Changoo & Associates
Strategic Capital. Disciplined Execution
Changoo & Associates
Strategic Capital. Disciplined Execution

DATA SECURITY & PRIVACY COMPLIANCE

Confidentiality, Security & Privacy Policy

(Effective Date: August 15, 2025)

This Confidentiality, Security & Privacy Policy (“Policy”) explains how Changoo & Associates (“C&A,” “we,” “our,” or “us”) collects, uses, discloses, safeguards, and retains information in connection with our website www.changooandassociates.com (the “Site”) and our professional activities. By using the Site or otherwise providing information to us, you consent to the practices described in this Policy.

1) Scope & Role

This Policy applies to information we process:

  • via the Site (including contact and subscription forms);
  • in email exchanges, event participation, and meeting scheduling;
  • in client onboarding and business development;
  • in employment/contractor applications and recruitment.

For the purposes of Canadian privacy law (PIPEDA) and, where applicable, the EU/UK GDPR, C&A is the data controller of personal information collected through the Site and in our advisory activities.

2) Categories of Information We Collect

  • Personal Identifiers & Contact Data: name, title, employer, email, phone, postal address.
  • Professional/Business Information: company, sector, mandate/project details, financing parameters.
  • Application Data (Candidates/Contractors): CV/resumé, qualifications, references, and eligibility.
  • Technical & Usage Data: IP address, device identifiers, browser type, pages viewed, timestamps, and cookies/analytics data (see §9).
  • Voluntary Submissions: survey responses, event registrations, newsletter opt-ins, uploaded materials.

We collect information directly from you, from public sources (e.g., corporate registries), from service providers (e.g., background/sanctions screening where lawful), and through automated means (cookies/analytics).

3) Purposes & Legal Bases for Processing

We use information to:

  • Respond to inquiries, schedule discussions, and manage relationships;
  • Provide Services, including mandate evaluation, investor readiness, funding management, and execution support;
  • Operate & Improve the Site (performance, security, troubleshooting, analytics);
  • Communicate thought leadership, event invitations, and updates (you can opt out at any time);
  • Recruit and assess candidates/contractors;
  • Comply with legal/RegTech obligations (KYC/AML/sanctions, recordkeeping, court orders).

Legal bases (where applicable): your consent; contractual necessity; legitimate interests (e.g., service quality, information security, business development); legal obligations.

4) Disclosures & Transfers

We do not sell personal information, and we do not share it for cross-context behavioural advertising.

We may disclose information to:

  • Service Providers (IT hosting, email/CRM, analytics, compliance/KYC vendors) are bound by confidentiality and data-processing obligations;
  • Professional Advisors (legal, auditors) under confidentiality;
  • Financial Institutions or Counterparties, where necessary, to pursue a mandate you request and subject to appropriate confidentiality;
  • Authorities, when legally required (e.g., subpoenas, sanctions compliance);
  • A successor in connection with a corporate transaction, subject to continued protections.

As a global firm, data may be transferred to jurisdictions outside your own. We implement appropriate safeguards (e.g., contractual clauses, due diligence on processors) to protect personal information in cross-border transfers.

5) Confidentiality & Information Security

We maintain administrative, technical, and physical controls designed to protect information against unauthorized access, loss, misuse, or alteration, including:

  • principle of least privilege and role-based access;
  • encrypted transport for data in transit;
  • vendor risk assessments and contractual security obligations;
  • workforce confidentiality undertakings and awareness training.

No system is completely secure. We cannot guarantee absolute security; you are encouraged to implement your own protective measures (e.g., updated operating systems, antivirus, strong authentication).

6) Data Retention

We retain information only for as long as necessary to fulfill the purposes stated in this Policy (and compatible purposes), including:

  • to provide requested services and maintain business records;
  • to comply with legal, tax, audit, and regulatory obligations;
  • to resolve disputes and enforce agreements.
    Retention periods vary by record type and jurisdiction; when no longer needed, data is securely deleted or anonymized.

7) Your Choices & Rights

Email & Marketing: You may opt out of non-essential communications at any time via the unsubscribe link or by contacting us.

Subject to applicable law, you may have rights to:

  • Access your personal information and obtain a copy;
  • Rectify inaccuracies;
  • Delete/Erase (subject to legal exceptions);
  • Restrict or object to processing;
  • Withdraw consent (for consent-based processing);
  • Portability (structured, commonly used, machine-readable format, where applicable).

To exercise rights, contact [email protected]. We will respond in accordance with applicable timelines. You may also have the right to lodge a complaint with your supervisory authority (e.g., Office of the Privacy Commissioner of Canada; in the EEA/UK, your local Data Protection Authority).

8) Children’s Privacy

The Site and our services are not directed to individuals under 18. We do not knowingly collect data from children. If you believe a child has provided information, please contact us to request deletion.

9) Cookies & Analytics

We use cookies and similar technologies to operate the Site and to understand usage patterns.

  • Cookies help remember preferences and improve performance. You may manage cookies via browser settings; some features may be limited if cookies are disabled.
  • We may use analytics tools (e.g., Google Analytics) that collect IP addresses, device/browser data, and usage metrics. Analytics providers process this data subject to their own privacy terms. Where required, we implement consent banners or opt-out mechanisms.

10) Third-Party Links

The Site may link to external websites. We are not responsible for the privacy practices of those third parties. Review their policies before providing information.

11) Legal Compliance & Compelled Disclosures

We may disclose information where we believe in good faith that such disclosure is necessary to:
(a) comply with law, regulation, legal process, or enforceable governmental request;
(b) enforce our agreements or protect our legal rights;
(c) detect, prevent, or address fraud, security, or technical issues; or
(d) protect users or the public from harm.

12) Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page with an updated effective date. Your continued use of the Site after changes take effect constitutes acceptance.

13) Contact

Changoo & Associates
Toronto, Ontario, Canada
[email protected]