Privacy Policy

On this page

1. Who we are
2. What data we process
3. Why we process it (legal bases)
4. Who we share data with
5. How long we keep it
6. Your rights
7. Security
8. Updates

1. Who we are

Elevate Management & Advisory ("Elevate", "we") is the controller of the personal data described in this policy. You can reach us at hello@elevateadvisory.be or by post at our registered office in Waregem, Belgium.

2. What data we process

We process the minimum personal data required to provide our services and run our business:

Identification & contact data — name, business email, business phone, role and employer.
Engagement data — meeting notes, working documents, decisions and deliverables shared during a mandate.
Commercial data — invoices, payment records, correspondence relating to a proposal or signed engagement.
Web data — IP address, browser type, pages viewed and referring page, collected through privacy-respecting analytics on this website (see our cookie policy).

3. Why we process it (legal bases)

Purpose	Legal basis (GDPR art. 6)
Replying to your enquiry, scheduling a discovery call	Pre-contractual measures (art. 6.1.b)
Delivering a signed engagement	Performance of a contract (art. 6.1.b)
Invoicing, accounting, tax records	Legal obligation (art. 6.1.c)
Newsletters and direct outreach to existing clients	Legitimate interest (art. 6.1.f)
Newsletters to new prospects who opted in	Consent (art. 6.1.a)
Anonymous website analytics	Legitimate interest (art. 6.1.f)

4. Who we share data with

We do not sell personal data. We share it only with carefully selected processors strictly necessary to operate, under written data processing agreements:

Email and document hosting (Google Workspace, EU region)
Calendar booking (Calendly)
Accounting and invoicing software
Web hosting and privacy-respecting analytics

Where a processor is located outside the EEA, transfers are governed by the European Commission's Standard Contractual Clauses or an equivalent recognised mechanism.

5. How long we keep it

We keep data only as long as necessary for the purpose it was collected for:

Prospect contact data — up to 24 months after the last meaningful interaction.
Engagement working files — for the duration of the engagement plus 5 years for liability evidence.
Invoices and accounting records — 7 years (Belgian tax law).
Newsletter subscribers — until you unsubscribe.

6. Your rights

You have the right to access, rectify, erase, restrict, port and object to the processing of your personal data, and to withdraw consent at any time without affecting the lawfulness of past processing. Send any such request to hello@elevateadvisory.be; we respond within 30 days.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données), Drukpersstraat 35, 1000 Brussel, dataprotectionauthority.be.

7. Security

We apply reasonable organisational and technical measures to protect personal data against unauthorised access, loss or alteration: encrypted laptops, two-factor authentication on all systems, role-based access, and regular reviews of access rights. We notify the competent authority and affected individuals of any qualifying personal data breach within the legal deadlines.

8. Updates

We may update this policy to reflect changes in our practices or in the law. The date at the top of this page reflects the latest revision. Material changes are communicated to active clients and newsletter subscribers.

Questions about this document?

hello@elevateadvisory.be