top of page

Privacy Notice

PRIVACY NOTICE

1. Introduction

1.1 Data Controller

Day One Advisory ("we," "our," or "the Platform") is the data controller responsible for the processing of the personal data defined hereunder in connection with your use of the Services as defined in the General Terms and Conditions

Identity and Contact Details:

1.2 Purpose of This Privacy Policy

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access or use the Services, in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Malta's Data Protection Act (Chapter 586 of the Laws of Malta), and applicable data protection laws.

1.3 Our Commitment

We are committed to transparency, data minimization, and providing you with full control over your personal data.

2. What Personal Data We Collect

2.1 Account and Registration Data

When you create an account or subscribe to the Service, we collect:

  • Full name

  • Email address

  • Company name

  • Billing address

  • Payment information (processed via third-party payment processor — see Section 5)

2.2 Usage and Query Data

We do not consider Usage Data as defined in our General Terms and Conditions to constitute personal data, for more information about your Usage Data please consult our main General Terms and Conditions.

2.3 Technical and Device Data

We automatically collect:

  • IP address and geolocation data (country-level)

  • Browser type, operating system, and device identifiers

  • Cookies and tracking identifiers (see Section 10)

  • Login and access logs

2.4 Communications Data

If you contact us for support or feedback:

  • Correspondence content (emails, chat transcripts)

  • Support ticket details

2.5 Information from public domain

We provide access to publicly available information (for example, judgments and decisions) within our Services. Some of this information may relate to individuals and can, in some jurisdictions, be considered personal data. Personal data included in publicly available information is only processed on the basis of our legitimate interests so that our Services can provide more accurate and relevant responses. It is not used to intentionally identify individuals. The publicly available information that we use is similar to the information that all legal practitioners, students and academics access on a daily basis.

3. How We Use Your Personal Data (Purposes and Legal Bases)

We process your personal data for the following purposes:

Purpose

Legal Basis

To provide access to the Services

Performance of contract (Article 6(1)(b))

To create and manage your user account

Performance of contract (Article 6(1)(b))

To process subscription payments and billing

Performance of contract (Article 6(1)(b))

To improve algorithms, and enhance platform performance

Legitimate interests (Article 6(1)(f)) in product development and service optimization

To provide customer support and respond to inquiries

Performance of contract (Article 6(1)(b)) or legitimate interests (Article 6(1)(f))

To send service updates, security alerts, and technical notifications

Legitimate interests (Article 6(1)(f)) or performance of contract (Article 6(1)(b))

To send marketing communications (with your consent)

Consent (Article 6(1)(a)) or presumption that we can send you communications when you sign up to our services.

To comply with legal obligations (e.g., tax, accounting, court orders)

Legal obligation (Article 6(1)(c))

To detect fraud, prevent abuse, and ensure platform security

Legitimate interests (Article 6(1)(f)) in protecting our systems and users

To anonymize and aggregate data for analytics and reporting

Legitimate interests (Article 6(1)(f)) in business intelligence (anonymized data is not personal data under GDPR)

4. Section 4 Not Currently Applicable

5. Who We Share Your Personal Data With

We do not sell your personal data. We may share it with the following categories of recipients:

5.1 Third-Party Service Providers (Data Processors)

We engage trusted processors under Data Processing Agreements (DPAs) in the context of our business operations to provide Technical Infrastucture and services, Cloud Infrastructure, Payment Processors, Hosting and Storage, Email and Communication Tools, Analytics and Monitoring.

5.2 Legal and Regulatory Authorities

We may disclose data when required by law, court order, or to protect our legal rights and the safety of users.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity, subject to the same privacy protections.

6. International Data Transfers

6.1 Transfers Outside the EEA

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our cloud infrastructure and AI service providers operate.

6.2 Safeguards

We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): European Commission-approved model clauses

  • Data Transfer Impact Assessments (DTIAs): Evaluation of risks related to foreign surveillance and legal frameworks

  • Adequacy Decisions: Reliance on EU adequacy findings where applicable

  • Technical Measures: Encryption in transit and at rest, access controls, and pseudonymization

7. Data Retention

7.1 Retention Periods

We retain your personal data only as long as necessary for the purposes set out in this Privacy Policy or as required by law:

Data Category

Retention Period

Account and registration data

Duration of subscription + 10 years (for accounting/tax purposes)

Usage and query data

Duration of subscription

Payment transaction records

10 years (to comply with Maltese tax and accounting laws)

Support communications

5 years after case closure

Marketing consent records

Until consent is withdrawn + 5 years (to evidence compliance)

7.2 Deletion Upon Account Closure

When you terminate your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate dispute resolution.

8. Your Rights Under GDPR

You have the following rights concerning your personal

8.1 Right of Access (Article 15)

Request a copy of all personal data we hold about you.

8.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete data.

8.3 Right to Erasure / "Right to Be Forgotten" (Article 17)

Request deletion of your data in certain circumstances (e.g., no longer necessary, consent withdrawn, unlawful processing).

8.4 Right to Restriction of Processing (Article 18)

Request that we limit how we use your data while a dispute is resolved.

8.5 Right to Data Portability (Article 20)

Request transfer of your data to another service provider in a structured, machine-readable format.

8.6 Right to Object (Article 21)

Object to processing based on legitimate interests, including profiling and direct marketing.

8.7 Right to Withdraw Consent (Article 7(3))

Withdraw consent for marketing or optional processing at any time without affecting prior lawful processing.

8.8 Right to Lodge a Complaint (Article 77)

File a complaint with the Office of the Information and Data Protection Commissioner (IDPC) in Malta (https://idpc.org.mt) or your local supervisory authority.

8.9 How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected].

9. Data Security

9.1 Technical and Organizational Measures

We implement industry-standard security measures to protect your personal data.

9.2 No Absolute Guarantee

While we take all reasonable precautions, no internet-based service is completely secure. You acknowledge the inherent risks of online data transmission.

10. Cookies and Tracking Technologies

10.1 Use of Cookies

The Services uses cookies and similar technologies (e.g., local storage, session tokens) to:

  • Maintain user sessions and authentication

  • Remember user preferences and settings

  • Analyze platform usage and performance

10.2 Cookie Categories

  • Strictly Necessary Cookies: Required for core functionality (no consent needed)

  • Performance/Analytics Cookies: Measure usage and improve the platform (consent required)

10.4 Third-Party Cookies

We may use third-party analytics tools (e.g., Google Analytics). These are governed by the third party's privacy policy.

11. Marketing Communications

11.1 Consent-Based Marketing

We may send you promotional emails about new features, updates, and offers only if you have provided explicit consent or if permitted under soft opt-in rules (existing customer relationship).

  1. Opt-Out

You may unsubscribe at any time by clicking the "unsubscribe" link in any marketing email

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology and legal requirements.

14. Contact Us and Data Protection Officer

14.1 General Inquiries

For questions about this Privacy Policy or to exercise your rights, contact:

Email: [email protected]

14.2 Supervisory Authority

Office of the Information and Data Protection Commissioner (IDPC)

Website: https://idpc.org.mt

Email: [email protected]

bottom of page