Privacy Policy

1. Who we are and scope

Advisora Ltd (Advisora) operates the platform Advisora.online and related services. We provide green energy investment research, renewable portfolio analysis, ESG compliance advisory, carbon credit research and subscription-based reports. This Privacy Policy explains how we collect, use, disclose and protect personal and investor-related data when you use our website and services.

2. Company and jurisdiction

Advisora Ltd. Registered office: 45 Navoi Street, Tashkent 100000, Uzbekistan. We comply with Uzbek commercial law, international data protection norms and applicable EU regulation where relevant to our services and clients. For GDPR-related requests, we act as a data controller for processing carried out on Advisora.online and its associated services.

3. Data we collect

We collect the following categories of data depending on your interaction with the platform:

• Identification and contact information: name, email, phone number, postal address when provided.
• Account and subscription data: account credentials, subscription status, invoices and billing metadata processed through Stripe.
• Investor and portfolio datasets: renewable portfolio allocations, asset identifiers, ESG preferences, carbon exposures, scenario inputs and user-provided modelling data required to deliver personalized research.
• Usage and technical data: device identifiers, IP addresses, cookies and session data to operate the service and improve performance.
• Research interactions: downloaded reports, saved dashboards, annotation metadata and research consumption logs.

4. Payment processing and billing

We use Stripe to process payments in USD and EUR. Stripe acts as a payment processor and is independent of Advisora. We do not store full payment card details on our servers. We retain billing identifiers, transaction references and related invoice records for legitimate business, accounting and legal compliance purposes in accordance with Uzbek law and applicable financial regulations.

5. How we use data

We process your data to provide subscription services, generate personalized research and deliver requested reports. Processing purposes include account management, billing, customer support, regulatory reporting, risk and compliance monitoring, aggregated analytics for product improvement, and communications where consent has been given for marketing.

6. Cross-border transfers and safeguards

Our platform may transfer personal and ESG datasets to processors and subprocessors located within and outside the European Economic Area and Uzbekistan. Cross-border transfers are protected by GDPR-compliant safeguards such as standard contractual clauses, appropriate technical measures including encryption and pseudonymization for sensitive ESG datasets, and data processing agreements requiring equivalent protection standards. When transfers occur to jurisdictions without an adequacy decision, we implement contractual guarantees and limit access to necessary staff and processors.

7. Legal bases for processing

We rely on multiple legal bases for processing personal data: performance of contract for subscription delivery, compliance with legal obligations for record keeping, legitimate interests for platform security and analytics, and explicit consent for marketing and non-essential cookies. You will be informed when consent is required and given control via our cookie settings and separate marketing opt-in.

8. Your privacy rights

Under applicable data protection laws you have the following rights regarding personal data we hold:

• Right of access: request a copy of personal data we hold about you.
• Right to rectification: correct inaccurate or incomplete data.
• Right to erasure: request deletion of personal data where processing is not required by law.
• Right to restriction: ask that we limit processing while a dispute is resolved.
• Right to portability: receive your data in a structured, commonly used format for transmission to another controller.

Special provision for green investment datasets: You may request deletion or export of portfolio-level and ESG preference data used for personalized reports. Where deletion would conflict with legal retention requirements (for example, accounting records), we will isolate and pseudonymize your records and retain only the minimal data required by law.

9. Exercising your rights

To exercise any rights, contact [email protected]. We will verify identity where required and respond within statutory timelines. If you are dissatisfied with our response, you may lodge a complaint with a supervisory authority in your jurisdiction. We cooperate with supervisory authorities and will disclose information necessary to investigate compliance matters.

10. Data retention and minimization

We retain personal and transactional data only for as long as necessary to provide services, comply with legal obligations and resolve disputes. Non-essential cookies and marketing identifiers are retained for a maximum of 12 months unless otherwise consented. Aggregated analytics and anonymized datasets may be retained longer for research and benchmarking provided individuals cannot be reidentified.

11. Security measures

We implement industry-standard safeguards including encryption in transit and at rest, role-based access controls, regular security reviews and incident response procedures. Access to sensitive ESG and investor datasets is limited to authorized personnel under confidentiality obligations and monitored for anomalous activity.

12. Third-party disclosures

We share personal data with service providers performing functions on our behalf such as payment processors, cloud hosting, analytics providers and compliance advisors. Such providers are bound by contracts that require them to maintain equivalent security standards and only process data as instructed.

13. Children and minors

Our services are intended for professionals and adult investors. We do not knowingly collect personal data from individuals under 16. If you believe we have collected such data, contact [email protected] for remediation.

14. Changes to this policy

We may update this Privacy Policy to reflect legal, regulatory or operational changes. Material changes will be communicated on our website and, where required, by direct notice to affected users.

15. Contact and DPO

For privacy questions, data access requests or GDPR matters, contact [email protected]. Advisora Ltd, 45 Navoi Street, Tashkent 100000, Uzbekistan. Phone: +998 71 200 4040.