Zum Hauptinhalt springen
Alehar – Corporate Finance Beratung

Privacy Policy

Last updated: May 10, 2026

Kontakt aufnehmen

Who We Are

Alehar Advisors Inc (“Alehar,” “we,” “our,” or “us”) is a corporate finance and value creation advisory firm. The legal entity behind alehar.com and the controller of your personal data is:

Alehar Advisors Inc
5/F, Phinma Plaza, Rockwell Centre
Makati, Metro Manila 1200
Philippines

We also have offices in Singapore, Dubai, and Bangalore. Regardless of where you contact us from, the Philippines entity is the controller responsible for your personal data.

This policy explains what personal data we collect when you visit alehar.com or interact with us, why we use it, who else sees it, and what rights you have. It is written for visitors and clients in any jurisdiction, and includes the additional information required for visitors covered by the EU/UK General Data Protection Regulation (GDPR).

What Data We Collect

We collect personal data only when you give it to us, or when it is generated automatically as you use the site:

  • Information you provide: name, email address, company, role, and the message text when you submit our contact form. If you reach out by email, social media, or another channel, we keep what you send us.
  • Information collected automatically: IP address, browser type, device type, pages visited, referring page, and approximate location (country/city derived from IP). This is collected via cookies and similar technologies, subject to your consent choices for Analytics and Marketing categories. See our Cookie Notice for the full list.

We do not knowingly collect special-category data (such as data revealing health, racial or ethnic origin, religious beliefs, or sexual orientation), nor do we collect data from children under 16.

Why We Use It (Legal Basis)

For visitors in the EU/UK, we rely on the following legal bases under Article 6 GDPR:

  • To respond to your inquiry and discuss potential engagement (contact form, email): Article 6(1)(b), processing necessary for steps you have requested before entering a contract; or Article 6(1)(f), our legitimate interest in responding to business inquiries.
  • To deliver advisory services to you or your organisation: Article 6(1)(b), performance of a contract.
  • To run essential website functions (security, consent state, form delivery): Article 6(1)(f), legitimate interest in operating a secure and functional website.
  • To measure how the site is used (Analytics cookies, heatmaps): Article 6(1)(a), your consent given through the cookie banner.
  • To measure marketing campaign performance (LinkedIn Insight Tag): Article 6(1)(a), your consent given through the cookie banner.
  • To comply with legal obligations (tax, accounting, KYC/AML where applicable to our advisory work): Article 6(1)(c).

For visitors outside the EU/UK, we rely on the equivalent grounds under your local law (for example, the Philippines Data Privacy Act 2012 for processing carried out from our Manila office).

How Long We Keep It

  • Contact form and email inquiries: up to 24 months after our last meaningful contact with you, unless you become a client (in which case retention follows the engagement) or you ask us to delete it sooner.
  • Client engagement records: for the duration of the engagement and up to 7 years afterwards, in line with professional, tax, and audit requirements.
  • Analytics data: in line with Google Analytics’ configured retention period for our property.
  • Cookies on your device: for the duration listed in our Cookie Notice.

Who Else Sees It

We do not sell your personal data. We share it only with the service providers listed below, each of whom processes data on our instructions under a written agreement:

  • Vercel Inc. (USA): website hosting, edge delivery, and serverless functions.
  • Supabase Inc. (Singapore region for our database): backend data storage for our content management system. Contact-form submissions are stored here.
  • Google LLC (USA): Google Analytics 4 (analytics, with consent), Google Tag Manager (tag delivery), Google Fonts (typography). See the Google Privacy Policy.
  • Microsoft Corporation (USA): Microsoft Clarity (session replay and heatmaps, with consent). See the Microsoft Privacy Statement.
  • LinkedIn Ireland Unlimited Company (Ireland, with onward transfer to LinkedIn Corporation in the USA): LinkedIn Insight Tag for campaign measurement, with consent. See the LinkedIn Privacy Policy.
  • Cloudflare Inc. (USA): operator of flagcdn.com, used for country-flag images on the country selector. No personal data is sent to flagcdn.com beyond the standard request metadata (IP address) inherent to fetching an image.
  • YouTube and Vimeo (USA / Delaware): video embeds where present. Video providers may set their own cookies if you play a video. We use privacy-enhanced YouTube embeds where possible.

We may also share your data with our professional advisors (for example, lawyers, accountants, auditors), with regulators or law enforcement when legally required, or with a buyer in the event of a merger, acquisition, or sale of assets. In all such cases the recipient is bound by confidentiality.

International Transfers

Several of the providers above are based in the United States or transfer EU/UK personal data to the United States. Where this happens, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the providers’ supplementary measures. Each provider publishes its own data processing terms and SCC framework:

Where a provider is certified under the EU-US Data Privacy Framework, we treat that certification as an additional safeguard alongside the SCCs.

Your Rights

If you are in the EU/UK, the GDPR gives you the following rights in relation to your personal data. If you are elsewhere, your local law may give you similar rights, and we will honour requests on the same basis.

  • Access: ask us what personal data we hold about you and get a copy.
  • Rectification: ask us to correct data that is wrong or out of date.
  • Erasure: ask us to delete your data, subject to legal retention obligations.
  • Restriction: ask us to pause processing while a dispute is resolved.
  • Portability: ask us to send your data to you (or another provider) in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests, or to direct marketing.
  • Withdraw consent: change your cookie consent at any time via the banner, or revoke consent given to us by email.
  • Complain to a regulator: lodge a complaint with your local data protection authority. For EU residents this is the supervisory authority in your member state. For UK residents, this is the Information Commissioner’s Office (ICO).

To exercise any of these rights, email pdpo@alehar.com. We respond within one month, in line with Article 12(3) GDPR. We may ask you to verify your identity before acting on a request.

Cookies

We use a small number of cookies. Strictly Necessary cookies are set without consent because the site cannot function without them. Analytics and Marketing cookies are only set if you accept them in the cookie banner. Full details of each cookie, its provider, and how to change your choice are in our Cookie Notice.

Data Protection Officer

We are not legally required to appoint a Data Protection Officer under Article 37 GDPR, because our core activities do not consist of large-scale systematic monitoring of data subjects, nor do they involve large-scale processing of special-category data. We have nonetheless designated a privacy contact, reachable at pdpo@alehar.com, who handles data-protection inquiries and oversees our compliance.

EU Representative

We have not appointed a representative in the European Union under Article 27 GDPR. Our processing of EU resident personal data is limited to occasional client and prospect inquiries together with the website analytics described above, which we do not consider large-scale. We will appoint an EU representative if our EU processing activities materially expand. For now, all GDPR-related contact for EU/UK visitors is handled by our privacy contact at pdpo@alehar.com.

Security

We use industry-standard measures to protect your personal data, including encryption in transit (HTTPS), access controls on our backend, and contractual security commitments from our service providers. No internet transmission or storage system is 100% secure, so we cannot guarantee absolute security, but we treat any incident affecting personal data with the seriousness it deserves and notify regulators and affected individuals as required by law.

Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be highlighted on the page or communicated by other appropriate means.

Contact Us

For questions about this policy, or to exercise your rights as a data subject (access, rectification, erasure, restriction, portability, objection), email our privacy contact at pdpo@alehar.com.

For all other inquiries, you can reach us at hello@alehar.com.