Privacy Policy

We at Masttro Global Corporation recognize and respect any concern you may have about privacy. This Privacy Notice describes Masttro Global Corporation’s, and its affiliates' and subsidiaries', including Masttro Holding AG, Masttro US LLC, Masttro Switzerland AG and Masttro MX, S.A.P.I. de C.V., (collectively, “Masttro”, “we”, “our”, or “us”) collection and use of personal information of users of our website at masttro.com in connection with the access and use of the Masttro online hosted software platform (the “Platform”), which is owned by Masttro Holdings AG and our other services or websites that display this Notice. This Notice describes the measures we take to safeguard personal information, the paties with whom we may share the information, and the choices available regarding our use of the information.

Collection of Personal Information

We collect personal information that our users provide to us in a variety of ways through our website and Platform services, collectively referred to in this Notice as the “Services”. These include the following:

• Login Credentials. You may be granted login credentials to access our Services.
• Communications. If you contact us by email, telephone of using the “Speak to us” function in our website, or by any other means, we collect the personal information contained within, and associated with, your communication.
• Contact Details. With your consent to the extent required by applicable law, we will use your contact details to provide company information and/or marketing material regarding our products and services.
• Professional information. We may collect information, such as your job title and professional contact information.
• Other. Any other information you may provide during the course of using our Services.

We collect personal information uploaded to our Platform by Masttro clients who have a written and executed agreement with Masttro for a license to the Services, for processing on their behalf. This is “Client Data”. With respect to Client Data, we act as a data processor and process Client Data on behalf of our customers, who act as the data controller. This information may include information about a customer’s clients, such as name, email address and financial account data, in order to peform wealth management services for those clients via the Services. Masttro clients may electronically submit Client Data to the Services or may instruct third paties (including custodians) to do so. Masttro has limited access to Client Data as is stored on encrypted form as is futher described in section SECURITY of this document, or as otherwise prohibited by law.

Where we need to collect personal information by law, or under the terms of a client agreement we have with you, and you choose not to provide that information when requested, we may not be able to provide you with our Services.

Automated Information Collection

When you visit our Services, some information is collected automatically. For example, when you access our Services, we automatically collect your browser’s Internet Protocol (IP) address, your browser type, the nature of the device from which you are visiting the Services such as a personal computer or a mobile device, the identifier for any handheld or mobile device that you may be using, the website that you visited immediately prior to accessing any web-based Services, the actions you take on our Services, and the content, features, and activities in which you paticipate on our Services.

We may collect this information automatically using technologies such as standard server logs, cookies, and web beacons. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected devices to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server.

We use automatically collected information to administer, operate, and improve our Services and to improve the effectiveness of our marketing. In addition, these technologies help us (1) remember your information so you do not have to re-enter it; (2) track and understand how you use and interact with the Services; (3) tailor the Services around your preferences; (4) measure the usability of the Services and the effectiveness of our communications; and (5) otherwise manage and enhance our Services, and help ensure they are working properly.

Third-Party Web Analytics Services

Through our Services, we may obtain personal information about your online activities over time and across third-party apps, websites, devices, and other online services. On our Services, we use third-paty online analytics services, such as those of Google Analytics. The service providers that administer these analytics services use automated technologies to collect data (such as email addresses, IP addresses, cookies, and other device identifiers) to evaluate, for example, the use of our Services and to diagnose technical issues. To learn more about Google Analytics, please visit:

https://support.google.com/analytics/answer/6004245
https://www.google.com/policies/privacy/partners/

AI and Machine Learning Services

Masttro Document AI is a module available on the platform, users may use this module when is negotiated in the client agreement. Our AI/ML models, while centralized, are designed to enhance user experience and accuracy across our client base. However, this does not compromise the independence and confidentiality of each client's data.

Some of the main features of these services are:

Aggregated and Anonymized Learning: Our AI models are trained on aggregated and anonymized datasets. These datasets are composed of general patterns and trends, rather than specific client details. By using aggregated data, the AI discerns broad behaviors and preferences without relying on or accessing individual client records.

Data Anonymization Process: Prior to being used for training, the data is processed through a rigorous anonymization protocol. This means that any identifiable information is removed or altered to ensure that the data cannot be traced back to any individual client. This process is crucial for maintaining confidentiality and privacy.

Non-Retentive Learning: The AI models operate on a non-retentive learning principle. This means that while the models learn from data patterns to improve their predictions and efficiency, they do not store any of the data they process.

Security and Privacy Safeguards: Masttro has security measures in place, including data encryption, access controls, monitoring, and regular audits, to ensure the confidentiality and integrity of client data. Futhermore, our AI systems are designed to comply with all relevant data protection regulations including GDPR, ensuring that client data is handled responsibly.

Commitment to Ethical AI Practices: Masttro address its commitment to ethical AI usage, ensuring fairness, non-discrimination, and accountable AI decision-making. This could involve ongoing ethical evaluations and impact assessments of AI models.

Transparent Governance and Accountability: Masttro establish clear internal governance structures for the use of data and AI model training. This includes appointing roles specifically responsible for adhering to privacy policies and ethical standards.

USE OF PERSONAL INFORMATION

We use personal information about you to peform our client agreement with you, or to take steps to form a client agreement with you, such as to:
• provide our Services and information that you may request; and
• establish and manage your account with us, and identify and authenticate you so you can access and use our Services.

We may also process personal information to pursue our legitimate interests in efficiently and securely providing our Services and otherwise managing our business. In doing so, we may process your personal information to:

• communicate with you about the Services or respond to any other inquiries you may have;
• enhance, improve, operate, and maintain our Services, programs, website, apps, and other systems and features (including managing the Services, developing new services and offerings; enhancing and improving our Services; managing our communications; analyzing our Services; peforming data analytics; market research; and peforming accounting, auditing and other internal functions);
• prevent fraudulent use of our Services and other systems and features;
• prevent or take action against activities that are, or may be, in violation of regulatory requirements, industry standards and applicable law;
• tailor content and other aspects of your experience on and in connection with the Services;• maintain a record of our dealings with you;
• deliver marketing materials to you; and
• perform other administrative activities;
• service you through the tickets initiated within the Platform;
• attend any information shared by you for us to provide you the service.

In addition, we may use the personal information we obtain when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so to comply with applicable laws or regulations.

Lastly, we may use your personal information for other purposes about which we will notify you when we request the information. Where required by applicable law, we will obtain your consent to process your personal information.

We may disclose information to third parties in the following circumstances:

Service Providers

We disclose personal information to third-paty service providers such as those used for payment processing, data storage, and processing facilities that assist us in our work. In addition, we may share the information we obtain about you with consultants and professional services organizations (e.g., auditors, and law firms). We limit the personal information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such personal information.

Business Transfers

Personal information about our users may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of Masttro assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

To Protect Our Interests

We also disclose personal information if we believe that doing so is legally required, or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others, or otherwise to help protect the safety or security of our Services, users of the Services or others, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

Other

We may also disclose personal information if we are required to do so by law or legal process (such as a cout order or subpoena), or in response to lawful requests by government agencies, such as law enforcement authorities.

YOUR CHOICES

We offer you certain choices in connection with the personal information we obtain about you, such as the ability to request access to, or rectification or deletion of, your personal information. For example, if we offer the ability to create user accounts or profiles on our Services, you may have the ability to access and update many categories of personal information that you provide to us by logging in to your account and accessing your account settings. Subject to applicable law, you may also have the right to request that we restrict our processing of your personal information, or to object to our processing. You may also have the right to receive the personal information you have provided to us in a structured, commonly used and machine-readable format, or to request that we transmit this information to another business. Where we rely on your consent for processing of your personal information, you may withdraw such consent.

If you wish to exercise these rights with respect to the personal information we hold about you, you may contact us at privacy@masttro.com.

To the extent the relevant personal information is Client Data, we will use reasonable effots to communicate your choices to your wealth management services provider. As noted above, we only act as a data processor with respect to Client Data, and you should exercise your rights with your wealth management services provider, who acts as the data controller with respect to Client Data.

If you request that we delete your account on any of our Services (via a user settings page, by email, or otherwise) we will do so within a reasonable period of time, but we may retain some of your personal information in order to satisfy our legal obligations, such as our records retention obligations, or where we reasonably believe that we have a legitimate business reason to do so, such as for the establishment, exercise or defense of legal claims, as well as required accounting and/or tax bookings.

You also can unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails (current Masttro clients will continue to receive product alets).

If you are unsatisfied with the way that Masttro processes your personal information, you have the right to lodge a complaint with the data protection regulator in your jurisdiction. We would, however, appreciate it if you would give us the opportunity to resolve any concerns you may have before doing so.

DATA TRANSFERS

Personal Data collected under this Agreement may be transmitted to, stored, and processed in Switzerland, the United States or any other region, wherever Masttro and the client determine in the client agreement. In addition, transfers of information to different countries (other than the country in which the information was originally collected) may be made as pat of a customer's request or legal requirement for Masttro or the sub-processors. In such cases, customers will be notified prior to the transfer.

If you are located in the European Economic Area (“EEA”), United Kingdom or Switzerland, we will comply with applicable legal requirements regarding the provision of appropriate safeguards for the transfer of personal information to recipients in countries that are not deemed to provide an adequate level of data protection. These safeguards may include entering into the EU or UK-approved Standard Contractual Clauses with data recipients, as applicable. You may request a copy of these safeguards by contacting us as described in the “Contacting Us” section of this Notice.

SECURITY

Masttro maintains administrative, technical and physical Security controls reasonably designed to protect personal information we obtain through the Services against accidental loss, disclosure, misuse, and destruction. These controls consider strong encryption standards (in transit and at rest), robust security configurations, logical and physical access control, backups and recovery, incident management and others. Masttro control framework is based on international best practice such as: ISO27001, NIST and COBIT, these controls are assessed internally in a regular basis.

DATA RETENTION


To the extent required by applicable law, we keep the personal information we obtain about you for the period necessary to achieve the purposes described in this Notice, taking into account applicable statute of limitations periods and any legal, regulatory, tax, accounting, or other records retention requirements. We may retain your personal information for a longer period in the event of a complaint or in reasonable anticipation of litigation.

LINKS AND THIRD-PARTY FUNCTIONALITY

The Services may contain links to other websites, products, or services that we do not own or operate. For example, the Services may contain links to third-paty sites, such as social networking services or custodial services. If you choose to visit or use any third-paty sites or products or services available on or through such third-paty sites, please be aware that this Notice will not apply to your activities or any information you share while using those third- paty sites or any products or services available on or through such third-paty sites. We are not responsible for the privacy practices of these third-party sites or any products or services on or through them. Additionally, please be aware that the Services may contain links to websites and services that we operate but that are governed by different privacy policies.

In addition, by using third-party services to log in to your Masttro account or access our Services, including through our application programming interface (API), you may permit such third-paty service to access and use all information related to your Masttro account that may be accessible to such third-paty service.

We encourage you to carefully review the privacy policies applicable to any website or service you visit other than the Services, or which you integrate into the Services using the API, before providing any personal information to them.

CHILDREN'S PERSONAL INFORMATION


The Services are designed for a general audience and are not directed to children under the age of 13. The Services do not knowingly collect or solicit personal information from children under the age of 13. If we learn that we have collected personal information from a child under the age of 13, we will promptly delete that information. If you believe that a child under the age of 13 may have provided us with personal information, please contact us as specified in the "Contacting Us" section of this Privacy Notice below.

CALIFORNIA CONSUMER PRIVACY STATEMENT

This California Consumer Privacy Statement (“Statement”) supplements Masttro’s Privacy Notice. It applies solely to California consumers and addresses personal information we collect online and offiine. This Statement does not apply to Masttro personnel or information collected, processed or disclosed pursuant to the Gramm-Leach-Bliley Act, its implementing regulations or the California Financial Information Privacy Act.

This Statement uses cetain terms that have the meanings given to them in the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) and its implementing regulations (collectively, the “CCPA/CPRA”).

1. Notice of Collection and Use of Personal Information

We may collect (and may have collected during the 12-month period prior to the effective date of this Statement) the following categories of personal information about you:
• Identifiers: These are identifiers such as a real name, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers, and similar technology; client number, unique pseudonym, or user alias; telephone number and similar), online identifier, internet protocol address, and other similar identifiers
• Additional Data Subject to Cal. Civ. Code § 1798.80: signature, social security number, education, and medical information. Applicable only for the purpose of managing career opportunities at Masttro.
• Protected Classifications: characteristics of protected classifications under California or federal law, such as race, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, disability, citizenship status, and military and veteran status. Applicable only for the purpose of managing career opportunities at Masttro.
• Online Activity: Internet information, including, but not limited to, information regarding your interaction with Masttro’s websites and applications.
• Employment Information: professional or employment-related information such as résumé information, occupation details, education details, certifications and professional associations, historical compensation details, previous employment details, emergency contact information, and pre-employment screening and background check information, including criminal records information. Applicable only for the purpose of managing career opportunities at Masttro and managing our relationships with current or prospective partners, corporate clients and vendors and other business partner personnel.
• Education Information: education information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Pat 99). Applicable only for the purpose of managing career opportunities at Masttro.
• Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, behavior, abilities, and aptitudes. Applicable only for the purpose of managing career opportunities at Masttro.

We may use (and may have used during the 12-month period prior to the effective date of this Statement) the categories of personal information listed above for the purposes described elsewhere in Masttro’s Privacy Notice and for the following business purposes specified in the CCPA/CPRA.

• Performing services, including maintaining or servicing accounts, providing client service, processing or fulfilling orders and transactions, verifying client information, processing payments, providing financing, providing analytics services, providing storage, or providing similar services.
• Providing advertising and marketing services.
• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance.
• Shot-term, transient use, such as nonpersonalized advertising shown as pat of your current interaction with us.
• Helping to ensure security and integrity.
• Debugging to identify and repair errors that impair existing intended functionality.
.• Undertaking internal research for technological development and demonstration.
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
.• Managing career opportunities with Masttro.
• Managing our relationships with current or prospective partners, corporate clients and vendors and other business partner personnel.

We do not collect or process sensitive personal information for purposes of inferring characteristics about consumers.

To the extent we process deidentified information, we will maintain and use the information in deidentified form and will not attempt to reidentify the information unless permitted by applicable law.

2. Retention of Personal Information

We will retain your personal information as described in the “Data Retention” section of the Masttro Privacy Notice.

3. Sources of Personal Information

During the 12-month period prior to the effective date of this Statement, we may have obtained personal information about you from the following categories of sources:
• Directly from you.
• From your devices, such as when you use our Services.
• Our affiliates and subsidiaries.
• Vendors who provide services on our behalf.

4. Disclosure of Personal Information


During the 12-month period prior to the effective date of this Statement, we may have disclosed your personal information to cetain categories of third paties, as described below. We may have disclosed the following categories of personal information about you for a business purpose to our affiliates and subsidiaries, vendors who provide services on our behalf and data analytics providers:

• Identifiers.
• Online Activity.

In addition to the categories of third paties identified above, during the 12-month period prior to the effective date of this Statement, we may have disclosed personal information about you to the following additional categories of third paties: (1) government entities and (2) professional service organizations such as auditors and law firms.

Masttro does not sell personal information or share personal information for cross-context behavioral advertising purposes and has not sold personal information or shared personal information for cross-context behavioral advertising purposes during the 12-month period prior to the effective date of this Statement.

5. California Consumer Privacy Rights

You have certain choices regarding your personal information, as described below.

• Access: You have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, and disclosed about.
• Correction: You have the right to request that we correct the personal information we maintain about you, if that information is inaccurate.
• Deletion: You have the right to request that we delete certain personal information we have collected from you.
• How to Submit a Request. To submit an access or deletion request, email us at privacy@masttro.com. To submit a request as an authorized agent on behalf of a consumer, please email us at privacy@masttro.com. For questions or concerns about our privacy policies and practices, please contact us as described in the "Contacting Us" section of our Privacy Notice.
• Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you have an account with us, we may verify your identity by requiring you to sign in to your account. If you do not have an account with us and you request access to, correction, or deletion of your personal information, we may require you to provide any of the following information: name, email address, date of contact, etc. In addition, if you do not have an account and you ask us to provide you with specific pieces of personal information, we will require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. If you designate an authorized agent to make an access, correction, or deletion request on your behalf (a) we may require you to provide the authorized agent written permission to do so, and (b) we may require you to verify your own identity directly with us (as described above).

Additional Information. If you choose to exercise any of your rights under the CCPA/CPRA, you have the right to not receive discriminatory treatment by us. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request. This Statement is available in alternative formats upon request. Please contact privacy@Masttro.com to request this Statement in an alternative format.

6. California Online Privacy Protection Act

The California Online Privacy Protection Act (“CalOPPA”) applies only to companies which collect Personal Information of California residents.

How we respond to Do Not Track Signals. CalOPPA requires us to let you know how we respond to web browser Do Not Track (“DNT”) signals. DNT is a privacy preference you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. Because there currently is not an industry or legal standard recognizing or honoring DNT signals, we do not respond to them at this time. We await the result of work by the privacy community and industry to determine when such a response is appropriate and what form it should take.

Visitors can visit our website anonymously by adjusting the settings in your browser.

Third-Paty Behavioral Tracking. We do not allow third-party behavioral tracking of Personal Information.  

UPDATES TO THIS NOTICE

We may occasionally update this Notice to reflect changes in our personal information practices. When we do, we will revise the “last updated” date at the beginning of the Notice. Where required by applicable law, we will notify you of any material changes by, for example, posting a notice of the update on our website and obtaining your consent prior to applying the change to any personal information we collected from you prior the date the change becomes effective. We encourage you to periodically review this Notice to stay informed about how we collect, use, and disclose personal information.

CONTACTING US

For the purposes of applicable data protection law, Masttro acts as the data controller with respect to your personal information, except with respect to Client Data where Masttro will be a data processor. To update your preferences, update or correct your information, submit a request, or if you have any questions or comments about this Notice, please contact us using the following contact information:

Masttro Global Corporation
1407 Broadway, Suite 448
New York, NY 10018
privacy@Masttro.com



Last updated:  January 26, 2024