Privacy Policy
Last updated: 1 April 2026
1. Who We Are
Clarent is a boutique advisory firm providing advisory services to founders, CEOs, and senior operators in scaling businesses.
For the purposes of data protection law, the data controller is WX Global Limited, a company incorporated in Hong Kong (Companies Registry No. 3277613) (the “Company”, “we”, “us”, or “our”). Clarent is a trading name of WX Global Limited.
Contact details:
Privacy enquiries: [email protected]
General enquiries: [email protected]
Website: clarentadvisory.com
Postal address: Unit 2A, 17/F, Glenealy Tower, No. 1 Glenealy, Central, Hong Kong
If you have any questions about this policy or how we handle your personal data, please contact us using the details above.
2. What This Policy Covers
This policy explains how we collect, use, store, and protect your personal data when you:
- Visit our website at clarentadvisory.com (and associated domains clarentadvisory.co.uk and clarentadvisory.uk)
- Subscribe to any of our Clarent Intelligence newsletters
- Book a discovery conversation through our scheduling tool
- Correspond with us by email
- Engage us for advisory services
This policy applies regardless of where you are located. We are committed to protecting the privacy of all individuals whose data we process, whether you are in the United Kingdom, the European Economic Area, Australia, or elsewhere.
3. What Personal Data We Collect
We only collect personal data that is necessary for the purposes described in this policy. We do not collect personal data speculatively or in excess of what is needed.
3.1 Data you provide directly
| Data | When collected | Purpose |
|---|---|---|
| Name and email address | Newsletter sign-up on our website | Delivering your selected Clarent Intelligence newsletters |
| Name, email address, and scheduling details | Booking a discovery conversation via our scheduling tool | Arranging and conducting your conversation |
| Name, email address, and message content | Contacting us by email | Responding to your enquiry |
| Name, business details, contact details, and engagement information | Entering into an advisory engagement with us | Delivering advisory services and managing the engagement |
3.2 Data collected automatically when you visit our website
| Data | How collected | Purpose |
|---|---|---|
| Pages visited, referring URL, browser type, device type, operating system, country (no IP address stored) | Website analytics | Understanding how visitors use our website so we can improve it |
| Cookie data | Cookies (see our Cookie Policy for full details) | Website functionality and analytics |
We do not use analytics that identify individual visitors. Our analytics tools (Cloudflare Web Analytics and, where used, Fathom Analytics) do not set cookies, do not use client-side storage, and do not collect or store IP addresses. No personal data is retained by our analytics tools.
3.3 Data we do not collect
We do not collect sensitive personal data (also known as special category data), such as information about your health, ethnicity, religious beliefs, political opinions, or biometric data — unless you voluntarily provide such information in the course of an advisory engagement, in which case we will discuss the basis for processing with you directly.
We do not purchase personal data from third parties. We do not use tracking technologies to build profiles of visitors across other websites.
4. How We Use Your Personal Data (Legal Basis)
Under the UK General Data Protection Regulation (UK GDPR, as amended by the Data (Use and Access) Act 2025), we must have a lawful basis for each type of processing. The bases we rely on are set out below.
| Processing activity | Lawful basis | Explanation |
|---|---|---|
| Delivering newsletters you have subscribed to | Consent (Article 6(1)(a)) | You provide consent when you enter your email address and select your newsletter preferences. You can withdraw consent at any time by unsubscribing. |
| Arranging a discovery conversation you have booked | Legitimate interests (Article 6(1)(f)) | It is in our legitimate interest and yours to arrange and conduct a conversation you have requested. |
| Responding to an enquiry you have sent us | Legitimate interests (Article 6(1)(f)) | It is in our legitimate interest and yours to respond to correspondence you have initiated. |
| Delivering advisory services under an engagement | Performance of a contract (Article 6(1)(b)) | Processing is necessary to perform our obligations under the advisory engagement agreement. |
| Website analytics (anonymous, cookie-free) | Recognised legitimate interests (Article 6(1)(ea), as introduced by the Data (Use and Access) Act 2025) | Our analytics tools do not collect personal data, set cookies, or identify individual visitors. To the extent any processing occurs, statistical analysis of anonymous website usage data falls within the recognised legitimate interests provisions for web analytics. |
| Issuing invoices and maintaining financial records | Legal obligation (Article 6(1)(c)) | We are required by law to maintain financial records for tax and accounting purposes. |
For visitors in the European Economic Area: Where we process personal data of individuals in the EEA, we do so in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679). The lawful bases described above apply equivalently under the EU GDPR, with the exception of recognised legitimate interests (which is a UK-specific provision) — for EEA visitors, website analytics processing relies on standard legitimate interests under Article 6(1)(f).
5. Newsletter Subscriptions
Our newsletters — collectively branded Clarent Intelligence — are delivered by email on a rotating weekly cycle across our four practice areas: Human Performance, Venture Design, Operational Excellence, and International Growth.
When you subscribe, you select which practice areas you wish to receive. You can update your preferences at any time using the preference link in any newsletter email, or by contacting us directly.
How to unsubscribe: Every newsletter email contains an unsubscribe link. You can unsubscribe from individual practice areas or from all newsletters. Unsubscription takes effect immediately.
What happens to your data when you unsubscribe: Your email address is removed from the active mailing list. We retain a record of your original subscription and unsubscription for our legitimate interest in maintaining suppression lists (to ensure we do not re-subscribe you inadvertently) and for compliance record-keeping. This retained data is not used for any marketing purpose.
6. Discovery Conversations
When you book a discovery conversation through our scheduling tool, you provide your name, email address, and select a time. This information is used solely to arrange and conduct the conversation.
If you do not proceed to an advisory engagement after the conversation, we retain your contact details for a reasonable period (no longer than 12 months) in case you wish to resume the conversation, after which your data is deleted unless you have separately subscribed to a newsletter or consented to further contact.
7. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share personal data only with the following categories of service provider, each of whom processes data on our behalf and under our instruction:
| Service provider | Purpose | Data shared | Location |
|---|---|---|---|
| Brevo (Sendinblue) | Email newsletter delivery and subscriber management | Name, email address, newsletter preferences | European Union |
| Cal.com (EU instance) | Discovery conversation scheduling | Name, email address, scheduling details | European Union |
| Cloudflare | Website hosting, security, performance, and web analytics | Technical connection data (no IP addresses stored by analytics) | Global (with EU/UK processing) |
| Fathom Analytics (where used) | Privacy-focused website analytics | Anonymous aggregate usage data only — no personal data collected | European Union (EU Isolation feature) |
| Google Workspace | Email correspondence and calendar | Name, email address, message content | Data processing in accordance with Google’s Data Processing Amendment |
We require all service providers to process personal data only in accordance with our instructions and to maintain appropriate security measures. Where a service provider is located outside the United Kingdom, we ensure that appropriate safeguards are in place (see Section 9).
We may also disclose personal data where required by law, regulation, or court order.
8. How Long We Keep Your Data
We do not keep personal data for longer than necessary. Our retention periods are:
| Data type | Retention period | Reason |
|---|---|---|
| Newsletter subscriber data (active) | For as long as the subscription is active | Necessary to deliver the service |
| Newsletter subscriber data (after unsubscription) | Suppression record retained indefinitely; all other data deleted within 30 days | Suppression list prevents re-subscription |
| Discovery conversation booking data (no engagement) | 12 months after the conversation | Reasonable follow-up period |
| Advisory engagement records | 7 years after the engagement ends | Legal and professional obligations, limitation periods |
| Financial records (invoices, payments) | 7 years | UK tax and accounting requirements |
| Website analytics data | No personal data collected or retained — analytics are anonymous and cookie-free | No personal data is processed by our analytics tools |
9. International Data Transfers
WX Global Limited is incorporated in Hong Kong. Our service providers are located in the European Union, the United Kingdom, and other jurisdictions.
Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with UK GDPR Article 46. These may include:
- Adequacy decisions: Transfers to countries or territories recognised by the UK Secretary of State as providing an adequate level of data protection.
- Standard contractual clauses: The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as appropriate.
- Service provider commitments: Contractual obligations requiring the recipient to protect personal data to standards equivalent to UK data protection law.
Where personal data of EEA-based individuals is transferred outside the EEA, we rely on the equivalent safeguards under EU GDPR Chapter V.
We do not transfer personal data to jurisdictions that lack appropriate safeguards without ensuring that a lawful transfer mechanism is in place.
10. How We Protect Your Data
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:
- Encryption of data in transit (TLS/SSL on all web traffic)
- Use of reputable, security-certified service providers
- Access to personal data limited to individuals who require it for their role
- Regular review of data processing practices and security measures
- No storage of personal data in publicly accessible locations or repositories
No method of transmission or storage is completely secure. If you have reason to believe that your data has been compromised, please contact us immediately at [email protected].
11. Your Rights
Under UK GDPR (and, where applicable, EU GDPR), you have the following rights in relation to your personal data:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can ask us to correct inaccurate or incomplete data.
- Right to erasure — You can ask us to delete your data where there is no compelling reason for us to continue processing it.
- Right to restrict processing — You can ask us to suspend processing of your data in certain circumstances.
- Right to data portability — You can request your data in a structured, commonly used, machine-readable format.
- Right to object — You can object to processing based on legitimate interests. Where we process data for direct marketing, you have an absolute right to object.
- Rights relating to automated decision-making — We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you.
How to exercise your rights: Contact us at [email protected]. We will respond within one month. There is no fee for making a request in most circumstances.
Right to complain: If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
For individuals in the EEA, you may also complain to the supervisory authority in your country of residence.
We would appreciate the opportunity to address your concern before you contact the ICO, so please contact us first if you are able to.
12. Cookies
Our website uses cookies. For full details of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.
13. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, our service providers, or applicable law. Where changes are material, we will take reasonable steps to notify you — for example, by posting a notice on our website.
The date at the top of this policy indicates when it was last updated.
14. Contact Us
If you have any questions about this policy, wish to exercise any of your rights, or have a concern about how we handle personal data, please contact us:
Email: [email protected]
Postal address: Unit 2A, 17/F, Glenealy Tower, No. 1 Glenealy, Central, Hong Kong
We aim to respond to all enquiries within 5 working days. For formal data subject rights requests, we will respond within one calendar month as required by law.