Privacy and Cookies Policy

Last updated: November 2025

1. The type of personal information we collect as data controller

VM Global Advisory Limited (“VM Global Advisory”, “we”, “us”) is the data controller for the personal information described below. We collect and process different categories of information depending on our relationship with the data subject and the context of our interaction.

Clients

We process contact details of our client representatives (name, business email, phone number, business address) and, where we contract directly with individuals, name, residential address, and phone number. We may also process information relevant to the subject matter of the engagement and, where appropriate (for example, when hosting events or sending gifts), dietary preferences and family members’ names.
Lawful basis: performance of a contract.

Professional network and external stakeholders

We process names, business contact details, professional roles and areas of expertise.
We may also collect dietary preferences or family names when organising hospitality or events.
Lawful basis: our legitimate interests in maintaining a professional network and fostering business relationships.

Prospective clients

We process names, company details, contact information, and limited professional background data obtained from you or publicly available business sources.
Lawful basis: our legitimate interests in developing our business and assessing prospective client suitability.

Job applicants

We process names, contact information, CV details, professional experience, and interview notes. Interview notes may occasionally include special category data (for example, health or diversity information).
Lawful basis: legitimate interests and legal obligations (e.g., right-to-work checks). Where special category data is processed, the condition for processing is to carry out obligations and exercise specific rights in the field of employment.

Suppliers and partners

We process names and business contact details of individuals associated with vendor or partner organisations.
Lawful basis: legitimate interests (contract management and administration).

We perform legitimate interest assessments to ensure our interests are balanced with your rights and freedoms.

2. The type of personal information we collect as data processor

In some cases, we act as a data processor on behalf of our clients—for example, when handling information provided to us as part of advisory or communications engagements.
In those circumstances, we act only on the documented instructions of the client (the data controller).

3. How we collect and use personal information

Most personal information is provided directly by you for one of the following reasons:

  • To perform a client engagement or contract.

  • To deliver or receive services from suppliers and partners.

  • To organise or invite you to events.

  • To manage recruitment processes.

  • To maintain communication and business continuity.

  • To assess potential conflicts of interest or conduct due diligence.

We may also receive personal information indirectly, for example:

  • From public sources (such as professional networking platforms or business databases) when carrying out background checks on prospective clients.

  • From our clients, when we act on their instructions.

Where data is received from a third party, we may need to refer any data-subject rights request to the relevant controller.

Sharing data with third parties

We may share data with trusted service providers that support our operations, such as:

  • IT infrastructure and email hosting providers (servers located in the UK and EU).

  • Secure messaging and collaboration platforms (servers in the US).

  • Accounting and finance platforms (servers in the UK and EU).

  • Background-check tools (servers in the UK and US).

Whenever personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with data protection legislation, including international transfer assessments or standard contractual clauses.

4. How we store your personal information

We store personal information securely within our IT systems, using restricted access and encryption where appropriate.

Category - Retention Period - Disposal

  • Client data - 6 years from end of engagement - Secure deletion beyond recovery

  • Data processed on behalf of clients - 6 months from end of engagement - Secure deletion

  • HMRC / financial records - 6 years from relevant financial year end - Secure deletion

  • Job applicant data - 5 years from rejection or hire decision - Secure deletion

  • Marketing and professional network data - Retained indefinitely for business relationship management; access restricted and encrypted - Review periodically

In exceptional circumstances (e.g., heightened security risks), certain data may be deleted earlier to minimise exposure.

5. Your data protection rights

Under the UK GDPR and Data Protection Act 2018, you have rights including:

  • Access – request copies of your personal data.

  • Rectification – ask us to correct or complete inaccurate or incomplete data.

  • Erasure – request deletion of your data in certain circumstances.

  • Restriction – ask us to limit processing in specific situations.

  • Objection – object to processing where lawful basis is legitimate interest or for direct marketing.

  • Portability – request transfer of data you provided to another organisation or to yourself (where technically feasible).

  • Automated decision-making – we do not make automated decisions that produce legal or significant effects.

Requests can be made free of charge. We will respond within one month of receipt.

To exercise any of these rights, please contact us at info@vmglobal-advisory.com or via the postal address listed on our website.

6. For website visitors

Our website does not collect or store personally identifiable information unless you actively provide it (for example, through a contact form or event registration).

We use Google Analytics with IP anonymisation enabled to understand how visitors interact with our website. Data collected is aggregated and cannot be used to identify individuals.

We may collect anonymous technical information such as:

  • Browser type and version

  • Operating system

  • Date and time of access

  • Country of origin (approximate, anonymised)

Our website may contain embedded content (e.g., videos, social media posts, or articles). Embedded content behaves in the same way as if you visited the source website, which may collect additional data or use cookies.

7. Cookies

This website uses cookies to enhance performance and security.

Types of cookies used - Purpose - Duration - Personal Data

Cloudflare - Security and performance optimisation - Session - None

Google Analytics - Aggregated analytics and traffic statistics - Up to 2 years - IP anonymised

Managing cookies

You can manage or delete cookies through your browser settings.
Please note that disabling all cookies may affect the functionality of some websites.

For instructions on how to manage cookies, refer to your browser’s help pages.

8. Privacy concerns and complaints

If you have concerns about how we handle your personal data, please contact us first at:
info@vmglobal-advisory.com

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: www.ico.org.uk