Consumer Privacy Act Notice

Privacy Policy and Consumer Rights Combined Notice

Effective Date: June 2025

Crestwood Asset Management (CIM) Group Advisors, Inc. (“CIM,” “we,” or “the Company”) respects and values client privacy and data protection. This document combines requirements under the California Consumer Privacy Act (CCPA/CPRA) and the European Union General Data Protection Regulation (GDPR/DSGVO), detailing how we collect, use, share, and protect client personal information, as well as the rights clients enjoy under U.S. and EU regulations.

Part One: California Consumer Privacy Act Notice (CCPA/CPRA Notice)

1. Scope

This section applies to California residents and residents of other states with similar privacy laws. It supplements our general privacy policy to ensure CIM’s compliance with U.S. legal obligations.

2. Categories of Personal Information We Collect

In the past 12 months, we may have collected the following categories of information:

  • Identifiers: Name, mailing address, email, phone number, government-issued IDs.
  • Financial Information: Bank account details, investment accounts, transaction records, investment goals, risk preferences, asset status.
  • Compliance Information: Anti-money laundering (KYC/AML) documents, tax residency, beneficial ownership information.
  • Technical Information: Cookies, IP addresses, device identifiers, website usage data.
  • Professional and Educational Information: Necessary background details for wealth planning and investment advisory.

We do not collect information unrelated to business or excessively sensitive data unless required by law or regulation.

3. How We Use This Information

Your personal information may be used to:

  • Provide investment advisory and asset management services;
  • Comply with legal and regulatory requirements (including NFA, SEC, FinCEN, IRS, etc.);
  • Conduct compliance and risk control, KYC/AML reviews;
  • Monitor and improve client experience and website functionality;
  • Communicate investment updates, policy changes, and legal or regulatory notices.

4. Information Sharing and Disclosure

We do not sell or rent personal information. Information may be disclosed to:

  • Custodians and executing parties: To complete investment transactions, shared with custodians, brokers, auditors as necessary;
  • Regulatory authorities: Disclosed as required by law (e.g., NFA, SEC, FinCEN, BaFin, FINMA);
  • Service providers: IT systems, compliance, and legal support providers under contractual obligations prohibiting data misuse;
  • Internal compliance: Shared within the group as necessary for unified compliance and client management.

5. Consumer Rights (Under CCPA/CPRA)

Under California law, you have the following rights:

  • Right to Know: Request disclosure of categories, sources, uses, and sharing of personal information collected in the past 12 months.
  • Right of Access: Access specific personal information we hold about you.
  • Right to Delete: Request deletion of personal information subject to legal exceptions.
  • Right to Correct: Request correction of inaccurate or incomplete information.
  • Right to Opt-Out of Sale or Sharing: We do not sell personal information; if this changes, opt-out mechanisms will be provided.
  • Right to Non-Discrimination: Exercising privacy rights will not result in discrimination in price, service quality, or treatment.

6. How to Exercise Your Rights

You can exercise your privacy rights through the following channels:

  • 📧 Email: support@cimga.ltd

We will respond to your request within 45 days. If additional time is needed, we will notify you with reasons.

7. Data Retention and Security

  • Data is retained typically for 5–7 years to meet regulatory and contractual requirements;
  • Expired data is securely deleted or anonymized;
  • We implement encryption, access controls, and compliance audits to ensure data security.

8. Policy Updates

We may update this notice due to legal changes or business adjustments. The latest version will be posted on our official website with the effective date indicated.

Part Two: European Union Consumer Privacy Notice (GDPR/DSGVO Notice)

1. Scope

This section applies to residents of the European Union and European Economic Area (EEA) and complies with the General Data Protection Regulation (GDPR) and Germany’s Federal Data Protection Act (DSGVO).

2. Categories of Personal Data We Collect

  • Identity Information: Name, address, identification documents, contact details;
  • Financial Information: Investment accounts, wealth planning data, risk assessment;
  • Compliance Information: KYC/AML documents, tax residency, anti-money laundering data;
  • Technical Information: Cookies, IP addresses, access logs;
  • Special Category Data: Collected only when required by AML or legal obligations, with additional protections.

3. Purposes of Use

  • Provide investment advisory and wealth management services;
  • Comply with MiFID II, BaFin, GDPR, and other legal requirements;
  • Conduct risk assessments, compliance reviews, and regulatory reporting;
  • Improve client service and communication.

4. Data Transfers and Cross-Border Processing

  • Data may be stored on secure servers in the U.S. and EU;
  • Cross-border transfers are protected by Standard Contractual Clauses (SCCs) or equivalent legal mechanisms;
  • We commit not to use EU client data for unauthorized commercial purposes.

5. Consumer Rights (Under GDPR/DSGVO)

  • Right of Access: Review personal data we hold;
  • Right to Rectification: Correct inaccurate or incomplete data;
  • Right to Erasure (“Right to be Forgotten”): Request deletion subject to legal exceptions;
  • Right to Restrict Processing: Limit use of your data;
  • Right to Data Portability: Export data in a structured format;
  • Right to Object: Object to processing based on legitimate interests or direct marketing;
  • Right to Lodge Complaint: File complaints with local data protection authorities (e.g., German BfDI).

6. Data Retention and Security

  • Data is retained typically for 5–10 years to comply with legal and regulatory requirements;
  • Data protection is ensured through encryption, minimal access principles, and regular compliance audits.

7. Contact Information

  • 📧 Email:support@cimga.ltd

Final Statement

Crestwood Asset Management (CIM) Group Advisors, Inc. is committed to strict compliance with CCPA/CPRA and GDPR/DSGVO data protection requirements under the dual regulatory frameworks of the U.S. and EU, providing transparent, compliant, and sustainable privacy protection and wealth management services to all clients.