Privacy Policy
Last updated: 13 April 2026
Who we are
This privacy policy explains how Pontiva Advisory (“we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you visit our website at pontivaadvisory.com or engage with our advisory services.
Pontiva Advisory is an independent energy advisory practice operated by Emily Watt, based in London, United Kingdom. We act as the data controller for the personal information described in this policy.
Due to the size of our organisation, we are not required to appoint a Data Protection Officer. For any questions about this policy or how your data is handled, please use the contact form on our website.
What information we collect
We collect personal information that you voluntarily provide to us and limited technical data that is collected automatically.
Information you provide directly
- Contact form submissions — your name, email address, company name (optional), and message content
- Consultation scheduling — your name, email address, and any information you provide when booking through our scheduling tool
- Email correspondence — the content of emails you send to us and any attachments
- Engagement materials — information you provide in the course of an advisory engagement, such as company details, financial information, and project documentation
Information collected automatically
- Server logs — IP address, browser type and version, operating system, referring URL, pages visited, date and time of access
- Device information — screen resolution, device type, and language preferences
We do not collect any special category (sensitive) personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.
How and why we use your information
We process your personal data only for specific, legitimate purposes. The table below sets out each purpose and the legal basis under UK GDPR.
| Purpose | Legal basis |
|---|---|
| Responding to enquiries submitted through our contact form | Legitimate interest |
| Scheduling and managing consultations | Contractual necessity / Consent |
| Delivering advisory services under an engagement | Contractual necessity |
| Maintaining financial and contractual records | Legal obligation |
| Monitoring website performance and security | Legitimate interest |
We do not use your personal information for automated decision-making or profiling. We do not sell, rent, or share your personal information with third parties for their marketing purposes.
Cookies and tracking technologies
This website uses only essential cookies that are strictly necessary for the site to function. These cookies do not track you across other websites and do not collect personal information for advertising purposes.
We do not use third-party advertising cookies, social media tracking pixels, or behavioural analytics tools. If we introduce analytics in the future, we will update this policy and provide appropriate notice and consent mechanisms.
We respect “Do Not Track” browser signals and Global Privacy Control (GPC) preferences. As we do not engage in cross-site tracking, no additional action is required when these signals are detected.
Who we share your data with
We may share your personal information with the following categories of third-party service providers who process data on our behalf:
- Website hosting — our hosting provider stores and serves website files and server logs
- Email delivery — contact form submissions are processed through a third-party email service
All third-party processors are bound by data processing agreements and are contractually required to handle your data in accordance with UK data protection law. We do not sell or disclose your personal data to any other third parties unless required by law.
International data transfers
Some of the third-party services we use may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as:
- UK adequacy decisions recognising the destination country's data protection standards
- International Data Transfer Agreements or standard contractual clauses approved by the UK government
You may request details of the specific safeguards applied to international transfers of your data by contacting us.
How we protect your data
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encrypted data transmission (HTTPS/TLS) across our website
- Secure, access-controlled hosting infrastructure
- Regular review of data handling practices
- Limiting access to personal data to only those who need it
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and inform affected individuals without undue delay, as required by UK GDPR.
How long we keep your data
- Contact form submissions and general correspondence — retained for up to 24 months after our last interaction, then securely deleted
- Engagement and contractual records — retained for 6 years after the end of the engagement, in accordance with UK legal and tax requirements
- Server logs — retained for up to 90 days for security and performance monitoring
When data is no longer needed for the purpose for which it was collected, it is securely deleted or anonymised.
Your rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your data where there is no compelling reason to continue processing
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — request a machine-readable copy of data you have provided to us
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us using the contact form on our website. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
Children's privacy
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.
Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the “Last updated” date at the top of this page. For material changes that significantly affect how we process your data, we will provide prominent notice on our website.
We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes acceptance of the updated policy.