Privacy Policy
Last updated: October 2025
Introduction
Dorrance Venture ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information in connection with our investment services and website.
As a financial services firm, we are subject to various privacy and data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Brazil's Lei Geral de Proteção de Dados (LGPD), the Gramm-Leach-Bliley Act (GLBA), and SEC Regulation S-P.
This Privacy Policy applies to all personal information we collect from or about clients, prospective clients, website visitors, and other individuals with whom we interact.
Information We Collect
We collect various categories of personal information necessary to provide investment services and comply with legal obligations.
Categories of Personal Information
Identifiers: Name, postal address, email address, telephone number, Social Security number, tax identification number, passport number, date of birth, government-issued identification numbers.
Financial Information: Bank account numbers, investment account information, account balances, transaction history, payment history, credit history, income, assets, net worth, investment experience, risk tolerance, financial goals.
Professional Information: Employment information, occupation, employer name, business address, professional credentials.
Internet Activity: IP address, browser type, device identifiers, website navigation data, pages viewed, links clicked, search queries.
Geolocation Data: General location information derived from IP address.
Inferences: Information derived from the above categories to create a profile reflecting preferences, characteristics, and investment suitability.
Sensitive Personal Information: Social Security numbers, financial account access credentials, precise geolocation data, and information regarding investments that may reveal financial status.
How We Collect Information
We collect personal information through the following methods:
Directly from You: Through account applications, subscription documents, questionnaires, correspondence, meetings, telephone calls, and our website.
Automatically: Through cookies, web beacons, analytics tools, and other tracking technologies when you visit our website.
From Third Parties: From credit bureaus, identity verification services, financial institutions, service providers, publicly available sources, and data brokers when necessary for account verification and compliance purposes.
From Service Providers: Information collected by third-party service providers acting on our behalf.
How We Use Your Information
We use personal information for the following business purposes:
Investment Services: To evaluate investment suitability, manage investment accounts, execute transactions, provide investment advice, and deliver requested services.
Legal and Regulatory Compliance: To comply with anti-money laundering laws, tax reporting obligations, securities regulations, SEC requirements, and other applicable laws.
Communications: To respond to inquiries, provide account statements, send regulatory notices, and deliver important information about our services.
Security and Fraud Prevention: To protect against unauthorized access, detect and prevent fraud, and maintain the security of our systems and customer information.
Business Operations: To maintain records, conduct internal audits, perform analytics, improve our services, and manage business relationships.
Marketing: With your consent where required, to inform you about our services, investment opportunities, and educational content.
Legal Basis for Processing (GDPR)
For individuals in the European Economic Area (EEA), United Kingdom, and other jurisdictions requiring a legal basis, we process personal information based on:
Contractual Necessity: Processing necessary to perform our investment services contract with you.
Legal Obligations: Processing required to comply with applicable laws, regulations, court orders, and regulatory requirements.
Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, network security, business analytics, and improving our services, provided such interests are not overridden by your rights.
Consent: Where we have obtained your explicit consent for specific processing activities, which you may withdraw at any time.
Information Sharing and Disclosure
We share personal information in the following circumstances:
Service Providers: With third-party vendors who perform services on our behalf, including custodians, administrators, auditors, legal counsel, technology providers, and compliance consultants, subject to contractual confidentiality obligations.
Affiliated Companies: With our corporate affiliates for business purposes, subject to confidentiality protections.
Legal Requirements: With government authorities, regulators, law enforcement, and courts when required by law, subpoena, court order, or regulatory request.
Business Transfers: In connection with a merger, acquisition, sale of assets, or other business transaction, subject to confidentiality agreements.
With Your Consent: When you direct us to share information with third parties.
Professional Advisors: With attorneys, accountants, and other professional advisors providing services to us.
We do not sell personal information to third parties for monetary consideration. We do not share personal information for cross-context behavioral advertising purposes.
International Data Transfers
We may transfer personal information to recipients located outside your country of residence, including to the United States.
For EEA/UK Residents: When transferring personal data outside the EEA or UK, we implement appropriate safeguards as required by GDPR, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms.
For Brazil Residents: International transfers comply with LGPD requirements and are based on adequacy decisions, standard contractual clauses, or other appropriate safeguards.
Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.
Client Information: Retained for the duration of the client relationship and for the period required by applicable laws and regulations, including SEC requirements to maintain records for at least five years after account closure.
Application Information: Information from prospective clients who do not become clients is retained for a reasonable period to respond to inquiries and comply with regulatory requirements.
Website Data: Analytics and website usage data are typically retained for up to 26 months unless longer retention is required.
Specific retention periods vary based on the nature of the information, applicable legal requirements, and business needs.
Your Privacy Rights
Your privacy rights vary depending on your location.
Rights for All Individuals
Access: Request access to the personal information we hold about you.
Correction: Request correction of inaccurate personal information.
Objection: Object to certain processing activities.
GDPR Rights (EEA/UK Residents)
Right to be Informed: Receive transparent information about how we use your data.
Right of Access: Obtain confirmation of processing and access to your personal data.
Right to Rectification: Correct inaccurate or incomplete personal data.
Right to Erasure: Request deletion of personal data under certain circumstances.
Right to Restrict Processing: Request limitation of processing in specific situations.
Right to Data Portability: Receive personal data in a structured, commonly used format.
Right to Object: Object to processing based on legitimate interests or for direct marketing.
Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal effects.
Right to Withdraw Consent: Withdraw previously provided consent at any time.
Right to Lodge a Complaint: File a complaint with your local data protection authority.
Requests will be fulfilled within one month, extendable by two additional months for complex requests.
CCPA/CPRA Rights (California Residents)
Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom information is shared.
Right to Delete: Request deletion of personal information, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell or share personal information).
Right to Limit Use of Sensitive Personal Information: Limit use and disclosure of sensitive personal information to purposes necessary to perform services.
Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment.
Requests will be verified and responded to within 45 days, extendable by an additional 45 days when necessary.
LGPD Rights (Brazil Residents)
Confirmation and Access: Confirm processing and access personal data.
Correction: Correct incomplete, inaccurate, or outdated data.
Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data.
Portability: Request transfer of data to another service provider.
Information about Sharing: Obtain information about third parties with whom data is shared.
Revocation of Consent: Revoke consent at any time.
Opposition: Object to processing based on legitimate interest.
Exercising Your Rights
To exercise privacy rights, contact us using the information in the "Contact Us" section. You may also designate an authorized agent to make requests on your behalf by providing written authorization.
We will verify your identity before processing requests to protect your personal information from unauthorized access. Verification may require providing identifying information that we can match against information in our systems.
We do not charge fees for requests unless they are excessive, repetitive, or manifestly unfounded.
Security Measures
We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, and destruction.
Incident Response Program: We have implemented written policies and procedures to detect, respond to, and recover from unauthorized access to customer information, in compliance with SEC Regulation S-P.
Breach Notification: In the event of a data breach involving sensitive customer information that creates a reasonably likely risk of substantial harm or inconvenience, we will notify affected individuals as soon as practicable, but no later than 30 days after becoming aware of the incident.
Safeguards: Security measures include encryption of sensitive data in transit and at rest, access controls, authentication requirements, regular security assessments, employee training, and vendor oversight.
Disposal: We implement reasonable measures to protect against unauthorized access during disposal of customer information.
Despite our safeguards, no security system is impenetrable, and we cannot guarantee absolute security.
Cookies and Tracking Technologies
Our website uses cookies, web beacons, and similar technologies to enhance functionality, analyze usage, and improve user experience.
Essential Cookies: Necessary for website operation and cannot be disabled.
Analytics Cookies: Collect information about website usage to improve performance.
Functional Cookies: Enable enhanced functionality and personalization.
You can control cookies through your browser settings, though disabling cookies may limit website functionality. For more information about our cookie practices, please see our Cookie Policy.
Third-Party Links
Our website may contain links to third-party websites not controlled by us. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies.
Children's Privacy
Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it promptly.
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or other operational reasons. The "Last Updated" date at the top indicates when changes were last made.
Material changes will be communicated through prominent notice on our website or direct communication to clients. Your continued use of our services after changes become effective constitutes acceptance of the revised Privacy Policy.
California residents will be notified at least once every 12 months.
Supplemental Notice for California Residents
Categories of Personal Information Collected (Last 12 Months)
We have collected the categories of personal information listed in the "Information We Collect" section.
Business Purposes for Collection
Information is collected for the business purposes described in the "How We Use Your Information" section.
Sale and Sharing
We do not sell personal information for monetary or other valuable consideration. We do not share personal information for cross-context behavioral advertising.
Sensitive Personal Information
Sensitive personal information is used only for purposes necessary to provide requested services, ensure security, prevent fraud, and comply with legal obligations.
Retention
Personal information is retained as described in the "Data Retention" section.
Non-Discrimination
We will not discriminate against you for exercising CCPA rights, including by denying services, charging different prices, providing different service levels, or suggesting you will receive different services or prices.
Supplemental Notice for EEA/UK Residents
Data Controller: Dorrance Venture is the data controller responsible for processing your personal information.
Legal Bases: We process personal data based on the legal grounds described in the "Legal Basis for Processing" section.
International Transfers: Data may be transferred outside the EEA/UK with appropriate safeguards as described in the "International Data Transfers" section.
Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority.
Supplemental Notice for Brazil Residents
Data Controller: Dorrance Venture is responsible for processing personal data in accordance with LGPD.
Legal Bases: We process personal data based on consent, legal obligations, legitimate interests, or as necessary to perform contracts.
National Data Protection Authority: You may contact the Autoridade Nacional de Proteção de Dados (ANPD) regarding data protection matters.
Contact
To exercise privacy rights, ask questions about this Privacy Policy, or submit complaints, contact us at:
Dorrance Venture
Hermann-Hesse-Straße 22, 71642, Ludwigsburg, Germany
Email: privacy@dorranceventure.com
For GDPR Inquiries:
Email: gdpr@dorranceventure.com
For CCPA Inquiries:
Email: ccpa@dorranceventure.com