Privacy Policy

1. INTRODUCTION

West Morgan (hereinafter referred to as “the Company,” “we,” “us,” or “our”) is deeply committed to protecting the privacy, security, and integrity of your personal information. As a globally operating institution providing high-level advisory, investment, and digital services, we recognize that trust is the foundation of our relationships with clients, partners, and users. This Privacy Policy (“Policy”) outlines our comprehensive approach to data protection, detailing how we collect, use, disclose, transfer, and safeguard your information in accordance with applicable international data protection laws and regulations.

This document serves as a transparent declaration of our data governance practices. It is designed to provide you with clear, precise, and accessible information regarding your rights and our obligations. By accessing our website located at westmorgan.group (the “Site”), utilizing our digital platforms, or engaging our services, you acknowledge that you have read and understood this Policy and agree to the practices described herein.

Our commitment extends beyond mere legal compliance; it reflects our institutional ethos of discretion, responsibility, and excellence. We adhere to the highest standards of global privacy compliance, ensuring that your data is handled with the utmost care, regardless of where you are located or where our operations reside. This Policy applies to all individuals whose personal data we process, including prospective and existing clients, investors, website visitors, vendors, and employees.

If you do not agree with any part of this Policy, you must immediately cease using our Site and Services. Continued use constitutes your explicit consent to the collection, use, and disclosure of your information as described in this document.

2. SCOPE OF POLICY

This Policy governs the processing of personal data by West Morgan across all our global operations, digital interfaces, and service delivery channels. It applies to:

Digital Platforms: Our primary website, client portals, mobile applications, and any other digital tools we deploy.
Advisory Services: Interactions related to investment advisory, wealth management, corporate structuring, and strategic consulting.
Transactional Activities: Data processed in connection with capital markets transactions, private equity investments, real estate developments, and other financial engagements.
Recruitment and Employment: Information collected from job applicants and current employees (subject to separate internal policies where applicable).
Third-Party Integrations: Data shared with or received from trusted partners, service providers, and regulatory bodies.

This Policy is intended to be universally applicable, reflecting our status as a borderless organization. However, specific provisions may vary slightly depending on the local laws of your jurisdiction (e.g., the European Union, United Kingdom, United States, Singapore, Switzerland). Where local law provides greater protection than this Policy, we will comply with the higher standard.

3. INFORMATION WE COLLECT

We collect various types of information to deliver our services effectively, maintain security, and comply with legal obligations. The categories of data we collect include:

3.1 Personal Data

“Personal Data” refers to any information that relates to an identified or identifiable natural person. This may include:

Identity Information: Full name, date of birth, nationality, passport or government-issued ID numbers, tax identification numbers.
Contact Information: Residential and business addresses, email addresses, telephone numbers (including mobile and secure messaging handles).
Professional Information: Job title, employer, industry sector, professional licenses, curriculum vitae, and background verification details.
Financial Information: Bank account details, credit history, source of funds, source of wealth, investment portfolio holdings, income levels, and net worth statements.
Family and Beneficiary Data: Information about family members, dependents, and beneficiaries relevant to estate planning or wealth structuring.

3.2 Technical Data

When you interact with our Site or digital platforms, we automatically collect technical information about your device and browsing activity. This includes:

Device Information: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and unique device identifiers.
Network Data: Login data, internet service provider details, and network connection type.
Location Data: Approximate geolocation data derived from your IP address or device settings (where permitted).

3.3 Usage Data

We monitor how you use our Site and Services to improve user experience and security. This includes:

Navigation Patterns: Pages visited, time spent on pages, clickstream data, scroll depth, and navigation paths.
Interaction Data: Files downloaded, videos watched, forms completed, and search queries entered on the Site.
Performance Metrics: Page response times, download errors, and length of visits to certain pages.

3.4 Communication Data

We retain records of our communications with you to ensure quality service and regulatory compliance. This includes:

Correspondence: Emails, letters, instant messages, and secure portal communications.
Call Records: Dates, times, and durations of phone calls; call recordings (where notified and legally permissible); and summaries of discussions.
Meeting Notes: Minutes from physical or virtual meetings, including video conference logs.

3.5 Transactional Data

For clients engaging in financial transactions, we collect data necessary to execute and record these activities:

Investment Details: Subscription agreements, redemption requests, trade confirmations, and settlement instructions.
Payment Information: Wire transfer details, credit card tokens (we do not store full credit card numbers), and billing addresses.
Contractual Documents: Signed engagement letters, non-disclosure agreements, and power of attorney documents.

3.6 Sensitive Personal Data

In certain circumstances, such as when conducting enhanced due diligence or providing specialized wealth structuring advice, we may collect “Sensitive Personal Data” (also known as Special Category Data). This may include information about your political opinions (for Politically Exposed Persons screening), religious beliefs (if relevant to ethical investment mandates), or health data (for insurance or succession planning). We only process such data with your explicit consent or where strictly required by law for anti-money laundering (AML) and know-your-customer (KYC) purposes.

4. HOW WE COLLECT INFORMATION

We employ a variety of methods to collect information, ensuring that our data gathering is transparent, lawful, and necessary for our operations.

4.1 Direct Interactions

You may provide us with your Personal Data directly through:

Form Submissions: Completing contact forms, inquiry requests, newsletter sign-ups, or account registration forms on our Site.
Correspondence: Communicating with us via email, telephone, post, or secure messaging platforms.
Client Onboarding: Providing documentation and information during the client intake, KYC, and due diligence processes.
Events: Attending webinars, conferences, or seminars hosted by West Morgan and providing your details for registration or networking.
Feedback: Submitting surveys, testimonials, or complaints.

4.2 Automated Technologies

As you navigate our Site, we use automated technologies to collect Technical and Usage Data. These include:

Cookies: Small text files placed on your device to track browsing activity and remember preferences. See Section 13 for more details.
Web Beacons and Pixels: Transparent graphic images used to monitor user behavior and email open rates.
Server Logs: Automatic recording of server requests made by your browser when visiting our Site.
Analytics Tools: Software solutions (e.g., Google Analytics, Adobe Analytics) that analyze traffic patterns and user engagement.

4.3 Third-Party Sources

We may receive Personal Data about you from various third-party sources to verify information, enhance our records, or comply with regulatory obligations. These sources include:

Public Registers: Government databases, corporate registries, land registry records, and court filings.
Screening Providers: Commercial databases used for AML, sanctions, and PEP screening (e.g., World-Check, Dow Jones).
Financial Institutions: Banks, custodians, and broker-dealers involved in your transactions.
Professional Advisors: Lawyers, accountants, and tax consultants acting on your behalf.
Credit Reference Agencies: Entities that provide creditworthiness and identity verification data.
Social Media Platforms: Information you make publicly available or authorize us to access via social media integrations.
Data Aggregators: Licensed data providers who supply demographic and firmographic data for business intelligence.

5. LAWFUL BASIS FOR PROCESSING (GDPR-ALIGNED)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar data protection frameworks, we process your Personal Data only when we have a valid lawful basis under applicable laws. Our lawful bases include:

5.1 Consent

We rely on your explicit consent when:

Sending you marketing communications (newsletters, event invitations).
Processing Sensitive Personal Data (e.g., for specific ethical investment mandates).
Placing non-essential cookies on your device. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5.2 Contractual Necessity

Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes:

Managing your client account and providing advisory services.
Executing investment transactions and processing payments.
Providing access to client portals and digital tools.
Responding to your specific inquiries and service requests.

5.3 Legal Obligation

Processing is necessary for compliance with a legal obligation to which the Company is subject. This includes:

Conducting AML, KYC, and Counter-Terrorist Financing (CTF) checks.
Reporting to tax authorities (e.g., FATCA, CRS).
Responding to regulatory inquiries, subpoenas, or court orders.
Maintaining statutory records for audit and compliance purposes.

5.4 Legitimate Interests

Processing is necessary for the purposes of the legitimate interests pursued by West Morgan or a third party, provided these interests are not overridden by your rights and freedoms. Our legitimate interests include:

Security and Fraud Prevention: Protecting our Site, systems, and clients from cyber threats, fraud, and unauthorized access.
Business Development: Analyzing market trends, improving our services, and developing new products (provided no direct marketing is sent without consent).
Network and Information Security: Ensuring the ability of our networks and systems to resist accidental events or unlawful acts.
Corporate Governance: Managing internal administrative functions, risk management, and internal investigations.
Client Relationship Management: Maintaining accurate records of our interactions to provide consistent and high-quality service.

Where we rely on legitimate interests, we conduct a balancing test to ensure your rights are respected. You have the right to object to processing based on legitimate interests in certain circumstances.

6. HOW WE USE YOUR INFORMATION

We use the information we collect for specific, defined purposes that align with our business objectives and legal obligations. These purposes include:

Service Delivery: To provide, manage, and administer the financial, advisory, and digital services you have requested.
Client Onboarding: To verify your identity, assess your eligibility for certain services, and conduct mandatory due diligence checks.
Transaction Execution: To process investments, transfers, payments, and other financial transactions accurately and securely.
Communication: To respond to your inquiries, provide updates on your accounts, and send important notices regarding our Services or changes to our terms.
Marketing and Promotion: To send you information about our services, market insights, events, and news that may be of interest to you (subject to your consent where required).
Personalization: To tailor your experience on our Site and within our Services, such as remembering your preferences and displaying relevant content.
Security and Fraud Detection: To monitor for suspicious activity, prevent fraud, and protect the integrity of our systems and data.
Regulatory Compliance: To fulfill our legal and regulatory obligations, including reporting to authorities and maintaining audit trails.
Research and Analytics: To analyze usage trends, measure the effectiveness of our campaigns, and improve our products and services.
Legal Proceedings: To establish, exercise, or defend our legal rights in connection with actual or potential litigation, arbitration, or regulatory investigations.

We strive to ensure that the data we use is accurate, up-to-date, and limited to what is necessary for the purposes for which it is processed (data minimization).

7. DATA SHARING AND DISCLOSURE

West Morgan does not sell your Personal Data to third parties. We may share your information only in the following specific circumstances and with strict contractual safeguards in place:

7.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf. These providers are contractually obligated to protect your data and use it only for the purposes specified by us. Examples include:

Technology Partners: Cloud hosting providers, IT support, cybersecurity firms, and software vendors.
Administrative Support: Document storage, mailing services, and transcription services.
Professional Advisors: External legal counsel, auditors, tax consultants, and compliance specialists.
Payment Processors: Banks and payment gateways facilitating financial transactions.
Marketing Agencies: Firms assisting with email delivery, event management, and analytics (under strict data processing agreements).

7.2 Regulatory Authorities and Law Enforcement

We may disclose your Personal Data to government agencies, regulators, law enforcement bodies, or courts if required by law, regulation, legal process, or governmental request. This includes disclosures to:

Financial intelligence units for AML/CTF reporting.
Tax authorities for compliance with FATCA, CRS, and local tax laws.
Securities regulators for oversight and examination purposes.
Law enforcement agencies in response to valid subpoenas, warrants, or court orders.

7.3 Corporate Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, or sale of assets, your Personal Data may be transferred as part of that transaction. We will require the successor entity to honor the commitments made in this Policy, or provide you with notice before your data is transferred and becomes subject to a different privacy policy.

7.4 Affiliates

We may share your data with our affiliated entities (subsidiaries, parent companies, and sister companies) globally to facilitate internal administrative functions, risk management, and consolidated reporting. All affiliates are bound by this Policy and applicable data protection laws.

7.5 With Your Consent

We may share your data with other third parties when you have explicitly consented to such disclosure. For example, introducing you to a potential investment partner or sharing your details with a specific service provider at your request.

8. INTERNATIONAL DATA TRANSFERS

As a global organization, West Morgan operates across multiple jurisdictions. Consequently, your Personal Data may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your jurisdiction.

8.1 Cross-Border Safeguards

We are committed to ensuring that your data receives an adequate level of protection wherever it is processed. To achieve this, we implement robust safeguards in accordance with international standards:

Standard Contractual Clauses (SCCs): For transfers from the EEA, UK, or Switzerland to countries without an adequacy decision, we utilize the European Commission’s approved SCCs or equivalent contractual mechanisms.
Binding Corporate Rules (BCRs): Where applicable, we adhere to internal global policies approved by relevant regulators that govern intra-group data transfers.
Adequacy Decisions: We prioritize transferring data to countries recognized by the European Commission and other authorities as providing an adequate level of data protection.
Certification Mechanisms: We may rely on certified frameworks such as the EU-US Data Privacy Framework for transfers involving the United States.

8.2 Compliance with Applicable Laws

All international data transfers are conducted in strict compliance with applicable data protection laws, including GDPR Chapter V, the UK GDPR, and relevant local statutes. We regularly review our transfer mechanisms to ensure they remain valid and effective in light of evolving legal landscapes and regulatory guidance.

By using our Services, you acknowledge and consent to the transfer of your Personal Data to our facilities and service providers located worldwide, including in the United States, United Kingdom, European Union, Singapore, Switzerland, and other jurisdictions where we operate.

9. DATA SECURITY MEASURES

The security of your Personal Data is paramount to us. We have implemented comprehensive administrative, technical, and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, destruction, or loss.

9.1 Administrative Safeguards

Policies and Procedures: We maintain strict internal data protection policies and procedures that govern how employees and contractors handle data.
Training: Regular training programs are conducted for all staff to ensure awareness of data privacy principles, security best practices, and incident response protocols.
Access Controls: Access to Personal Data is restricted to authorized personnel on a “need-to-know” basis. Roles and permissions are regularly reviewed and updated.
Vendor Management: We conduct rigorous due diligence on all third-party service providers and require them to adhere to strict security standards through contractual agreements.

9.2 Technical Protections

Encryption: Data is encrypted both in transit (using TLS/SSL protocols) and at rest (using advanced encryption standards like AES-256).
Firewalls and Intrusion Detection: Our networks are protected by state-of-the-art firewalls, intrusion detection systems, and anti-malware solutions.
Multi-Factor Authentication (MFA): Access to sensitive systems and client portals requires MFA to prevent unauthorized login attempts.
Regular Audits: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and remediate potential weaknesses.
Backup and Recovery: Robust backup procedures and disaster recovery plans are in place to ensure data availability and integrity in the event of a system failure or cyber-attack.

9.3 Organizational Controls

Data Protection Officer (DPO): We have appointed a DPO responsible for overseeing our data protection strategy and compliance.
Incident Response Team: A dedicated team is ready to respond swiftly to any data breach or security incident, following a well-defined incident response plan.
Physical Security: Our physical offices and data centers are secured with access controls, surveillance systems, and environmental protections.

While we strive to use commercially acceptable means to protect your Personal Data, please note that no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we implement strong secure data handling practices, we cannot guarantee absolute security.

10. DATA RETENTION

We retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

10.1 Retention Criteria

Our retention periods are determined based on:

Purpose Fulfillment: The duration needed to provide our Services and maintain our relationship with you.
Legal Obligations: Statutory requirements for retaining records (e.g., tax laws typically require 7–10 years; AML laws often require 5–7 years post-relationship).
Statute of Limitations: The time frame within which legal claims could be brought against us or by us.
Regulatory Guidelines: Specific retention mandates imposed by financial regulators.

10.2 Deletion and Anonymization

Once the retention period expires, or if the data is no longer necessary for the original purpose, we will securely delete or anonymize your Personal Data. Anonymized data, which cannot be linked back to you, may be retained indefinitely for statistical analysis and research purposes.

If you request the deletion of your data (see Section 11), we will comply unless we have a legal obligation to retain it. In such cases, we will inform you of the reason for retention.

11. YOUR RIGHTS

Depending on your jurisdiction, you may have certain rights regarding your Personal Data. We are committed to facilitating the exercise of these rights in a timely and transparent manner.

11.1 Right of Access

You have the right to request confirmation of whether we hold your Personal Data and, if so, to obtain a copy of that data along with information about how it is being processed.

11.2 Right to Rectification

If you believe that your Personal Data is inaccurate or incomplete, you have the right to request that we correct or update it. We will take reasonable steps to verify the accuracy of the new information before making changes.

11.3 Right to Erasure (“Right to be Forgotten”)

In certain circumstances, you have the right to request the deletion of your Personal Data. This applies if the data is no longer necessary, if you withdraw consent (where consent was the basis), or if the processing is unlawful. Note that this right is not absolute and may be overridden by legal obligations (e.g., AML records).

11.4 Right to Restriction of Processing

You may request that we restrict the processing of your Personal Data in specific situations, such as when you contest the accuracy of the data or object to the processing pending verification of legitimate grounds.

11.5 Right to Data Portability

Where technically feasible and where processing is based on consent or contract, you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

11.6 Right to Object

You have the right to object to the processing of your Personal Data based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for this purpose immediately.

11.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

11.8 Right to Lodge a Complaint

If you believe that our processing of your Personal Data violates applicable data protection laws, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, CNIL in France, or FTC in the US).

To exercise any of these rights, please contact our Data Protection Officer at investor@westmorgan.com. We aim to respond to all valid requests within one month, though this period may be extended for complex requests as permitted by law. We may need to verify your identity before fulfilling your request to ensure security.

12. COOKIES AND TRACKING TECHNOLOGIES

Our Site uses cookies and similar tracking technologies to enhance user experience, analyze traffic, and personalize content.

12.1 Types of Cookies

Essential Cookies: Necessary for the Site to function properly (e.g., security, login sessions). These cannot be disabled.
Performance/Analytics Cookies: Collect anonymous information about how visitors use the Site (e.g., page views, bounce rates) to help us improve performance.
Functionality Cookies: Remember your choices (e.g., language, region) to provide enhanced features.
Targeting/Advertising Cookies: Used to deliver relevant advertisements and limit the number of times you see an ad. These are often set by third parties.

12.2 Managing Cookies

You can control and/or delete cookies through your browser settings. Most browsers allow you to refuse all cookies or accept only certain types. Please note that disabling cookies may affect the functionality of our Site and limit your ability to access certain features.

For more detailed information on our use of cookies, please refer to our separate Cookie Policy available on our Site.

13. THIRD-PARTY LINKS

Our Site may contain links to third-party websites, applications, or services that are not owned or controlled by West Morgan. These links are provided for your convenience and do not constitute an endorsement of the third party.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. This Policy applies solely to information collected by West Morgan.

14. CHILDREN’S DATA

Our Services are not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected Personal Data from a child without parental consent, we will take immediate steps to delete such information and terminate the account if applicable. If you believe a child has provided us with Personal Data, please contact us immediately at investor@westmorgan.com.

15. UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any changes will be posted on this page with an updated “Last Updated” date.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If we make material changes that affect your rights or obligations, we will notify you directly (e.g., via email or a prominent notice on our Site) prior to the changes becoming effective.

Continued use of our Site and Services after any modifications indicates your acceptance of the revised Policy.

16. CONTACT INFORMATION

We value your feedback and questions regarding this Policy and our data practices. If you have any concerns, requests, or wish to exercise your rights, please contact our Data Protection Office:

West Morgan Data Protection Office
Attention: Data Protection Officer (DPO)
Email: investor@westmorgan.com
General Inquiries: investor@westmorgan.com
Compliance Hotline: investor@westmorgan.com
Mailing Address:
1100 New York Avenue NW, Suite 500
Washington, D.C. 20005
United States of America

For users in the European Economic Area, our representative can be contacted at:
West Morgan EU Representative
[Address to be inserted if specific EU rep is appointed, otherwise generic statement:]
Representative services provided in accordance with GDPR Article 27.