Privacy Policy

Last Updated: March 2, 2026

1. INTRODUCTION AND COMMITMENT TO DATA PROTECTION

BroadNorth (“we,” “us,” “our,” or the “Firm”), founded in 1998 and headquartered in Washington, United States, is a global investment and private banking group serving institutional investors, sovereign entities, ultra-high-net-worth individuals, family offices, and corporate groups. We recognize that the protection of personal data is fundamental to maintaining the trust and confidence of our clients, partners, and stakeholders. In an era of increasing digital complexity and cross-border regulatory scrutiny, BroadNorth remains steadfast in its commitment to the highest standards of data privacy, security, and governance.

This Privacy Policy (the “Policy”) outlines our comprehensive framework for the collection, use, storage, disclosure, and protection of personal information in connection with our website located at www.broadnorth.com (the “Site”), our institutional asset management activities, cross-border wealth structuring services, capital markets advisory, and private banking operations. It reflects our adherence to applicable global data protection laws, including but not limited to the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Personal Data Protection Act (PDPA) of Singapore, and other relevant international privacy frameworks.

Our approach to data privacy is rooted in the principles of transparency, accountability, and discretion. We do not treat personal data as a commodity; rather, we view it as a confidential asset entrusted to our care, subject to rigorous administrative, technical, and physical safeguards. This Policy is designed to provide you with clear, precise, and authoritative information regarding our data practices, ensuring that you understand your rights and our obligations under the complex web of international regulations that govern our operations.

By accessing this Site, engaging with our services, or providing us with your personal information, you acknowledge that you have read and understood this Policy and agree to the practices described herein. If you do not agree with any part of this Policy, you must immediately discontinue your use of the Site and refrain from providing any personal information to BroadNorth.

2. SCOPE OF THIS PRIVACY POLICY

This Policy applies to all personal information processed by BroadNorth in the course of its global operations, regardless of the channel through which such information is collected. Specifically, this Policy covers:

Website Users: Individuals who access, browse, or interact with the Site, including visitors seeking general information about our firm, strategies, and capabilities.
Prospective Clients: Institutional investors, family office representatives, sovereign wealth fund officials, and qualified high-net-worth individuals who express interest in our services or initiate contact through the Site or other channels.
Institutional Partners and Counterparties: Representatives of custodians, prime brokers, legal counsel, audit firms, technology providers, and other professional entities with whom we engage in the course of business.
Clients: Individuals and entities with whom we have entered into formal agreements for asset management, advisory, or private banking services.
Employees and Contractors: While specific internal policies govern employee data, certain aspects of this Policy may apply to contractors and temporary personnel interacting with our external systems.
Digital Communications: Information exchanged via email, secure messaging platforms, video conferencing tools, and other electronic means in connection with our business activities.

This Policy does not apply to information collected by third-party websites, applications, or services that may be linked to or accessible from our Site. We encourage you to review the privacy policies of any third-party sites you visit, as we are not responsible for their data practices.

Furthermore, this Policy is supplementary to any specific privacy notices, engagement letters, or contractual agreements that may govern the processing of your data in the context of a specific service or transaction. In the event of any conflict between this Policy and a specific agreement, the terms of the specific agreement shall prevail to the extent of the conflict, provided such terms comply with applicable law.

3. CATEGORIES OF PERSONAL INFORMATION COLLECTED

BroadNorth collects various categories of personal information necessary to conduct our business, comply with regulatory obligations, and serve our clients effectively. The specific types of data we collect depend on the nature of your interaction with us, your jurisdiction, and the services you seek. We categorize the personal information we collect as follows:

A. Personal Identification Data

Full name, title, and professional designation.
Date of birth and place of birth (where required for identity verification).
Government-issued identification numbers (e.g., passport number, national ID, tax identification number).
Contact information, including residential and business addresses, telephone numbers, and email addresses.
Citizenship and residency status.

B. Professional and Financial Information

Employment history, current position, and employer details.
Professional licenses and regulatory registrations.
Source of wealth and source of funds documentation.
Bank account details, wire transfer instructions, and custody account information.
Investment portfolio holdings, transaction history, and performance data.
Credit reports and financial statements (where applicable and authorized).
Net worth and liquidity certifications.

C. Compliance and Due Diligence Data

Know Your Customer (KYC) and Anti-Money Laundering (AML) documentation.
Sanctions screening results and politically exposed person (PEP) declarations.
Risk tolerance assessments and suitability questionnaires.
Background check reports and reference checks.
Signed agreements, disclosures, and consent forms.

D. Technical and Device Information

Internet Protocol (IP) address and domain name.
Browser type, version, and language settings.
Operating system and device type (e.g., desktop, mobile, tablet).
Unique device identifiers and advertising IDs.
Network connection information and internet service provider details.

E. Usage Data

Pages visited on the Site and time spent on each page.
Clickstream data, including links clicked and navigation paths.
Search queries entered on the Site.
Dates and times of access.
Referral URLs and exit pages.
Interaction with emails and digital communications (e.g., open rates, click-through rates).

F. Communications Data

Content of emails, letters, and other correspondence sent to or received from BroadNorth.
Records of telephone calls (which may be recorded for compliance and quality assurance purposes where permitted by law).
Transcripts of meetings, video conferences, and voice messages.
Feedback, inquiries, and complaints submitted through the Site or other channels.

We do not knowingly collect sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) unless strictly necessary for compliance with legal obligations (e.g., diversity reporting where mandated) or with your explicit consent. If such data is collected, it will be subject to enhanced protections and processing limitations.

4. METHODS OF DATA COLLECTION

BroadNorth collects personal information through a variety of methods, ensuring that data is obtained lawfully, fairly, and transparently. Our primary methods of collection include:

A. Direct Interactions

You may provide personal information directly to us when you:

Complete contact forms or inquiry forms on the Site.
Subscribe to our newsletters, market commentary, or research reports.
Register for webinars, conferences, or industry events hosted or sponsored by BroadNorth.
Communicate with us via email, telephone, or secure messaging platforms.
Submit job applications or career inquiries.
Engage in face-to-face meetings or video conferences with our representatives.

B. Client Onboarding and Regulatory Compliance Procedures

When you become a client or prospective client, we collect extensive personal information as part of our mandatory onboarding and due diligence processes. This includes:

Completing KYC, AML, and Counter-Terrorist Financing (CTF) forms.
Providing certified copies of identification documents and proof of address.
Disclosing source of wealth and source of funds.
Undergoing sanctions and PEP screening.
Signing investment management agreements, subscription documents, and risk disclosures.

These procedures are essential for verifying your identity, assessing your eligibility for our services, and complying with global financial crime regulations. Failure to provide this information may result in our inability to establish or maintain a business relationship with you.

C. Automated Technologies

As you navigate the Site, we automatically collect certain technical and usage data through cookies, web beacons, log files, and similar tracking technologies. This data helps us understand how users interact with the Site, optimize its performance, and enhance security. For more detailed information on our use of cookies, please refer to Section 12 of this Policy.

D. Third-Party Sources

We may receive personal information about you from legitimate third-party sources, including but not limited to:

Publicly available databases and government registries.
Credit reporting agencies and financial data providers.
Sanctions lists and watchlists maintained by governmental and international bodies.
Professional references and introducers.
Affiliated entities and partner institutions (where permitted by law and contract).
Data brokers and marketing list providers (strictly for B2B institutional outreach where compliant).

We ensure that any third-party source from which we obtain data is reputable and has the legal right to disclose such information to us. We cross-reference this data with our internal records to ensure accuracy and completeness.

5. LAWFUL BASES FOR PROCESSING (GDPR-ALIGNED)

For individuals located in the European Economic Area (EEA), the United Kingdom, and other jurisdictions with similar data protection laws, BroadNorth processes personal data only when we have a valid lawful basis to do so. Our lawful bases for processing include:

A. Consent

We rely on your explicit consent for specific processing activities, such as sending marketing communications, subscribing to newsletters, or collecting certain types of sensitive data. You have the right to withdraw your consent at any time, though this may affect our ability to provide certain services.

B. Contractual Necessity

Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes processing data for client onboarding, account administration, trade execution, portfolio management, and reporting.

C. Legal Obligation

Processing is necessary for compliance with a legal obligation to which BroadNorth is subject. This includes obligations under AML/CTF laws, tax reporting requirements (e.g., FATCA, CRS), sanctions regulations, and record-keeping mandates imposed by financial regulators.

D. Legitimate Interests

Processing is necessary for the purposes of the legitimate interests pursued by BroadNorth or a third party, provided such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:

Fraud prevention and network security.
Internal administrative and operational efficiency.
Client relationship management and service improvement.
Marketing and business development (subject to opt-out rights).
Risk management and internal audit.

E. Vital Interests and Public Task

In rare circumstances, processing may be necessary to protect the vital interests of an individual or for the performance of a task carried out in the public interest or in the exercise of official authority vested in BroadNorth (where applicable).

We document our lawful bases for each processing activity and regularly review them to ensure ongoing compliance. If you wish to understand the specific lawful basis relied upon for a particular processing activity, please contact us using the details provided in Section 16.

6. PURPOSES OF PROCESSING

BroadNorth processes personal information for specific, explicit, and legitimate purposes aligned with our business objectives and regulatory obligations. These purposes include:

Client Onboarding and Verification: To verify your identity, assess your eligibility for our services, and conduct mandatory due diligence (KYC/AML) in accordance with global financial crime standards.
Service Delivery and Administration: To manage your accounts, execute transactions, administer portfolios, calculate fees, and provide regular reporting on investment performance.
Regulatory Compliance: To comply with applicable laws, regulations, court orders, and requests from regulatory authorities, including tax reporting, sanctions screening, and audit requirements.
Risk Management: To monitor and manage financial, operational, legal, and reputational risks associated with our business activities and client relationships.
Capital Markets Advisory: To provide strategic advice, structuring solutions, and market insights tailored to your specific needs and objectives.
Cross-Border Structuring: To facilitate complex international transactions, entity formations, and wealth transfer strategies across multiple jurisdictions.
Communication: To respond to your inquiries, provide updates on our services, send relevant market commentary, and invite you to exclusive events.
Security and Fraud Prevention: To protect the integrity of our systems, prevent unauthorized access, detect and investigate fraudulent activities, and ensure the safety of your data.
Business Development: To identify potential clients, analyze market trends, and develop new products and services that meet the evolving needs of institutional investors.
Internal Operations: To train staff, improve internal processes, conduct performance evaluations, and maintain accurate business records.

We do not process personal data for purposes incompatible with those listed above without obtaining your further consent or establishing a new lawful basis as required by law.

7. DATA SHARING AND DISCLOSURE

BroadNorth treats your personal information with the utmost confidentiality. However, to operate effectively as a global investment firm and comply with regulatory requirements, we may need to share your data with specific categories of recipients. We ensure that any sharing of data is governed by strict contractual obligations and confidentiality agreements. We may disclose your personal information to:

A. Regulatory Authorities and Government Bodies

We are required by law to disclose personal information to regulatory agencies, tax authorities, law enforcement bodies, and courts in response to lawful requests, subpoenas, court orders, or investigations. This includes reporting suspicious activities under AML/CTF regulations and fulfilling tax reporting obligations under FATCA and the Common Reporting Standard (CRS).

B. Affiliated Entities and Subsidiaries

We may share data with our affiliated companies, subsidiaries, and branch offices located in various jurisdictions (e.g., Zurich, Singapore, Hong Kong) to facilitate global service delivery, centralized risk management, and consolidated reporting. Such transfers are conducted under strict internal data governance policies.

C. Service Providers and Processors

We engage third-party service providers to perform functions on our behalf, such as:

Custodians and prime brokers for asset safekeeping and trade settlement.
Technology vendors for cloud hosting, cybersecurity, and software maintenance.
Legal counsel, auditors, and tax advisors for professional advice and compliance reviews.
Data analytics firms for market research and client insights.
Communication platforms for secure messaging and video conferencing.

These providers are contractually obligated to process data only on our instructions, maintain strict confidentiality, and implement appropriate security measures. They are prohibited from using your data for their own purposes.

D. Counterparties and Transaction Participants

In the course of executing transactions, we may need to share limited personal information with counterparties, clearing houses, exchanges, and settlement agents to facilitate the trade and ensure proper recording of ownership.

E. Successors and Assigns

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred to the successor entity as part of the transaction. We will require the successor to honor the commitments made in this Policy, subject to applicable law.

We do not sell, rent, or lease your personal information to third parties for their marketing purposes. Any disclosure of data is strictly limited to what is necessary for the specified purpose and is conducted in compliance with applicable data protection laws.

8. INTERNATIONAL DATA TRANSFERS

As a global investment firm, BroadNorth operates across multiple jurisdictions, including the United States, Europe, Asia, and the Middle East. Consequently, your personal information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your jurisdiction.

We are committed to ensuring that your data receives an adequate level of protection regardless of where it is processed. To safeguard international data transfers, we implement the following measures:

Standard Contractual Clauses (SCCs): Where transfers are made from the EEA or UK to countries without an adequacy decision, we utilize the European Commission’s approved Standard Contractual Clauses to bind the recipient to EU-level data protection standards.
Binding Corporate Rules (BCRs): Where applicable, we rely on approved Binding Corporate Rules for intra-group transfers within the BroadNorth organization.
Adequacy Decisions: We prioritize transferring data to countries recognized by the European Commission and other relevant authorities as providing an adequate level of data protection.
Derogations: In specific situations, we may rely on derogations provided by law, such as your explicit consent, the necessity for the performance of a contract, or important reasons of public interest.

By providing us with your personal information, you acknowledge and consent to the transfer of your data to the United States and other jurisdictions where our operations are located, understanding that these transfers are protected by the safeguards described above. You have the right to request a copy of the specific safeguards we have implemented for international transfers by contacting us.

9. DATA SECURITY MEASURES

BroadNorth employs a robust, multi-layered security framework designed to protect your personal information against unauthorized access, alteration, disclosure, destruction, and loss. Our security measures are commensurate with the sensitivity of the data and the evolving threat landscape. They include:

A. Administrative Safeguards

Comprehensive data governance policies and procedures.
Regular employee training on data privacy, security awareness, and phishing prevention.
Strict access controls based on the principle of least privilege.
Background checks for employees and contractors with access to sensitive data.
Incident response plans and business continuity protocols.
Regular audits and assessments of our security posture.

B. Technical Protections

End-to-end encryption for data in transit (using TLS/SSL protocols) and at rest (using AES-256 encryption).
Multi-factor authentication (MFA) for all internal systems and client portals.
Advanced firewalls, intrusion detection/prevention systems (IDS/IPS), and anti-malware solutions.
Regular vulnerability scanning and penetration testing by independent third parties.
Secure coding practices and application security testing.
Data loss prevention (DLP) tools to monitor and prevent unauthorized data exfiltration.

C. Physical Security

Secure data centers with biometric access controls, 24/7 surveillance, and environmental controls.
Restricted access to offices and server rooms.
Secure disposal of physical documents and electronic media.

D. Cybersecurity Monitoring

24/7 Security Operations Center (SOC) monitoring for real-time threat detection and response.
Log management and analysis to identify suspicious activities.
Regular updates and patching of software and systems to address known vulnerabilities.

While we strive to implement industry-leading security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to continuously improving our defenses and responding promptly to any security incidents. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant regulatory authorities in accordance with applicable law.

10. DATA RETENTION

BroadNorth retains personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Our retention periods are determined based on the following criteria:

Legal and Regulatory Obligations: We are required to retain certain records for minimum periods prescribed by law, such as AML/CTF records (typically 5-7 years after the end of the relationship), tax records, and financial reporting documents.
Contractual Necessity: We retain data for the duration of our contractual relationship with you and for a reasonable period thereafter to handle any post-termination matters, disputes, or claims.
Operational Necessity: We retain data as long as it is needed for legitimate business purposes, such as historical analysis, trend reporting, and service improvement.
Statute of Limitations: We may retain data for the duration of the applicable statute of limitations for legal claims.

Once the retention period expires, or if the data is no longer needed for any legitimate purpose, we will securely delete or anonymize the information in accordance with our data destruction policies. Anonymized data, which cannot be linked back to you, may be retained indefinitely for statistical and research purposes.

If you wish to know the specific retention period applicable to your data, please contact us.

11. INDIVIDUAL RIGHTS

Depending on your jurisdiction, you may have certain rights regarding your personal information. BroadNorth is committed to facilitating the exercise of these rights in accordance with applicable law. Your rights may include:

Right of Access: You have the right to request confirmation of whether we hold your personal data and to obtain a copy of such data, along with information about how it is processed.
Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure (“Right to be Forgotten”): In certain circumstances, you have the right to request the deletion of your personal data, subject to legal exceptions (e.g., regulatory retention requirements).
Right to Restriction of Processing: You have the right to request the restriction of processing your data under specific conditions, such as while accuracy is being verified.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible.
Right to Object: You have the right to object to the processing of your data for direct marketing purposes or based on legitimate interests, unless we demonstrate compelling legitimate grounds for the processing.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
California-Specific Rights: Residents of California may have additional rights under the CCPA/CPRA, including the right to know what personal information has been sold or shared, the right to opt-out of the sale/sharing of personal information, and the right to non-discrimination for exercising these rights. BroadNorth does not sell personal information as defined by the CCPA.

To exercise any of these rights, please submit a written request to us using the contact details provided in Section 16. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request to ensure the security of your data. Please note that these rights are not absolute and may be subject to exemptions under applicable law, particularly where compliance would interfere with our legal obligations or the rights of others.

12. COOKIES AND TRACKING TECHNOLOGIES

Our Site uses cookies and similar tracking technologies to enhance user experience, analyze site traffic, and ensure security. Cookies are small text files stored on your device when you visit a website. We use the following types of cookies:

Strictly Necessary Cookies: Essential for the Site to function properly, enabling basic functions like page navigation and access to secure areas. These cookies cannot be disabled.
Performance and Analytics Cookies: Help us understand how visitors interact with the Site by collecting anonymous information about pages visited, time spent, and errors encountered. This data is used to improve site performance.
Functionality Cookies: Allow the Site to remember choices you make (such as language preference) to provide enhanced, personalized features.
Targeting and Advertising Cookies: Used to deliver relevant advertisements and limit the number of times you see an ad. These are typically placed by advertising networks with our permission.

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of the Site. For more information on how to manage cookies, please consult your browser’s help documentation.

We also use web beacons (pixel tags) in our emails and on the Site to track open rates and click-through rates, helping us improve our communication strategies. You can opt-out of these tracking mechanisms by unsubscribing from our emails or adjusting your browser settings.

13. CONFIDENTIALITY OF COMMUNICATIONS

Please be aware that communications sent to or from BroadNorth via the internet, including email, may not be secure or encrypted unless explicitly stated otherwise. We recommend that you do not send confidential, proprietary, or sensitive personal information (such as account numbers, passwords, or financial data) to us via unencrypted email.

BroadNorth provides secure communication channels (e.g., encrypted client portals, secure file transfer protocols) for the exchange of sensitive information once a formal relationship has been established. Until such secure channels are in place, any information you transmit to us via the Site or standard email is considered non-confidential to the extent permitted by law, and you assume the risk of interception or unauthorized access.

We employ encryption and other security measures for internal communications and data storage, but we cannot guarantee the security of data transmitted over public networks. If you have concerns about the security of a communication, please contact us immediately to arrange a secure method of transmission.

14. CHILDREN’S DATA

Our services and the Site are not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). BroadNorth does not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take immediate steps to delete such information and terminate the account if applicable. If you believe that a child has provided us with personal information, please contact us immediately.

15. UPDATES TO THIS PRIVACY POLICY

BroadNorth reserves the right to update, amend, or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or regulatory guidance. Any changes will be effective immediately upon posting the revised Policy on the Site with an updated “Last Updated” date.

We encourage you to review this Policy periodically to stay informed of our data protection practices. Your continued use of the Site or our services after any changes to this Policy constitutes your acceptance of the revised terms. If material changes are made that significantly affect your rights, we will endeavor to provide you with prominent notice via email or a notice on our homepage, where feasible and required by law.

16. CONTACT INFORMATION

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your rights, please contact our Data Protection Officer or Compliance Department using the following details:

BroadNorth Attention: Data Protection Officer / Compliance Department Email: cmc@broadnorth.com Website: www.broadnorth.com Headquarters: Washington, United States

We are committed to resolving any complaints or inquiries promptly and fairly. If you are located in the EEA or UK and believe that we have not resolved your concern satisfactorily, you have the right to lodge a complaint with your local data protection supervisory authority.