Privacy Policy

Last updated: October 2025

Introduction

Bozorgmehr Farm Capital ("we," "us," "our," or the "Firm") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website or use our investment services.

As a financial institution, we are subject to various privacy laws and regulations, including the Gramm-Leach-Bliley Act (GLBA), SEC Regulation S-P, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable state, federal, and international privacy laws.

Information We Collect

Personal Information

We collect personal information that you provide directly to us, including but not limited to:

  • Identification Information: Name, Social Security number, date of birth, government-issued identification numbers
  • Contact Information: Address, email address, telephone number
  • Financial Information: Account balances, income, assets, investment experience, transaction history, credit history, payment history, credit scores
  • Professional Information: Employment information, occupation, employer name
  • Investment Information: Risk tolerance, investment objectives, financial goals, retirement assets

Information Collected Automatically

When you visit our website, we automatically collect certain information through cookies and similar technologies, including:

  • IP address and device identifiers
  • Browser type and version
  • Pages visited and time spent
  • Referring website addresses
  • Operating system information

Information from Third Parties

We may receive information about you from credit bureaus, identity verification services, regulatory databases, and other financial institutions as permitted or required by law.

Legal Basis for Processing (GDPR)

For individuals in the European Economic Area, United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

  • Contractual Necessity: To provide investment advisory services and fulfill our contractual obligations
  • Legal Obligations: To comply with financial services regulations, anti-money laundering laws, and tax reporting requirements
  • Legitimate Interests: To prevent fraud, maintain security, and improve our services
  • Consent: Where specifically obtained for certain processing activities

How We Use Your Information

We use your personal information for the following purposes:

  • Providing investment advisory and financial services
  • Opening and managing investment accounts
  • Processing transactions and maintaining account records
  • Complying with legal and regulatory requirements, including anti-money laundering (AML) and Know Your Customer (KYC) obligations
  • Conducting risk assessments and suitability analyses
  • Communicating with you about your accounts and our services
  • Preventing fraud and unauthorized access
  • Responding to legal process and government requests
  • Improving our services and website functionality

Information Sharing and Disclosure

Disclosures Required or Permitted by Law

We may share your information with:

  • Affiliates: Companies under common ownership or control for business purposes
  • Service Providers: Third-party vendors who perform services on our behalf, including custodians, broker-dealers, technology providers, and professional advisors
  • Regulatory Authorities: SEC, FINRA, state securities regulators, IRS, and other government agencies as required by law
  • Legal Compliance: To comply with subpoenas, court orders, or legal investigations

Limitations on Sharing

We do not sell your personal information to third parties. We limit sharing of your nonpublic personal information with nonaffiliated third parties as required by the GLBA Privacy Rule.

Your Right to Opt Out

You have the right to opt out of certain information sharing with nonaffiliated third parties as permitted under GLBA. To exercise this right, contact us using the information provided at the end of this policy.

International Data Transfers

If you are located outside the United States, please note that we transfer, store, and process your information in the United States. For transfers from the European Economic Area, United Kingdom, or other jurisdictions with data transfer restrictions, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Other legally recognized transfer mechanisms

We ensure that recipients provide adequate protection for your personal data in accordance with applicable law.

Data Security

We maintain physical, electronic, and procedural safeguards designed to protect your personal information from unauthorized access, use, or disclosure. Our security measures include:

  • Written information security policies and procedures
  • Access controls and authentication measures
  • Encryption of sensitive data in transit and at rest
  • Regular security assessments and testing
  • Employee training on data protection
  • Vendor management and oversight programs
  • Incident response program to detect, respond to, and recover from unauthorized access
  • Written information security policies and procedures
  • Access controls and authentication measures
  • Encryption of sensitive data in transit and at rest
  • Regular security assessments and testing
  • Employee training on data protection
  • Vendor management and oversight programs
  • Incident response program to detect, respond to, and recover from unauthorized access

Data Breach Notification

In the event of unauthorized access to or use of sensitive customer information, we will provide timely notification to affected individuals as required by applicable law, including SEC Regulation S-P. Notification will be provided within the timeframes required by applicable federal and state laws.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal and regulatory obligations:

  • Financial records are retained for at least six years as required by SEC rules and GLBA
  • Certain records may be retained for seven years or longer as required by the Sarbanes-Oxley Act and other regulations
  • Transaction records and communications are maintained in accordance with applicable recordkeeping requirements

After the retention period expires, we securely dispose of personal information in accordance with our disposal policies.

Your Privacy Rights

Rights Under GDPR

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

  • Right of Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data, subject to legal retention obligations
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your supervisory authority
  • Right of Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data, subject to legal retention obligations
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your supervisory authority

Rights Under CCPA/CPRA

If you are a California resident, you have the following rights:

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information, subject to legal exceptions
  • Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell personal information)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit: Limit use of sensitive personal information
  • Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

Rights Under Other State Privacy Laws

If you reside in states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, and others effective in 2025), you may have similar rights to access, correct, delete, and opt out of certain data processing activities.

Exercising Your Rights

To exercise any of these rights, please contact us using the contact information below. We will respond to your request within the timeframes required by applicable law (typically 30-45 days for GDPR requests and 45 days for CCPA requests, with possible extensions).

Cookies and Tracking Technologies

Cookie Usage

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website traffic. We use the following types of cookies:

  • Essential Cookies: Necessary for website functionality
  • Analytics Cookies: Help us understand how visitors interact with our website
  • Functional Cookies: Enable enhanced functionality and personalization

Cookie Consent

For visitors from jurisdictions requiring cookie consent (such as the European Economic Area and United Kingdom), we obtain explicit consent before placing non-essential cookies on your device. California visitors receive notice of our cookie practices as required by CCPA, though opt-in consent is not required except for minors.

Managing Cookies

You can control cookie preferences through your browser settings. Please note that disabling certain cookies may limit website functionality.

Children's Privacy

We do not knowingly collect personal information from individuals under the age of 18. Our services are intended for adults only. If we become aware that we have collected information from a minor, we will take steps to delete such information promptly.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated through our website or by other means as required by law. The "Last Updated" date at the top of this policy indicates when it was most recently revised.

Annual Privacy Notice

As required by GLBA, we provide an annual privacy notice to our customers describing our privacy policies and practices. This Privacy Policy, along with any separate privacy notices provided at account opening, constitutes our privacy notice to you.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to submit a privacy-related request, please contact us: contact [at] bozorgmehrcorp.ir

Note: This Privacy Policy applies to current and former customers and website visitors. We reserve all rights and protections afforded to us under applicable federal and state privacy laws.