Privacy Policy

This page explains what personal data we collect when you visit esmhconsulting.com or contact us, why we collect it, who has access to it, and the rights you have over it. We keep this short and in plain English on purpose — if anything is unclear, write to contact@esmhconsulting.com.

1. Who is responsible for your data

The data controller for this website is:

2. What data we collect

We only collect the data you actively give us, plus minimal technical data needed to serve the site.

2.1 Data you submit through the contact form

• Your name — to address you correctly in our reply
• Your email address — to reply to you
• Your platform & handle (optional) — to understand the context of your inquiry
• Your message — the content of your inquiry

2.2 Technical data your browser sends automatically

Like every website, our hosting provider's server automatically receives standard request information: your IP address, browser and operating system, the page you requested, and the time. This is used solely to operate the site, prevent abuse, and diagnose errors. It is not combined with your form data and is rotated out of access logs by our host on its own schedule.

2.3 Cookies and tracking

This site sets no cookies of its own and uses no analytics or tracking tools. The only third party your browser contacts when loading this site is Google Fonts, which delivers the typefaces. Google Fonts does not set tracking cookies but does briefly receive your IP address as part of the standard HTTP request to deliver the font files.

3. Why we use your data and on what legal basis

We process your data on the legal bases set out in Article 6 of the EU General Data Protection Regulation (GDPR), which we apply as a baseline for all visitors regardless of where they live:

• To respond to your inquiry — Article 6(1)(b) (steps prior to entering a contract) and Article 6(1)(f) (legitimate interest in operating our consulting business).
• To provide our consulting services if you engage us — Article 6(1)(b) (performance of a contract).
• To comply with legal obligations such as accounting and tax — Article 6(1)(c).
• To operate and secure the website — Article 6(1)(f) (legitimate interest).

We do not use your data for advertising, profiling, or automated decision-making.

4. Who else handles your data (processors)

We use a small number of third-party services to run the site and our business. They process data on our behalf under written data-processing terms.

• Google LLC (Google Workspace, Google Sheets, Google Apps Script, Gmail) — submissions from the contact form are written to a Google Sheet and emailed to us. Google may process this data on servers in the EU and the US under its Standard Contractual Clauses.
• RoeckNet Webhosting — serves the static files of this website and processes basic request logs (IP address, browser, requested URL, timestamp) on a short rolling retention window.

We do not sell, rent, or share your data with anyone for marketing purposes.

5. International transfers

Because our processors operate globally, your data may be processed outside the United Arab Emirates and outside the European Economic Area (in particular, the United States). Where this happens, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards offered by our processors.

6. How long we keep your data

• Inquiry data (form submissions and reply threads) — kept for up to 24 months after our last correspondence, unless you become a client. After that we delete it or anonymize it.
• Client data — kept for the duration of the engagement and up to 7 years afterwards to comply with UAE accounting and tax record-keeping requirements.
• Server logs — kept by our host on a rolling short retention window (typically 14–30 days).

You can ask us to delete your data sooner — see Section 7.

7. Your rights

Wherever you live, we will honor the following rights to the extent applicable to you under your local law (these are the rights granted by the EU/UK GDPR; they are also broadly consistent with the UAE Personal Data Protection Law and similar regimes):

• Access — request a copy of the data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure ("right to be forgotten") — ask us to delete your data, subject to our retention obligations.
• Restriction — ask us to pause processing while a question is resolved.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on our legitimate interests.
• Withdraw consent — where we rely on consent, withdraw it at any time.
• Complain to a supervisory authority — for example, the data protection regulator where you live, or the UAE Data Office if you are in the UAE.

To exercise any of these rights, email contact@esmhconsulting.com from the address you contacted us with. We aim to respond within 30 days.

8. Security

We use industry-standard precautions to protect your data: HTTPS everywhere, the minimum data set possible, access restricted to Max Roeck on a need-to-know basis, and reputable processors (Google) with their own security certifications. No system is perfectly secure, so we cannot guarantee absolute security, but we do our best.

9. Children

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time — for example, if we add a new processor or change how the form works. The "Last updated" date at the top will reflect the most recent change. Material changes that affect your rights will be flagged clearly on this page.

11. Contact

Questions about your privacy or this policy? Email contact@esmhconsulting.com.