We take the privacy, including the security, of personal information we hold about you seriously. This privacy notice is designed to inform you about how we collect personal information about you and how we use that personal information. You should read this privacy notice carefully so that you know and can understand why and how we use the personal information we collect and hold about you.

We may issue you with other privacy notices from time to time, including when we collect personal information from you. This privacy notice is intended to supplement these and does not override them.

We may update these privacy notices from time to time. This version was last updated on 09/12/2025.

Who we are and how to contact us

We are STLR Advisory Limited, trading as Sillion, a company registered in England and Wales with company number 16276234 and registered address at Office 43, 1000 Lakeside, North Harbour, Portsmouth, Hampshire PO6 3EZ, United Kingdom. In this privacy notice, we will refer to ourselves as ‘Sillion’, ‘we’, ‘us’ or ‘our’.

We are the Data Controller of the personal information we collect, hold and use about you, as explained in this notice.

This notice describes situations where we act as controller of your information (for our website, CRM, and marketing). In some client engagements, we may process information as a processor on behalf of our clients, in which case we act on their instructions and their own privacy information will apply.

You can contact us in any of the following ways:

• by calling us on +44 20 3858 7800;

• by emailing us at privacy@sillion.co.uk; or

• by writing to us at Office 43, 1000 Lakeside, North Harbour, Portsmouth, Hampshire PO6 3EZ, United Kingdom.

Contents

On this page, you will find our:

• Website & CRM Privacy Notice

• US Privacy Addendum

• Cookie Policy

Website & CRM Privacy Notice

1.  Scope of this notice

This notice covers how we collect and process information about:

• visitors to our websites (including www.sillion.co.uk);

• prospects and customers whose details we maintain in our customer relationship management (CRM) system;

• individuals who receive our updates, attend our events or webinars, or otherwise interact with us online or offline.

For staff and candidates, please refer to our Staff Privacy Notice (UK).

2. How we collect your information

We collect information directly from you when you contact us, attend events or webinars, complete forms, communicate with us by email or phone.

We may also receive information from Publicly available sources (e.g. Companies House, LinkedIn, professional networking sites), as well as referrers and partners.

3. Information we collect

Depending on your interactions with us, we may collect and process:

• Identity and contact: name, role, employer, work email, phone, postal address.

• Engagement information: enquiry details, meeting notes, event and webinar attendance, newsletter preferences.

• Transactional and billing information: proposals, statements of work, invoices, payment status.

• Website and technical data: device and browser information, IP address, pages viewed, referring source, cookie identifiers, and similar technologies (see our Cookie Policy below).

We do not intentionally collect special‑category data via the website or CRM. If you choose to send such information to us, we may minimise or delete it.

4. Purposes and legal bases

When we process your information pursuant to this Policy, we do so for the following purposes, relying on the stated lawful bases:

• Responding to enquiries; preparing and performing contracts: Contract, or Legitimate interests (providing and improving our service)

• Providing services and managing relationships: Contract, or Legitimate interests (providing and improving our services)

• Running our websites, ensuring security, measuring usage, and improving content: Legitimate interests (site operation and security), or Consent (for non-essential cookies)

• CRM, pipeline management, and customer success: Legitimate interests (efficient B2B operations and service quality)

• Direct B2B marketing to corporate subscribers about similar services; light segmentation to stay relevant: Legitimate interests with opt-out (PECR-compliant)

• Email marketing to individuals; event invitations: Consent (withdraw any time)

• Legal, accounting, tax and compliance: Legal obligation, or Legitimate interests (establish/exercise/defend legal claims)

Where we rely on consent, you can withdraw it at any time via unsubscribe links or by contacting us.

5. Marketing choices and profiling

We aim to keep messages relevant and infrequent.

We may use limited segmentation and lead scoring in our CRM to tailor content (e.g. sector, role, prior engagement) to keep communications relevant. This does not produce decisions with legal or similarly significant effects, and is reviewed by people. You can opt out of marketing and/or profiling at any time.

6. Recordings (client calls, webinars, and training)

We may record certain online meetings or events for internal reference, training, and quality purposes. Recordings may capture your name, image, voice, and chat contributions.

• Legal basis: Legitimate interests (running and improving services) or consent where requested.

• Sharing: Internal only. We do not distribute recordings or transcripts to attendees or partners.

• Retention: 24 months, then deletion, unless we need a specific file longer for a legal claim or contractual issue.

7. Who we share your information with

We may disclose information with:

• IT and SaaS providers supporting our websites, CRM, email, conferencing, analytics, and hosting;

• Professional advisers (legal, tax, insurance) and auditors;

• Regulators and law-enforcement agencies where required;

• Potential acquirers and/or assignees in the context of a corporate transaction.

All providers operate under written data-processing terms with appropriate security and transfer safeguards.

8. International transfers

Some providers may process data outside the UK/EEA. Where this occurs, we use recognised safeguards such as adequacy decisions, UK/EU Standard Contractual Clauses, and any required transfer risk assessments, and we restrict onward transfers contractually.

9. Cookies and similar technologies

We use necessary cookies and, with your consent, analytics and marketing cookies.

• necessary cookies to operate the site;

• analytics cookies (with consent) to understand usage;

• marketing cookies (with consent) when campaigns are active.

For details, see our Cookie Policy.

10. Retention

We apply purpose‑based retention, and then delete or irreversibly anonymise:

• Website enquiries and sales lead: Retained for 18 months from the last meaningful interaction.

• CRM marketing records: Retained for 24 months from the last meaningful interaction (or until you opt out).

• Contract, billing, and financial records: Retained for 7 years after the end of the financial year.

• Website analytics records: Retained for 14 months (or your tool’s configured period).

• Security logs: Retained for 12 months.

• Recordings (client calls, webinars, training): Retained for 24 months.

11. Your rights

You may exercise your rights to access, rectify, erase, restrict, object (including to direct marketing), and request data portability. To exercise these rights, please email privacy@sillion.co.uk.

You may complain to the Information Commissioner’s Office (ICO) at any time – though we would appreciate the chance to respond first.

12. Security

We apply technical and organisational measures appropriate to risk, including access controls, encryption in transit, least‑privilege administration, vendor due diligence, monitoring and logging, training.

13. Children

Our services are intended for business audiences and customers. We do not knowingly collect children’s data.

14. Changes to this notice

We will update this notice when our processing changes and will note the effective date at the top. Archival copies are available on request.

US Privacy Addendum

1.  Scope

This Addendum applies to residents of US states with comprehensive privacy laws. We collect:

• identifiers (name, work email);

• professional information;

• site usage data;

• limited inferences for segmentation.

Purposes include providing services, analytics, security, and direct B2B outreach.

2. Selling, Sharing & Targeted Advertising

We do not “sell” or “share” personal information as those terms are defined in US state privacy laws, and we do not engage in targeted advertising at this time. If this changes, we will:

• update this Addendum, and

• provide a prominent “Do Not Sell/Share or Target” link.

We do not use or disclose sensitive personal information for purposes that would require a “Limit Use of Sensitive Personal Information” link.

3. US Consumer Rights

Subject to state law, you may have rights to access your personal information, correct inaccuracies, delete your information, obtain a portable copy, opt out of sale/share/targeted advertising, object to certain profiling, and appeal our response.

4. How to exercise rights

Email privacy@sillion.co.uk with “US Privacy Request” in the subject line. We may need to verify your identity (and, where relevant, the authority of an authorised agent).

5. Non-discrimination

We will not discriminate against you for exercising your rights.

Cookie Policy

1.  Overview

We use necessary cookies to operate the site and, with your consent:

• analytics cookies;

• marketing cookies (if campaign tools are active).

You may update your preferences at any time via the “Cookie settings” link in the site footer.

2. Technologies used

We use cookies, pixel tags/web beacons, local storage, SDKs, server logs, device and browser identifiers.

3. Categories

• Strictly necessary: core site functions. These are set on the basis of our legitimate interests and do not require consent.

• Analytics:  performance and usage measurement. Generally retained for approximately 14 months.

• Marketing: campaign measurement and retargeting. These will be off unless you consent.

4. Managing cookies

You may control cookies via the cookie banner, the footer Cookie settings link, or your browser settings. Please note that blocking all cookies may impact site functionality.

5. Live cookie list

Our consent platform maintains a real-time cookie inventory, including name, provider, purpose, and expiry. This updates automatically as our tools and configurations change.

6. Changes

We will update this Cookie Policy if our use of cookies or similar technologies changes.