Privacy Policy

1. INTRODUCTION

Broadment (hereinafter referred to as “the Company,” “we,” “us,” or “our”) is committed to maintaining the highest standards of data protection and privacy for all clients, website visitors, and stakeholders. This Privacy Policy constitutes a comprehensive data protection policy designed to inform you about how we collect, use, disclose, and safeguard your information when you visit our website located at www.broadment.com (the “Site”) or engage with our advisory services.

As a global advisory firm operating across multiple jurisdictions, we recognize the critical importance of user data security and the trust placed in us by ultra-high-net-worth individuals, family offices, and institutional partners. This document outlines our personal data collection practices, data processing practices, and the measures we employ to ensure information security in compliance with applicable data protection laws in relevant jurisdictions.

By accessing the Site or utilizing our services, you acknowledge that you have read and understood the practices described herein. This privacy policy applies to all information collected through our website, as well as any related services, sales, marketing, or events. We reserve the right to make changes to this Privacy Policy at any time. Any changes will be immediately posted on the Site, and you are deemed to have accepted the terms of the Privacy Policy on your first use of the Site following the alterations. We strongly encourage you to periodically review this page for the latest information on our privacy practices.

Our commitment extends beyond mere regulatory adherence; it is foundational to our operational ethos. We strive to ensure GDPR compliance, adherence to the California Consumer Privacy Act (CCPA) as amended by the CPRA, the UK GDPR, and various Asian data protection regulations including the PDPA. This global framework ensures that regardless of your location, your user privacy rights are respected and protected through rigorous institutional controls.

2. INFORMATION WE COLLECT

We may collect information about you in a variety of ways. The information we may collect via the Site and through our advisory engagements includes personally identifiable information, demographic data, and technical identifiers. This section details the categories of personal data collection utilized within our data processing practices.

Personally Identifiable Information We collect personally identifiable information that you voluntarily provide to us when you register on the Site, express an interest in obtaining information about us or our products and services, or otherwise when you contact us. This may include:

Full legal name and any former names
Postal address and residential history
Email addresses and alternative contact addresses
Telephone numbers and mobile contact details
Passport numbers and national identification numbers
Date of birth and place of birth
Citizenship status and residency history
Financial account information and tax identification numbers
Source of wealth and source of funds documentation
Employment history and professional affiliations
Family member details for dependency claims

Technical and Device Data When you visit the Site, we may automatically collect certain information about your device and browsing actions. This technical data is essential for information security and site functionality. This includes:

Internet Protocol (IP) address and geolocation data
Browser type and version
Operating system and device characteristics
Referring URLs and exit pages
Time stamps and duration of visits
Clickstream data and interaction metrics
Unique device identifiers and advertising identifiers

Usage and Transaction Data We collect data regarding your interactions with our services to improve service delivery and ensure compliance. This encompasses:

Records of communications with our advisory team
Service usage patterns and feature engagement
Transaction history related to advisory fees or investments
Compliance documentation and due diligence records
Authentication logs and access history

Sensitive Data In certain jurisdictions, and only where strictly necessary for immigration or citizenship by investment programs, we may process special categories of data. This includes data revealing racial or ethnic origin, political opinions, religious beliefs, or biometric data for identity verification. Such data is processed only with explicit consent or where required by law for government submissions.

3. HOW WE COLLECT DATA

We utilize multiple methods to collect data, ensuring that our personal data collection practices are transparent and lawful. The methods employed depend on the nature of your interaction with Broadment.

Direct User Input The primary method of collection is through direct input provided by you. This occurs when you:

Complete inquiry forms or contact requests on the Site
Subscribe to our newsletters or intelligence reports
Engage our advisory services and submit due diligence documentation
Communicate with our team via email, telephone, or secure client portals
Participate in surveys, feedback forms, or client interviews

Automated Tracking Technologies As you navigate the Site, we may use automated technologies to collect information about your equipment and browsing actions. Our cookies policy governs the use of these technologies. We may use:

Cookies to remember your preferences and settings
Web beacons to track email openness and link clicks
Server logs to record request data and system events
Analytics tools to monitor site performance and user behavior

Third-Party Integrations We may receive information about you from third-party sources where permitted by law. This includes:

Publicly available databases and government registries
Due diligence and background check service providers
Financial institutions and regulated payment processors
Professional referrals and introduced intermediaries
Social media platforms when you interact with our profiles

We combine information collected directly from you with information we obtain from third parties to enhance our ability to serve you, verify your identity, and ensure compliance with anti-money laundering regulations. All third-party data collection is subject to applicable data protection laws in relevant jurisdictions.

4. PURPOSE OF DATA COLLECTION

We use the information we collect or receive for specific business purposes aligned with our service delivery and legal obligations. Our data processing practices are designed to minimize data usage to only what is necessary.

Service Delivery and Advisory We process data to provide our core advisory services, including citizenship by investment, residency planning, and corporate structuring. This involves evaluating your eligibility, preparing application dossiers, and liaising with government authorities on your behalf. Without this data, we cannot fulfill our contractual obligations to you.

Customer Support and Communication We use your contact information to respond to inquiries, provide updates on application status, and offer ongoing client support. This ensures a seamless client experience and allows us to address concerns regarding your engagement with the firm.

Legal and Regulatory Compliance We are subject to strict regulatory requirements regarding anti-money laundering, counter-terrorist financing, and know-your-client obligations. We process data to verify your identity, screen against sanctions lists, and report suspicious activities to relevant authorities as required by law.

Security and Fraud Prevention Protecting our Site and clients is paramount. We use technical data to monitor for fraudulent activity, secure our networks, and prevent unauthorized access. This includes analyzing login patterns and detecting anomalies that may indicate a security breach.

Business Operations and Improvement We analyze usage data to improve the functionality of our Site, optimize our marketing strategies, and develop new services. This legitimate interest allows us to maintain a competitive and efficient operational framework while respecting user privacy rights.

Marketing and Communications With your consent, we may use your information to send you marketing communications regarding our services, industry insights, or events. You retain the right to opt-out of these communications at any time through the mechanisms provided in each communication.

5. LEGAL BASIS FOR PROCESSING

Under the General Data Protection Regulation (GDPR) and similar laws, we must have a legal basis for processing your personal data. Our data processing practices rely on the following legal grounds:

Consent We process data where you have given us clear consent for a specific purpose. This often applies to marketing communications, the use of non-essential cookies, or the processing of sensitive data where not strictly required by law. You may withdraw consent at any time.

Contractual Necessity We process data where it is necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes processing your information to provide advisory services, manage your account, and facilitate transactions.

Legal Obligation We process data where we are required to comply with a legal or regulatory obligation. This includes retaining records for tax purposes, reporting to financial intelligence units, and adhering to immigration program requirements mandated by government authorities.

Legitimate Interest We process data where it is necessary for our legitimate interests, provided these are not overridden by your rights and freedoms. This includes fraud prevention, network security, direct marketing (where permitted), and improving our services. We conduct legitimate interest assessments to ensure balance.

Vital Interests In rare circumstances, we may process data to protect your vital interests or those of another natural person. This is typically reserved for emergency situations involving health or safety.

Each processing activity is mapped to a specific legal basis to ensure GDPR compliance and accountability. We do not process data for purposes incompatible with the original collection purpose without obtaining further consent.

6. COOKIES & TRACKING TECHNOLOGIES

We may use cookies and similar tracking technologies on the Site to access or store information. Our cookies policy is designed to provide you with control over your browsing experience while allowing us to maintain site functionality.

Types of Cookies

Essential Cookies: These are strictly necessary to provide you with services available through the Site and to use some of its features, such as access to secure areas.
Performance Cookies: These collect information about how you use the Site, such as which pages you visit most often. This data is aggregated and anonymous.
Functionality Cookies: These allow the Site to remember choices you make, such as your language or region, to provide enhanced features.
Targeting Cookies: These may be set through our Site by our advertising partners to build a profile of your interests and show you relevant adverts on other sites.

Purpose of Cookies Cookies help us understand how the Site is used, improve user experience, maintain security sessions, and deliver relevant content. They are integral to our information security protocols and service delivery mechanisms.

User Control Over Cookies You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences by modifying your web browser controls. If you choose to reject cookies, you may still use our Site though your access to some functionality and areas may be restricted. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.allaboutcookies.org.

We do not respond to Do Not Track signals at this time. However, you can manage your preferences through the browser settings or our cookie consent tool where available. Changes to your browser settings may affect the functionality of the Site.

7. DATA SHARING & DISCLOSURE

We may share your information with third parties only in the situations described below. We do not sell your personal data to third parties. Our data sharing practices are governed by strict contractual obligations.

Service Providers We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf. This includes IT management, data analysis, payment processing, and legal services. These parties are required to adhere to confidentiality obligations and data protection standards equivalent to ours.

Legal Authorities We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process. This includes responding to subpoenas or requests from immigration authorities regarding your application status.

Business Transfers We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information.

Affiliates and Partners We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Cross-Border Transfers Given our global operations, your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We have implemented appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy and applicable laws.

8. INTERNATIONAL DATA TRANSFERS

Broadment operates across multiple jurisdictions, necessitating the cross-border transfer of data. We ensure that all international data transfers comply with applicable data protection laws in relevant jurisdictions.

Mechanisms for Transfer When transferring personal data from the European Economic Area (EEA) or the United Kingdom to countries not deemed to provide an adequate level of protection by the European Commission or UK government, we rely on approved transfer mechanisms. These include Standard Contractual Clauses (SCCs) approved by the relevant authorities.

Safeguards and Compliance We implement technical and organizational measures to ensure that your data is treated securely and in accordance with this Privacy Policy. This includes encryption during transit, access controls, and regular audits of our data processors. We ensure that recipients of your data are bound by contractual obligations to protect the information.

User Acknowledgement By using the Site and providing us with data, you acknowledge and consent to the transfer of your information to facilities located outside of your residing jurisdiction. You understand that these facilities may be subject to laws that differ from those of your own jurisdiction.

Adequacy Decisions Where possible, we prioritize transferring data to jurisdictions that have been granted an adequacy decision by the European Commission or equivalent bodies. This ensures a high standard of data protection is maintained globally.

Monitoring and Review We regularly review our international transfer mechanisms to ensure ongoing compliance with evolving regulations. This includes monitoring legal developments in key jurisdictions such as the United States, European Union, and Asia-Pacific regions.

9. DATA RETENTION POLICY

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. Our data retention policy is structured to minimize risk while meeting legal obligations.

Retention Criteria We determine retention periods based on the purpose for which the data was collected, legal requirements, and the nature of the data. For example, client engagement records are retained for the duration of the relationship plus a statutory period for tax and legal compliance.

Legal Retention Requirements Certain laws require us to keep records for specific periods. For instance, anti-money laundering regulations may require us to retain identity verification records for five to seven years after the end of the business relationship. We adhere to the longest applicable retention period to ensure full compliance.

Deletion and Anonymization When there is no legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not possible due to storage in archived backups, we will securely store your personal information and isolate it from any further processing until deletion is possible.

Review Process We conduct regular reviews of our data holdings to identify and delete outdated or unnecessary information. This ensures that our data storage remains efficient and compliant with our data retention policy.

Exception for Disputes We may retain data longer if necessary to establish, exercise, or defend legal claims. This includes retaining evidence relevant to potential litigation or regulatory investigations.

10. DATA SECURITY MEASURES

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. Our information security framework is designed to prevent unauthorized access, alteration, disclosure, or destruction of data.

Technical Safeguards We use encryption technologies to protect data both in transit and at rest. This includes Secure Socket Layer (SSL) technology for website communications and encryption for stored databases. We employ firewalls, intrusion detection systems, and regular vulnerability scanning to protect our networks.

Organizational Safeguards Access to personal information is restricted to employees, contractors, and agents who need to know that information in order to process it. These individuals are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Access Controls We implement strict access controls including multi-factor authentication, role-based access, and regular password rotation. Access logs are maintained to monitor who accesses data and when.

Incident Response We have established a data breach response plan to detect, respond to, and recover from security incidents. In the event of a breach affecting your personal data, we will notify you and any applicable regulator where we are legally required to do so.

Risk Mitigation Approach We conduct regular risk assessments to identify potential vulnerabilities in our systems and processes. We update our security measures regularly to address new threats and maintain the integrity of our user data security protocols.

Third-Party Security We require our service providers to implement similar security measures. We conduct due diligence on their security practices before engagement and monitor their compliance throughout the relationship.

11. USER RIGHTS

Depending on your location, you may have certain rights under applicable data protection laws regarding your personal information. We are committed to facilitating the exercise of these user privacy rights.

Access Rights You have the right to request copies of the personal data we hold about you. This allows you to verify the lawfulness of our processing and understand what information we maintain.

Rectification You have the right to request that we correct any information you believe is inaccurate or incomplete. We strive to ensure that all data we hold is accurate and up to date.

Erasure (Right to be Forgotten) In certain circumstances, you have the right to request the deletion of your personal data. This applies where the data is no longer necessary for the purpose it was collected, or where you have withdrawn consent.

Restriction of Processing You have the right to request that we restrict the processing of your personal data. This may apply where you contest the accuracy of the data or object to our processing activities.

Data Portability You have the right to request that we transfer the data that we have collected to another organization, or directly to you, where technically feasible. This applies to data provided by you and processed by automated means.

Objection to Processing You have the right to object to our processing of your personal data on grounds relating to your particular situation. We will stop processing the data unless we have compelling legitimate grounds which override your interests.

Exercising Your Rights To exercise these rights, please contact us using the contact details provided below. We will respond to all requests within the timeframe required by applicable law. We may need to verify your identity before responding to such requests to ensure security.

Non-Discrimination We will not discriminate against you for exercising any of your privacy rights. This includes denying goods or services, charging different prices, or providing a different level of service.

12. THIRD-PARTY LINKS

The Site may contain links to third-party websites and applications of interest, including advertisements and external services. These links are provided for your convenience and do not signify that we endorse the website or application.

Disclaimer for External Sites We have no control over the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies solely to information collected by the Site and through our direct services.

External Services We may use third-party services for analytics, advertising, or functionality. These services may collect information about your online activities over time and across different websites. Their use of information is governed by their own privacy policies.

Responsibility We are not responsible for the protection and privacy of any information which you provide whilst visiting such sites. Such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

13. CHILDREN’S PRIVACY

We do not knowingly solicit data from or market to children under the age of 18. Our services are intended for adults capable of entering into legal contracts.

Age Restrictions By using the Site, you represent that you are at least 18 years of age or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Site. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

Parental Consent If you become aware of any data we have collected from children under age 18, please contact us at the email address provided below. We take children’s privacy seriously and comply with applicable laws regarding the protection of minors.

Verification We may implement age verification mechanisms where required by law or where the nature of the service suggests a higher risk to minors. This ensures that our data collection practices do not inadvertently target protected groups.

14. POLICY UPDATES

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. We will notify you of any significant changes by posting the new Privacy Policy on the Site and updating the “Last Updated” date.

Right to Modify Policy We reserve the right to modify this Privacy Policy at our sole discretion. Any changes will be effective immediately upon posting unless otherwise specified. Your continued use of the Site after the changes take effect constitutes your acceptance of the new Privacy Policy.

Notification Approach For material changes that affect your rights significantly, we may provide additional notice via email or through a prominent notice on the Site. We encourage you to periodically review this page for the latest information on our privacy practices.

Version Control We maintain archives of previous versions of this Privacy Policy for reference. You may request copies of previous versions by contacting us. This ensures transparency and accountability in our policy management.

Compliance Review We conduct regular reviews of this Privacy Policy to ensure ongoing compliance with global regulations. This includes monitoring changes in GDPR, CCPA, and other relevant data protection laws.

15. CONTACT INFORMATION

If you have questions or comments about this Privacy Policy, or if you wish to exercise your user privacy rights, you may contact us using the details below. We are committed to resolving any complaints regarding our collection or use of your personal data.

Company Name: Broadment

Website: www.broadment.com

Email: service@broadment.com

Postal Address: 1100 New York Avenue NW, Suite 500 Washington, DC 20005 United States of America

For inquiries regarding this Privacy Policy or data protection practices, please contact our Data Protection Officer or legal team at the email address provided above. We will respond to all inquiries within a reasonable timeframe. If you are not satisfied with the response you receive, you may have the right to lodge a complaint with your local data protection authority.

Data Protection Officer: For specific data protection inquiries, please mark your correspondence “FAO: Data Protection Officer.” This ensures your inquiry is routed to the appropriate specialist within our organization.

Response Timeframe: We aim to respond to all privacy-related inquiries within thirty (30) days. Complex requests may take longer, in which case we will notify you of the delay and the reason thereof.

Jurisdictional Contacts: For users in specific jurisdictions, local representative contact details may be available upon request. This ensures compliance with local representation requirements under GDPR and other regulations.