Effective date: 21 April 2026
Halberton & Crowe (“we,” “us,” “our,” or “Halberton & Crowe”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit halbertoncrowe.com or interact with our services. It is written to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the UAE Personal Data Protection Law, and other applicable global privacy laws.
1. Who we are
Halberton & Crowe is a global advisory firm with operations in Dubai (SHAMS Free Zone, UAE), the United States (California), and the European Union (Estonia). For the purposes of GDPR, our EU establishment in Estonia acts as our representative. Contact: hello@halbertoncrowe.com.
2. Information we collect
Information you provide to us when you submit a form, book a consultation, subscribe to our newsletter, or contact us. This includes: name, email address, company name, job title, phone number, country of operation, and any message content you choose to share.
Information automatically collected when you visit the site: IP address, browser type, device information, pages viewed, referring URL, and approximate location derived from your IP. We use cookies and similar tracking technologies (see our Cookie Policy).
Information from third-party sources: when applicable, we may receive information about you from publicly available sources (e.g., LinkedIn), referral partners, or our integration providers (HubSpot, Calendly, Stripe, Wise).
3. How we use your information
- To respond to inquiries and deliver requested services.
- To send newsletters and marketing communications (where you have opted in or where we have a legitimate interest, subject to your right to opt out).
- To improve our website, services, and user experience.
- To comply with legal obligations including tax, employment, and regulatory reporting.
- To detect, prevent, and address fraud, security, and technical issues.
- For consultations and engagements: to perform the contract between us.
4. Legal bases for processing (GDPR / UK GDPR)
We rely on the following lawful bases under Article 6 of the GDPR:
- Consent (Art. 6(1)(a)): for newsletter sign-ups and non-essential cookies.
- Contract (Art. 6(1)(b)): to deliver consulting services or process orders for digital products.
- Legitimate interests (Art. 6(1)(f)): for B2B outreach, website analytics, and security, balanced against your privacy rights.
- Legal obligation (Art. 6(1)(c)): for tax, accounting, and regulatory compliance.
5. Sharing your information
We share information only with the following categories of recipients:
- Service providers (data processors): HubSpot (CRM), Calendly (scheduling), Stripe (payments), Google Workspace (email and analytics), WordPress.com (hosting), Wise (payments), and similar tools strictly necessary to operate the business.
- Legal and regulatory authorities when required by law.
- Successors in interest in the event of a corporate restructuring, merger, or sale (you will be notified).
We do not sell your personal information. We do not engage in cross-context behavioral advertising as defined under the CCPA/CPRA.
6. International data transfers
Because we operate globally, your information may be transferred to and processed in countries other than your own, including the United States, the United Arab Emirates, and the European Union. Where we transfer personal data from the EEA, the UK, or Switzerland to a country without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented where appropriate by additional safeguards.
7. Data retention
We retain personal data only as long as necessary for the purposes set out above, or as required to satisfy any legal, accounting, or reporting obligations. Newsletter and marketing data is retained until you unsubscribe. Engagement data is retained for the duration of the engagement plus seven (7) years for tax and audit purposes.
8. Your privacy rights
If you are in the EEA, UK, or Switzerland (GDPR / UK GDPR): you have the right to access, rectify, erase (“right to be forgotten”), restrict processing, object to processing, data portability, and withdraw consent. You may also lodge a complaint with your local data protection authority.
If you are a California resident (CCPA / CPRA): you have the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate information, the right to opt out of the sale or sharing of personal information (we do not sell or share), the right to limit the use and disclosure of sensitive personal information, and the right to non-discrimination for exercising your rights.
If you are in the UAE (PDPL): you have rights of access, correction, deletion, transfer, restriction, and the right to be informed of processing.
To exercise any of these rights, email us at privacy@halbertoncrowe.com. We will respond within 30 days (45 days for CCPA requests; we may extend by another 45 days where reasonably necessary).
9. Children’s privacy
Our services are intended for business users 18 years of age or older. We do not knowingly collect personal information from children under 16 (or the age of digital consent in your jurisdiction). If you believe we have collected information from a child, please contact privacy@halbertoncrowe.com and we will delete it.
10. Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information. No system is perfectly secure, however, and we cannot guarantee absolute security.
11. Changes to this Privacy Policy
We may update this policy from time to time. Material changes will be communicated by email (where applicable) and posted on this page with a revised effective date.
12. Contact us
Halberton & Crowe
SHAMS Free Zone, Sharjah, United Arab Emirates
Privacy contact: privacy@halbertoncrowe.com
General contact: hello@halbertoncrowe.com