Privacy Policy

1. Introduction and Scope

Oriental Holdings LLC ("Oriental Holdings," "we," "us," or "our") is committed to protecting the privacy and confidentiality of your personal and financial information. This Privacy Policy describes how we collect, use, disclose, and safeguard information in accordance with:

• Regulation S-P (Privacy of Consumer Financial Information) under the Securities Exchange Act of 1934
• The Gramm-Leach-Bliley Act (GLBA)
• State privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• European Union General Data Protection Regulation (GDPR), where applicable
• Other applicable federal and state privacy and data protection laws

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

• Identification Information: Name, date of birth, Social Security number, tax identification number, driver's license, passport, and other government-issued identification
• Contact Information: Email address, telephone number, mailing address, and physical address
• Financial Information: Bank account numbers, investment account information, credit history, net worth, income, assets, liabilities, investment experience, and financial statements
• Employment Information: Employer name, occupation, professional credentials, and business affiliations
• Investment Profile: Investment objectives, risk tolerance, time horizon, liquidity needs, and investment restrictions
• Beneficial Ownership Information: Information about beneficial owners, controlling persons, and authorized representatives
• Transaction Information: Account activity, trading history, performance data, and fee payments

2.2 Automatically Collected Information

When you visit our website, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages viewed, time spent on pages, links clicked, referring website
• Location Data: Approximate geographic location based on IP address
• Cookies and Similar Technologies: See our Cookie Policy for details

3. How We Collect Information

We collect information through the following methods:

• Directly from you: Through application forms, subscription documents, account opening forms, questionnaires, and communications
• From service providers: Custodians, brokers, administrators, legal counsel, auditors, and other third parties
• From credit bureaus and verification services: For identity verification and accredited investor status confirmation
• From public sources: Regulatory filings, corporate registries, news articles, and public databases
• From our website: Forms, cookies, analytics tools, and tracking technologies
• From affiliates and business partners: Information shared within our corporate family

4. How We Use Your Information

We use your information for the following purposes:

4.1 Investment Advisory Services

• Providing investment management and advisory services
• Developing and implementing investment strategies
• Executing trades and managing portfolios
• Calculating fees and processing payments
• Preparing performance reports and account statements
• Communicating with you about your investments

4.2 Compliance and Legal Obligations

• Verifying investor qualifications and accredited investor status
• Conducting Know Your Customer (KYC) and Anti-Money Laundering (AML) checks
• Screening against sanctions lists (OFAC, UN, EU)
• Filing regulatory reports and tax forms (Form ADV, Form PF, 1099s, K-1s)
• Responding to regulatory inquiries and examinations
• Maintaining required books and records
• Investigating and preventing fraud and financial crimes

4.3 Business Operations

• Managing client relationships and communications
• Improving our website, services, and client experience
• Conducting research and analysis
• Detecting and preventing security incidents and cyber threats
• Resolving disputes and enforcing agreements
• Business planning, risk management, and internal audits

4.4 Marketing and Communications

• Responding to inquiries and information requests
• Sending periodic newsletters, market updates, and educational materials
• Inviting you to events, webinars, or conferences
• Marketing our services to qualified investors (with your consent where required)

5. Information Sharing and Disclosure

5.1 When We Share Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

5.2 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Custodians and broker-dealers (for trade execution and asset custody)
• Fund administrators (for accounting and reporting)
• Legal counsel and compliance consultants
• Independent auditors and tax preparers
• Technology providers (cloud storage, cybersecurity, data analytics)
• KYC/AML verification services
• Marketing and communications platforms

All service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

5.3 Affiliates

We may share information with our affiliates and related entities for business operations, compliance, and service delivery purposes.

5.4 Legal and Regulatory Requirements

We may disclose information when required or permitted by law:

• To comply with court orders, subpoenas, or legal process
• To respond to requests from regulatory authorities (SEC, FINRA, IRS, FinCEN)
• To cooperate with law enforcement investigations
• To enforce our rights under agreements
• To protect against fraud, security threats, or illegal activity
• In connection with bankruptcy, dissolution, or similar proceedings

5.5 Business Transfers

In the event of a merger, acquisition, sale of assets, or similar transaction, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5.6 With Your Consent

We may share information for other purposes with your express consent or at your direction.

6. Data Security

We implement comprehensive administrative, technical, and physical safeguards to protect your information:

6.1 Technical Safeguards

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Firewalls, intrusion detection, and prevention systems
• Multi-factor authentication for system access
• Regular security assessments, vulnerability scans, and penetration testing
• Secure data centers with redundancy and disaster recovery capabilities
• Data loss prevention (DLP) tools and monitoring

6.2 Administrative Safeguards

• Information security policies and procedures
• Employee training on data protection and cybersecurity
• Background checks for personnel with access to sensitive information
• Access controls based on role and need-to-know principles
• Incident response and breach notification procedures
• Vendor due diligence and contract requirements for data protection

6.3 Physical Safeguards

• Restricted access to offices and data centers
• Visitor logs and badge systems
• Secure document storage and destruction procedures
• Video surveillance and alarm systems

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal and regulatory requirements:

• Client Records: At least 6 years after account closure, as required by SEC Rule 204-2
• Transaction Records: At least 6 years from the date of transaction
• AML/KYC Records: At least 5 years after relationship termination
• Tax Records: As required by IRS regulations (typically 7 years)
• Marketing Data: Until you opt out or request deletion, subject to legal requirements
• Website Analytics: Typically 26 months, as configured in our systems

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 Access and Portability

You have the right to request access to the personal information we hold about you and to receive a copy in a portable format.

8.2 Correction and Update

You may request correction of inaccurate or incomplete information.

8.3 Deletion

You may request deletion of your personal information, subject to our legal obligations to retain certain records.

8.4 Opt-Out of Marketing

You may opt out of receiving marketing communications by clicking "unsubscribe" in emails or contacting us directly.

8.5 California Privacy Rights (CCPA/CPRA)

California residents have additional rights, including:

• Right to know what personal information is collected, used, and shared
• Right to delete personal information (with exceptions)
• Right to opt-out of sale or sharing (we do not sell personal information)
• Right to correct inaccurate information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights

8.6 GDPR Rights (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have additional rights under GDPR:

• Right to access, rectification, erasure, and restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent (where processing is based on consent)
• Right to lodge a complaint with a supervisory authority

8.7 Exercising Your Rights

To exercise your privacy rights, contact us at [email protected]. We will respond to verified requests within the timeframes required by applicable law (typically 30-45 days).

9. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission and adequacy decisions where applicable.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

11. Third-Party Links and Services

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated via email, website posting, or other appropriate means at least 30 days before the effective date. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

13. Contact Information