Privacy Policy

Version:1.0 Effective Date:1 January 2025 Last Reviewed:March 2026

1.Who We Are

RA Advisory & Consultation Limited (“RA Advisory”, “we”, “us” or “our”) is a company incorporated and registered in Scotland, providing global legal and strategic consulting services to startups, SMEs and corporations.

For the purposes of UK GDPR and EU GDPR, RA Advisory & Consultation Limited acts as the Data Controller in respect of personal data it collects and processes in connection with the provision of its services and the operation of its website at www.ra-advisoryglobal.com.

  • Registered Name: RA Advisory & Consultation Limited

  • UK Offices: Glasgow

  • Email: contact@ra-advisoryglobal.com

  • Telephone: +44 141 569 4887

  • Website: www.ra-advisoryglobal.com

2. Information We Collect

We collect personal data in the following ways and categories:

  • Identity Data: Full name, job title, company name, professional role. Source: Directly from you via enquiry forms, emails or meetings

  • Contact Data: Email address, telephone number, postal address. Source: Directly from you or from publicly available professional sources

  • Matter Data: Information about your legal matter, transaction or business situation provided during an engagement. Source: Directly from you in the course of providing services

  • Financial Data: Invoice details, payment records, billing information. Source: Directly from you or via payment processors

  • Communications Data: Emails, meeting notes, correspondence, call records. Source: Generated in the course of our engagement with you

  • Technical Data: IP address, browser type, device information, pages visited, cookie data. Source: Automatically via our website analytics tools

  • Marketing Data: Communication preferences, event attendance records. Source: Directly from you or inferred from interactions

We do not intentionally collect Special Category Data (such as health data, racial or ethnic origin, religious beliefs, or biometric data) unless specifically required for a legal matter and with your explicit consent.

3.How We Use Your Information

We use your personal data only for the purposes for which it was collected or for compatible purposes, including:

  • Providing legal, strategic and advisory services pursuant to your instructions

  • Communicating with you in connection with your matter or enquiry

  • Conducting client onboarding, identity verification and KYC/AML checks as required by law

  • Issuing invoices, processing payments and managing client accounts

  • Complying with legal, regulatory and professional obligations

  • Maintaining conflict-of-interest checks and professional records

  • Sending relevant updates, legal alerts or firm news where you have consented or we have a legitimate interest

  • Improving our website, services and internal processes through analytics

  • Defending or pursuing legal claims where necessary

4.Legal Basis for Processing

Under UK GDPR and EU GDPR, we are required to identify a lawful basis for processing your personal data. We rely on the following bases:

Processing Activity Lawful Basis

Delivering legal and advisory services Performance of a contract (Article 6(1)(b))

KYC, AML and regulatory compliance checks Legal obligation (Article 6(1)(c))

Client billing and financial records Legal obligation / Legitimate interests (Article 6(1)(c) & (f))

Business development and marketing communications Legitimate interests or consent (Article 6(1)(f) or (a))

Website analytics and cookies. Consent (Article 6(1)(a)) where required

Defending or pursuing legal claims Legitimate interests (Article 6(1)(f))

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You have the right to object to processing on this basis at any time. See Section 8.

5.Sharing Your Information

We maintain strict client confidentiality obligations and do not sell or lease personal data to third parties. We share personal data only in the following limited circumstances:

  • Professional advisors and co-counsel: Barristers, foreign law firms, accountants or other specialists engaged on your matter, under confidentiality obligations

  • Service providers: IT systems, cloud storage, document management, billing software and other operational tools, all subject to data processing agreements

  • Regulatory and government bodies: Where required by law, court order, legal obligation or our professional regulatory obligations (including the Law Society of Scotland and Solicitors Regulation Authority)

  • Group entities: Affiliated RA Advisory offices where necessary to service a multi-jurisdictional matter

  • Counterparties: Only to the extent necessary and with your knowledge in the conduct of your transaction or matter

Any third party receiving personal data is required to handle it lawfully, securely and in accordance with applicable data protection law.

6.International Transfers

RA Advisory operates across the UK, EU, United States, Middle East and Asia-Pacific. In providing multi-jurisdictional services, personal data may be transferred to or accessed from countries outside the UK or European Economic Area (EEA).

Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with UK GDPR and EU GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK ICO’s International Data Transfer Agreement (IDTA)

  • Transfers to countries with an adequacy decision from the UK Secretary of State or the European Commission

  • Binding Corporate Rules where applicable

You may request a copy of the relevant transfer safeguards by contacting us at contact@ra-advisoryglobal.com.

7.Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law and professional regulation. Our general retention periods are:

Data Category Retention Period Basis

Client matter files and correspondence 7 years from matter closure Professional regulatory obligation

KYC / AML records 5 years from end of business relationship Money Laundering Regulations 2017

Financial and billing records 7 years HMRC and Companies Act requirements

Prospective client enquiries (not engaged) 2 years Legitimate interests

Marketing contact records Until withdrawal of consent or valid objection Consent / Legitimate interests

Website analytics data 26 months ICO guidance

Following expiry of the applicable retention period, personal data is securely deleted or anonymised. Certain data may be retained longer where required for ongoing legal proceedings or regulatory investigations.

01Who We Are

RA Advisory & Consultation Limited ("RA Advisory", "we", "us" or "our") is a company incorporated in Scotland and registered in England & Wales, providing global legal and strategic consulting services to startups, SMEs and corporations.

For the purposes of UK GDPR and EU GDPR, RA Advisory & Consultation Limited acts as the Data Controller in respect of personal data it collects and processes in connection with the provision of its services and the operation of its website at www.ra-advisoryglobal.com.

  • Registered Name: RA Advisory & Consultation Limited

  • UK Offices: Glasgow and London

  • Email: contact@ra-advisoryglobal.com

  • Telephone: +44 141 569 4887

  • Website: www.ra-advisoryglobal.com

02Information We Collect

We collect personal data in the following ways and categories:

CategoryExamplesSourceIdentity DataFull name, job title, company name, professional roleDirectly from you via enquiry forms, emails or meetingsContact DataEmail address, telephone number, postal addressDirectly from you or from publicly available professional sourcesMatter DataInformation about your legal matter, transaction or business situation provided during an engagementDirectly from you in the course of providing servicesFinancial DataInvoice details, payment records, billing informationDirectly from you or via payment processorsCommunications DataEmails, meeting notes, correspondence, call recordsGenerated in the course of our engagement with youTechnical DataIP address, browser type, device information, pages visited, cookie dataAutomatically via our website analytics toolsMarketing DataCommunication preferences, event attendance recordsDirectly from you or inferred from interactions

We do not intentionally collect Special Category Data (such as health data, racial or ethnic origin, religious beliefs, or biometric data) unless specifically required for a legal matter and with your explicit consent.

03How We Use Your Information

We use your personal data only for the purposes for which it was collected or for compatible purposes, including:

  • Providing legal, strategic and advisory services pursuant to your instructions

  • Communicating with you in connection with your matter or enquiry

  • Conducting client onboarding, identity verification and KYC/AML checks as required by law

  • Issuing invoices, processing payments and managing client accounts

  • Complying with legal, regulatory and professional obligations

  • Maintaining conflict-of-interest checks and professional records

  • Sending relevant updates, legal alerts or firm news where you have consented or we have a legitimate interest

  • Improving our website, services and internal processes through analytics

  • Defending or pursuing legal claims where necessary

04Legal Basis for Processing

Under UK GDPR and EU GDPR, we are required to identify a lawful basis for processing your personal data. We rely on the following bases:

Processing ActivityLawful BasisDelivering legal and advisory servicesPerformance of a contract (Article 6(1)(b))KYC, AML and regulatory compliance checksLegal obligation (Article 6(1)(c))Client billing and financial recordsLegal obligation / Legitimate interests (Article 6(1)(c) & (f))Business development and marketing communicationsLegitimate interests or consent (Article 6(1)(f) or (a))Website analytics and cookiesConsent (Article 6(1)(a)) where requiredDefending or pursuing legal claimsLegitimate interests (Article 6(1)(f))

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You have the right to object to processing on this basis at any time — see Section 8.

05Sharing Your Information

We maintain strict client confidentiality obligations and do not sell or lease personal data to third parties. We share personal data only in the following limited circumstances:

  • Professional advisors and co-counsel: Barristers, foreign law firms, accountants or other specialists engaged on your matter, under confidentiality obligations

  • Service providers: IT systems, cloud storage, document management, billing software and other operational tools — all subject to data processing agreements

  • Regulatory and government bodies: Where required by law, court order, legal obligation or our professional regulatory obligations (including the Law Society of Scotland and Solicitors Regulation Authority)

  • Group entities: Affiliated RA Advisory offices where necessary to service a multi-jurisdictional matter

  • Counterparties: Only to the extent necessary and with your knowledge in the conduct of your transaction or matter

Any third party receiving personal data is required to handle it lawfully, securely and in accordance with applicable data protection law.

06International Transfers

RA Advisory operates across the UK, EU, United States, Middle East and Asia-Pacific. In providing multi-jurisdictional services, personal data may be transferred to or accessed from countries outside the UK or European Economic Area (EEA).

Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with UK GDPR and EU GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK ICO's International Data Transfer Agreement (IDTA)

  • Transfers to countries with an adequacy decision from the UK Secretary of State or the European Commission

  • Binding Corporate Rules where applicable

You may request a copy of the relevant transfer safeguards by contacting us at contact@ra-advisoryglobal.com.

07Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law and professional regulation. Our general retention periods are:

Data Category Retention Period Basis

Client matter files and correspondence 7 years from matter closure Professional regulatory obligation

KYC / AML records 5 years from end of business relationship Money Laundering Regulations 2017

Financial and billing records 7 years HMRC and Companies Act requirements

Prospective client enquiries (not engaged) 2 years Legitimate interests

Marketing contact records Until withdrawal of consent or valid objection Consent / Legitimate interests

Website analytics data 26 months ICO guidance

Following expiry of the applicable retention period, personal data is securely deleted or anonymised. Certain data may be retained longer where required for ongoing legal proceedings or regulatory investigations.

8.Your Rights

Under UK GDPR and EU GDPR, you have the following rights in respect of your personal data:

  • Right of Access (Article 15): To request a copy of the personal data we hold about you

  • Right to Rectification (Article 16): To request correction of inaccurate or incomplete data

  • Right to Erasure (Article 17): To request deletion of your personal data in certain circumstances

  • Right to Restriction (Article 18): To request that we limit processing of your data in certain circumstances

  • Right to Portability (Article 20): To receive your data in a structured, machine-readable format

  • Right to Object (Article 21): To object to processing based on legitimate interests or for direct marketing purposes

  • Rights related to automated decision-making (Article 22): Not to be subject to solely automated decisions that produce significant legal effects

  • Right to withdraw consent: Where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us in writing at contact@ra-advisoryglobal.com. We will respond within one calendar month. We may ask you to verify your identity before processing your request. Requests are free of charge unless manifestly unfounded or excessive.

9.Cookies & Website Tracking

Our website at www.ra-advisoryglobal.com uses cookies and similar tracking technologies to operate the site and understand how it is used. We use the following types of cookies:

  • Strictly necessary cookies: Required for core website functionality. These cannot be disabled.

  • Analytics cookies: Help us understand how visitors interact with our site (e.g. Google Analytics). Set only with your consent.

  • Preference cookies: Remember your settings and choices. Set only with your consent.

You can manage your cookie preferences via our cookie consent tool on the website, or by adjusting your browser settings. Disabling non-essential cookies will not affect your ability to use the site. For more detail, please refer to the cookie banner displayed on first visit.

10.Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or disclosure. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest

  • Access controls and role-based permissions for internal systems

  • Regular staff training on data protection and information security

  • Secure document management and matter handling systems

  • Incident response procedures for data breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay, as required by UK GDPR Article 33-34.

11.Changes to This Policy

We review this Privacy Policy periodically and update it as necessary to reflect changes in our practices, services or applicable law. Where changes are material, we will notify existing clients by email. The effective date at the top of this document indicates when the policy was last updated.

We encourage you to review this policy regularly. Continued use of our services following notification of changes constitutes acceptance of the updated policy.

12.Contact & Complaints

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have concerns about how we have handled your personal data, please contact us:

  • Email: contact@ra-advisoryglobal.com

  • Telephone: +44 141 569 4887

  • Office: Glasgow

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

  • UK: Information Commissioner's Office (ICO) - ico.org.uk - 0303 123 1113

  • EU: Your local Data Protection Authority in the relevant EU member state

Data Subject Requests

To exercise your rights under UK GDPR or EU GDPR, or to raise a data protection concern, contact our team directly at contact@ra-advisoryglobal.com. We respond to all requests within one calendar month.