details as part of our engagement. In this Policy we refer to such individuals as Client Personnel. This Policy applies to the extent that Ashvaren Advisory Limited processes personal data and the applicable data protection laws apply. Our contact details appear in the Contacting us section.

In this Policy, Data Protection Legislation means all applicable laws and regulations relating to privacy and data protection that apply to our processing of personal data from time to time. This includes the UK General Data Protection Regulation as incorporated into UK law, the Data Protection Act 2018, and any successor or replacement legislation. Terms such as personal data, controller and processing have the meanings given in the Data Protection Legislation.

  • We may receive personal data directly from you or from Client Personnel when you contact us, instruct us, attend meetings, participate in workshops, or communicate with us by email, telephone, post, online forms or other means. We may also generate personal data internally in the course of providing services, for example notes of meetings, project records, and correspondence.

    We may obtain personal data from third parties where appropriate and lawful, including from professional advisers, counterparties, public registers and other publicly available sources, and from providers of screening or verification services where we consider this necessary for compliance or risk management. Public sources may include Companies House.

  • Depending on the nature of the work, we may process the following types of personal data:

    Contact and identification details, including name, business and home addresses, telephone numbers, email addresses, and similar contact information;

    Background and relationship information, which may include role, employer, job title, reporting lines, and your professional relationship to the matter;

    Administrative and engagement information, including correspondence, instructions, files, meeting notes, deliverables, and records relating to the services;

    Financial and billing information needed for invoicing and payment administration;

    Compliance related information, including identity verification information and screening results where relevant; and

    Any other information you or Client Personnel choose to provide to us, or which becomes relevant to the services.

  • On some matters, we may need to process special categories of personal data, for example information concerning health, racial or ethnic origin, or similar sensitive information. We will only process special categories of personal data where a lawful condition applies under the Data Protection Legislation. Where appropriate, we will seek explicit consent or rely on another lawful condition, such as where processing is necessary for legal claims or regulatory compliance.

    If you choose not to provide information that is necessary for us to act, or if Client Personnel object to particular processing and we do not have an alternative lawful basis, we may be unable to provide the services requested or may need to stop acting.

  • We process personal data for purposes connected with providing professional advisory services and operating our business. This includes:

    Providing services, including delivering advice, analysis, materials and deliverables, and communicating with you and Client Personnel;

    Managing engagements, including opening and running matters, maintaining records, handling queries, and quality assurance;

    Financial administration, including billing, credit control, payments and related accounting processes;

    Compliance and risk management, including identity checks, screening, fraud prevention, safeguarding our business, and meeting professional and legal obligations;

    Improving and developing services, including internal training, service review, and statistical or trend analysis; and

    Business development and communications, including informing you about relevant services and events, subject to your marketing preferences.

  • We rely on one or more lawful bases under the Data Protection Legislation when processing personal data. These may include:

    Contract, where processing is necessary to perform our contract with you or to take steps at your request before entering into a contract;

    Legal obligation, where processing is required to comply with applicable laws and regulations;

    Legitimate interests, where processing is necessary for the purposes of our legitimate interests, provided those interests are not overridden by your interests or fundamental rights and freedoms. Our legitimate interests may include running our business effectively, providing services, maintaining security, preventing fraud, handling complaints, improving services, and communicating with clients about relevant services; and

    Consent, where we ask for it in circumstances where consent is required, particularly in relation to certain categories of special category data or certain marketing activities.

    If we rely on consent, it may be withdrawn at any time by contacting us using the details in Contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before the consent was withdrawn. In some circumstances, we may still have another lawful basis that permits continued processing.

  • We do not use personal data for automated decision making or profiling that produces legal effects concerning you or similarly significantly affects you.

  • We treat client information as confidential. We may share personal data where it is necessary for the purposes described in this Policy, including with:

    Service providers who help us operate our business, such as IT providers, cloud services, professional support services, accountants, and administrative service providers, provided they are subject to appropriate contractual protections;

    Professional advisers engaged by you where you instruct or authorise us to liaise with them;

    Regulators, courts, tribunals, law enforcement agencies, tax authorities and other public bodies where we are required to do so, or where disclosure is lawful and necessary to protect rights, prevent or investigate crime, or comply with legal process;

    Counterparties and other parties involved in the matter where disclosure is required to progress the work, subject to appropriate controls; and

    A prospective buyer, investor or successor if we undergo a business reorganisation, sale, or transfer of all or part of our business, subject to confidentiality safeguards.

    Where we use third party service providers as processors, we require them to process personal data only on our instructions and to apply appropriate security measures.

    If you provide us with personal data relating to third parties, you confirm that you have provided any necessary information to those individuals and that you are entitled to share their data with us for the purposes of this Policy.

  • Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, the International Data Transfer Agreement, the UK addendum to EU standard contractual clauses, or another lawful mechanism permitted under the Data Protection Legislation. We may also transfer data where an exception applies, for example where it is necessary for the performance of a contract or for the establishment, exercise or defence of legal claims.

  • Subject to applicable conditions and exceptions, you and Client Personnel may have rights in relation to personal data, including the right to:

    • request access to personal data and obtain a copy of it;

    • request correction of inaccurate or incomplete personal data;

    • request deletion of personal data where we no longer have a lawful basis to retain it;

    • object to processing based on legitimate interests in certain circumstances;

    • request restriction of processing in certain circumstances;

    • request portability of personal data provided to us, where applicable; and

    • withdraw consent where processing is based on consent.

    Requests should be made in writing using the contact details below. We will respond within the time periods set by the Data Protection Legislation, usually within one month, subject to permitted extensions.

  • We retain personal data only for as long as necessary for the purposes described in this Policy, including for the duration of our engagement and thereafter as needed for legal, regulatory, accounting, or risk management purposes. We periodically review our records to ensure data is not retained longer than necessary. We may retain information after an engagement ends, including where we need it to comply with legal obligations or to establish, exercise or defend legal claims.

  • We may contact you and Client Personnel about our services, events and publications where permitted by law. You can opt out at any time by using the unsubscribe link in an email, or by contacting us. Opt out requests are applied as soon as reasonably practicable.

  • To exercise your rights, ask a question, or raise a concern about how we use personal data, please contact:

    Ashvaren Advisory Limited

    By post: 128 City Road, London EC1V 2NX

    By email: dataprotection@ashvaren.com

    Website:www.ashvaren.com

    If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office. Their contact details are available on their website, and they can also be contacted by telephone on 0303 123 1113.

  • We may update this Policy from time to time. The current version will be published on our website.

    Version: January 2026.

Website privacy notice

This Website Privacy Notice explains how Ashvaren Advisory Limited uses personal data collected through our website at www.ashvaren.com and through related communications. This Notice should be read alongside our Website Terms and Conditions, and any defined terms used in those terms may also apply here.

  • We may collect personal data that you provide when you contact us through the website, sign up to updates, register for an event, apply for a role, submit an enquiry, or otherwise correspond with us. This may include:

    • your name, title, email address, telephone number, postal address, and other contact details;

    • information you include in messages and attachments;

    • recruitment related information if you apply for a role; and

    • any other information you choose to provide.

    We may also collect limited technical and usage information automatically when you use the website, including:

    Information about your device and browser, including IP address, browser type and version, operating system, time zone setting, and language;

    Information about your visit, including pages viewed, links clicked, and the time and date of access; and

    Referral information, such as the site you visited before you came to ours.

    We may receive analytics information from third party providers, such as Google, depending on your cookie choices.

  • We use personal data collected through the website for the following purposes:

    To respond to enquiries and provide information you request;

    To provide updates, newsletters or event communications where you sign up to receive them;

    To process job applications and manage recruitment;

    To administer and improve the website, including troubleshooting, testing and analytics; and

    To protect our website and business, including detecting and preventing fraud or misuse.

  • We process personal data on one or more of the following lawful bases:

    • legitimate interests, including operating and improving the website, responding to enquiries, and keeping our systems secure;

    • contract, where you request services and processing is necessary to take steps at your request or to perform a contract; and

    • consent, where we rely on cookies and similar technologies that are not strictly necessary, and where applicable for certain marketing activities.

  • We do not sell personal data. We may share personal data with service providers who help us run our website and business, such as hosting providers, IT support, email service providers, and analytics providers, subject to appropriate safeguards. We may also disclose personal data where required by law, or to protect our rights and the security of our systems.

  • If personal data is transferred outside the UK, we will use appropriate safeguards in line with the Data Protection Legislation.

  • You have rights in relation to your personal data, including access, correction, deletion, restriction, objection, portability, and the right to withdraw consent where applicable. To exercise these rights, please contact us using the details below.

  • We apply reasonable technical and organisational measures to protect personal data. No internet transmission is completely secure, but we work to protect your information. We keep website collected personal data only for as long as needed for the purposes described in this Notice, or as required by law.

  • We use cookies and similar technologies to make the website work, to remember preferences, and to understand how visitors use the website, depending on your cookie choices. You can manage cookies through your browser settings and, where available, through our cookie preference tool on the website. If you disable certain cookies, parts of the website may not function properly.

  • If you have questions about this Notice, or you wish to exercise your rights, please contact:

    Ashvaren Advisory Limited

    By post: 128 City Road, London EC1V 2NX

    By email dataprotection@ashvaren.com

    You also have the right to complain to the Information Commissioner’s Office.

  • We may update this Notice from time to time by publishing an updated version on the website.

    Version: January 2026.