STONE & CO
UNIFIED PRIVACY & COOKIE POLICY
Last updated: June 2026
This policy explains how Stone & Co ("we", "us", "our") collects, protects, and uses your information when you use stoneadvisory.co.uk, complete our online tools, or correspond with us. We’ve kept this in plain English. If you have any questions, email us at hello@stoneadvisory.co.uk.
1. Who We Are
Stone & Co is a trading name of Enablematic Consulting Agency Ltd, registered in England and Wales (Company No: 16695138). Our registered office is First Floor Office, 3 Hornton Place, London, W8 4LZ. We operate as a data controller and are registered with the Information Commissioner's Office (ICO). For data matters, contact Byron Stone at hello@stoneadvisory.co.uk.
2. Information We Collect & Why We Use It
Under the UK GDPR, we only process your personal data where we have a clear legal basis to do so. The following table maps our data activities, processing purposes, and corresponding legal grounds:
What We Do / Collect
Why We Do It
Our Lawful Basis
Direct Inquiries & Tools:
To generate, review, and
Performance of a contract,
What We Do / Collect
Why We Do It
Our Lawful Basis
Name, contact details, and core business metrics (sector, bed capacity, revenue, EBITDA) entered into our Valuation Calculator or Exit Readiness Audit.
deliver your custom financial diagnostic report or indicative valuation.
or taking necessary steps prior to entering into a contract.
Insights & Newsletters: Email address submitted via subscription boxes or tool forms.
To keep in touch with sector founders and send relevant care market updates, transaction insights, or regional trends.
Legitimate interests (with a clear option to opt out or unsubscribe instantly at any time).
Automated Diagnostics: Calculation logic applied to your submitted financial data inputs.
To provide immediate, automated advisory baseline metrics. Every report is verified by a human partner before final confirmation.
Legitimate interests (ensuring the right to request direct human intervention or contest the output).
Legal Compliance & Defense: Historical engagement data, identity records, and business documentation.
To comply with statutory anti-money laundering frameworks or defend against prospective legal claims.
Legitimate interests (ensuring the right to request direct human intervention or contest the output).
We do not sell your personal data under any circumstances, nor do we transfer it to third parties to facilitate external marketing activities.
3. How We Use Cookies
Cookies are small text files placed on your device to store data. We maintain a minimal cookie footprint to preserve site performance and visitor privacy:
Essential Cookies (Always Active): These cookies are strictly necessary for basic operations. They securely manage GoHighLevel form multi-step submissions and ensure smooth platform performance as you browse between pages.
Analytics Cookies (Google Analytics 4): With your consent via continued site usage, we use GA4 with IP-anonymisation active to evaluate aggregated web traffic patterns (such as page popularity and exit points). This data is completely anonymous and cannot be used to identify you personally. Google acts as a data processor on our behalf. You can block or remove these cookies at any time via your browser's security settings.
4. Data Sharing & International Transfers
We restrict data sharing to trusted third-party service providers essential to running our business infrastructure. This includes our front-end website host (Framer) and our central CRM and transaction pipeline system (GoHighLevel). Because these infrastructure networks safely utilize global servers, some data processing occurs in regions outside the UK (including the United States). We safeguard these transfers using approved mechanisms, including UK-approved Standard Contractual Clauses (SCCs) and the UK Extension to the EU-US Data Privacy Framework.
5. Data Security & Retention
We treat proprietary business and founder data with strict security. We enforce rigid access controls and secure encryption layers for data in transit. Your records are only retained as long as commercially necessary:
Audit & Calculator Inputs: Retained for up to 3 years following your last active interaction before deletion or total anonymisation.
Newsletter Records: Kept active until an explicit unsubscribe request is submitted.
Formal Client Engagement Records: Retained for a post-engagement period of 6 years to satisfy commercial and UK tax compliance mandates.
6. Your Rights
Under UK data protection law, you possess explicit rights regarding your personal information. You have the right to request a copy of your stored data, correct any structural inaccuracies, request complete account erasure ("the right to be forgotten"), restrict active processing, or object to direct outreach. To trigger any of these statutory rights, email Byron Stone directly at hello@stoneadvisory.co.uk. We will address your request within one calendar month. If you believe our processing infringes upon your rights, you have the right to lodge an official complaint with the Information Commissioner's Office (ico.org.uk).
Insights for the people on the owner's side of the table.
Occasional notes from Stone & Co on the M&A market - valuations, the decisions that define what comes next, and the opportunities most firms never surface. Written for owners and acquirers, not for the inboxes.
No spam. unsubscribe anytime. We don't share lists.
Independent M&A advisory for owner-managed businesses and ambitious acquirers. UK and Europe.
Stay Close to The Market
To hear about latest deals and insights, subscribe.