Skip to main content
Legal

Privacy Policy

Last updated: April 2026

1. Who we are

This Privacy Policy explains how Sequoia Consulting LTD ("Sequoia", "we", "us", "our") collects and processes personal data. Sequoia Consulting LTD is a company registered in Malta under VAT number MT30771714. You can contact us at info@sequoiaconsulting.ai.

We act as a data controller for the personal data collected through our website (www.sequoiaconsulting.ai) and our direct business communications. We act as a data processor when we process personal data on behalf of our clients under a written services agreement.

2. What personal data we collect

When you interact with our website or contact us directly, we may collect:

  • Contact details you submit voluntarily: name, work email, company, role, project brief text.
  • Technical data collected automatically by your browser and our infrastructure: IP address, user agent, referrer, pages visited, approximate location inferred from IP.
  • Email correspondence you send us, including any content you choose to include.

We do not intentionally collect special categories of personal data (health, political opinions, biometrics, etc.) from our website. If you send such data in free text, we will treat it with the same care as other data and delete it once it is no longer needed.

3. Why we process your data and the legal basis

We process personal data for the following purposes:

  • Responding to enquiries. Legal basis: our legitimate interest in replying to prospective clients and the performance of pre-contractual measures.
  • Maintaining client relationships. Legal basis: performance of a contract with you or your organization.
  • Website analytics and improvement. Legal basis: our legitimate interest in understanding how the website is used, balanced against your privacy. We do not use advertising cookies.
  • Legal compliance. Legal basis: compliance with legal obligations applicable to Sequoia, including accounting, tax, and record-keeping rules.
  • Security and fraud prevention. Legal basis: our legitimate interest in protecting our infrastructure, clients and systems.

4. Who receives your data

We share personal data only with:

  • Service providers that support our operations — including email delivery, form handling (FormSubmit), cloud hosting (AWS), infrastructure and security providers. These processors act under our instructions and under contracts that include GDPR-aligned data processing terms.
  • Professional advisors such as lawyers, accountants and auditors, where needed and under confidentiality obligations.
  • Authorities when required to comply with legal obligations or lawful requests.

We do not sell personal data. We do not share personal data with advertising networks.

5. International transfers

Some of our service providers may be located outside the European Economic Area. Where this is the case, we rely on European Commission adequacy decisions or on Standard Contractual Clauses approved by the European Commission, combined with additional safeguards where required.

6. How long we keep your data

We retain personal data only as long as necessary for the purposes for which it was collected:

  • Contact form submissions and related correspondence: up to 24 months after the last meaningful interaction, unless a commercial relationship starts.
  • Client engagement records: for the duration of the contract and for up to 10 years afterwards where required by applicable accounting or legal rules.
  • Technical and security logs: typically 30 to 180 days.

7. Your rights

Under GDPR and Maltese data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your personal data where we no longer have a lawful basis to keep it.
  • Restrict or object to our processing in certain circumstances.
  • Request portability of data you provided, in a structured and machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Maltese Office of the Information and Data Protection Commissioner (IDPC) or the supervisory authority in your place of residence.

To exercise any of these rights, email info@sequoiaconsulting.ai. We will respond within one month of receiving your request.

8. Security

We apply technical and organizational measures designed to protect personal data against unauthorized or unlawful processing, accidental loss, destruction or damage. These include encryption in transit, restricted access, logging, regular review of access rights, and vetted third-party providers.

9. Cookies and similar technologies

Our website uses a small number of cookies and similar technologies. See our Cookie Policy for details and to manage your preferences.

10. Children

Our services are intended for businesses. We do not knowingly collect personal data from individuals under 16. If you believe we have collected such data, please contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. We will post the updated version on this page with a revised "last updated" date.

12. Contact

For any privacy-related question, write to info@sequoiaconsulting.ai.