Privacy Policy

Orange Sherpa, a cross-border advisory firm based in Rotterdam, Netherlands, registered with the Netherlands Chamber of Commerce under number TBD. You can reach us at info@orangesherpa.com. For privacy-specific requests, write to privacy@orangesherpa.com.

We act as the data controller for the information described below.

Contact information you voluntarily share — name, company, email, phone, and the content of any message you send — when you complete a contact form, book a call, or exchange emails with us.

Technical information such as IP address, user-agent, referrer, and approximate location, collected in aggregated form via privacy-respecting analytics (Plausible or similar; no cookies, no personal tracking).

Business records generated during engagements — meeting notes, deliverables, correspondence — to the extent strictly necessary to deliver the agreed services.

To respond to your enquiries and proposals (legal basis: pre-contractual necessity, GDPR Art. 6(1)(b)).

To deliver our advisory, market-entry, M&A, and execution services under an engagement letter (contractual necessity).

To improve our website and service quality via aggregated, non-identifying analytics (legitimate interest, Art. 6(1)(f)).

To comply with tax, accounting, and anti-money-laundering obligations (legal obligation, Art. 6(1)(c)).

We do not sell personal data. We share data only with:

• Our self-hosted infrastructure providers (currently within the Innovom network).

• Our email provider for client correspondence.

• Professional advisors (accountants, legal counsel) under confidentiality obligations.

• Partners and local experts in India or Europe, where strictly required to deliver your engagement and after your prior consent for the specific disclosure.

When data flows between the EU and India, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and confidentiality agreements with every party involved.

Contact enquiries: up to 24 months after our last interaction.

Engagement records: 7 years after engagement closure, to meet Dutch tax and accounting requirements.

Analytics: aggregated only, retained up to 12 months.

Under the GDPR you may request access, rectification, erasure, restriction, portability of your data, and object to processing based on legitimate interest. Send requests to privacy@orangesherpa.com; we respond within 30 days.

You can lodge a complaint with the Autoriteit Persoonsgegevens (AP) or, if applicable, your local supervisory authority.

We host our systems on infrastructure we operate ourselves, protected by TLS, strong access controls, and regular backups. We limit access on a need-to-know basis and audit changes.

We may update this policy to reflect changes in our practices or legal requirements. The "last updated" date at the top will reflect the most recent revision.