Privacy Policy Windsor Drake Effective Date: June 23, 2024

  1. Introduction At Windsor Drake (“Windsor Drake,” “we,” “our,” or “us”), we recognize that confidentiality, discretion, and the protection of personal and corporate information are foundational to our role as a global investment banking and advisory firm. This Privacy Policy outlines the types of information we collect, how we use and protect it, and the rights and choices available to individuals in connection with our data practices.

This Privacy Policy applies to information collected via our website (https://windsordrake.com), our web-based platforms and portals, electronic communications, and any other sources in the course of providing strategic financial advisory services. By using our website or engaging with us in any form, you consent to the data practices described herein.

  1. Entity Overview and Scope Windsor Drake is a global boutique investment bank and strategic advisory firm that provides mergers and acquisitions advisory services, capital raising support, financial restructuring, and strategic consulting to institutional clients, high-net-worth individuals, corporate shareholders, and boards of directors. Our privacy framework reflects the regulatory environments of the jurisdictions in which we operate and aligns with standards such as the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), and applicable securities laws.
  2. Types of Data Collected 3.1 Personal Identifiable Information (“PII”) We collect various forms of personally identifiable information, including but not limited to:
  • Name, email address, and contact number
  • Company affiliation and role/title
  • IP address and browser details
  • Location data, device identifiers, and usage metrics
  • Information submitted via contact or intake forms

3.2 Financial and Corporate Data As a part of advisory processes and mandate intake, we may collect sensitive business and financial data including but not limited to:

  • Company valuation metrics
  • Revenue and EBITDA figures
  • Transaction history and strategic materials
  • Proprietary business plans, forecasts, and models
  • Information on beneficial ownership and capitalization tables

3.3 Automatically Collected Data We use cookies, web beacons, log files, and similar technologies to collect data such as:

  • Browser type, access times, pages visited
  • Clickstream data
  • Navigation and interaction patterns on our site
  1. Purposes for Data Collection Windsor Drake collects and processes personal and institutional data for the following purposes:
  • Evaluating potential client engagements and business relationships
  • Performing due diligence in connection with M&A mandates
  • Executing strategic outreach and investor matching
  • Regulatory compliance, audit, and risk management
  • Website administration, analytics, and optimization
  • Marketing communications (with opt-out capability)
  1. Legal Basis for Processing (GDPR) Where GDPR applies, our legal basis for processing personal data includes:
  • Consent: Where individuals have provided explicit consent
  • Contract: Where processing is necessary to perform a contract
  • Legal Obligation: Where required under applicable laws
  • Legitimate Interests: Where we have a legitimate business interest that does not override your rights
  1. Information Sharing and Disclosure 6.1 Internal Use Information collected is accessible only to Windsor Drake personnel and authorized affiliates who have a legitimate business need to access such data.

6.2 Third-Party Service Providers We may engage trusted third parties to perform business functions such as hosting, analytics, compliance, and cybersecurity. These providers are contractually bound to maintain confidentiality and restrict use to agreed-upon purposes.

6.3 Legal and Regulatory Disclosures We may disclose personal data as required by law or regulation, such as to:

  • Comply with regulatory inquiries, subpoenas, and court orders
  • Enforce our legal rights or protect the safety and integrity of our operations
  • Cooperate with law enforcement or regulators in the course of investigations
  1. International Data Transfers Windsor Drake may store and process information in jurisdictions outside your country of residence, including the United States, the United Kingdom, and Canada. We employ appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on adequacy decisions to ensure data is transferred securely.
  2. Data Retention We retain personal and institutional information for as long as required to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. We regularly review retention practices and securely dispose of information that is no longer needed.
  3. Data Security Measures We implement robust administrative, technical, and physical safeguards to protect your data, including:
  • End-to-end encryption for data in transit
  • Role-based access controls
  • Intrusion detection and prevention systems (IDPS)
  • Regular security audits and penetration testing
  • Data minimization and anonymization practices
  1. Your Rights and Choices Depending on your jurisdiction, you may have the right to:
  • Request access to your personal data
  • Rectify inaccurate or incomplete information
  • Request deletion of your data
  • Object to or restrict processing
  • Withdraw consent at any time (where applicable)
  • File a complaint with a data protection authority

To exercise these rights, please contact us at: [[email protected]]

  1. Cookies and Tracking Technologies Our site uses cookies to enhance user experience and collect analytics. You may adjust your browser settings to disable cookies. Doing so may impact site functionality.

Types of cookies used:

  • Essential Cookies
  • Performance Cookies
  • Functional Cookies
  • Targeting/Advertising Cookies (used minimally and only with consent)
  1. External Links and Third-Party Content Our website may contain links to third-party websites, plugins, or applications. We are not responsible for the content or privacy practices of these third parties. We recommend reviewing their privacy policies before engaging.
  2. Children’s Data Our website and services are intended for individuals over the age of 18. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.
  3. Changes to this Privacy Policy We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated “Effective Date.” Significant changes will be communicated directly where required by law.
  4. Contact Information If you have questions about this Privacy Policy or our data practices, please contact:

Windsor Drake

95 St. Clair Avenue West
Toronto, Ontario M4V 1N6

Email: [email protected]

This Privacy Policy is issued on behalf of Windsor Drake and its affiliated entities. It does not create a contractual obligation between Windsor Drake and any party but is intended to fulfill legal disclosure and transparency requirements consistent with Windsor Drake’s global standards of operational integrity and fiduciary responsibility.