top of page

Privacy Policy

1. Who we are

AltaVia Advisory (“AltaVia”, “we”, “us”) partners with C-level leadership at luxury fashion and hospitality brands to design Client Development strategy and guide internal adoption. For the purposes of this policy, AltaVia is the data controller for personal data collected via our website, marketing, events we host, and business development activities. Where we process personal data on behalf of our clients (e.g., inside their CRM), AltaVia acts as a data processor under a Data Processing Agreement (DPA).

Registered/operating hubs: Dubai • Paris • Milan. Please replace the placeholders below with your exact legal details:

  • Legal entity name: AltaVia Advisory FZCO

  • Registered addresses: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates

  • Company registration numbers (Trade License): 50010

  • Primary contact email for privacy matters: privacy@altaviaadvisory.com

  • Website: https://www.altaviaadvisory.com

2. Scope

This Privacy Policy explains how we collect, use, disclose, transfer, and safeguard personal data when you visit our website, communicate with us, or otherwise interact with AltaVia. It also explains choices available to you and your rights under applicable laws.

3. Key definitions

  • “Personal data”: any information that identifies or can reasonably identify an individual.

  • “Processing”: any operation performed on personal data (e.g., collection, storage, use, disclosure).

  • “Controller”: the party determining purposes and means of processing personal data.

  • “Processor”: the party processing personal data on behalf of a controller.

4. Personal data we collect

We collect the following categories of personal data depending on how you interact with us:

  • Contact and identity data: name, job title, company, email address, phone number, country.

  • Business communications: information shared in meetings, forms, RFPs, proposals, and service discussions.

  • Marketing preferences: your choices about receiving our communications (e.g., email, messaging apps you authorise).

  • Usage and device data: IP address, device identifiers, browser type, pages viewed, and interactions with our website (through cookies/analytics).

  • Social and public sources: information from LinkedIn/other publicly available sources that is relevant to B2B outreach.

  • Client CRM data (processor role): where a brand asks us to assist inside their CRM, we only process the fields necessary to deliver the engagement under a DPA.

5. How we obtain personal data

  • Directly from you when you fill forms, subscribe, book a call, or correspond with us.

  • Automatically via cookies and analytics when you use our website.

  • From business partners, referrals, or public professional sources (e.g., LinkedIn).

6. Why we use personal data and legal bases

We use personal data for the purposes below and rely on lawful bases under the EU/UK GDPR and, where relevant, the UAE Federal Decree‑Law No. 45 of 2021 on Personal Data Protection (UAE PDPL).

  • Providing and improving services; responding to enquiries; operating our website — Legitimate interests / Contract.

  • B2B marketing communications with opt‑out; measuring engagement — Legitimate interests (GDPR) and consent where required (e.g., email/messaging opt‑in).

  • Sending newsletters or updates where you opt‑in — Consent (you may withdraw at any time).

  • Performing a contract or taking steps at your request prior to entering a contract — Contract.

  • Complying with legal obligations (e.g., tax, accounting, regulatory requests) — Legal obligation.

  • Security, fraud prevention, and protecting our rights — Legitimate interests / Legal obligation.6045

7. Cookies and similar technologies

We use essential, performance/analytics, and marketing cookies to operate and improve our website. Where required, we ask for your consent. You can manage preferences through your browser settings and (if available) our cookie banner.

8. How we share personal data

  • Vendors and service providers: hosting, analytics, CRM, email/messaging platforms, productivity tools—bound by confidentiality and data protection terms.

  • Professional advisers and auditors where necessary.

  • Authorities or regulators when required by law or to protect rights, safety, or security.

  • Clients (in processor scenarios) strictly as instructed by the controller.

We do not sell personal data.

9. International data transfers

Given our hubs in Dubai, Paris, and Milan, your data may be processed in the EU/EEA and the United Arab Emirates. Where personal data is transferred outside the EU/EEA or the UK, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs), UK addendum (if applicable), adequacy decisions, or other lawful transfer mechanisms.

10. Data retention

We keep personal data only for as long as necessary to fulfil the purposes outlined in this policy, including to meet legal, accounting, or reporting requirements. Typical periods:

  • Prospect and marketing contacts: up to 24 months from last meaningful interaction, unless you opt out earlier.

  • Client and engagement records: contract term plus up to 7 years (or longer if required by law).

  • Website analytics data: typically 13–26 months depending on provider configuration.

11. Security

  • Access controls and least‑privilege permissions.

  • Encryption in transit; secure storage with reputable providers.

  • Regular review of vendor security and contractual safeguards.

  • Incident response procedures; notifications as required by law.

12. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict or object to processing, withdraw consent, and request data portability. EU/UK residents may also lodge a complaint with their data protection authority (e.g., CNIL in France, Garante in Italy). UAE residents may exercise rights provided under the UAE PDPL. We will respond in accordance with applicable law.

13. Marketing choices and consent management

  • Email: use the unsubscribe link in our emails or contact us.

  • Messaging apps (if used): reply STOP / use in‑app controls to opt out.

  • You can also contact us to update your preferences at any time.

14. Children’s data

Our services target professional audiences. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps.

15. Automated decision‑making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

16. Contact us / Data protection contact

To exercise your rights or ask questions about this policy, please contact:
Data Controller: AltaVia Advisory
Email: privacy@altaviaadvisory.com (or update)
Postal: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates

If we appoint a Data Protection Officer (DPO), we will publish their contact details here.

17. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and adjust the effective date above. Where changes are material, we will take reasonable steps to notify you.

bottom of page