Privacy Policy

Who We Are
Data We Collect
How We Collect Your Data
Legal Bases for Processing
How We Use Your Data
Data Sharing & Third Parties
International Transfers
Data Retention
Cookies & Tracking
Your Rights Under GDPR
Data Security
Children's Privacy
Changes to This Policy
Contact & Complaints

1. Who We Are

Sima Global Strategic Advisory Ltd ("Sima Global", "we", "us", "our") is the data controller responsible for your personal data. We are a strategic finance advisory firm providing virtual CFO services, investment readiness, cross-border advisory and payroll services to organisations across Africa, the United Kingdom, the United States and Canada.

  Data Controller Details
  Sima Global Strategic Advisory Ltd

  Email: privacy@simaglobal.co

  Website: simaglobal.co

2. Data We Collect

We may collect the following categories of personal data:

Category	Examples	Source
Identity Data	Full name, job title, company name	Contact forms, emails, meetings
Contact Data	Email address, phone number, business address	Contact forms, business cards
Financial Data	Revenue range, investment details (only when voluntarily provided)	Audit request form, consultations
Technical Data	IP address, browser type, device info, pages visited	Cookies, server logs
Usage Data	How you interact with our website	Analytics cookies (with consent)
Communication Data	Messages, enquiry content, preferences	Contact form, email correspondence

We do not collect any special category data (e.g. health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, sexual orientation) unless explicitly required for a specific engagement and with your explicit consent.

3. How We Collect Your Data

We collect personal data through:

Website forms — contact enquiry form, CFO readiness audit request form
Direct communication — emails, phone calls, video conferences, meetings
Cookies and tracking technologies — only with your prior consent (see Section 9)
Third-party sources — publicly available business information (e.g. Companies House, LinkedIn) where we have a legitimate interest

4. Legal Bases for Processing

Under the UK GDPR and EU GDPR, we process your personal data on the following lawful bases:

Purpose	Legal Basis (Article 6 GDPR)
Responding to enquiries & contact forms	Consent — you actively submit your data and tick the consent checkbox
Providing advisory & payroll services	Contractual necessity — processing is necessary to perform our contract with you
Sending requested resources (e.g. audit report)	Consent — you request the resource and consent to its delivery
Marketing communications	Consent — only sent where you have explicitly opted in
Website analytics & improvement	Consent — analytics cookies are only placed after you accept them
Legal compliance & regulatory obligations	Legal obligation — processing required by law
Business development & relationship management	Legitimate interest — our interest in growing our business, balanced against your rights

5. How We Use Your Data

We use your personal data to:

Respond to your enquiries and provide requested information
Deliver our advisory, CFO and payroll services under contract
Send you the CFO Readiness Audit and related materials you have requested
Send marketing communications where you have opted in (you may unsubscribe at any time)
Analyse website usage to improve our services and user experience
Comply with our legal and regulatory obligations
Protect our legitimate business interests and enforce our terms

We will never sell, rent or trade your personal data to third parties for their marketing purposes.

6. Data Sharing & Third Parties

We may share your personal data with the following categories of recipients, only to the extent necessary:

Service providers — hosting providers, email delivery services, CRM platforms, payroll processors, all bound by data processing agreements
Professional advisors — lawyers, accountants, auditors where required
Regulatory authorities — HMRC, ICO or other regulators where legally required
Business partners — only with your prior consent for co-delivered services

All third-party processors are required to process your data in accordance with our instructions and applicable data protection law. We maintain a register of all data processors and their safeguards.

7. International Transfers

As we operate across Africa, the UK, USA and Canada, your personal data may be transferred internationally. Where transfers are made outside the UK or EEA, we ensure appropriate safeguards are in place, including:

UK adequacy decisions — transfers to countries deemed adequate by the UK Secretary of State
Standard Contractual Clauses (SCCs) — the UK International Data Transfer Agreement or EU SCCs
Additional safeguards — encryption in transit and at rest, access controls, and transfer impact assessments where required

You may request details of the safeguards in place for any specific transfer by contacting us at privacy@simaglobal.co.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

Data Type	Retention Period	Rationale
Contact form enquiries	24 months from last contact	Follow-up and business development
Audit request data	12 months from delivery	Service delivery and follow-up
Client engagement data	7 years after engagement ends	Legal, tax and regulatory compliance
Payroll data	7 years after last processing	HMRC and statutory requirements
Marketing consent records	Until consent is withdrawn	Proof of consent under GDPR
Website analytics data	26 months (anonymised)	Website improvement

After the retention period, data is securely deleted or irreversibly anonymised.

9. Cookies & Tracking

Our website uses cookies. We categorise them as follows:

Type	Purpose	Consent Required
Strictly Necessary	Essential site functionality, security, cookie preferences	No (exempt under PECR)
Analytics	Understanding how visitors use our site (e.g. page views, traffic sources)	Yes
Marketing	Tracking effectiveness of campaigns, retargeting	Yes

You can manage your cookie preferences at any time via the cookie consent banner displayed on your first visit. Analytics and marketing cookies are only activated after you provide affirmative consent.

You may also manage cookies through your browser settings. Disabling strictly necessary cookies may affect site functionality.

10. Your Rights Under GDPR

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15) — request a copy of the personal data we hold about you
Right to Rectification (Article 16) — request correction of inaccurate or incomplete data
Right to Erasure (Article 17) — request deletion of your data ("right to be forgotten") where there is no compelling reason for continued processing
Right to Restrict Processing (Article 18) — request that we limit how we use your data
Right to Data Portability (Article 20) — receive your data in a structured, machine-readable format
Right to Object (Article 21) — object to processing based on legitimate interests or for direct marketing purposes
Right to Withdraw Consent — withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal
Rights Related to Automated Decision-Making (Article 22) — we do not currently use automated decision-making or profiling that produces legal effects

  How to Exercise Your Rights
  Send your request to privacy@simaglobal.co. We will respond within one calendar month (extendable by two further months for complex requests, with notification). We may need to verify your identity before processing your request. There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

11. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:

TLS/SSL encryption for all data transmitted through our website
Encryption at rest for stored personal data
Access controls limiting data access to authorised personnel only
Regular security assessments and vulnerability monitoring
Secure data processing agreements with all third-party providers
Staff training on data protection obligations
Incident response procedures for personal data breaches (notification to the ICO within 72 hours where required)
Spam and bot protection on all website forms (honeypot fields, rate limiting, client-side validation)

While we strive to protect your data, no method of transmission over the internet is 100% secure. We encourage you to contact us immediately at privacy@simaglobal.co if you believe your data has been compromised.

12. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or services. Material changes will be notified via a prominent notice on our website. The "Last Updated" date at the top of this page indicates when this policy was last revised.

We encourage you to review this policy periodically.

14. Contact & Complaints

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your data, please contact us:

  Data Protection Contact
  Sima Global Strategic Advisory Ltd

  Email: privacy@simaglobal.co

  General enquiries: hello@simaglobal.co

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
European Union: Your local Data Protection Authority

We would appreciate the opportunity to address your concerns directly before you approach a supervisory authority.

Contents