Changoo & Associates
Strategic Structuring. Disciplined Execution
Changoo & Associates
Strategic Structuring. Disciplined Execution

DATA SECURITY & PRIVACY GOVERNANCE

Confidentiality, Security & Privacy Policy

Effective Date: August 15, 2025

This Confidentiality, Security & Privacy Policy (“Policy”) describes how Changoo & Associates (“C&A,” “we,” “our,” or “us”) collects, uses, discloses, safeguards, and retains information in connection with our website www.changooandassociates.com (the “Site”) and our professional advisory activities. By using the Site or otherwise providing information to us, you consent to the practices described in this Policy.

1) Scope & Role

This Policy applies to information processed:

  • via the Site (including contact and subscription forms);
  • in email communications, event participation, and meeting coordination;
  • in client onboarding and business development activities;
  • in employment, contractor, and recruitment processes.

For the purposes of applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the EU/UK GDPR, C&A acts as the data controller of personal information collected through the Site and in connection with its advisory activities.

2) Categories of Information We Collect

We may collect the following categories of information:

Personal Identifiers & Contact Data
Name, title, employer, email address, telephone number, and mailing address.

Professional / Business Information
Company details, sector, and information related to mandates or project parameters.

Application Data (Candidates / Contractors)
Curriculum vitae (CV), qualifications, references, and eligibility information.

Technical & Usage Data
IP address, device identifiers, browser type, pages viewed, timestamps, and analytics data (see Section 9).

Voluntary Submissions
Survey responses, event registrations, newsletter subscriptions, and materials you provide.

Information may be collected directly from you, from publicly available sources (e.g., corporate registries), from service providers (where lawful), and through automated technologies such as cookies and analytics tools.

3) Purposes & Legal Bases for Processing

We use information to:

  • respond to inquiries and coordinate communications;
  • provide advisory services, including mandate evaluation and institutional readiness support;
  • operate, maintain, and improve the Site (performance, security, and analytics);
  • communicate updates, thought leadership, and event invitations (subject to opt-out);
  • assess candidates and contractors;
  • comply with legal and regulatory obligations, including KYC, AML, sanctions screening, and recordkeeping.

Where applicable, legal bases for processing include consent, contractual necessity, legitimate interests (such as service quality, security, and business development), and compliance with legal obligations.

4) Disclosures & Transfers

We do not sell personal information and do not share it for cross-context behavioural advertising.

We may disclose information to:

  • Service Providers (e.g., IT hosting, CRM, analytics, compliance vendors), subject to confidentiality and data-processing obligations;
  • Professional Advisors (e.g., legal counsel, auditors);
  • Financial institutions or counterparties, where appropriate in connection with a mandate and subject to confidentiality;
  • Regulatory or governmental authorities, where required by law;
  • Successors or assigns, in connection with a corporate transaction, subject to continued protections.

As a global advisory firm, information may be transferred across jurisdictions. We implement appropriate safeguards to protect personal information in cross-border transfers.

5) Confidentiality & Information Security

We maintain administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, or alteration, including:

  • role-based access controls and least-privilege principles;
  • encryption of data in transit;
  • vendor risk assessments and contractual safeguards;
  • workforce confidentiality obligations and awareness training.

No system is entirely secure, and we cannot guarantee absolute security. Users are encouraged to maintain appropriate safeguards on their own systems.

6) Data Retention

We retain information only for as long as necessary to fulfill the purposes described in this Policy, including:

  • provision of services and maintenance of business records;
  • compliance with legal, tax, audit, and regulatory obligations;
  • dispute resolution and enforcement of agreements.

Retention periods vary based on the nature of the information and applicable legal requirements. Information is securely deleted or anonymized when no longer required.

7) Your Choices & Rights

Marketing Communications
You may opt out of non-essential communications at any time via unsubscribe mechanisms or by contacting us.

Subject to applicable law, you may have rights to:

  • access your personal information;
  • request correction of inaccurate data;
  • request deletion (subject to legal limitations);
  • restrict or object to processing;
  • withdraw consent (where applicable);
  • request data portability (where applicable).

Requests may be directed to: [email protected]
You may also have the right to lodge a complaint with a relevant supervisory authority (e.g., the Office of the Privacy Commissioner of Canada or applicable EU/UK authorities).

8) Children’s Privacy

Our Site and services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe such information has been provided, please contact us to request deletion.

9) Cookies & Analytics

We use cookies and similar technologies to operate the Site and understand usage patterns.

  • Cookies enable functionality and improve performance;
  • Users may manage cookie preferences through browser settings;
  • Certain features may be limited if cookies are disabled.

We may use analytics providers (e.g., Google Analytics) that process usage data subject to their own privacy policies. Where required, consent mechanisms are implemented.

10) Third-Party Links

The Site may contain links to third-party websites. We are not responsible for their privacy practices. Users should review applicable policies before providing information.

11) Legal Compliance & Compelled Disclosures

We may disclose information where reasonably necessary to:

  • comply with applicable laws or legal processes;
  • enforce our agreements or protect our rights;
  • prevent fraud, security incidents, or technical issues;
  • protect the safety of individuals or the public.

12) Changes to This Policy

We may update this Policy periodically. Material changes will be reflected by an updated effective date. Continued use of the Site constitutes acceptance of such changes.

13) Contact

Changoo & Associates
Toronto, Ontario, Canada
📧 [email protected]