Privacy Policy

Last Updated: November 18, 2025

This Privacy Policy explains how [Company Name], an asset management company (“we”, “us”, or “our”), collects, uses, discloses, and safeguards your personal information in connection with our investment advisory, portfolio management, and related services. By engaging our services, you consent to the practices described in this policy.

1. Information We Collect

1.1 Personal Information

We may collect the following categories of personal information:

• Full name, date of birth, gender, and nationality
• Contact details (address, email, telephone number)
• Government-issued identification (e.g., passport, driver’s license, national ID)
• Tax identification number (e.g., SSN, TIN)
• Bank account and payment information
• Employment and income details
• Investment objectives, risk tolerance, and financial circumstances

1.2 Non-Personal Information

We may also collect non-personally identifiable information, such as:

• IP address, browser type, device information
• Website usage data (pages visited, time spent, referral sources)
• Aggregate portfolio performance metrics (de-identified)

2. How We Use Your Information

2.1 Primary Purposes

We use your information to:

• Provide investment advisory and portfolio management services
• Open and administer client accounts
• Conduct know-your-customer (KYC) and anti-money laundering (AML) checks
• Comply with legal and regulatory obligations
• Communicate with you regarding your accounts and services
• Prepare and file tax documentation

2.2 Secondary Purposes (with consent where required)

• Send periodic market updates and educational materials
• Improve our services and website functionality
• Conduct internal analytics and risk assessments

3. Legal Basis for Processing

Depending on applicable law (e.g., GDPR, CCPA), our processing is based on one or more of the following grounds:

• Performance of a contract (e.g., managing your portfolio)
• Compliance with legal obligations (e.g., regulatory reporting)
• Legitimate interests (e.g., fraud prevention, service improvement)
• Your explicit consent (e.g., for marketing communications)

4. Sharing of Information

4.1 Third Parties We Share With

We may disclose your information to the following categories of recipients:

Recipient Category	Purpose of Disclosure	Examples
Service Providers	Operational support	Custodians, prime brokers, administrators, IT vendors
Regulatory Authorities	Legal compliance	SEC, FINRA, HMRC, local financial regulators
Affiliates	Group-wide services (subject to safeguards)	Parent companies, subsidiaries offering complementary services
Professional Advisors	Legal, tax, or compliance support	External legal counsel, auditors, consultants

4.2 Cross-Border Transfers

Your information may be transferred to, and processed in, countries outside your jurisdiction of residence—including the United States, the United Kingdom, Singapore, and Switzerland—where data protection laws may differ. We implement appropriate safeguards (e.g., Standard Contractual Clauses, Binding Corporate Rules) to protect your data in such cases.

5. Data Security

5.1 Technical and Organizational Measures

We maintain robust safeguards to protect your data, including:

• Encryption of data at rest and in transit (TLS 1.3+, AES-256)
• Multi-factor authentication for system access
• Regular security assessments and penetration testing
• Role-based access controls and audit logging
• Secure data destruction policies

5.2 Incident Response

In the unlikely event of a data breach involving your personal information, we will notify you and relevant authorities as required by law, without undue delay.

6. Retention of Information

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Retention Periods by Category

• Client identification & KYC data: 5 years after relationship ends (or longer per local law)
• Transaction & account records: 7 years post-closure
• Marketing preferences: Until consent is withdrawn or 2 years of inactivity
• Website logs: 12 months (unless needed for security investigations)

7. Your Rights and Choices

7.1 Subject to applicable law, you may have the right to:

• Access your personal information
• Correct inaccurate or incomplete data
• Request erasure of your data (“right to be forgotten”)
• Restrict or object to processing
• Data portability (receive your data in a structured, machine-readable format)
• Withdraw consent (where processing is consent-based)

7.2 How to Exercise Your Rights

To submit a request, contact our Data Protection Officer at: privacy@[companyname].com or by postal mail at our registered office address. We will respond within 30 days (extendable by 60 days for complex requests).

Verification Process

To protect your privacy, we will verify your identity before fulfilling any request. This may require government-issued ID and proof of address.

Note on Investment-Related Data

Certain requests (e.g., erasure) may be limited where retention is necessary for regulatory compliance (e.g., SEC Rule 204-2), legal claims, or completion of ongoing transactions.

8. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The “Last Updated” date at the top will indicate revisions. Continued use of our services constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact:

Data Protection Officer
[Company Name]
[Registered Office Address]
Email: privacy@[companyname].com
Phone: [+XX XXX XXXX XXX]

You also have the right to lodge a complaint with your local data protection authority.