Privacy Policy

1. Introduction

Alexander Furrier, operating through Ace of Diamonds Inc. ("we," "our," "us," or "Company"), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our websiteafurrier.com (the "Website") or engage with our professional services.

This Privacy Policy is designed to comply with the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. We are committed to transparency in our data processing activities and respect for your privacy rights.

2. Data Controller Information

For the purposes of applicable data protection laws, the data controller is:

As a data controller, we determine the purposes and means of processing your personal data. We are responsible for ensuring that our processing activities comply with applicable data protection laws.

3. Information We Collect

3.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

Contact and Communication Data:

• Full name and professional title
• Email address and phone number
• Company name and business address
• LinkedIn profile and professional social media
• Message content and communication preferences
• Meeting requests and scheduling information

Professional and Business Data:

• Industry and business sector information
• Investment interests and portfolio details
• Professional background and experience
• Business objectives and consulting needs
• Financial information (for qualified investors only)

3.2 Automatically Collected Information

We automatically collect certain technical and usage information:

Technical Data:

• IP address and geolocation data
• Browser type, version, and language settings
• Operating system and device information
• Screen resolution and device capabilities
• Referring website and traffic sources

Usage and Analytics Data:

• Pages visited and time spent on each page
• Click-through rates and user interactions
• Search queries and navigation patterns
• Download and form submission data
• Session duration and frequency of visits

3.3 Third-Party Information

We may receive information about you from third-party sources, including:

• Professional networking platforms (LinkedIn)
• Business partners and referral sources
• Public databases and business registries
• Industry publications and media sources
• Conference and event organizers

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

4.1 Legitimate Interests (Article 6(1)(f))

• Operating and improving our website and services
• Analyzing user behavior for business optimization
• Preventing fraud and ensuring website security
• Direct marketing to existing clients and prospects

4.2 Contractual Necessity (Article 6(1)(b))

• Providing consulting and advisory services
• Processing investment opportunities and transactions
• Fulfilling professional service agreements

4.3 Consent (Article 6(1)(a))

• Newsletter subscriptions and marketing communications
• Optional data collection for enhanced services
• Cookies and tracking technologies (where required)

4.4 Legal Obligation (Article 6(1)(c))

• Compliance with financial regulations and reporting
• Tax and accounting record keeping
• Anti-money laundering and know-your-customer requirements

5. How We Use Your Data

5.1 Primary Business Purposes

• Professional Services: Providing strategic consulting, investment advisory, and business development services
• Client Communication: Responding to inquiries, scheduling meetings, and maintaining professional relationships
• Business Development: Identifying partnership opportunities and potential investment targets
• Market Analysis: Conducting industry research and competitive intelligence

5.2 Website and Technology Operations

• Website Functionality: Ensuring proper operation of our website and services
• User Experience: Personalizing content and improving user interface
• Analytics and Optimization: Analyzing usage patterns to enhance our offerings
• Security and Fraud Prevention: Protecting against unauthorized access and malicious activities

5.3 Marketing and Communications

• Thought Leadership: Sharing insights through newsletters and publications
• Event Invitations: Notifying about speaking engagements and industry events
• Professional Updates: Communicating business developments and opportunities
• Content Personalization: Tailoring communications based on professional interests

5.4 Legal and Compliance

• Regulatory Compliance: Meeting legal obligations in financial services
• Record Keeping: Maintaining business records as required by law
• Dispute Resolution: Protecting legal rights and resolving conflicts
• Due Diligence: Conducting background checks for business relationships

6. Data Sharing and Disclosure

6.1 Service Providers and Business Partners

We may share your personal data with trusted third parties who provide services on our behalf:

• Technology Providers: Website hosting, email services, and cloud storage
• Professional Services: Legal counsel, accounting firms, and business consultants
• Marketing Partners: Email marketing platforms and analytics providers
• Security Services: Cybersecurity firms and fraud prevention services

6.2 Business Transactions

In the event of a merger, acquisition, or sale of business assets, your personal data may be transferred as part of the transaction, subject to appropriate confidentiality agreements.

6.3 Legal Requirements

We may disclose your personal data when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Cooperate with law enforcement investigations

6.4 Data Processing Agreements

All third-party service providers are bound by data processing agreements that require them to:

• Process data only for specified purposes
• Implement appropriate security measures
• Respect data subject rights
• Notify us of any data breaches

7. Data Retention

7.1 Retention Periods

We retain your personal data for different periods depending on the purpose:

7.2 Deletion Procedures

When retention periods expire, we securely delete or anonymize your personal data using industry-standard methods. You may request earlier deletion subject to legal and business requirements.

8. Your Rights (GDPR & CCPA)

8.1 GDPR Rights (EU Residents)

Under the GDPR, you have the following rights regarding your personal data:

8.2 CCPA Rights (California Residents)

Under the CCPA, California residents have additional rights:

• Right to Know: Request information about personal data collection and use
• Right to Delete: Request deletion of personal data
• Right to Opt-Out: Opt-out of the sale of personal data (we do not sell personal data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

8.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 12. We will respond to your request within:

• GDPR requests: 30 days (may be extended to 60 days for complex requests)
• CCPA requests: 45 days (may be extended to 90 days for complex requests)

9. Data Security

9.1 Technical Safeguards

We implement comprehensive technical measures to protect your personal data:

• Encryption: Data encryption in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Multi-factor authentication and role-based access
• Network Security: Firewalls, intrusion detection, and monitoring systems
• Regular Updates: Security patches and software updates
• Backup Systems: Secure, encrypted backup and disaster recovery

9.2 Organizational Measures

• Staff Training: Regular privacy and security training for all personnel
• Access Limitation: Need-to-know basis for data access
• Confidentiality Agreements: All staff and contractors bound by confidentiality
• Incident Response: Documented procedures for security incidents
• Regular Audits: Periodic security assessments and penetration testing

9.3 Data Breach Procedures

In the event of a data breach, we will:

• Assess the breach within 24 hours
• Notify supervisory authorities within 72 hours (if required)
• Inform affected individuals without undue delay (if high risk)
• Document the breach and remedial actions taken
• Implement additional safeguards to prevent recurrence

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

10.2 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies (may affect website functionality)
• Delete existing cookies
• Set preferences for specific websites
• Receive notifications when cookies are set

10.3 Third-Party Analytics

We use Google Analytics with privacy-enhanced configuration:

• IP anonymization enabled
• Data sharing with Google disabled
• Advertising features disabled
• Data retention set to 26 months

11. International Data Transfers

11.1 Transfer Mechanisms

As a US-based business, we may transfer your personal data internationally. We ensure appropriate safeguards are in place for such transfers:

• Adequacy Decisions: Transfers to countries with adequate protection levels
• Standard Contractual Clauses: EU-approved contractual safeguards
• Binding Corporate Rules: Internal data protection standards
• Certification Schemes: Privacy Shield successors and equivalent frameworks

11.2 US-EU Data Transfers

For transfers from the EU to the US, we rely on Standard Contractual Clauses and implement additional technical and organizational measures to ensure data protection equivalent to EU standards.

11.3 Data Localization

Where possible, we store and process data within the region of origin:

• EU Data: Processed within the EU/EEA where feasible
• US Data: Primarily processed within the United States
• Global Services: Cloud providers with regional data centers

12. Contact Information and Complaints

12.1 Data Protection Contact

12.2 Supervisory Authorities

You have the right to lodge a complaint with supervisory authorities:

12.3 Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on our website
• Update the "Last updated" date
• Notify you of material changes via email (if we have your contact information)
• Provide additional notice as required by applicable law

12.4 Effective Date and Acknowledgment

This Privacy Policy is effective as of January 15, 2025. By continuing to use our website or services after this date, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.