Covenant Advisory Group Limited logo Covenant Advisory Group

Privacy Policy

Last updated: 12 December 2025

1. Who we are

This privacy policy explains how Covenant Advisory Group Limited ("we", "us", "our") collects, uses and protects personal data in the course of providing our services and operating our website www.covenantadvisorygroup.co.uk (the "Website").

For the purposes of UK data protection law, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, we act as a data controller in relation to the personal data we collect and process.

Registered office: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF
Company number: 15495549

Email: info@covenantadvisorygroup.co.uk
Website: www.covenantadvisorygroup.co.uk

2. What personal data we collect

The types of personal data we may collect include:

  • Contact details - such as your name, job title, organisation, email address, telephone number and postal address.
  • Engagement information - information you provide when you contact us, instruct us, attend meetings, webinars or events, or correspond with us by email or other channels.
  • Client matter information - information relating to the advice or services we provide, which may include personal data about you or other individuals (for example, contract counterparties, employees, directors, suppliers or other stakeholders).
  • Website and technical data - such as IP address, browser type and version, device identifiers, pages visited, and the date and time of visits. This is typically collected via cookies and similar technologies (see section 8 below).
  • Marketing preferences - your preferences regarding receiving updates, insights or invitations from us.

3. How we collect your data

We collect personal data in a number of ways, including:

  • When you contact us through the Website, email, telephone or social media.
  • When you engage us to provide services or request a proposal from us.
  • When you register to receive updates, insights, or attend an event.
  • From publicly available sources (for example, Companies House, LinkedIn, regulatory filings).
  • Automatically, through cookies and similar technologies when you use the Website.

4. How and why we use your personal data

We process personal data only where we have a lawful basis to do so under UK GDPR. The main purposes and legal bases are:

  • To provide our services - including legal and commercial advisory services, contract drafting, negotiation and governance support.
    Legal basis: performance of a contract; legitimate interests.
  • To manage our relationship with you - including responding to enquiries, managing engagements, invoicing and administration.
    Legal basis: performance of a contract; legitimate interests.
  • To comply with legal and regulatory obligations - such as record-keeping, anti-money laundering and regulatory reporting where applicable.
    Legal basis: compliance with a legal obligation.
  • To send you insights and updates - such as briefings, newsletters or event invitations that may be relevant to you.
    Legal basis: consent, or our legitimate interests in promoting our services where permitted by law. You can opt out at any time.
  • To improve our Website and services - including analytics, troubleshooting, usage monitoring and security.
    Legal basis: legitimate interests in operating and developing our business and Website.

5. When we share your personal data

We do not sell your personal data. We may share personal data with:

  • Service providers who support our business (for example, IT hosting, cloud storage, email, document management, CRM, conferencing and professional services).
  • Professional advisers such as insurers, accountants and other consultants where reasonably necessary in connection with our services.
  • Regulators, public authorities or law enforcement where required by law or to protect our legal rights, clients or others.
  • Third parties involved in a transaction or restructuring (for example, if we merge or transfer part of our business), in which case we will ensure that appropriate safeguards are in place.

Where we use third-party service providers, we require them to process personal data only in accordance with our instructions and with appropriate technical and organisational security measures in place.

6. International transfers

Some of our service providers or counterparties may be located outside the United Kingdom. Where personal data is transferred outside the UK, we will ensure that an appropriate level of protection is in place, for example by:

  • Transferring to countries that the UK government recognises as providing an adequate level of protection; or
  • Using contracts approved for use in the UK which give personal data equivalent protection.

7. How long we keep your data

We keep personal data only for as long as reasonably necessary for the purposes set out in this policy, including to satisfy any legal, regulatory, tax, accounting or reporting requirements. In many cases, this will be for the duration of an engagement plus a defined period afterwards (for example, to comply with limitation periods and professional obligations).

When data is no longer required, we will securely delete or anonymise it.

8. Cookies and analytics

The Website may use cookies and similar technologies to distinguish you from other users, provide core functionality and help us understand how the Website is used.

We may use analytics services (for example, Google Analytics or similar tools) to collect aggregated, anonymised information such as page views, time on site and referring pages. This helps us improve the Website and our content. These tools may set cookies in your browser.

You can control cookies through your browser settings and, where we present a cookie banner or preference centre, by adjusting your choices there. Disabling certain cookies may affect how the Website functions.

9. How we protect your data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or damage. These may include access controls, encryption, secure storage, regular security reviews and staff training.

Despite these measures, no system can be completely secure. If you believe your personal data has been compromised in connection with our services or Website, please contact us immediately using the details in section 12.

10. Your rights under UK data protection law

Depending on the circumstances and subject to certain exemptions, you may have the following rights in relation to your personal data:

  • To be informed about how your personal data is used.
  • To request access to the personal data we hold about you.
  • To request correction of inaccurate or incomplete data.
  • To request erasure of your data in certain circumstances.
  • To request restriction of processing of your data.
  • To object to certain types of processing, including direct marketing.
  • To request the transfer of your data to another party (data portability).
  • Where we rely on consent, to withdraw that consent at any time (this will not affect the lawfulness of processing before consent was withdrawn).

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your personal data. We would, however, appreciate the chance to address your concerns first.

11. Third-party websites

The Website may contain links to third-party sites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any third-party sites you visit.

12. How to contact us about privacy

If you have any questions about this privacy policy, how we handle personal data, or if you wish to exercise your rights, please contact:

Data Protection Lead
Covenant Advisory Group Limited
167-169 Great Portland Street, 5th Floor, London, W1W 5PF

Email: info@covenantadvisorygroup.co.uk

13. Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically to stay informed about how we handle personal data.