Legal

Privacy Policy

1. Introduction

This Privacy Policy explains how B&C | Business & Capital Advisory (“we”, “us”, “our”) collects, uses, processes and protects your personal data when you visit our website, contact us or use our services.
We are committed to respecting your privacy and complying with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and other applicable data protection laws.

By using our website, you agree to the practices described in this Privacy Policy.

2. Who We Are (Data Controller)

The entity responsible for the processing of your personal data (the “Data Controller”) is:

B&C | Business & Capital Advisory
Email: contact@b-cadvisory.com
Website: www.b-cadvisory.com

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

3.1. Data You Provide Directly

  • Name & surname
  • Email address
  • Phone number (optional)
  • Company name
  • Job title
  • Information shared via contact form or email
  • Documents shared intentionally for advisory purposes

3.2. Data Collected Automatically

When you browse our website, we may automatically collect:

  • IP address (anonymized when possible)
  • Browser type & version
  • Device information
  • Pages visited and time spent
  • Referring website
  • Cookies and tracking data (see our Cookies Policy)

3.3. Data Related to M&A Services

If you engage with us for advisory services, we may process additional data such as:

  • Company financial information
  • Corporate documents
  • Management profiles
  • Strategic information
  • Contracts shared for due diligence
    (all under strict confidentiality and data protection)

We only collect what is necessary to provide our services.

4. Why We Collect Your Personal Data (Purposes)

We process your data for the following purposes:

4.1. Website Operation & Experience

  • Ensure proper functioning of the website
  • Improve performance and user experience
  • Analyze traffic and usage

4.2. Communication & Contact

  • Respond to your inquiries
  • Schedule calls and consultations
  • Provide requested information or documents

4.3. Provision of M&A Advisory Services

  • Conduct valuations
  • Prepare reports, financial models, analyses
  • Manage M&A processes (sell-side / buy-side)
  • Share documents under NDA
  • Conduct market research and buyer mapping

4.4. Legal & Compliance Obligations

  • Comply with applicable regulations
  • Respond to legal requests
  • Prevent fraud or misuse of services

We do not sell your personal data under any circumstances.

5. Legal Basis for Processing

We process personal data only when one of the following legal bases applies:

  • Consent (e.g., accepting cookies, newsletter opt-in)
  • Contractual necessity (e.g., performing M&A advisory services)
  • Legitimate interest (e.g., improving our website, responding to inquiries)
  • Legal obligation (e.g., accounting or compliance requirements)

6. How We Share Personal Data

We may share your data with the following categories of third parties:

6.1. Service Providers

Trusted external providers, such as:

  • Website hosting
  • Analytics tools (e.g., Google Analytics)
  • Email service providers
  • Cloud storage
  • CRM tools

They only process data according to our instructions.

6.2. M&A Process Counterparties (Only When Required)

With your explicit approval, as part of a transaction:

  • Potential buyers / investors
  • Legal advisors
  • Financial advisors

6.3. Legal Authorities

Only if required by law.

We never sell or rent personal data.

7. International Data Transfers

Because we operate internationally, your data may be transferred outside your country.
When this happens, we ensure:

  • GDPR-compliant safeguards,
  • Standard Contractual Clauses (SCCs),
  • Or other adequate protection measures.

Your data is always protected.

8. Data Retention (How Long We Keep Data)

We retain personal data only for as long as necessary:

  • Website analytics data: 12–24 months
  • Contact form submissions: up to 24 months
  • Client documentation: up to 7 years after the end of an engagement (legal requirement)
  • Financial & contractual data: as required by law

We delete or anonymize data once retention periods expire.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1. Right to Access

Request a copy of your data.

9.2. Right to Rectification

Correct inaccurate or incomplete data.

9.3. Right to Erasure (“Right to be Forgotten”)

Request deletion where legally applicable.

9.4. Right to Restrict Processing

Limit how your data is used.

9.5. Right to Object

Object to certain types of processing (e.g., analytics).

9.6. Right to Data Portability

Receive your data in a structured format.

9.7. Right to Withdraw Consent

At any time, when processing is based on consent.

To exercise any rights, contact us at:
contact@bc-advisory.com

10. Security Measures

We take data security seriously and implement appropriate technical and organizational measures, including:

  • Encrypted communications (HTTPS)
  • Access controls
  • Secure storage
  • Limited data access
  • Confidentiality agreements
  • Regular monitoring and audits

No system is 100% secure, but we strive to protect your data to the highest standards.

11. Third-Party Links

Our website may contain links to third-party websites.
We are not responsible for their content, security or privacy practices.
We encourage you to review their policies before sharing personal data.

12. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in:

  • laws and regulations
  • our services
  • our data practices

The “Last updated” date indicates when changes were made.

13. Contact Us

For any questions regarding this Privacy Policy or your personal data rights, please contact us:

B&C | Business & Capital Advisory
Email: contact@bc-advisory.com
Website: www.bc-advisory.com