PRIVACY POLICY
Effective Date: January 1, 2025
1. OVERVIEW AND SCOPE
This Privacy Policy ("Policy") describes how Apex Stratos Capital Management, LLC, a
Pennsylvania limited liability company ("Apex Stratos," "Company," "we," "us," or "our"),
collects, uses, discloses, and protects personal information in connection with our
investment advisory services, website, mobile applications, and related services
(collectively, the "Services").
1.1 Covered Entities
This Policy applies to Apex Stratos Capital Management, LLC and its subsidiaries and
affiliates (collectively, the "Apex Stratos Group"). We strive to deliver outstanding
investment management services while maintaining the highest standards of privacy
protection and regulatory compliance.
1.2 Regulatory Framework
As a registered investment adviser, we are subject to various federal and state privacy
laws and regulations, including: - The Gramm-Leach-Bliley Act (GLBA) and its
implementing regulations - The Investment Advisers Act of 1940 - State privacy laws,
including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act
(CPRA) - The General Data Protection Regulation (GDPR) for European data subjects -
Other applicable federal and state privacy and data protection laws
1.3 Geographic Scope
While this Policy broadly describes our practices within North America, local laws vary,
and some jurisdictions may place additional restrictions on our collection, use, or
disclosure of personal information. Our actual practices in such jurisdictions may be
more limited than those described in this Policy to comply with local requirements.
1.4 Consent and Agreement
By engaging our services, visiting our website, using our mobile applications, or
otherwise providing personal information to us, you acknowledge that you have read
and understood this Policy and consent to our collection, use, and disclosure of your
personal information as described herein.
2. DEFINITIONS
For purposes of this Policy, the following terms have the meanings set forth below:
"Personal Information" means information that identifies, relates to, describes, or is
capable of being associated with a particular individual, including but not limited to
name, address, telephone number, email address, social security number, financial
account information, and online identifiers.
"Nonpublic Personal Information" means personally identifiable financial
information that is not publicly available, as defined under the Gramm-Leach-Bliley
Act.
"Sensitive Personal Information" includes social security numbers, driver's license
numbers, passport numbers, financial account numbers, credit card numbers, debit
card numbers, account passwords, biometric information, health information, and
other information designated as sensitive under applicable law.
"Processing" means any operation performed on personal information, including
collection, use, storage, disclosure, transfer, and deletion.
"Third Party" means any individual or entity other than you and Apex Stratos,
including our affiliates, service providers, and other business partners.
3. CATEGORIES OF PERSONAL INFORMATION WE COLLECT
We collect various categories of personal information to provide our investment
advisory services and operate our business. The specific information we collect
depends on your relationship with us and how you interact with our Services.
3.1 Client Account Information
When you become a client or prospective client, we collect personal information
necessary to establish and maintain your account, provide investment advisory
services, and comply with regulatory requirements. This information includes:
Identity and Contact Information: - Full legal name, including any aliases or former
names - Residential and mailing addresses - Telephone numbers (home, work, mobile)
- Email addresses - Date of birth - Social security number or taxpayer identification
number - Driver's license or other government-issued identification numbers -
Passport information (if applicable) - Citizenship and residency status
Financial Information: - Bank account numbers and routing information - Investment
account numbers and statements - Credit card and debit card information - Income
and net worth information - Employment and occupation details - Investment
experience and sophistication - Risk tolerance and investment objectives - Financial
goals and time horizons - Tax status and filing information - Retirement account
information
Legal and Regulatory Information: - Beneficial ownership information - Power of
attorney and authorization documents - Trust documents and beneficiary information
- Corporate formation documents (for entity clients) - Regulatory questionnaires and
certifications - Anti-money laundering (AML) and know-your-customer (KYC)
information - Sanctions screening results
3.2 Website and Digital Services Information
When you visit our website or use our digital services, we automatically collect certain
information about your device and usage patterns:
Technical Information: - Internet Protocol (IP) address - Browser type and version -
Operating system and device information - Screen resolution and display settings -
Time zone and language preferences - Referring website and exit pages - Pages visited
and time spent on each page - Click-through rates and user interactions
Cookies and Tracking Technologies: - Session cookies and persistent cookies - Web
beacons and pixel tags - Local storage and session storage - Analytics and performance
tracking data - Advertising and marketing tracking information
3.3 Communication and Correspondence
We collect and maintain records of our communications with you, including: - Email
correspondence and attachments - Telephone call recordings (where permitted by
law) - Video conference recordings and transcripts - Written correspondence and
documents - Meeting notes and summaries - Customer service interactions -
Complaint and inquiry records
3.4 Marketing and Business Development Information
For marketing and business development purposes, we may collect: - Marketing
preferences and communication consents - Event attendance and participation
records - Survey responses and feedback - Referral source information - Professional
and business affiliations - Investment interests and preferences - Demographic and
psychographic information
3.5 Employee and Contractor Information
For individuals who work for or provide services to Apex Stratos, we collect: -
Employment application information - Background check and reference information -
Compensation and benefits information - Performance evaluation records - Training
and certification records - Emergency contact information - Workplace monitoring
information (where permitted)
3.6 Vendor and Business Partner Information
For individuals representing our vendors and business partners, we collect: - Business
contact information - Professional credentials and qualifications - Contract and
agreement information - Performance and compliance records - Payment and
invoicing information
4. SOURCES OF PERSONAL INFORMATION
We collect personal information from various sources, including:
4.1 Direct Collection
Information you provide directly when opening an account
Forms, applications, and questionnaires you complete
Documents and records you submit to us
Communications and correspondence with us
Information provided during meetings and consultations
4.2 Automatic Collection
Website and mobile application usage data
Cookies and tracking technologies
Server logs and analytics data
Device and browser information
4.3 Third-Party Sources
Credit reporting agencies and background check providers
Government databases and public records
Financial institutions and custodians
Other investment advisers and financial professionals
Employers and professional references
Marketing and data analytics companies
Social media platforms and professional networks
4.4 Publicly Available Sources
Government filings and regulatory databases
Professional licensing boards
Court records and legal proceedings
News articles and press releases
Professional directories and websites
Social media profiles and posts
5. PURPOSES FOR COLLECTING AND USING PERSONAL INFORMATION
We collect and use personal information for various legitimate business purposes
related to providing investment advisory services and operating our business.
5.1 Service Provision and Account Management
We use personal information to: - Establish and maintain client accounts - Provide
investment advisory and portfolio management services - Execute investment
transactions and manage portfolios - Process payments and handle billing matters -
Provide customer service and support - Communicate with clients about their
accounts and investments - Prepare and deliver account statements and reports -
Conduct periodic account reviews and assessments
5.2 Legal and Regulatory Compliance
We use personal information to: - Comply with federal and state securities laws and
regulations - Meet anti-money laundering (AML) and know-your-customer (KYC)
requirements - Conduct sanctions screening and prohibited persons checks - File
required regulatory reports and disclosures - Respond to regulatory examinations and
inquiries - Maintain books and records as required by law - Comply with tax reporting
and withholding obligations - Satisfy court orders, subpoenas, and other legal process
5.3 Risk Management and Security
We use personal information to: - Assess and monitor investment risks - Detect and
prevent fraud and unauthorized activities - Protect the security and integrity of our
systems and data - Investigate suspicious activities and potential violations -
Implement cybersecurity measures and incident response - Conduct background
checks and due diligence - Monitor compliance with our policies and procedures
5.4 Business Operations and Administration
We use personal information to: - Manage our business operations and administration
- Conduct financial planning and analysis - Prepare internal reports and analytics -
Manage vendor and service provider relationships - Conduct audits and quality
assurance activities - Maintain insurance coverage and handle claims - Plan for
business continuity and disaster recovery
5.5 Marketing and Business Development
We use personal information to: - Market our services to prospective clients - Conduct
market research and analysis - Develop new products and services - Organize and
promote events and educational programs - Maintain client relationships and provide
updates - Analyze client preferences and satisfaction - Improve our website and digital
services
5.6 Human Resources and Employment
We use personal information to: - Recruit and hire employees and contractors -
Manage employee benefits and compensation - Conduct performance evaluations and
training - Ensure workplace safety and security - Comply with employment laws and
regulations - Investigate workplace incidents and complaints - Plan for succession and
organizational development
6. DISCLOSURE AND SHARING OF PERSONAL INFORMATION
We may disclose personal information to third parties in certain circumstances as
described below. We do not sell personal information to third parties for monetary
consideration.
6.1 Service Providers and Business Partners
We may share personal information with trusted third-party service providers who
assist us in operating our business and providing services to you, including:
Financial Services Providers: - Custodians and broker-dealers who hold client assets
- Banks and financial institutions for payment processing - Investment platforms and
trading systems - Portfolio accounting and reporting services - Performance
measurement and analytics providers
Technology and Operations Providers: - Cloud computing and data storage
providers - Software vendors and technology platforms - Cybersecurity and data
protection services - Website hosting and maintenance providers - Customer
relationship management (CRM) systems
Professional Services Providers: - Legal counsel and law firms - Accounting firms and
auditors - Compliance consultants and advisors - Marketing and communications
agencies - Background check and verification services
Administrative Services Providers: - Document management and storage services -
Mail and courier services - Printing and fulfillment services - Event planning and
management companies - Insurance providers and brokers
6.2 Regulatory and Legal Disclosures
We may disclose personal information when required or permitted by law, including: -
To regulatory authorities such as the SEC, FINRA, and state securities regulators - In
response to court orders, subpoenas, and other legal process - To law enforcement
agencies investigating potential crimes - To comply with anti-money laundering and
sanctions requirements - To tax authorities for reporting and withholding purposes - In
connection with regulatory examinations and investigations
6.3 Business Transactions
We may disclose personal information in connection with business transactions,
including: - Mergers, acquisitions, and corporate reorganizations - Sale or transfer of
business assets or client relationships - Due diligence activities related to potential
transactions - Financing arrangements and credit facilities - Joint ventures and
strategic partnerships
6.4 Protection of Rights and Safety
We may disclose personal information to: - Protect our rights, property, and interests -
Protect the safety and security of our clients, employees, and others - Prevent fraud,
unauthorized activities, and security breaches - Enforce our agreements and policies -
Defend against legal claims and proceedings
6.5 Consent-Based Disclosures
We may disclose personal information with your explicit consent, including: - Sharing
information with your other financial advisors or professionals - Providing references
or recommendations upon request - Participating in industry surveys or research
studies - Marketing collaborations with trusted partners
6.6 Aggregate and De-Identified Information
We may share aggregate, statistical, or de-identified information that does not identify
specific individuals for: - Industry research and analysis - Benchmarking and
performance studies - Marketing and business development purposes - Academic
research and publications
7. DATA RETENTION AND DELETION
7.1 Retention Periods
We retain personal information for as long as necessary to fulfill the purposes for
which it was collected, comply with legal and regulatory requirements, and protect our
legitimate business interests. Specific retention periods vary depending on the type of
information and applicable legal requirements.
Client Information: - Account and transaction records: Minimum 6 years after account
closure - Investment advisory agreements: Minimum 5 years after termination -
Correspondence and communications: Minimum 3 years - Compliance and regulatory
records: As required by applicable regulations
Website and Digital Information: - Website usage data: Typically 2-3 years - Marketing
communications: Until consent is withdrawn - Cookie data: As specified in our cookie
policy
Employee Information: - Personnel files: Minimum 7 years after employment
termination - Payroll records: As required by tax and employment laws - Training and
certification records: Duration of employment plus 3 years
7.2 Secure Deletion
When personal information is no longer needed, we securely delete or destroy it using
industry-standard methods to prevent unauthorized access or reconstruction. This
includes: - Secure deletion of electronic files and databases - Physical destruction of
paper documents and storage media - Overwriting of magnetic and optical storage
devices - Certification of destruction when required
7.3 Legal Holds
We may retain personal information beyond normal retention periods when required
by legal holds, litigation, regulatory investigations, or other legal proceedings.
8. DATA SECURITY AND PROTECTION
8.1 Security Framework
We implement comprehensive security measures to protect personal information from
unauthorized access, use, disclosure, alteration, and destruction. Our security
program includes:
Administrative Safeguards: - Written information security policies and procedures -
Regular security training for employees and contractors - Background checks and
security clearances for personnel - Incident response and breach notification
procedures - Regular security assessments and audits - Vendor management and due
diligence programs
Physical Safeguards: - Secure facilities with access controls and monitoring - Locked
storage for physical documents and media - Secure disposal of documents and
equipment - Environmental controls and fire protection systems - Visitor management
and escort procedures
Technical Safeguards: - Encryption of data in transit and at rest - Multi-factor
authentication and access controls - Network security and intrusion detection systems
- Regular software updates and security patches - Data backup and disaster recovery
procedures - Secure development and testing practices
8.2 Employee Access and Training
Access to personal information is limited to employees and contractors who need it to
perform their job functions. All personnel receive regular training on: - Privacy and
data protection requirements - Information security policies and procedures - Incident
reporting and response protocols - Regulatory compliance obligations - Best practices
for handling sensitive information
8.3 Vendor Security Requirements
We require our service providers and business partners to implement appropriate
security measures to protect personal information. This includes: - Contractual
security and privacy obligations - Regular security assessments and certifications -
Incident notification and response requirements - Data processing and transfer
restrictions - Audit rights and compliance monitoring
8.4 Incident Response
In the event of a security incident or data breach, we have procedures in place to: -
Quickly identify and contain the incident - Assess the scope and impact of the breach -
Notify affected individuals and regulatory authorities as required - Implement
corrective measures and improvements - Document and report the incident as
required
9. INTERNATIONAL DATA TRANSFERS
9.1 Cross-Border Transfers
We may transfer personal information to countries outside your country of residence,
including the United States, for the purposes described in this Policy. When we transfer
personal information internationally, we implement appropriate safeguards to protect
the information.
9.2 Adequacy Decisions and Standard Contractual Clauses
For transfers from the European Economic Area (EEA), United Kingdom, or
Switzerland, we rely on: - European Commission adequacy decisions where available -
Standard Contractual Clauses approved by the European Commission - Other
appropriate safeguards recognized under applicable law
9.3 Data Processing Agreements
We enter into data processing agreements with our service providers and business
partners that include appropriate privacy and security protections for international
data transfers.
10. YOUR PRIVACY RIGHTS AND CHOICES
10.1 General Rights
Depending on your location and applicable law, you may have certain rights regarding
your personal information, including:
Access Rights: - Right to know what personal information we collect about you - Right
to access and obtain copies of your personal information - Right to receive information
about our privacy practices
Correction and Update Rights: - Right to correct inaccurate or incomplete personal
information - Right to update your contact information and preferences - Right to
supplement missing information
Deletion Rights: - Right to request deletion of your personal information - Right to
have information erased when no longer necessary - Right to withdraw consent for
processing
Portability Rights: - Right to receive your personal information in a portable format -
Right to transmit information to another service provider - Right to obtain machine-readable copies of your data
Objection and Restriction Rights: - Right to object to certain types of processing -
Right to restrict or limit how we use your information - Right to opt out of marketing
communications
10.2 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California
Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
Right to Know: - Categories of personal information collected - Sources of personal
information - Business or commercial purposes for collection - Categories of third
parties with whom information is shared
Right to Delete: - Request deletion of personal information we have collected -
Exceptions for information necessary for business operations - Verification
requirements for deletion requests
Right to Opt-Out: - Opt out of the sale or sharing of personal information - Opt out of
targeted advertising and profiling - Limit use of sensitive personal information
Right to Non-Discrimination: - Protection against discriminatory treatment for
exercising rights - Equal service and pricing regardless of privacy choices - Incentive
programs must be reasonably related to value of data
10.3 European Privacy Rights (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland,
you have rights under the General Data Protection Regulation (GDPR), including:
Legal Basis for Processing: - Consent for certain types of processing - Contractual
necessity for service provision - Legal obligations for regulatory compliance -
Legitimate interests for business operations
Enhanced Rights: - Right to data portability in structured formats - Right to object to
automated decision-making - Right to lodge complaints with supervisory authorities -
Right to withdraw consent at any time
10.4 Exercising Your Rights
To exercise your privacy rights, you may: - Contact us using the information provided
in Section 15 - Submit requests through our website privacy portal - Call our privacy
hotline during business hours - Send written requests to our privacy officer
We will respond to your requests within the timeframes required by applicable law,
typically within 30-45 days. We may need to verify your identity before processing
certain requests to protect your personal information.
11. COOKIES AND TRACKING TECHNOLOGIES
11.1 Types of Cookies
We use various types of cookies and tracking technologies on our website and mobile
applications:
Essential Cookies: - Required for basic website functionality - Enable secure login and
account access - Remember your preferences and settings - Cannot be disabled
without affecting site operation
Analytics Cookies: - Collect information about website usage and performance - Help
us understand how visitors interact with our site - Provide insights for improving user
experience - Generate aggregate reports and statistics
Marketing Cookies: - Enable personalized advertising and content - Track
effectiveness of marketing campaigns - Remember your interests and preferences -
Support social media integration and sharing
Third-Party Cookies: - Placed by our service providers and partners - Support
analytics, advertising, and social media features - Subject to third-party privacy
policies - May track you across multiple websites
11.2 Cookie Management
You can control cookies through your browser settings and our cookie preference
center: - Accept or reject specific types of cookies - Delete existing cookies from your
device - Set preferences for future cookie placement - Opt out of targeted advertising
and tracking
Please note that disabling certain cookies may affect the functionality and
performance of our website.
11.3 Do Not Track Signals
Our website does not currently respond to "Do Not Track" signals from browsers.
However, you can use the cookie management options described above to control
tracking and data collection.
12. CHILDREN'S PRIVACY
Our services are not directed to individuals under the age of 18, and we do not
knowingly collect personal information from children. If we become aware that we
have collected personal information from a child without appropriate consent, we will
take steps to delete the information promptly.
13. CHANGES TO THIS PRIVACY POLICY
13.1 Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our
practices, services, or applicable laws. When we make material changes, we will: - Post
the updated policy on our website - Send notice to clients via email or other
communication methods - Provide appropriate notice as required by applicable law -
Update the effective date at the top of the policy
13.2 Continued Use
Your continued use of our services after we post changes to this Privacy Policy
constitutes your acceptance of the updated policy. We encourage you to review this
Policy periodically to stay informed about our privacy practices.
14. ADDITIONAL PRIVACY NOTICES
14.1 Gramm-Leach-Bliley Act Notice
As required by the Gramm-Leach-Bliley Act, we provide annual privacy notices to our
clients describing our privacy policies and practices. This notice is available on our
website and is provided to clients annually.
14.2 State-Specific Notices
We may provide additional privacy notices as required by state laws, including notices
for residents of California, Nevada, and other states with specific privacy requirements.
14.3 Service-Specific Notices
Certain services or features may have additional privacy notices or terms that
supplement this Policy. These notices will be provided at the time you access or use
such services.
15. CONTACT INFORMATION
15.1 Privacy Officer
If you have questions about this Privacy Policy or our privacy practices, please contact
our Privacy Officer:
Apex Stratos Capital Management, LLC
Phone: (866) 390-3307
15.2 Regulatory Complaints
You may also file complaints with relevant regulatory authorities: - California Attorney
General (California residents) - State securities regulators - European data protection
authorities (EU/UK residents) - Federal Trade Commission - Securities and Exchange
Commission
