Privacy Policy

1. Who We Are

The Barnwell Advisory Group ("we," "us," or "our") is a global strategy and management consulting firm headquartered in Houston, Texas, United States. We provide strategic advisory, operational transformation, and consulting services to organizations across multiple industries worldwide.

This Privacy Policy applies to personal information collected through our website at barnwelladvisory.com (the "Site"), our contact and inquiry forms, our appointment booking system, and any other direct communications between you and our firm.

For purposes of applicable data protection law, The Barnwell Advisory Group is the data controller of your personal information collected through this Site.

2. Information We Collect

Information You Provide Directly

When you interact with our website, we may collect the following categories of personal information:

• Identity Data: First name, last name
• Contact Data: Email address, phone number
• Professional Data: Company name, job title, industry, role
• Communications Data: The content of messages or inquiries you send us via our contact form or email
• Scheduling Data: Meeting preferences and appointment information collected through our booking system (powered by Microsoft Outlook / Microsoft 365)

Information Collected Automatically

When you visit our Site, certain technical information may be collected automatically by our hosting and infrastructure providers:

• Technical Data: IP address, browser type and version, operating system, device type, referring URL
• Usage Data: Pages visited, time and date of visit, time spent on pages, links clicked
• Log Data: Server access logs maintained by Netlify, our hosting provider

Information We Do Not Collect

We do not collect sensitive categories of personal information (such as health data, financial account numbers, government identification numbers, racial or ethnic origin, religious beliefs, or biometric data) through this website. We do not operate paid advertising platforms and do not purchase third-party marketing lists.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• Responding to Inquiries: To read, process, and respond to messages submitted through our contact form or sent directly by email
• Scheduling: To facilitate appointments and strategy sessions booked through our scheduling system
• Business Development: To evaluate potential engagements, assess fit, and follow up on expressed interest in our services
• Communications: To send you information you have requested, including capability statements, proposals, or other materials
• Site Operations: To operate, maintain, and improve our website; to diagnose technical issues; and to ensure security
• Legal Compliance: To comply with applicable laws, regulations, or lawful requests from governmental authorities
• Recordkeeping: To maintain records of communications in connection with potential or active business relationships

We do not sell, rent, or otherwise monetize your personal information. We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Basis for Processing

For individuals located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions that require a stated legal basis for processing personal data, we rely on the following lawful bases:

• Legitimate Interests (Article 6(1)(f) GDPR): Processing your inquiry, responding to your message, and following up on a potential business relationship are within our legitimate interests as a consulting firm. We have assessed that these interests are not overridden by your rights and freedoms.
• Performance of a Contract or Pre-Contractual Steps (Article 6(1)(b) GDPR): Where you have requested information about our services or scheduled a meeting, processing your data is necessary to take steps at your request prior to entering into a contract.
• Consent (Article 6(1)(a) GDPR): Where we rely on consent (for example, to send you newsletters or marketing communications, if and when such programs exist), you may withdraw your consent at any time by contacting us at dwayne@barnwelladvisory.com.
• Legal Obligation (Article 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which we are subject.

5. Data Sharing & Third Parties

We do not sell your personal information. We share your data only in the following limited circumstances:

Service Providers

We engage the following categories of third-party service providers who may process personal data on our behalf, subject to contractual data protection obligations:

• Netlify, Inc. — Website hosting and form submission processing (United States). Netlify's infrastructure processes form submissions and may retain server logs. Please review Netlify's Privacy Policy.
• Microsoft Corporation — Appointment scheduling via Microsoft Outlook / Microsoft 365 Bookings (United States). Booking data is subject to Microsoft's Privacy Statement.
• Google Fonts — Web font delivery. Google may collect technical connection data. Please review Google's Privacy Policy.

Legal Requirements

We may disclose your personal information if required to do so by law, court order, governmental or regulatory authority, or if we believe in good faith that such disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of all or a portion of our business assets, personal information may be transferred as part of that transaction. We will notify affected individuals if such a transfer results in a material change to how their data is used.

We do not share your personal information with third parties for their own marketing purposes.

6. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention guidelines are:

• Contact form submissions and inquiry records: Up to 3 years from the date of last contact, or until a formal engagement agreement is executed (after which engagement-specific policies apply)
• Scheduling and booking records: Up to 12 months following the scheduled meeting, unless the relationship progresses to an active engagement
• Technical and server log data: As determined by Netlify's standard data retention practices (typically 30 days for raw logs)
• Email correspondence: Retained for the duration of the relationship and for a period of 5 years thereafter for business recordkeeping purposes

When personal data is no longer required, we will securely delete or anonymize it.

7. International Data Transfers

The Barnwell Advisory Group is headquartered in the United States. Our website is hosted by Netlify and our scheduling infrastructure is operated by Microsoft, both of which may process data in the United States or other countries.

If you are located in the European Economic Area, United Kingdom, or another jurisdiction with data transfer restrictions, please be aware that your personal information may be transferred to and processed in countries that may not provide the same level of data protection as your home country.

Where such transfers occur, we rely on appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The UK International Data Transfer Agreement (IDTA) or Addendum, as applicable
• Adequacy decisions issued by the relevant data protection authority
• The data protection frameworks and agreements maintained by our service providers (Netlify and Microsoft maintain EU-US Data Privacy Framework certifications)

8. Your Rights

Depending on your location, you may have rights regarding your personal information. We honor these rights regardless of where you are located:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Rectification: You may request that we correct inaccurate or incomplete information.
• Right to Erasure ("Right to Be Forgotten"): You may request deletion of your personal information, subject to certain legal exceptions.
• Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
• Right to Data Portability: You may request your personal information in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right Not to Be Discriminated Against (CCPA/CPRA): California residents have the right not to receive discriminatory treatment for exercising their privacy rights.
• Right to Opt Out of Sale/Sharing (CCPA/CPRA): We do not sell or share personal information for cross-context behavioral advertising. No opt-out mechanism is required, but you may contact us to confirm.

To exercise any of these rights, please contact us at dwayne@barnwelladvisory.com. We will respond within 30 days (or within the timeframe required by applicable law). We may request verification of your identity before processing your request.

9. Cookies & Tracking Technologies

Our website uses a minimal set of technologies to operate properly. We do not currently use advertising cookies, behavioral tracking, or third-party analytics platforms that build user profiles.

Essential Operations

Our hosting provider (Netlify) may set technical identifiers necessary for form submissions and site security. These are not optional and are required for the site to function correctly.

Third-Party Scripts

Google Fonts are loaded from Google's servers, which may result in a technical connection log on Google's side when fonts are requested. This is a standard web practice and involves no behavioral tracking on our part.

No Third-Party Analytics

We do not currently use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any other third-party behavioral analytics or advertising tracking technology on this website. If this changes, this policy will be updated and appropriate consent mechanisms will be implemented.

Managing Cookies

You may manage cookie preferences through your browser settings. Disabling cookies may affect certain site functionality, including form submissions.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, accidental loss, alteration, or disclosure. These measures include:

• TLS/SSL encryption for all data transmitted between your browser and our website
• Secure hosting infrastructure via Netlify with DDoS protection and access controls
• Limited internal access to personal data on a need-to-know basis
• Use of enterprise-grade Microsoft 365 infrastructure for email and scheduling data

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities as required by applicable law.

11. Children's Privacy

Our website and services are directed exclusively to business professionals and organizations. We do not knowingly collect personal information from individuals under the age of 16 (or such higher age as required by applicable law). If you believe we have inadvertently collected information from a minor, please contact us immediately at dwayne@barnwelladvisory.com and we will delete it promptly.

12. Global Privacy Frameworks

The Barnwell Advisory Group is committed to respecting the privacy rights of individuals across all jurisdictions. We align our practices with the following internationally recognized frameworks and regulations:

• GDPR — EU General Data Protection Regulation (Regulation 2016/679)
• UK GDPR — United Kingdom General Data Protection Regulation and Data Protection Act 2018
• CCPA / CPRA — California Consumer Privacy Act and California Privacy Rights Act
• PIPEDA — Personal Information Protection and Electronic Documents Act (Canada)
• Quebec Law 25 — An Act to Modernize Legislative Provisions as Regards the Protection of Personal Information (Canada)
• LGPD — Lei Geral de Proteção de Dados (Brazil)
• POPIA — Protection of Personal Information Act (South Africa)
• PDPA — Personal Data Protection Act (Singapore and Thailand)
• Privacy Act 1988 (Australia) and the Australian Privacy Principles
• APPI — Act on the Protection of Personal Information (Japan)
• DIFC Data Protection Law — Dubai International Financial Centre (UAE)
• ADGM Data Protection Regulations — Abu Dhabi Global Market (UAE)

If your jurisdiction has privacy laws not listed above, please know that we will honor the spirit of those protections. Contact us at dwayne@barnwelladvisory.com with any jurisdiction-specific request.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. Where required by law, we will provide more prominent notice or seek your consent.

We encourage you to review this Policy periodically. Your continued use of the Site following any updates constitutes your acknowledgment of those changes.

14. Contact Us & Data Requests

For any questions about this Privacy Policy, to exercise your data rights, or to submit a complaint, please contact us:

The Barnwell Advisory Group
Privacy Inquiries
Houston, Texas, United States
dwayne@barnwelladvisory.com

If you are located in the European Economic Area and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office at ico.org.uk.