Privacy Policy

Effective Date: December 27th, 2022

The Crown Corp. ("we," "us," or "our") is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website at www.thecrowncorp.com (the "Site"), use our mobile applications (the "Apps"), or engage with our financial technology services platform (the "Platform"). Our Platform provides bespoke digital asset advisory, brokerage, banking, and other financial services tailored to high-net-worth ("HNW") clients.

By accessing the Site, Apps, or Platform, or by providing us with your personal information, you consent to the practices described in this Privacy Policy. If you do not agree with these practices, please do not use our services.

We operate in compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation ("GDPR") for users in the European Economic Area ("EEA"), the California Consumer Privacy Act ("CCPA") and its amendments (such as the California Privacy Rights Act, "CPRA"), and relevant financial regulations in the United States, Canada, and other jurisdictions where we provide services. For users in the EEA or United Kingdom, the role of Data Protection Officer is fulfilled by our Chief Compliance Officer, contactable at the details provided below.

1. Information We Collect

We collect information to provide and improve our services, ensure regulatory compliance, and enhance your experience. The types of information we may collect include:

Personal Information

Identity and Contact Details: Name, address, email address, phone number, date of birth, and government-issued identification (e.g., passport, driver's license) for Know Your Customer ("KYC") and anti-money laundering ("AML") verification.
Financial Information: Bank account details, investment history, digital asset holdings (e.g., cryptocurrencies, NFTs), income, net worth, tax identification numbers, and transaction records. This is essential for our advisory, brokerage, and banking services.
Account Information: Username, password, security questions, and authentication data (e.g., biometric data if enabled in Apps).

Sensitive Information

As a financial services provider, we may process special categories of data, such as financial details revealing racial or ethnic origin (if inferred from KYC), or health data (if relevant to risk assessment). We process this only with your explicit consent or as required by law.

Automatically Collected Information

Device and Usage Data: IP address, browser type, operating system, device identifiers, location data (approximate, based on IP or with consent), pages viewed, time spent on the Site, and referral sources.
Cookies and Tracking Technologies: See Section 9 for details.

Information from Third Parties

Data from credit bureaus, public records, or partners (e.g., blockchain analytics for digital asset verification).
Information from affiliates, service providers, or when you interact with us via social media or referrals.

We do not collect information about minors under 18, as our services are not directed at children.

2. How We Collect Information

Directly from You: When you register for an account, submit forms (e.g., contact or onboarding forms on the Site), engage in transactions via the Platform or Apps, or communicate with us (e.g., email, phone).
Automatically: Through cookies, web beacons, and analytics tools (e.g., Google Analytics) as you navigate the Site or use the Apps.
From Third Parties: During KYC/AML checks, fraud detection, or when you connect third-party accounts (e.g., wallets for digital assets).

3. How We Use Your Information

We use your information for legitimate business purposes, including:

Providing Services: To offer personalized advisory, execute brokerage transactions, manage banking accounts, and deliver bespoke financial strategies for digital assets.
Compliance and Risk Management: For KYC/AML verification, fraud prevention, regulatory reporting (e.g., to the U.S. Securities and Exchange Commission ("SEC"), Financial Transactions and Reports Analysis Centre of Canada ("FINTRAC"), or equivalent bodies), and tax compliance.
Improving the Platform: Analyzing usage data to enhance features, security, and user experience.
Communication: Sending service updates, transaction confirmations, or marketing materials (with your consent where required).
Legal Obligations: Responding to lawful requests from authorities or protecting our rights.

We process information based on:

Your consent (e.g., for marketing).
Contractual necessity (e.g., to fulfill service agreements).
Legal obligations (e.g., financial regulations).
Legitimate interests (e.g., fraud prevention), balanced against your rights.

4. Sharing Your Information

We do not sell your personal information. We may share it in limited circumstances:

Service Providers: With trusted third parties who assist us, such as cloud hosting (e.g., Wix), payment processors, cybersecurity firms, legal advisors, and blockchain custodians. These parties are contractually obligated to protect your data and use it only for the specified purpose.
Affiliates and Partners: Within our corporate group or with financial partners (e.g., for joint advisory services), subject to equivalent privacy standards.
Legal and Regulatory Requirements: To comply with laws, court orders, or government requests (e.g., in the U.S., Canada, or EEA).
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as a business asset.
With Your Consent: For any other purpose disclosed at the time of collection.

For international clients, data may be shared with entities in the U.S., Canada, or other countries. We ensure appropriate safeguards, such as Standard Contractual Clauses for GDPR compliance.

Under the CCPA/CPRA, we do not "sell" or "share" personal information as defined, but if we do in the future, we will provide opt-out mechanisms.

5. Data Security

We prioritize the security of your information, especially sensitive financial data. Measures include:

Encryption (e.g., SSL/TLS for data in transit; AES-256 for storage).
Access controls (e.g., multi-factor authentication).
Regular security audits and penetration testing.
Secure custody for digital assets via reputable providers.

Despite these efforts, no system is impenetrable. In the event of a data breach, we will notify affected individuals and authorities as required by law (e.g., within 72 hours under GDPR).

6. Your Privacy Rights

You have rights regarding your personal information. Depending on your jurisdiction:

Access: Request a copy of your data.
Correction: Update inaccurate information.
Deletion: Request erasure (subject to legal retention requirements, e.g., 7 years for financial records).
Objection/Restriction: Object to processing or restrict it (e.g., for marketing).
Portability: Receive your data in a structured format.
Withdraw Consent: At any time, without affecting prior processing.
CCPA/CPRA Rights: Opt-out of "sales/sharing," limit sensitive data use, and non-discrimination for exercising rights.
GDPR Rights: Automated decision-making objections (we do not use solely automated decisions for high-risk processing).

To exercise these rights, contact us below. We will respond within 30-45 days (or as required by law). For CCPA, verified requests are free (up to twice per year).

7. Data Retention

We retain your information only as long as necessary:

For service provision: Duration of your relationship plus legal retention periods (e.g., 7 years post-termination for audits).
For legitimate interests: Until the purpose is fulfilled.
Cookies: As detailed in Section 9.

Deleted data is securely disposed of or anonymized.

8. International Data Transfers

As a global platform, your data may be transferred to or processed in countries outside your residence (e.g., U.S. or Canada). For EEA/UK users, we use adequacy decisions, Standard Contractual Clauses, or Binding Corporate Rules to ensure protection equivalent to GDPR standards.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance functionality, analyze traffic, and personalize content. Types include:

Essential: For Site/App operation (e.g., session management).
Analytics: To understand usage (e.g., via Google Analytics).
Marketing: For targeted ads (with consent).

You can manage preferences via browser settings or our cookie banner. Disabling cookies may limit functionality. For detailed information, see our Cookie Policy (to be linked upon publication).

We do not respond to Do Not Track signals but honor opt-outs where applicable.

10. Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect data from minors. If we discover such data, we will delete it promptly. Parents/guardians can contact us for assistance.

11. Third-Party Links and Services

The Site/Apps may link to third-party sites (e.g., app stores, partners). We are not responsible for their privacy practices. Review their policies before providing information.

12. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or laws. Significant changes will be notified via email or Site notice. Continued use after changes constitutes acceptance.

13. Contact Us

For questions, rights requests, or complaints:

Email: info@thecrowncorp.com
Postal Mail: The Crown Corp., 2601 Matheson Blvd E, Unit 5, Mississauga, ON M9C 3X2, Canada; or 4595 Woods Rd., East Aurora, NY 14052, USA.
Chief Compliance Officer: Same addresses.

For EEA users, you may lodge complaints with your local data protection authority (e.g., via the European Data Protection Board).

This policy is governed by the laws of the Province of Ontario, Canada, and/or the State of New York, USA, as applicable.