Controller
The controller of any personal data collected through this site is Day One Advisory Limited, a Maltese limited liability company (registration number C108719), with its registered office in Malta. For any privacy-related enquiries, contact info@dayoneadvisory.com.
What we collect
We collect personal data in two contexts only:
- When you complete the contact form. The information you enter — your name, organisation, email address, sector, and the message you write — is sent to us via our forms processor (see "Processors" below) and held in our email and CRM systems until the enquiry is closed.
- When you browse the site. We use Plausible Analytics, a privacy-respecting analytics service that does not set cookies, does not collect IP addresses in identifiable form, and does not track users across sites. Plausible collects aggregate, anonymous statistics only: page views, referrers, device categories, and country.
We do not run advertising. We do not sell, rent, or share any personal data with third parties for marketing purposes. We do not use cookies for tracking. There is no cookie banner because there is no tracking to consent to.
Lawful basis
Where you submit the contact form, our lawful basis under Article 6(1)(b) of the GDPR is the steps taken at your request prior to entering into a contract — i.e., responding to your enquiry. Where we collect aggregate analytics, our lawful basis under Article 6(1)(f) is our legitimate interest in understanding how the site is used in order to maintain and improve it. Because Plausible collects no personally identifying information, this processing does not require your consent.
Processors
We use the following third-party processors to operate this site and respond to enquiries:
- Formspree — receives contact form submissions and forwards them to our email. Submissions are stored on Formspree's infrastructure. Formspree's privacy policy.
- Plausible Analytics — aggregate website analytics, no cookies, no personal data. Plausible's privacy policy.
- Cloudflare — hosts the site and delivers it via CDN. Cloudflare processes request metadata (IP, user agent) for the operational purposes of serving the site and protecting against abuse. Cloudflare's privacy policy.
- Google Workspace — our business email and calendar provider. Contact-form enquiries land in our Workspace inbox. Google's privacy policy.
Where data is held
All of our processors operate or maintain EU-resident infrastructure for European customers. Where any processing involves transfer outside the European Economic Area, that transfer is governed by Standard Contractual Clauses or an equivalent legal mechanism approved under the GDPR.
Retention
Contact-form enquiries are retained for as long as needed to respond and follow up — typically up to 24 months from the date of the last meaningful exchange, after which the data is deleted unless there is a specific reason to keep it (e.g., an active contractual relationship). Aggregate analytics are retained indefinitely; because no personal data is collected, this does not affect any individual.
Your rights
Under the GDPR you have the right to access the data we hold about you, to ask for it to be corrected or deleted, to object to processing, to restrict processing in certain circumstances, and to receive your data in a portable format. To exercise any of these rights, email info@dayoneadvisory.com. We will respond within 30 days.
If you believe we have not handled your data properly, you have the right to complain to the Maltese supervisory authority — the Information and Data Protection Commissioner (IDPC) — or to the supervisory authority in your country of residence.
Changes to this policy
We will update this policy when our practices change. The date at the top of this page reflects the last substantive revision. If we make material changes that affect how we handle your data, we will surface that in a clearly visible way.