Privacy Policy

Acorn Advisory Group Ltd, Company Number: 07676159

Last updated: 3 March 2026

1. Introduction

Acorn Advisory Group Ltd (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use and protect personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR);

  • The EU General Data Protection Regulation (EU GDPR);

  • The Data Protection Act 2018.

This Policy applies to personal data collected via our Website and in the course of providing our services.

2. Data Controller

For the purposes of UK GDPR and EU GDPR, Acorn Advisory Group Ltd is the data controller.

Contact details:
Acorn Advisory Group Ltd
124-128 City Road
Shoreditch
London
EC1V 2NX
United Kingdom

Email: hello@acornadvisorygroup.co.uk

If required under Article 27 EU GDPR, we will appoint an EU representative and update this Privacy Policy accordingly.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly:

  • Name

  • Email address

  • Telephone number

  • Job title

  • Company name

  • Correspondence details

  • Information submitted through contact forms

Information collected automatically:

  • IP address

  • Browser type and version

  • Device type and operating system

  • Usage data

  • Cookies and tracking data

Business relationship data:

  • Client contact details

  • Contractual information

  • Billing and payment details

  • Due diligence information where required

We do not intentionally collect special category data unless necessary and lawful.

4. Lawful Bases for Processing

We process personal data on the following lawful bases:

  • Consent (Article 6(1)(a)) – for example, marketing communications;

  • Contract (Article 6(1)(b)) – where processing is necessary to perform a contract;

  • Legal obligation (Article 6(1)(c)) – compliance with legal or regulatory requirements;

  • Legitimate interests (Article 6(1)(f)) – business administration, responding to enquiries, improving services and maintaining security.

Where we rely on legitimate interests, we ensure those interests are balanced against your rights and freedoms.

5. How We Use Personal Data

We use personal data to:

  • Respond to enquiries;

  • Provide advisory or consultancy services;

  • Manage client relationships;

  • Send communications and updates where permitted;

  • Improve Website functionality and security;

  • Comply with legal and regulatory obligations.

6. Marketing

We Use Personal Data

We may send marketing communications where you have provided consent or where permitted by law.

You may withdraw consent at any time by using the unsubscribe link in communications or contacting us directly.

7. Sharing Personal Data

We may share personal data with:

  • IT service providers and hosting providers;

  • Professional advisers (lawyers, accountants, auditors);

  • Payment processors;

  • Regulators or authorities where required by law;

  • Corporate affiliates where applicable.

We require third parties to process personal data securely and in accordance with applicable data protection laws.

We do not sell personal data.

8. International Transfers

Where personal data is transferred outside the United Kingdom or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements;

  • EU Standard Contractual Clauses;

  • Transfers to countries with adequacy decisions.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting and regulatory requirements.

Retention periods vary depending on the nature of the data and legal obligations.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or damage.

However, no method of internet transmission is completely secure.

11. Your Rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data;

  • Rectify inaccurate or incomplete data;

  • Request erasure in certain circumstances;

  • Restrict processing;

  • Object to processing;

  • Request data portability;

  • Withdraw consent at any time;

  • Lodge a complaint with a supervisory authority.

12. Complaints

If you are in the United Kingdom, you may lodge a complaint with the Information Commissioner’s Office (ICO).

If you are in the European Union, you may lodge a complaint with your local supervisory authority.

13. Cookies

We use cookies and similar technologies to ensure Website functionality, analyse traffic and improve user experience.

You may manage cookie preferences through your browser settings or a cookie consent tool where implemented.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our Website with the updated revision date.