Privacy Policy (GDPR + UK DPA + U.S. Compliance)

Introduction

This Privacy Policy explains how Ambassador Global Systems ("we", "our", "us") collects, uses, and protects personal information.

We comply with:

• The EU General Data Protection Regulation (GDPR)
• The UK Data Protection Act (DPA 2018)
• Relevant U.S. federal and state privacy laws (including GLBA where applicable)

Personal Data Collected

We may collect:

• Identity and contact information
• Professional/investor classification
• Financial suitability & risk data (where required for regulated services)
• Website analytics and technical data
• Communications with our firm

We do not sell personal data.

Purpose of Processing

Data is processed for:

• Client onboarding & regulatory compliance
• Know-Your-Customer (KYC) & Anti-Money Laundering (AML) duties
• Providing advisory & account services
• Risk assessment & investor suitability
• Website security & service improvement

Legal Basis

We process personal data based on:

• Contractual necessity
• Legal and regulatory obligations
• Legitimate business interests
• Client consent where applicable

Data Sharing

Data may be shared only with:

• Regulatory bodies
• Custodians and execution counterparties
• Compliance and audit providers
• Group entities & service providers

Never for marketing resale.

International Transfers

Data may be transferred cross-border with safeguards such as:

• Standard Contractual Clauses (SCC)
• Approved adequacy frameworks
• Regulated custodial networks

Your Rights (GDPR/UK DPA)

You may request:

• Access, correction, deletion
• Restriction or objection to processing
• Withdrawal of consent
• Data portability

Contact: privacy@ambassador-systems.com

Security

We use industry-standard encryption, secure servers, and access controls.

Retention

Data is retained only as required by financial regulation and law.

Cookies

We use cookies for analytics and site functionality.

Cookie preferences may be managed via browser settings or site controls.