GDPR Compliance

Mackey Advisory Corp. (U.S.) and Mackey Advisory Limited (U.K.) (“we,” “us,” or “our”) are committed to protecting the privacy and personal data of individuals in compliance with the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”), the U.K. General Data Protection Regulation (“UK GDPR”), and applicable data protection laws. This GDPR Compliance Notice supplements our Privacy Policy and explains how we collect, use, share, and protect personal data of individuals in the European Economic Area (EEA), the United Kingdom, and elsewhere.

By accessing or using our website www.mackeyadvisory.com, or by otherwise communicating with us, you acknowledge that you have read and understood this GDPR Compliance Notice. If you do not agree with the practices described, please do not use the Site or provide personal data to us.

We may update this GDPR Compliance Notice periodically to reflect changes in our practices or applicable laws. The “Revised” date will be updated accordingly. Please review this page from time to time to stay informed about how we process your personal data.

DATA CONTROLLERS
Mackey Advisory Limited (U.K.) and Mackey Advisory Corp. (U.S.) are the joint data controllers responsible for your personal data. Our U.K. entity primarily manages compliance for data subjects in the United Kingdom and European Union. For all data protection inquiries, please contact: legal@mackeyadvisory.com.

PERSONAL DATA WE COLLECT
We may collect and process the following categories of personal data:

• Identity Data: such as your name, title, and professional affiliation.
• Contact Data: including your email address, phone number, and mailing address.
• Technical Data: such as IP address, browser type, device identifiers, and log information collected automatically when you visit our Site.
• Correspondence Data: including communications you send to us via email, contact forms, or other means.
• Professional or Financial Information: where relevant to providing advisory services or entering into contracts.

LAWFUL BASES FOR PROCESSING
We process personal data only when a lawful basis applies under the GDPR. These include:

• To perform a contract with you or take steps at your request prior to entering a contract.
• To comply with legal and regulatory obligations.
• To pursue our legitimate business interests, such as improving our services, securing our systems, and managing client relationships.
• With your consent, where required (e.g., for marketing or non-essential cookies).

HOW WE USE YOUR PERSONAL DATA
We use your personal data to:

• Provide and manage our professional and advisory services.
• Communicate with you regarding your inquiries, requests, or contracts.
• Administer and improve our website and user experience.
• Comply with our legal and regulatory obligations.
• Protect our rights, property, and the security of our operations and clients.

INTERNATIONAL TRANSFERS
As we operate across the U.S. and U.K., personal data may be transferred to and processed in countries outside your jurisdiction, including the United States. Where we transfer personal data from the U.K. or EEA to the U.S. or other third countries, we do so under legally recognized safeguards such as the European Commission’s Standard Contractual Clauses or the U.K. Addendum.

DATA RETENTION
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, regulatory, accounting, or reporting requirements. Retention periods are determined based on the nature of the data, our contractual obligations, and applicable law.

DATA SECURITY
We implement appropriate technical and organizational measures to protect personal data from accidental loss, unauthorized access, alteration, disclosure, or destruction. However, no system is completely secure, and we cannot guarantee absolute protection of information transmitted to us electronically.

YOUR RIGHTS UNDER THE GDPR
Under the GDPR, you have the following rights (subject to certain limitations under law):

• The right to access your personal data and receive a copy of it.
• The right to correct inaccurate or incomplete data.
• The right to request deletion (“erasure”) of your personal data.
• The right to restrict or object to processing.
• The right to data portability.
• The right to withdraw consent at any time, where processing is based on consent.

You also have the right to lodge a complaint with a supervisory authority. In the U.K., this is the Information Commissioner’s Office (www.ico.org.uk). In the EU, you may contact your local Data Protection Authority.

COOKIES AND ANALYTICS
We use cookies and similar technologies to operate our website and improve user experience. Non-essential cookies are used only with your consent. For more details, please review our Cookie Policy.

THIRD-PARTY DISCLOSURES
We do not sell or rent personal data. We may share data with trusted third-party service providers that support our operations (e.g., IT, analytics, communications), subject to confidentiality and data protection agreements. We may also disclose data when required by law or to protect our legal rights.

CHILDREN’S DATA
Our Site and services are not intended for children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal information, please contact us to have it deleted.

CONTACT US
If you have any questions about this GDPR Compliance Notice, our data practices, or your rights, please contact our Data Protection Team at: legal@mackeyadvisory.com