BRIKS Advisory ("the Firm," "we," "our," or "us") is a financial intelligence advisory firm incorporated and operating in the Cayman Islands. We deliver the Operator Intelligence Engine (OIE), a suite of analytical products for real estate developers, operators, and investors across the Cayman Islands, the United Kingdom, and the wider Caribbean region.
This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with our services, website at vantage-advisory.co, and all client engagements. It applies to prospective clients, current clients, website visitors, and any individuals who submit data to us in the course of engaging with our products.
Jurisdictional Notice: Our operations span multiple regulatory environments. Where you are located in or interact with us from the United Kingdom, your data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where you are located in or interact with us from the Cayman Islands, your data is processed in accordance with the Cayman Islands Data Protection Act, 2017 (DPA 2017). These frameworks are applied concurrently where relevant.
For the purposes of applicable data protection legislation, the data controller responsible for your personal information is:
Vantage Advisory
Cayman Islands
Website: briksadvisory.com
Data Contact: [email protected]
We are registered with the Cayman Islands Office of the Ombudsman as required under the DPA 2017. Where our processing activities engage UK data subjects, we comply with the UK GDPR obligations applicable to controllers without a UK establishment that target UK residents.
We collect personal data only to the extent necessary to deliver our services and maintain secure, effective client relationships. The categories of data we may collect include the following.
Under the UK GDPR and consistent with the principles of the Cayman Islands DPA 2017, we process personal data under the following lawful bases.
| Processing Activity | Lawful Basis |
|---|---|
| Delivering contracted analysis products and deliverables | Performance of a contract |
| Responding to enquiries and proposals | Legitimate interests / pre-contractual steps |
| Sending service updates and project communications | Performance of a contract |
| Sending marketing communications (where opted in) | Consent |
| Complying with legal and regulatory obligations | Legal obligation |
| Maintaining business records for audit purposes | Legitimate interests |
| Fraud prevention and security | Legitimate interests / legal obligation |
Where we rely on legitimate interests as a lawful basis, we have assessed that our interests do not override the rights and freedoms of affected individuals.
We use collected data for the following purposes only, and we do not process data in ways that are incompatible with these purposes.
We do not use personal data for automated decision-making that produces legal or similarly significant effects without human review.
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, disclosure, or destruction.
Data is stored in cloud-based platforms and CRM systems operated by reputable third-party providers. Storage locations may include servers in the United States, the European Economic Area, and the United Kingdom. Where data is transferred internationally, we ensure appropriate safeguards are in place consistent with UK GDPR requirements (including standard contractual clauses where applicable) and the Cayman Islands DPA 2017.
In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable law.
We do not sell, rent, or trade your personal data. We may share your data with the following categories of third parties, solely for the purposes described in this policy.
We use third-party software platforms to operate our business, including CRM, email, payment processing, and file delivery tools. These providers are contractually bound as data processors and may only process your data on our documented instructions.
Payment transactions are handled by third-party processors. We do not handle or store payment card data directly. The relevant processor's privacy policy governs their handling of payment data.
We may share data with legal, accounting, or compliance advisors where required to meet a legal obligation or protect our legitimate interests. Such advisors are bound by professional confidentiality obligations.
We may disclose personal data to regulatory authorities, courts, or law enforcement agencies where required by law or lawful order, including the Cayman Islands Office of the Ombudsman, the UK Information Commissioner's Office, or other competent bodies.
No Sale of Data: We will never sell, share for profit, or otherwise commercialise your personal information to third parties for their own marketing or analytics purposes.
Given the multi-jurisdictional nature of our operations, personal data may be transferred between the Cayman Islands, the United Kingdom, and other territories in the course of delivering our services or maintaining our technology infrastructure.
Where personal data relating to UK data subjects is transferred outside the UK, we apply safeguards recognised under UK GDPR, including reliance on adequacy decisions or execution of International Data Transfer Agreements (IDTAs) as applicable.
Where personal data relating to Cayman Islands data subjects is transferred internationally, we ensure that the recipient jurisdiction provides an adequate level of protection consistent with the requirements of the DPA 2017, or that appropriate contractual safeguards are in place.
Clients in the wider Caribbean region are advised that their data may be processed in jurisdictions outside their country of residence. We take reasonable steps to ensure that any such processing meets a standard equivalent to the protections described in this policy.
Our website uses cookies and similar tracking technologies to support site functionality, analyse usage, and improve the visitor experience. A cookie is a small data file placed on your device when you visit our site.
| Cookie Type | Purpose | Basis |
|---|---|---|
| Strictly Necessary | Enable core site functionality, form submission, and navigation | Essential / No consent required |
| Analytics | Track page visits, session duration, and referral sources to improve site performance | Consent |
| Marketing / Pixel | Support retargeting campaigns (e.g. Meta Ads) to serve relevant content to visitors | Consent |
| Functional | Remember preferences and settings across sessions | Legitimate interests / Consent |
You may withdraw consent for non-essential cookies at any time by adjusting your browser settings or using the cookie preference tool on our website where available. Disabling certain cookies may affect the functionality of our site.
Depending on your jurisdiction of residence, you may hold some or all of the following rights in relation to your personal data. We will respond to verified requests within the timeframes required by applicable law (generally 30 days under UK GDPR; one month under the Cayman Islands DPA 2017).
To exercise any of these rights, submit a written request to [email protected]. We may require identity verification before actioning your request.
Supervisory Authorities: If you are dissatisfied with our response to a data request, you have the right to lodge a complaint with the relevant supervisory authority. For UK data subjects, this is the Information Commissioner's Office (ICO) at ico.org.uk. For Cayman Islands data subjects, this is the Office of the Ombudsman at ombudsman.ky.
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law or regulation.
| Data Category | Retention Period | Rationale |
|---|---|---|
| Client engagement records and deliverables | 7 years post-engagement | Legal and contractual compliance; professional liability |
| Financial and invoice records | 7 years | Accounting and tax obligations |
| Pre-contract enquiries (no engagement) | 24 months from last contact | Legitimate business interest |
| Marketing communications consent records | Until consent withdrawn, plus 3 years | Demonstrating lawful basis |
| Website analytics data | 26 months from collection | Performance analysis; standard industry practice |
| Cookie consent logs | 12 months | Regulatory compliance |
On expiry of the applicable retention period, data is securely deleted or anonymised in a manner that prevents re-identification.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable legal requirements. We will post the revised policy at vantage-advisory.co/privacy with an updated effective date.
Where changes are material, we will notify active clients by email or through our client portal. Your continued use of our services following notification constitutes acceptance of the updated policy.
All data subject requests, privacy concerns, or questions relating to this policy should be directed to our designated data contact. We aim to acknowledge all requests within 5 business days and resolve them within the timeframe required by applicable law.
Email: [email protected]
Subject line: Data Subject Request / [Your Name]
Please include your full name, contact details, and a clear description of your request. We may ask for additional information to verify your identity before processing the request.