Contact us

Privacy Policy

Last updated: January 1, 2025

This Privacy Policy (“Policy”) describes how Neuhaus Advisory OÜ (“Neuhaus Advisory”, “we”, “our”, or “us”) collects, uses, and protects personal data when you visit our website, contact us, or engage our advisory services (collectively, the “Service”). We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act, and other applicable laws.

1. Information We Collect

We collect the following categories of information:

1.1 Contact and Communication Data

When you contact us, request information, or engage our services, we may collect:

  • Name
  • Email address
  • Phone number (if provided)
  • Company name and role
  • Communications with us (emails, messages, meeting notes)

1.2 Client and Engagement Data

When you become a client, we may collect:

  • Project-related information you provide
  • Company background, documents, or materials necessary for due diligence
  • Contract details, billing information, and service preferences
  • Any personal data contained within materials you voluntarily share

We only request information strictly necessary to perform our advisory work.

1.3 Website and Technical Data

When you visit our website, we may collect limited technical information, including:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and access times
  • Referring URLs

This data is collected via server logs and essential analytics tools and is used solely to maintain and improve the website.

1.4 Marketing and Feedback Data

If you subscribe to updates or choose to provide feedback:

  • Email marketing preferences
  • Survey responses and feedback you voluntarily provide

You may unsubscribe from marketing communications at any time.

1.5 Payment and Accounting Data

If you engage our paid services:

  • Billing contact details
  • Payment confirmations
  • Invoices and transaction history

Payment processing is handled by our payment partners; we do not store full payment card details.

2. How We Use Your Information

We use personal data only for legitimate business purposes and in accordance with applicable law.

2.1 Service Provision

  • Deliver advisory and due diligence services
  • Communicate with clients and prospective clients
  • Perform analyses and prepare deliverables
  • Manage contracts, invoicing, and client accounts

2.2 Service Improvement

  • Improve website functionality, performance, and security
  • Enhance our advisory services
  • Conduct internal analytics in aggregated form

2.3 Communication

  • Respond to inquiries
  • Send service-related updates
  • Provide marketing communications (with your consent where required)

2.4 Legal and Security

  • Comply with legal obligations
  • Maintain business records required under Estonian and EU law
  • Detect, prevent, and address security issues, abuse, or fraud
  • Enforce our Terms and other agreements

We do not use personal data for automated decision-making or profiling that produces legal or significant effects.

3. Information Sharing and Disclosure

We do not sell or rent personal data. We share data only in the following cases:

3.1 Service Providers

We work with trusted third-party processors who assist us in operating the Service, such as:

  • Vercel — website hosting and infrastructure
  • Email service providers — delivery of transactional communications
  • Payment processors and accounting systems — billing, invoicing, and compliance
  • Cloud storage providers — secure document and data storage

All processors act under strict confidentiality and data protection agreements.

3.2 Professional Advisors

We may share information with:

  • Legal counsel
  • Accountants and auditors

Only as necessary for legal or financial compliance.

3.3 Legal Requirements

We may disclose personal data if required to:

  • Comply with laws, court orders, or government requests
  • Respond to lawful investigations
  • Enforce our agreements
  • Protect our rights, users, or the public

3.4 Business Transfers

If Neuhaus Advisory undergoes a merger, acquisition, or corporate restructuring, relevant data may be transferred to the successor entity. You will be notified of any material changes.

4. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy.

  • Client and engagement data: For the duration of the engagement and as required under law (typically 7 years for accounting purposes).
  • Communications: Retained as long as necessary to manage inquiries and maintain business records.
  • Technical logs: Typically retained for up to 90 days.
  • Marketing data: Retained until you unsubscribe or request deletion.

We may retain anonymized or aggregated data indefinitely.

5. Data Security

We implement industry-standard security measures to protect personal data, including:

  • Encryption in transit (TLS/HTTPS)
  • Secure access controls
  • Regular security updates and monitoring
  • Least-privilege access principles
  • Secure cloud and infrastructure providers

No system is completely secure. While we take reasonable measures to safeguard your information, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

6.1 GDPR Rights (European Users)

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion (“right to be forgotten”)
  • Restrict processing
  • Object to processing based on legitimate interests
  • Request data portability
  • Withdraw consent at any time (where processing is based on consent)
  • File a complaint with your local data protection authority

To exercise these rights, contact us at: hi@patrickneuhaus.com.

6.2 California Privacy Rights (CCPA)

If you are a California resident, you may also request:

  • Disclosure of personal information collected and its purposes
  • Deletion of personal information
  • Information about data sharing
  • Non-discrimination for exercising privacy rights

We do not sell personal information as defined by CCPA.

6.3 Marketing Preferences

You may opt out of marketing emails at any time by clicking “unsubscribe” or contacting us.

Transactional or service-related emails cannot be opted out of, as they are necessary to provide the Service.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Ensure website functionality
  • Maintain session integrity
  • Analyze website performance in anonymized form

Types of cookies:

  • Essential cookies — Required for basic website operation
  • Analytics cookies — Used to understand website usage (non-invasive, anonymized)
  • Preference cookies — Store user preferences when applicable

You may disable cookies through your browser settings. However, this may impact certain website features.

8. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of external services before providing personal data.

9. Children’s Privacy

Our Service is not intended for individuals under 16. We do not knowingly collect personal data from children. If we learn that we have collected such information, we will delete it promptly.

10. International Data Transfers

We may transfer personal data outside the European Economic Area when necessary for service provision.

For such transfers, we ensure appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Contractual and organizational safeguards

All transfers comply with GDPR requirements.

11. Changes to This Privacy Policy

We may update this Policy to reflect changes in our practices, legal requirements, or Service features.

Updates will be communicated by:

  • Updating the “Last updated” date
  • Posting a notice on the website
  • Email notifications (for material changes)

Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

12. Contact Us

If you have questions or requests regarding this Privacy Policy or your personal data, please contact us:

Neuhaus Advisory OÜ Tornimäe tn 5 Tallinn, Estonia 10145

Email Contacts:

We aim to respond to privacy-related requests within 30 days.