Privacy Policy

Privacy Policy

Effective date: 30 March 2026
Last updated: 30 March 2026

At Corcoran Advisory (“we”, “us”, “our”), we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose and protect personal data when you use our website, contact us, engage us for services, or otherwise interact with us.

We process personal data in accordance with the General Data Protection Regulation and applicable Irish data protection law. Under GDPR transparency rules, individuals must be told in clear and accessible language what data is collected, why it is collected, the legal basis relied upon, who receives it, how long it is kept, and what rights they have.

1. Who we are

Corcoran Advisory is a Cork-based advisory practice providing financial advisory, transaction support, restructuring and insolvency services.

Data Controller: Corcoran Advisory / Orlem Limited
Registered address: 4 Holbar House, East Village, Douglas, Cork, Ireland T12 X300
Email: info@corcoranadvisory.ie
Phone: +353 21 245 1210

If you have any questions about this Privacy Policy or how we use your personal data, you can contact us using the details above.

2. What personal data we may collect

We may collect and process the following categories of personal data:

• identity data, such as your name, job title, company name, and professional details;
• contact data, such as your email address, phone number, postal address, and correspondence details;
• enquiry data, such as information you provide when you contact us through our website, by email, by phone, or in person;
• client and engagement data, including information required to provide professional services;
• compliance data, including identity verification, anti-money laundering, know-your-client, and due diligence information where applicable;
• financial and transaction data, including billing details, payment information, and records relating to work carried out;
• technical data, such as IP address, browser type, device information, and website usage information;
• marketing and communications data, such as your preferences in receiving communications from us.

In some engagements, we may also process personal data relating to directors, shareholders, employees, creditors, debtors, guarantors, investors, counterparties, or other stakeholders where that is necessary for the professional services we provide.

3. How we collect personal data

We may collect personal data:

• directly from you when you contact us, instruct us, meet us, or provide documents or information;
• from your company, advisers, or representatives;
• from publicly available sources, such as the CRO, company websites, public registers, court records, or published announcements;
• from third parties involved in a matter or transaction, such as accountants, solicitors, lenders, investors, insolvency stakeholders, service providers, or regulators;
• automatically through your use of our website, including through cookies and similar technologies where applicable.

4. Why we use your personal data

We may use personal data for the following purposes:

• to respond to enquiries and communicate with you;
• to assess whether we can act for you or your business;
• to provide professional services;
• to carry out conflict checks, client onboarding, identity verification, AML and other regulatory checks;
• to administer, manage and perform client engagements;
• to prepare proposals, engagement letters, reports, analyses, and other deliverables;
• to manage billing, payments and accounts;
• to operate, maintain and improve our website and services;
• to send relevant business communications where permitted;
• to establish, exercise or defend legal claims;
• to comply with legal, regulatory and professional obligations.

5. Legal bases for processing

Under GDPR, organisations must identify the lawful basis relied upon for each type of processing. The DPC also notes that this should be explained transparently in the privacy information given to individuals.

We may rely on one or more of the following legal bases:

Performance of a contract
Where processing is necessary to take steps at your request before entering into a contract, or to perform a contract for professional services.

Legal obligation
Where processing is necessary to comply with legal or regulatory obligations, including obligations relating to taxation, anti-money laundering, professional regulation, court processes, and statutory record keeping.

Legitimate interests
Where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These legitimate interests may include:

• managing and operating our business efficiently;
• responding to enquiries and developing client relationships;
• carrying out conflict checks and engagement administration;
• maintaining records of work undertaken;
• protecting our business, systems and website;
• preventing fraud and misuse;
• establishing, exercising or defending legal claims.

Consent
Where we rely on consent, for example for certain marketing communications or non-essential cookies, you may withdraw that consent at any time. Under Irish DPC cookie guidance, consent for non-essential cookies must be validly obtained and cannot be based on pre-ticked boxes or equivalent defaults.

6. Who we may share personal data with

We may share personal data where necessary with:

• professional advisers, including solicitors, accountants, tax advisers, and insurers;
• IT, software, cloud storage, website hosting, email and administrative service providers;
• banks, lenders, investors, counterparties and other transaction stakeholders;
• courts, tribunals, regulators, statutory bodies, law enforcement agencies, and tax authorities;
• insolvency stakeholders, including creditors, directors, shareholders, employees, petitioners, process advisers, and other officeholders where relevant;
• any third party where disclosure is necessary to provide services, comply with law, or protect legal rights.

We require service providers acting on our behalf to handle personal data appropriately and only where necessary.

7. International transfers

Some of our service providers may process personal data outside the European Economic Area. Where this happens, we will take appropriate steps to ensure the personal data is protected in accordance with applicable law, including by relying on adequacy decisions or appropriate safeguards recognised under GDPR. GDPR transparency rules require individuals to be informed where international transfers take place and what safeguards are used.

8. How long we keep personal data

We will keep personal data only for as long as necessary for the purpose for which it was collected, including to satisfy legal, regulatory, tax, insurance, accounting, professional and reporting requirements. The DPC guidance states that retention periods, or the criteria used to determine them, should be explained in privacy information.

Retention periods may vary depending on the nature of the relationship and the work involved, but in general:

• website enquiry data may be retained for 12–24 months;
• client engagement files may be retained for 6–7 years or longer where required;
• AML / due diligence records may be retained for the period required by law;
• billing, tax and accounting records may be retained for the period required by law;
• marketing records may be retained until you unsubscribe or object, and for a reasonable period thereafter to maintain suppression records;
• technical and cookie data may be retained in accordance with our cookie settings and website provider arrangements.

We may retain data for longer where necessary to deal with complaints, disputes, claims, regulatory matters, or legal obligations.

9. Your rights

Under GDPR, individuals have a number of rights in relation to their personal data, including the rights of access, rectification, erasure, restriction, objection, and, in some cases, portability. Individuals also have the right to withdraw consent where processing is based on consent, and to lodge a complaint with the Data Protection Commission.

Subject to applicable law, you may have the right to:

• request access to the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request erasure of your personal data;
• request restriction of processing;
• object to processing carried out on the basis of legitimate interests;
• request data portability, where applicable;
• withdraw consent at any time, where consent is the basis relied upon;
• lodge a complaint with the Irish Data Protection Commission.

To exercise any of these rights, please contact us at info@corcoranadvisory.ie.

You also have the right to make a complaint to the Data Protection Commission if you believe your data protection rights have been infringed. The DPC is Ireland’s supervisory authority for data protection matters.

10. Cookies and website tracking

Our website may use cookies and similar technologies to ensure the website functions properly, improve performance, understand website usage, and support certain features.

Some cookies are strictly necessary for the operation of the website. Others, such as analytics or marketing cookies, are not strictly necessary and should only be used where valid consent has been obtained. The DPC’s guidance requires clear and comprehensive information about the technologies used and their purposes, and makes clear that pre-checked boxes or toggles do not amount to valid consent.

For more detailed information, please see our Cookie Policy, or manage your preferences through our cookie banner/settings tool.

11. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. The DPC guidance emphasises that organisations should regularly review the personal data they hold and the safeguards in place to protect it.

However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

12. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those third-party sites. We encourage you to read their privacy policies before providing personal data to them.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or the way we process personal data. The Irish DPC states that privacy policies should be treated as dynamic documents and reviewed regularly.

Any updates will be posted on this page, and the “Last updated” date will be revised accordingly.