Privacy Policy

Privacy Policy

Crestwood Asset Management (CIM) Group Advisors, Inc.
Effective Date: September 2021

1. Information We Collect

When you use our website or establish a business relationship with us, we may collect the following categories of information:

  • Identity Information: Name, address, email, phone number, identification documents.
  • Financial Information: Account details, investment objectives, risk preferences, asset status.
  • Compliance Information: KYC/AML documents, tax residency, information required under regulatory obligations.
  • Technical Information: Cookies, IP address, browser details, website usage data.

2. How We Use This Information

We may use your personal information to:

  • Provide investment management and wealth advisory services;
  • Fulfill legal and regulatory obligations (such as SEC, NFA, FinCEN, GDPR, MiFID II requirements);
  • Improve our website and client experience;
  • Send you important updates related to our services;
  • Conduct risk monitoring and compliance audits.

3. Information Sharing

We do not sell or rent your personal data to unrelated third parties. Information may be shared under the following circumstances:

  • With custodians, brokers, and auditors to execute your investment instructions;
  • Disclosure to regulatory authorities as required by law or regulation (e.g., NFA, SEC, BaFin, FINMA);
  • With service providers under contractual obligations (e.g., IT systems, compliance support).

4. Data Protection and Security

  • We use industry-standard encryption, access controls, and internal compliance audits to protect data;
  • All employees and partners sign strict confidentiality agreements;
  • Data is stored on secure servers in the U.S. and EU, complying with GDPR cross-border transfer requirements (Standard Contractual Clauses - SCCs).

5. Your Rights (Under GDPR/DSGVO)

As an EU/German client, you have the following rights:

  • Right of Access: To request access to your personal data we hold;
  • Right to Rectification: To correct inaccurate or incomplete information;
  • Right to Erasure: To request deletion of your data where legally permitted;
  • Right to Restrict or Object: To limit processing or object to specific uses;
  • Right to Data Portability: To receive your data in a structured, commonly used format and transfer it to another provider.

As a U.S. client, you are entitled to rights under GLBA (Gramm-Leach-Bliley Act) and CCPA/CPRA (California Consumer Privacy Act), including the right to be informed, to delete, and to opt-out of sale of personal data.

6. Data Retention

We retain your personal information only as long as necessary to fulfill contractual and regulatory requirements (typically 5–7 years); after which data is securely deleted or anonymized.

7. Children’s Privacy

Our website and services are not directed at individuals under 18 years old. We do not knowingly collect personal information from children.

8. Contact Us

If you have any questions or requests regarding this privacy policy or data protection, please contact us via:

  • Official Email Address: support@cimga.ltd