Request a conversation
Privacy Policy — Sustenra

Legal

Privacy Policy

Last updated: 18 March 2026

This policy explains how Sustenra Advisory Limited ("Sustenra", "we", "us") collects, uses, and protects personal data when you visit sustenra.com or contact us directly.

We are the data controller for personal data processed via this website. If you have any questions about this policy or how we handle your data, please contact us at info@sustenra.com.

Data controller: Sustenra Advisory Limited
Contact: info@sustenra.com

1. What data we collect

Contact enquiries

When you submit an enquiry via our contact form, we collect your name, email address, organisation (if provided), and the content of your message. This data is submitted through Fluent Forms and delivered to our inbox.

Website analytics

We use Google Analytics (via MonsterInsights) to collect anonymised data about how visitors use this website. This includes pages visited, time on site, device type, and approximate geographic location. This data does not directly identify you.

Session recordings and heatmaps

We use Microsoft Clarity, which records anonymised session replays and generates heatmaps to help us understand how visitors interact with pages. Clarity may capture mouse movements, clicks, and scroll behaviour. It does not capture passwords or payment information.

Company-level visitor identification

We use Leadfeeder by Dealfront, which identifies the organisations (not individuals) visiting our website based on IP address data. This helps us understand which types of organisations are engaging with our content. This data is processed by Dealfront and subject to their privacy policy.

Cookies

We use CookieYes to manage cookie consent on this site. Cookies are small text files placed on your device. We use the following categories of cookies:

  • Strictly necessary: Required for the website to function. These cannot be disabled.
  • Analytics: Google Analytics cookies used to understand site usage (only placed with your consent).
  • Functional: Used by Microsoft Clarity for session recording (only placed with your consent).
  • Marketing/tracking: Used by Leadfeeder to identify visiting organisations (only placed with your consent).

You can manage or withdraw your cookie consent at any time using the cookie settings link in the footer of this website.

Spam filtering

Contact form submissions are filtered through Akismet to prevent spam. Akismet processes the content of form submissions for this purpose. It is operated by Automattic Inc. and subject to their privacy policy.

2. How we use your data

We use personal data for the following purposes:

  • To respond to enquiries you submit via the contact form
  • To understand how visitors use our website and improve its content and performance
  • To identify which types of organisations are visiting our site for business development purposes
  • To maintain the security and integrity of this website

3. Legal basis for processing

We process personal data on the following legal bases under UK GDPR:

  • Legitimate interests (Article 6(1)(f)): Website analytics, session recording, and company-level visitor identification, where we have assessed that our business development interests do not override your privacy rights.
  • Consent (Article 6(1)(a)): Analytics, Clarity, and Leadfeeder cookies, which are only placed where you have given consent via our cookie banner.
  • Contract / pre-contractual steps (Article 6(1)(b)): Processing your enquiry when you contact us with a view to engaging our services.

4. How long we keep your data

  • Contact form enquiries: Retained in our inbox for up to 3 years from the date of the enquiry, unless a professional relationship develops, in which case we retain relevant correspondence for 6 years.
  • Google Analytics data: Retained for 14 months in accordance with our Analytics account settings.
  • Microsoft Clarity data: Retained for 13 months by default per Clarity's data retention settings.
  • Leadfeeder data: Processed and retained by Dealfront in accordance with their privacy policy.

5. Who we share data with

We do not sell or rent personal data to third parties. We use the following third-party services that process data on our behalf or as independent controllers:

  • IONOS: Our website hosting provider. Personal data processed via this website is stored on IONOS infrastructure.
  • Google (Analytics / MonsterInsights): Anonymised analytics data is processed by Google LLC. Data may be transferred to the United States under Standard Contractual Clauses.
  • Microsoft (Clarity): Session recording data is processed by Microsoft Corporation. Data may be transferred to the United States under Standard Contractual Clauses.
  • Dealfront (Leadfeeder): Company-level visitor data is processed by Dealfront Group GmbH, based in Germany, under their own privacy policy.
  • Automattic (Akismet): Form submission content is processed for spam detection. Automattic Inc. is based in the United States.
  • CookieYes: Cookie consent management is handled by CookieYes Limited, based in the UK.

Where data is transferred outside the UK or EEA, appropriate safeguards are in place, typically Standard Contractual Clauses or adequacy decisions.

6. Your rights

Under UK GDPR, you have the following rights:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can ask us to correct inaccurate or incomplete data.
  • Erasure: You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.
  • Restriction: You can ask us to restrict processing of your data in certain circumstances.
  • Objection: You can object to processing based on legitimate interests.
  • Data portability: Where processing is based on consent or contract and carried out by automated means, you can request your data in a portable format.
  • Withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@sustenra.com. We will respond within 30 days.

7. How to complain

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK's data protection supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns directly before you contact the ICO. Please email us first at info@sustenra.com.

8. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page indicates when the policy was last revised. We recommend checking this page periodically.