Header-logo

Privacy Policy

Last updated: 3 August 2025

This Privacy Policy describes how APVG Limited, trading as Consultancy Cove ('the Company', 'We', 'Us', or 'Our'), collects, uses, and discloses Your personal information when You use Our Services. It outlines Your privacy rights and how the law protects You under the Gibraltar Data Protection Act 2004, the Gibraltar General Data Protection Regulation (Gibraltar GDPR), and the UK General Data Protection Regulation (UK GDPR).

By using Our Services, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation

Words with an initial capital letter have meanings defined below. These definitions apply whether the terms appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

  • Account: A unique account created for You to access Our Services or parts of Our Services.
  • Affiliate: An entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
  • Company: APVG Limited, trading as Consultancy Cove, registered at 2A/10 Tisa Building, 143 Main Street, Gibraltar.
  • Country: Gibraltar.
  • Device: Any device that can access the Service, such as a computer, mobile phone, or digital tablet.
  • Personal Data: Any information relating to an identified or identifiable individual.
  • Service: The Consultancy Cove Website, Cove StartUp, Cove Assist, Cove JIRA, or Cove Adapt services, as described in Our Terms and Conditions.
  • Service Provider: Any natural or legal person who processes data on behalf of the Company, including third-party companies (e.g., AWS, Microsoft, GoDaddy, Cookiebot, Brevo, Google Analytics, Microsoft Clarity) engaged to facilitate the Service, provide analytics, or assist in Service delivery.
  • Usage Data: Data collected automatically, generated by the use of the Service or from the Service infrastructure (e.g., duration of a page visit).
  • Website: The Consultancy Cove website at https://www.consultancycove.com.
  • You: The individual or legal entity accessing or using the Service.

Types of Data Collected

Personal Data

While using Our Services, We may collect personally identifiable information to contact or identify You, including:

  • • Email address
  • • First name and last name
  • • Phone number
  • • Business address
  • • Username and password (for account access)
  • • Usage Data
Usage Data

Usage Data is collected automatically when You use Our Services. It may include:

  • • Your Device's Internet Protocol (IP) address (anonymized where possible, e.g., via Google Analytics)
  • • Browser type and version
  • • Pages visited on Our Website
  • • Time and date of Your visit
  • • Time spent on pages
  • • Unique device identifiers
  • • Other diagnostic data (e.g., Service performance metrics)

When You access Our Services via a mobile device, We may collect additional information, such as the type of device, mobile operating system, and mobile browser.

Cookies and Tracking Technologies

We use Cookiebot to manage cookie consent and track user interactions on Our Website. With Your consent, We deploy cookies and tracking tools (e.g., Google Analytics, Microsoft Clarity, Brevo) to collect anonymous data, including:

  • • Approximate location (via anonymized IP address)
  • • Browser and device information
  • • Language preferences
  • • Website navigation patterns (e.g., click behavior, heatmaps)
  • • Marketing engagement (e.g., email open rates via Brevo)

We do not collect sensitive personal information (e.g., age, gender, financial details) through these tools. All tracking complies with Gibraltar GDPR, UK GDPR, and ePrivacy regulations, with Cookiebot ensuring consent is obtained before non-essential cookies are activated. You can manage preferences via the Cookiebot banner at https://www.consultancycove.com.

Use of Your Personal Data

We process Personal Data for the following purposes, based on lawful bases under Gibraltar GDPR and UK GDPR (e.g., contract performance, legitimate interests, or consent):

  • To provide and maintain Our Services: Including IT support, website hosting, JIRA administration, and bespoke IT solutions, and to monitor Service performance.
  • To manage Your Account: To enable access to Service functionalities as a registered user.
  • For contract performance: To fulfil agreements for Services purchased, such as Cove StartUp website setup or Cove Assist IT support.
  • To contact You: Via email, phone, or other electronic communication for updates, security alerts, or Service-related information.
  • To provide news and offers: About Our Services similar to those You have purchased or enquired about, unless You opt out.
  • To manage Your requests: To address enquiries or support tickets.
  • For business transfers: To evaluate or conduct mergers, acquisitions, or asset sales where Personal Data is transferred.
  • To analyze and improve Services: Using anonymized data from Google Analytics, Microsoft Clarity, and Brevo to optimize Website usability, marketing campaigns, and Service performance.

We do not use Personal Data for automated decision-making or profiling that produces legal effects unless explicitly disclosed and consented to.

We may share Your Personal Data in the following situations:

  • With Service Providers: To monitor and analyse Service usage or provide support (e.g., AWS for hosting, Microsoft for 365, Cookiebot for consent, Google Analytics, Microsoft Clarity, Brevo for marketing).
  • With local authorities: To comply with legal obligations, such as audits or requests from the Gibraltar Regulatory Authority (GRA), under strict GDPR-compliant procedures.
  • For business transfers: During mergers, acquisitions, or asset sales.
  • With Affiliates: Our parent company or subsidiaries, who are required to honour this Privacy Policy.
  • With business partners: To offer related products or services, with Your consent.
  • With Your consent: For any other purpose You explicitly approve.

Retention of Your Personal Data

We retain Personal Data only as long as necessary for the purposes outlined, or as required by law:

  • • Account data (e.g., email, name): Up to 6 years post-contract for tax/legal compliance.
  • • Usage Data (e.g., analytics): Up to 12 months for performance analysis.
  • • Cookie/tracking data: As per Cookiebot settings, typically 12 months or until consent is withdrawn.

Data is deleted or anonymized thereafter, unless required for legal purposes (e.g., tax audits).

Transfer of Your Personal Data

Your Personal Data may be processed in Gibraltar or other jurisdictions where Our Service Providers (e.g., AWS, Microsoft, Google) operate. We ensure transfers comply with Gibraltar GDPR and UK GDPR, using safeguards like Standard Contractual Clauses or adequacy decisions.

Disclosure of Your Personal Data

We may disclose Personal Data:

  • For business transactions: If involved in a merger or acquisition, with notice provided.
  • For law enforcement: If required by law or valid public authority requests.
  • For data breach response: We notify the GRA within 72 hours of a reportable breach and affected users as required by Gibraltar GDPR.
  • For other legal requirements: To comply with legal obligations, protect Our rights, prevent wrongdoing, ensure user safety, or address legal liability.

Security of Your Personal Data

We use commercially acceptable measures to protect Your Personal Data, including encryption, access controls, and Cookiebot for consent management. However, no internet or electronic storage method is 100% secure, and We cannot guarantee absolute security.

Under Gibraltar GDPR, UK GDPR, and the Gibraltar Data Protection Act 2004, You have the following rights:

  • Access: Request copies of Your Personal Data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of Your Personal Data, subject to legal retention requirements.
  • Restriction: Limit processing of Your Personal Data in certain circumstances.
  • Portability: Receive Your Personal Data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent: Where processing is based on consent (e.g., cookies via Cookiebot), You may withdraw it at any time.

To exercise these rights, contact Our Data Protection Officer at [email protected]. We will respond within one month, as required by GDPR.

Age Restriction

Our Services are directed solely at individuals aged 18 and older. We do not knowingly collect or process Personal Data from individuals under 18.

Links to Other Websites

Our Services may link to third-party websites (e.g., Microsoft 365, JIRA, AWS). We are not responsible for their privacy practices. Please review their privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page, with the 'Last updated' date revised. We will notify You via email or a prominent notice on Our Website for significant changes. Please review this policy regularly. See Our Terms and Conditions (clause 26) for further details on data protection.

To update Your personal information or exercise Your data protection rights, contact Our Data Protection Officer:

  • By email: [email protected]
  • By phone: +350 54099489 (Monday–Friday, 09:00–17:00 Gibraltar time)
  • By post: APVG Limited, 2A/10 Tisa Building, 143 Main Street, Gibraltar

If you have any questions about our Privacy Policy or how we handle your data, please contact us.

Contact Us