Legal

Privacy & Legal Notice.

How we handle personal data, the cookies this site uses, and the terms that govern its use. We keep this plain, because a privacy notice you cannot read protects no one.

Last updated 1 July 2026

Sintra Advisory ("Sintra Advisory", "we", "us", "our") is an open-source intelligence and strategic-intelligence advisory operating as a Swiss-Canadian partnership. We take the protection of personal data seriously, both the data of people who visit this website and the data we handle for clients in the course of our work. This notice explains both.

1. Who is responsible for your data

For personal data collected through this website, Sintra Advisory is the data controller. You can reach us on any privacy or data-protection matter at [email protected]. If your enquiry concerns personal data we hold as part of a client engagement, please see section 6, where the responsibilities are often shared with our client.

2. What this notice covers

This notice has two parts. Sections 3 to 5 concern people who visit this website or contact us. Section 6 concerns personal data about third parties that we process when carrying out due-diligence and research-security engagements. Sections 7 onward, together with the Website Terms at the end, apply to everyone.

3. Information we collect from website visitors

When you use the contact form, we collect the name, email address, organisation, and message you provide. We use this only to read and respond to your enquiry and, if it leads to work, to scope and manage that engagement. The lawful bases are your request to take steps prior to entering an engagement and our legitimate interest in responding to business enquiries (Articles 6(1)(b) and 6(1)(f) of the GDPR).

Our contact form is operated on our behalf by Formspree, which receives your submission and forwards it to our inbox. Formspree acts as a processor under our instructions.

Our website is hosted and secured by Cloudflare. To deliver and protect the site, Cloudflare processes limited technical data such as your IP address, browser type, and the pages requested. The lawful basis is our legitimate interest in the security, integrity, and availability of the site (Article 6(1)(f)).

We do not use advertising cookies or third-party tracking, we do not build marketing profiles, and we do not sell personal data.

4. Cookies

This site uses only strictly necessary cookies, set by Cloudflare to keep the site secure and running. We do not set analytics, advertising, or social-media tracking cookies. Because we set no non-essential cookies, this site does not present a cookie consent banner. Any traffic analytics we consult are aggregated and do not identify you. If we introduce optional analytics in future, we will update this notice and add a consent mechanism where required.

5. How long we keep visitor data

We keep enquiry correspondence for as long as needed to deal with your enquiry and, if it does not lead to an engagement, for a reasonable period afterward in case you come back to us, after which it is deleted. Where an enquiry becomes an engagement, the retention rules in section 6 apply.

6. Personal data in our engagements

The substance of our work is assessing people and organisations for clients making real decisions, so we necessarily process personal data about third parties. We do this to a strict standard.

Sources. We work exclusively from open, lawful sources, public registers and filings, court and regulatory records, sanctions and watchlists, corporate records, reputable media, and other publicly available information. We do not use intrusive or unlawful means of collection, and we flag anything that approaches that line rather than cross it.

Roles. In most engagements our client is the controller and Sintra Advisory acts as a processor under a written data-processing agreement. In some engagements we act as an independent controller. The arrangement is set out in each engagement.

Lawful basis. Where we or our client rely on legitimate interests (Article 6(1)(f)), those interests are the assessment of integrity, risk, and legal or regulatory compliance, balanced against the rights of the individuals concerned. Where personal data revealing sensitive matters appears in public sources, we handle it only where a condition under Article 9 of the GDPR applies and only where it is necessary and proportionate to the decision at hand.

Rights and requests. The rights in section 7 apply to this data. Where we act as a processor, we will pass a request to the client controller and support them in answering it; where we act as a controller, we will respond directly. We may need to balance an erasure or objection request against a legal obligation or an overriding legitimate ground, and we will explain our reasoning if we do.

7. Your rights

Depending on where you live and which law applies, you may have the right to access the personal data we hold about you, to have it corrected or erased, to restrict or object to how we use it, and to receive it in a portable form. These rights arise under the EU GDPR, the UK GDPR, the Swiss Federal Act on Data Protection, and, in Canada, PIPEDA. To exercise any of them, contact [email protected]. We will respond within the timeframe the applicable law requires.

If you believe we have handled your data improperly, you may also complain to a supervisory authority, your national data-protection authority in the EU or EEA, the Information Commissioner's Office in the UK, the Federal Data Protection and Information Commissioner in Switzerland, or the Office of the Privacy Commissioner in Canada. We would prefer the chance to resolve your concern first.

8. International transfers

We operate across Canada, Switzerland, and the European Economic Area, and some of our service providers, including those named above, are located in other countries such as the United States. Where personal data is transferred outside your jurisdiction, we rely on an adequacy decision where one exists, or on appropriate safeguards such as Standard Contractual Clauses, so that your data keeps an equivalent level of protection.

9. Security

We apply technical and organisational measures appropriate to the sensitivity of the data we handle, including access controls, encryption in transit, and the principle of collecting only what a decision genuinely requires. No system is perfectly secure, but we hold engagement data to the standard our clients and their regulators would expect.

10. Changes to this notice

We may update this notice as our practices or the law change. The date at the top shows when it was last revised. Material changes will be reflected here.

Website Terms

No advice; no relationship. The content of this website is provided for general information only. It is not legal, financial, investment, compliance, or other professional advice, and it must not be relied on as such. Using this site or contacting us does not create an advisory, client, or confidential relationship; that begins only under a signed engagement.

No warranty. We aim for accuracy, but the site and its content are provided "as is", without warranty of any kind, and we do not guarantee that information is complete, current, or fit for a particular purpose.

Intellectual property. The text, design, marks, and materials on this site are the property of Sintra Advisory unless stated otherwise, and may not be copied, republished, or reused without our written permission.

External links. Where we link to third-party sites, we do so for convenience. We are not responsible for their content or their handling of your data.

Governing terms. These terms and this notice operate alongside the data-protection laws that apply to you. Nothing here limits any right you have that cannot be limited by agreement.

Contact

Questions about this notice, your data, or these terms can be sent to [email protected].

Back to home