PRIVACY POLICY

Last Updated 10/29/2025

Website Privacy Policy – How, when and why we collect and process personal data

1. Introduction

This privacy notice provides information as to how, when and why Ironlight Group, Inc. (“we” or “us”) will collect and process personal data when you visit our website www.ironlight.io.

2. The Ironlight Group Privacy Policy

We are committed to safeguarding the privacy of your personal data. By 'your personal data' we mean any information about you that you or third parties provide to us that can be used to identify you personally, that we will handle in accordance with the Ironlight Privacy Policy:

  • We will only collect and use your personal data where we have lawful grounds and legitimate business reasons to do so

  • We will be transparent in our dealings with you and will tell you about how we will collect and use your personal data

  • If we have collected your personal data for a particular purpose we will not use it for anything else unless you have been informed and, where relevant, your permission obtained

  • We will not ask for more personal data than we need for the purposes for which we are collecting it

  • We will update our records when you inform us that your details have changed

  • We will continue to review and assess the quality of the personal data that we hold

  • We will implement and adhere to information retention policies relating to your personal data and will ensure that your personal data is securely disposed of at the end of the appropriate retention period

  • We will observe the rights granted to you under applicable privacy and data protection laws and will ensure that queries relating to privacy issues are promptly and transparently dealt with

  • We will train our staff on their privacy obligations

  • We will ensure we have appropriate physical and technological security measures to protect your personal data regardless of where it is held

  • We will ensure that when we outsource any processes we ensure the supplier has appropriate security measures in place and will contractually require them to comply with these Privacy Principles

  • We will ensure that suitable safeguards are in place before personal data is transferred to other countries.

3. What we use your information for and the legal basis

To share your information (for example, your corporate email address), in a secure format, with social media and third party digital platforms so we can tell you about our products and services:

  • Where we have your permission to do so.

  • It is in our legitimate interests to use social media companies and third party digital platforms to share information with you about our products or services that may be relevant and beneficial to you.

4. Personal data we collect

We will process personal data about individuals interested or using our products and services, as well as individuals associated with our institutional clients, including: legal representatives, signatories, authorised personnel, directors, beneficial owners, trustees, other employees, associates of and any other person duly authorised to act on behalf of the client. Personal data will be collected directly from the individual or from the client institution, from publicly available sources, or from third parties providing services to us.

If you register an Account with us, we will ask you to provide some personal data for security, identification and verification purposes. When you complete any online forms, we will tell you how your information will be used, unless this is obvious.

If you are asked to provide personal data about others you must ensure that you have their consent or you are otherwise entitled to provide their information to us.

We will also collect personal data from persons that visit and use our websites. This will include:

  • Information provided in order to register for and use our online services

  • Information provided within ‘contact us’ forms

  • The use of cookies and similar technologies. 

5. The categories of personal data collected

The categories of personal data that we will collect and process in order to provide our products and services include:

  • Personal details (e.g. name, identification information, biographical information, information about personal interests) 

  • Contact details (e.g. phone number, email address, postal address, mobile number)

  • Client-related details (e.g. relationship with the client or related parties, business information, information about any shareholdings, business contact details)

  • Transactional details (e.g. information about services, requests, inquiries or complaints)

6. What we use personal data for

Personal data is used to manage the relationship with our clients, and to comply with regulatory or legal requirements imposed on us in each jurisdiction. Currently, we only process personal data to gauge interest in our business and have discussions regarding our services.  In the future, we may process personal data to provide our expected services.

This will include the following:

  • Conducting ‘Know Your Customer’ activities, including anti-money laundering checks

  • Managing financial relationships with our clients

  • Administering our clients’ products and services

  • Processing transactions

  • For the prevention, detection and investigation of crimes, including money-laundering, terrorist financing, fraud, corruption and tax evasion

  • Processing instructions from clients

  • In connection with legal and dispute management

  • For compliance with legal, regulatory and tax reporting obligations

  • For research and statistical analysis with the aim of improving our services

Personal data will also be used to invite individuals to events, to inform them about other products, services and opportunities that we think will be of interest to their organization, and also to send communications providing industry and economic analysis and insights. Individuals can opt-out at any time to the receipt of such communications. For communications sent by email, an opportunity to unsubscribe will be provided within the email.

Where we are required or permitted by local law and regulation to do so, we may monitor or record your communications with us, including telephone calls and emails. We will use these recordings to check instructions to us and for other evidential purposes, to assess and improve our services to you, and for training and quality purposes.

We use surveillance cameras in and around our premises for the prevention and detection of crime, which will monitor and collect footage, images or voice recordings in accordance with local legal requirements.

We retain personal data for as long as permitted for legal and regulatory purposes, or where we have a legitimate business reason to do so.

7. Personal data sharing and data transfers

We operate internationally and will need to share information with other offices, entities, affiliates, and external vendors, to conduct our business, support our clients, and where we outsource operational functions.

Where a global service is provided to our clients, personal data can be accessed from our offices internationally where necessary for the performance of a transaction with the client, or for compliance with regulatory or legal requirements imposed on us. Currently, we have personnel in the United Kingdom, the United Arab Emirates and Singapore. Where we operate may change from time to time.

We will share personal data with external authorities when we are required, requested or permitted to do so by law, regulation, court order, or supervisory, regulatory or similar authority.

We will provide personal data to our suppliers and agents. Where we engage with a supplier or agent to process personal data on our behalf, we will undertake due diligence, monitoring and assurance activities to ensure that the personal data is appropriately protected, and contractual clauses will be agreed between the parties to ensure that data protection and confidentiality is maintained.

Personal data will be provided to any third party as a result of any restructure, sale or acquisition of any company within the Ironlight Group.

Some affiliates or service providers to which personal data are sent will be established in other countries. If we transfer personal data to a person, another of our offices, or other organization in another country we will ensure that they agree to apply equivalent levels of protection and that they process personal data strictly in accordance with our instructions.

8. Individuals’ rights in relation to their personal data

Where granted by applicable law, individuals may have a legal right to access, correct, update and delete their personal data. In order to exercise these rights we may require proof of identity.

By exception, in some jurisdictions certain requests concerning personal data may need to be addressed to bodies other than us. For example, subject access requests for personal data processed by us or our third-party vendors for anti-money laundering purposes may need to be made to the local data protection authority.

If you need to exercise your data protection rights, please reach out to us via our Contact us page.

9. Sharing your data with social media and third party digital platforms

  • Your email address may be shared, in a secure format, with social media and third party digital platforms so they can provide you with content about our products and services.

  • If you do not want us to share your personal information with social media platforms for this purpose, you can tell us not to.

  • The social media and third party digital platforms in this section include Google, X, and LinkedIn.

This privacy notice was last updated on October 29, 2025.