top of page

Privacy Notice

Updated 27 August, 2021

1. Introduction

At Allendevaux and Company (hereinafter, “we” or “us” or “our” or the “Organization”), we sincerely care about privacy, security, and transparency; these fundamental elements of privacy and security play an important part in our organization’s mission. Toward that, this notice sets out the basis on which any personal data, we collect from you, or which you provide to us, will be used and processed by us. It explains how we collect, process, and safeguard your personal information when you browse our website; it also clarifies your privacy privileges and how the law protects you. This Privacy Notice also applies to personal data you entrust to us when subscribing to our one of our services. We recognize that when you choose to provide us with information about yourself, you trust us to act in a responsible manner.


Please be informed that Allendevaux’s websites or portals are not intended for children, defined as age 15 and under; we absolutely do not knowingly collect data from children.

2. Understanding Who Controls Your Data


This Privacy Notice applies when we are acting as the Data Controller with respect to the personal data we process about you. Where we determine the purpose and the means of the processing, we are identified as the Data Controller, and we are responsible for controlling and safeguarding your personal data.


We have assigned a privacy manager to superintend all aspects of this Privacy Notice, ensuring your questions are answered and your rights are respected. Whenever you have questions, you should contact the privacy manager via one of the venues below:

a. Email

b. Telephone

US: +1 617 344 9290
UK: +44 1628 274846

3. How We Collect Information​

We may collect your data through direct interaction, automation, or third parties. Here’s more information about these methodologies:

a. Information You Provide to Us

We may receive your information directly when you:


  • e-mail us;

  • request marketing information to be sent to you;

  • enquire about services;

  • submit an application;

  • attend an event that we are hosting

  • interview with us; or

  • provide us feedback.


We may also receive information from you when you contract with ALLENDEVAUX. The type of information we may receive from you in performance of a service contract depends on the type of service requested but generally includes:


  • identifiers such as names, email addresses, and other relevant contact information; and

  • commercial information, such as statements of work and other contractual agreements, describing the scope and terms of the services.

b. Information We Automatically Collect

When you use our website or log in to our services, we may learn technical data about your computing system and browsing activity. This data is gathered by employing cookies and related tools. To learn more about the cookies we utilize on this site, please refer to our cookie notice.

c. Information We Receive From Third Parties

Your personal data may be received via a third party as follows:


  • via analytics through providers such as Google Analytics, which is located in the United States; and

  • from service providers we use such as:

    • Atlassian, when we receive a support request;

    • Calendly, when we are sent a link to a calendar;

    • Intuit Quickbooks, when we process invoices and payments;

    • MailChimp, when you subscribe to our newsletters or share information about your communication preferences;

    • Microsoft, when you collaborate with us electronically, such as sending an electronic message, meeting invite, or sharing a file or collaborative workspace;

    • Slack, when we are invited to a channel outside of our organization;

    • Wix, when we receive messages initiated via links or forms on our website; and

    • Social media platforms, such as LinkedIn when we participate in events, receive requests for collaboration and for advertising purposes.

4. Information That We May Collect About You

We may collect the following information about you that makes you identifiable. We may also process, store, transfer or modify data that has been grouped together such as:

  • Identity Data including first name, surname, and any other personal details you may send to us. If you are an employee or contractor of Allendevaux, we may also collect your date of birth and information that provides sufficient evidence of ones right to work in a given country.

  • Contact Data including email address, geographic address, and social media data.

  • Employment Data including information in resumes/CVs, educational and vocational experience, character references, interview data, application decision data, and compensation data.

  • Technical Data includes your internet protocol (IP) address, operation system, browser type and plug-ins, mobile platform, and other technical data regarding your computing platform.

  • Usage Data includes data regarding how you use our websites and portals, which pages you visit, and other relevant metrics about our website.

  • Communication Data includes marketing data, including choice in whether or not to receive newsletters and communication from us or our third parties.

Sometimes we aggregate data such as statistical metrics or demographic information stemming from your personal data. It should be noted that statistical and demographic data is not personal data when it does not directly or indirectly reveal your identity. Only when statistical data is combined with personal data will this Privacy Notice apply.

In some instances, we may receive sensitive data about you, which may be defined differently in various countries. Using Article 9 of the GDPR as a baseline, this data, if provided, may be associated with your religious or philosophical beliefs, or could include information about your health.  

Information relating to your health may be collected in the context of your employment with Allendevaux for employment, social security and social protections. We commit to safeguard your data and provide it adequate protections and will only use it according to the purposes set forth in this Privacy Notice and according to legal limitations. If you provide us this or any other information outside of the context of your employment, you do so by choice and under no compulsion whatsoever.

5. How We Process Data & Why We Have It

Many laws around the world require an organization to show it has properly considered which lawful bases are relied on for processing. It also requires the organization to justify the decision. We will only process your data according to the allowance permitted by law.

In most instances, we will only use your data in the following situations:

  • If you are a client, prospective client, consultant, employee or contractor of Allendevaux and processing is necessary for the performance of a contract;

  • If you are a client, prospective client, consultant, employee, contractor, or website visitor of Allendevaux and we are relying on your consent to process your personal data;

  • If you are a client, prospective client, consultant, employee, contractor, or website visitor of Allendevaux and processing is necessary for our legitimate interest;

  • If you are an employee or contractor and we need to respond to a legal requirement; or

  • If we need to respond to a regulatory action.

We rely on legitimate interest when personal data such as names, email addresses, job role, device information, or IP addresses by way of example are within the scope of the following business processes:

  • If you are a client, prospective client, consultant, employee or contractor of Allendevaux and processing is necessary for the performance of a contract;

  • Providing information security operations within our business to prevent unauthorized access, intrusion, misuse of our systems, networks, computers and information, including prevention of personal data breaches and cyber-attacks.

  • Providing website security.

  • Managing physical access to our facilities.

  • Monitoring access to our information systems and applications.

  • Providing business operational support and back-office operations.

  • Preventing data leakage and managing vulnerabilities.

We also rely on legitimate interest when certain personal data is disclosed within the context of HR business processes, such as performing background checks and security vetting in recruitment.

If you have any further questions about how we process your data, please contact us at

6. Third-Party Links​

This website may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or other relevant information of every website you visit.​


7. Information Sharing & Disclosure to Third Parties​


We do not share your personal information with individuals outside Allendevaux & Company except as described next. We use service providers to assist in the storage and processing of personal data. The name of the service provider, the locations where data is transferred or stored by the provider and the purpose of processing are described below. 

  • Atlassian, AWS Data Centers in Australia, Germany, Ireland, Singapore and the US, for managing service requests and knowledge articles;

  • Dropbox Business, US Data Centers, for file storage and processing;

  • Microsoft Office 365, US Data Centers, for file storage and processing;

  • MailChimp, US, for sending information to which you may have requested or subscribed;

  • OneTrust CookiePro, MS Azure Germany, for managing website cookie notices and tracking cookie consent and preferences;

  • Qualys, US Data Centers, for vulnerability scanning and web application scanning;

  • Smartsheet, AWS Data Centers in Germany, Ireland and the US, for project management and project reporting; and

  •, US Data Centers, for submitting requests for information via the website.

We may choose to buy or sell business assets and may share certain client information which may include personal information in the context of such negotiations or transactions. 
In limited circumstances and in response to valid requests from public authorities, we may be compelled to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

8. Who Accesses Your Information & How Long We Use

Your Data


Your information is stored and accessed by Allendevaux employees and contractors only for the following purposes:


  • Service and Support: to be able to meet our contractual obligations to you and provide support related to our contractual obligations when you have any issues as and when required;

  • Sales & Marketing: to send your company updates, product information, industry articles written by Allendevaux on a monthly, quarterly or ad hoc basis.

If you do not wish to receive such information or have specific contact preferences, you may inform us about your communication preferences by e-mailing us at:

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we are required to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) even after contracts are completed; this is for taxation purposes. 

We maintain data retention schedules to track the retention period for the information that we manage including personal information. We identify the maximum or minimum retention period for each category of information based on legal and contractual obligations, guidance from subject matter experts and best practices. In some circumstances you can ask us to delete your data: see data subject rights further information.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

9. Data Subject Rights


You may send us an email at to request access to, correct or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). 


This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.


Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.


Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.


Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.


Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data is accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c ) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.


Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.


Withdraw consent at any time where we are relying on consent to process your personal data. 


However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us at You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly excessive or repetitive. Alternatively, we may refuse to comply with your request in these circumstances.

10. What We May Need From You


We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

11. International Data Transfers


Allendevaux & Company may transfer personal data from the EEA or the UK to the United States or other third countries. We rely on one of the following transfer mechanisms in such cases:

  • Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR), or

  • Standard Contractual Clauses issued by the European Commission. The European Commission has determined that the Standard Contractual Clauses provide sufficient safeguards to protect the personal data transferred outside the EU or EEA.

The Court of Justice of the European Union invalidated both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks as approved transfer mechanisms of personal data to the United States. At the same time, Allendevaux & Company is required to continue complying with both frameworks as set forth by the U.S. Department of Commerce because (a) it collected information previously under these programs, and (b) it voluntarily continues to comply with these frameworks. In this regard, Allendevaux & Company has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. These principles govern the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. If there is any conflict between the terms in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit

We regularly review our compliance with this Privacy Notice.  In the event that we receive a formal written complaint, we will contact the person who made the complaint and we will make all efforts to resolve such complaint directly with the claimant.  We also work with the appropriate regulatory authorities, to resolve such complaints. 

If, after receiving a response from us, you are still not satisfied with the outcome of your complaint, you may refer to, which provides individuals in Europe with guidance on how to submit a Privacy Shield-related complaint.

In compliance with the Privacy Shield Principles, Allendevaux commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield notice should first contact Allendevaux’s Compliance and Information Security coordinator at

Allendevaux has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.  If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint.  The services of EU DPAs,, are provided at no cost to you.

Allendevaux is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) in the United States.


Allendevaux may be liable in cases of onward transfers of personal data to third parties.


Allendevaux commits to binding arbitration at the request of the individual to address any complaint that has not been resolved by other recourse and enforcement mechanisms. If you have a complaint, do not hesitate to contact Rebekah Allendevaux, Senior Partner, at We aim to respond to any such comments or complaints within 45 days. 


Alternatively, you could contact your home country independent authority set up to uphold information rights in the public interest.


For example, in the UK you can contact the supervisory authority by visiting

12. Notices & Changes to Our Privacy Notice


By accepting our services, you agree to the terms and conditions contained in this Privacy Notice and/or any other agreement that we might have with you.  If you do not agree to any of these terms and conditions, you should not use any of our services. As our organization evolves and how we operate our business changes, and as the legislative framework governing data protection and data privacy continues to evolve, this Privacy Notice is expected to change as well. We reserve the right to amend this Privacy Notice at any time, for any reason. We may e-mail periodic reminders of our notices and terms and conditions and will e-mail our registered users about material changes. 

13. Questions or Concerns Regarding Our Privacy Notice


If you have any questions or concerns about our Privacy Notice, or should you wish to file a complaint about anything relating to our Privacy Notice, do not hesitate to contact Scott Allendevaux, Compliance and Information Security, at

bottom of page