Legal

Privacy Policy

Effective date: 1 January 2025  ·  Last updated: 1 January 2025

1. Overview

Crestline Advisory ("we", "us", or "our") is committed to protecting the privacy and confidentiality of the information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (crestline.africa), contact us, or engage us for advisory services.

By using our website or engaging our services, you agree to the practices described in this policy. If you do not agree, please discontinue use of our website and services.

We do not sell, rent, or trade your personal information to any third party for marketing purposes. We never have, and we never will.

2. Information We Collect

We collect information in the following ways:

Information you provide directly

  • Your name, email address, phone number, and organisation when you contact us via our website or email
  • Business information you share during proposal, scoping, or engagement discussions
  • Documents, data, and materials you provide during a client engagement
  • Communications you send to us by email or any other channel

Information collected automatically

  • IP address, browser type, and device information when you visit our website
  • Pages visited, time spent on pages, and referring URLs
  • Cookie and analytics data (see Section 8)

Information from third parties

  • Publicly available professional information (e.g. LinkedIn profiles) for business development purposes
  • Referrals and introductions from existing clients or partners

3. How We Use Your Information

We use the information we collect to:

  • Respond to your enquiries and communicate with you about potential or active engagements
  • Deliver advisory, research, and digital transformation services to clients
  • Prepare proposals, contracts, invoices, and project deliverables
  • Send relevant updates, insights, or newsletters where you have consented
  • Improve our website, services, and internal processes
  • Comply with legal and regulatory obligations
  • Protect the rights, safety, and interests of Crestline Advisory and its clients

We rely on the following legal bases for processing personal data: your consent, the performance of a contract with you, compliance with a legal obligation, and our legitimate business interests where these do not override your rights.

4. Sharing Your Information

We do not sell your personal data. We may share information only in the following limited circumstances:

  • Service providers: Trusted third-party tools and platforms we use to operate our business (e.g. cloud storage, email, project management, accounting software). These providers are contractually bound to protect your data and may not use it for any other purpose.
  • Specialist network: Subject-matter experts engaged on specific client projects. Information shared is limited to what is necessary for project delivery, and appropriate confidentiality obligations apply.
  • Legal compliance: Where required by law, regulation, court order, or government authority.
  • Business transfers: In the event of a merger, acquisition, or sale of business assets, your data may be transferred as part of that transaction. We will notify you in advance.

All client engagement data is treated as strictly confidential and governed by our engagement contracts, which include explicit confidentiality provisions.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the duration of any client engagement and for a reasonable period thereafter.

  • Client engagement records: retained for a minimum of 7 years for legal and accounting purposes
  • Marketing and newsletter contacts: retained until you unsubscribe or request deletion
  • Website enquiries: retained for up to 2 years unless an engagement follows
  • Website analytics data: retained in anonymised or aggregated form

When data is no longer required, we securely delete or anonymise it.

6. Security

We take the security of your information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encrypted communications and file transfers where applicable
  • Access controls limiting data access to authorised personnel only
  • Use of reputable, security-vetted third-party platforms
  • Regular review of our data handling practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

7. Your Rights

Depending on your location and applicable law, you may have the following rights in relation to your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data where there is no legitimate reason for us to continue holding it
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Portability: Request a machine-readable copy of your data for transfer to another provider
  • Objection: Object to our processing of your data on the grounds of legitimate interests
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at privacy@crestline.africa. We will respond within 30 days.

8. Cookies

Our website may use cookies and similar tracking technologies to improve your experience and analyse site usage. Cookies are small files stored on your device that help us understand how visitors interact with our site.

  • Essential cookies: Necessary for the website to function correctly. Cannot be disabled.
  • Analytics cookies: Help us understand visitor behaviour in aggregate (e.g. Google Analytics). No personally identifiable information is collected.
  • Preference cookies: Remember your settings and preferences for future visits.

You can control or disable cookies through your browser settings at any time. Note that disabling certain cookies may affect the functionality of the website.

9. Third-Party Links

Our website may contain links to third-party websites, including our social media profiles and YouTube channel. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will revise the "last updated" date at the top of this page.

For significant changes, we will make reasonable efforts to notify active clients directly. We encourage you to review this policy periodically to stay informed about how we protect your information.