Privacy Policy

This Privacy Policy ("Policy") describes in detail how Core Value Growth Advisors Inc. ("we", "us", "our") collects, uses, stores, discloses, transfers, and protects personal data obtained through this website, our email correspondence, and other interactions with you. We are committed to handling personal data lawfully, fairly, and transparently in accordance with applicable data protection legislation, including (where applicable) the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other comparable laws.

By using our website or otherwise providing personal data to us, you confirm that you have read and understood this Policy.

1. Data Controller

The data controller responsible for the processing of personal data described in this Policy is:

Core Value Growth Advisors Inc.
4th Floor, Water's Edge Building, Meridian Plaza, Road Town, Tortola, VG1110, British Virgin Islands
Email: info@core-vga.com

Where required, additional or joint controllers may apply in respect of specific processing activities. Any such additional controller relationship will be disclosed at the point of collection.

2. Scope of This Policy

This Policy applies to personal data we collect:

• through this website, including any forms, downloads, or interactive features;
• through email, telephone, or other written or oral correspondence;
• through professional interactions with prospective and existing counterparties;
• from publicly available sources, third-party data providers, and counterparty introductions, where lawful.

This Policy does not apply to third-party websites or services that may be linked from our website. Those third parties operate under their own privacy policies, which we encourage you to review.

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity and contact data — name, title, employer, role, postal address, email address, telephone number.
• Communication data — content of messages, attachments, meeting notes, and any other correspondence you share with us.
• Professional and engagement data — information about your professional background, your organisation, your role in a project, and any other context relevant to the matter under discussion.
• Counterparty diligence data — information collected to satisfy our diligence and screening processes, including corporate registry data, beneficial ownership, sanctions screening results, and adverse-media checks.
• Technical data — IP address, browser type and version, operating system, device identifiers, language and locale, referring URLs, pages visited, timestamps, and other information collected by server logs, security systems, and analytics tools.
• Usage data — information about how you interact with our website, including session duration and navigation patterns.
• Cookie and similar technology data — as described in our Cookie Policy.
• Marketing and preference data — your communication and contact preferences, if any.

We do not knowingly seek or collect special-category personal data (such as racial or ethnic origin, religious beliefs, health data, or biometric data). Please do not submit such data through this website. If you do, we will delete it as soon as we become aware of it.

4. How We Collect Personal Data

We collect personal data through the following channels:

• Directly from you — when you submit a contact form, send us an email, attend a meeting, or otherwise interact with us.
• Automatically — when you use our website, through cookies, server logs, and similar technologies.
• From third parties — including counterparty introductions, publicly available sources, professional networks, corporate registries, sanctions and screening providers, and other lawful third-party sources.

5. Purposes and Legal Bases for Processing

We process personal data only where we have a valid legal basis to do so. The principal purposes and legal bases are:

• Responding to enquiries and managing correspondence — based on our legitimate interest in engaging with prospective partners and stakeholders, and your interest in receiving a substantive response.
• Negotiating and performing engagements — based on the necessity of processing for the performance of a contract, or steps taken at your request prior to entering into a contract.
• Counterparty diligence and compliance screening — based on our legitimate interest in operating a disciplined business and on our legal obligations relating to financial crime, sanctions, and corporate record-keeping.
• Website operation, security, fraud prevention, and integrity — based on our legitimate interest in operating a safe and reliable website.
• Analytics and improvement of the website — based on your consent, where required by applicable law (collected through our cookie banner).
• Compliance with legal obligations — including tax, accounting, anti-money-laundering, sanctions, and reporting obligations.
• Establishment, exercise, or defence of legal claims — based on our legitimate interest in protecting our rights and those of third parties.
• Internal administration and record-keeping — based on our legitimate interest in maintaining accurate and complete records.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, regulatory, or reporting requirements. Indicative retention periods are:

• Contact form submissions and general correspondence: up to 24 months from the date of last interaction.
• Counterparty engagement records and supporting diligence: for the duration of the engagement and up to 7 years thereafter, in line with applicable record-keeping obligations.
• Records required for tax and accounting purposes: for the period required by applicable law (typically 7 years).
• Records required to evidence compliance with anti-money-laundering, sanctions, and financial-crime obligations: for the period required by applicable law.
• Technical server logs and security records: up to 12 months.
• Cookie data and consent records: as described in our Cookie Policy; consent records are typically retained for 12 months.
• Records relating to legal claims: for the duration of any relevant limitation period.

When personal data is no longer required, we will securely delete, destroy, or anonymise it. Where deletion is not technically feasible (for example, in backup systems), the data is isolated from further active processing and deleted on the next scheduled cycle.

7. Your Rights

Subject to applicable law, you have the following rights in respect of your personal data:

• Right of access — to obtain confirmation that we process your personal data, and a copy of that data together with related information.
• Right to rectification — to request correction of inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten") — to request deletion of your personal data in certain circumstances.
• Right to restriction of processing — to request that we limit the processing of your personal data in certain circumstances.
• Right to data portability — to receive personal data you provided to us in a structured, commonly used, machine-readable format and to transmit it to another controller, where technically feasible.
• Right to object — to object to processing based on our legitimate interests, including profiling.
• Right to withdraw consent — at any time, where processing is based on consent, without affecting the lawfulness of processing carried out prior to withdrawal.
• Right to lodge a complaint — with a competent data protection supervisory authority in your jurisdiction.
• Rights under U.S. state privacy laws (e.g., California) — including the right to know, the right to delete, the right to correct, the right to opt out of certain "sales" or "sharing" (we do not sell or share personal data for cross-context behavioural advertising), and the right to non-discrimination for exercising these rights.

To exercise any of these rights, please contact us at info@core-vga.com. We may need to verify your identity before responding and will respond within the timeframes required by applicable law (typically within 30 days, extendable in complex cases).

8. Third-Party Recipients

We do not sell personal data and we do not share personal data for cross-context behavioural advertising. We may share personal data with the following categories of recipients, in each case under appropriate contractual and technical safeguards:

• Service providers and processors — including providers of website hosting, content delivery, email delivery, analytics, IT support, communications platforms, and security services, acting on our behalf and under our instructions.
• Professional advisors — including lawyers, auditors, accountants, and other professional service providers, bound by duties of confidentiality.
• Sanctions and screening providers — for the purpose of counterparty diligence and compliance with applicable law.
• Regulatory, governmental, and judicial authorities — where required by law or to protect our legal rights.
• Counterparties and partners — where reasonably necessary to respond to your enquiry, perform a contract, or coordinate a project in which you are a participant.
• Acquirers or successors — in connection with a merger, acquisition, reorganisation, or transfer of all or part of our business, subject to confidentiality.

9. International Transfers

We are based in the United States and may transfer personal data to, store it in, or process it in jurisdictions outside your country of residence, including jurisdictions whose data protection laws may differ from those of your country. Where such transfers occur and applicable law requires, we implement appropriate safeguards, which may include:

• standard contractual clauses approved by the European Commission or the UK Information Commissioner's Office;
• reliance on adequacy decisions, where applicable;
• supplementary technical, organisational, and contractual measures, where required by applicable law.

You may request a copy of the relevant safeguards by contacting us at info@core-vga.com.

10. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, alteration, disclosure, or access. These measures include access controls, encryption in transit, secure infrastructure, logging, and staff training. However, no method of transmission over the internet or method of electronic storage is fully secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach that meets the applicable legal threshold, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable law.

11. Children's Privacy

This website is not directed at children, and we do not knowingly collect personal data from individuals under the age of 16 (or such higher age as may be specified by applicable law). If you believe a child has provided us with personal data, please contact us so that we may delete it.

12. Automated Decision-Making and Profiling

We do not use personal data collected through this website to make decisions based solely on automated processing — including profiling — that produces legal effects concerning you or similarly significantly affects you.

13. Marketing

We do not conduct mass marketing campaigns and do not send unsolicited promotional communications. Where we do send occasional updates to professional contacts, recipients may opt out at any time using the unsubscribe link or by contacting us directly.

14. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Effective date" at the top of this page indicates when this version was last updated. Material changes will be communicated through the website. We encourage you to review this Policy periodically.

15. How to Contact Us

If you have any questions about this Policy, our processing of your personal data, or to exercise your rights, please contact us at info@core-vga.com or write to:

Core Value Growth Advisors Inc.
Attn: Data Protection
4th Floor, Water's Edge Building, Meridian Plaza, Road Town, Tortola, VG1110, British Virgin Islands