PRIVACY POLICY

1. About this Privacy Policy
1.1 This Privacy Policy explains how CVG UK collects, uses, shares and protects personal data when you use our Website, contact us, or engage with us.
1.2 We aim to provide information in a clear, accessible way and to include the information required by UK data protection law.

2. Controller details
2.1 Data controller: Citi Venture Group Ltd (“CVG UK”), Company No. 11039098, registered office: 1 Grace House, Bess borough Road, Harrow, England, HA1 3EX.
2.2 Contact: use the contact details shown on our Website.
2.3 If we appoint a specific data protection contact or representative, we will publish those details on the Website.

3. Personal data we may collect
3.1 Identity and contact data (e.g., name, date of birth if relevant, address, email, phone).
3.2 Enquiry and communications data (messages, call notes, meeting notes, complaint correspondence).
3.3 Client-provided documents and information (only where you provide them).
3.4 Transaction and billing-related data (invoice references, payment status, bank transfer references where provided).
3.5 Technical data (IP address, device info, browser type, pages visited) via cookies and similar technologies (see Cookie Policy).

4. How we collect personal data
4.1 Directly from you (forms, email, telephone, messaging platforms, meetings).
4.2 From third parties where you ask us to liaise (e.g., service providers, educational institutions, overseas partners), and where appropriate/necessary for services.
4.3 Automatically through Website technologies (cookies, logs), as described in the Cookie Policy.

5. Why we use personal data and lawful bases
5.1 We use personal data for purposes including:
(a) responding to enquiries and providing information;
(b) delivering consultancy, coordination, administrative support and related services;
(c) onboarding, verification and compliance checks (including AML/CTF where applicable);
(d) invoicing, payments administration, record-keeping and audits;
(e) improving our Website and services;
(f) handling complaints and disputes;
(g) maintaining security and preventing fraud or misuse.
5.2 Lawful bases may include (as applicable):
(a) performance of a contract or steps at your request before entering a contract;
(b) legitimate interests (e.g., operating our business, improving services, fraud prevention) where those interests are not overridden;
(c) compliance with legal obligations (e.g., financial crime compliance, record keeping);
(d) consent (e.g., where required for certain cookies or optional marketing, if used).
5.3 We will provide lawful basis information in our privacy information and, where we rely on legitimate interests, we may explain those interests where appropriate.

6. Sharing personal data
6.1 We may share personal data where reasonably necessary for the purposes in clause 5, including with:
(a) our professional advisers (legal, accounting, compliance) as required;
(b) service providers (IT, hosting, analytics providers, payment processors);
(c) relevant institutions or bodies where you ask us to coordinate (e.g., educational institutions, endorsement bodies, authorities) and where necessary to deliver services;
(d) overseas partners or third-party professionals where you request or agree to a referral/introduction.
6.2 We may disclose personal data to law enforcement, regulators or competent authorities where required or permitted by law.

7. International transfers
7.1 Some recipients may be outside the UK (for example, where you request coordination with overseas partners or overseas institutions).
7.2 Where UK data protection law requires it, we will use appropriate safeguards for international transfers (for example, contractual protections) and provide further details on request.

8. Data security
8.1 We implement reasonable technical and organisational measures designed to protect personal data from unauthorised access, loss, misuse, alteration or disclosure.
8.2 No method of transmission or storage is completely secure; you should take care when sending information electronically.

9. Data retention
9.1 We retain personal data only for as long as necessary for the purposes in this Privacy Policy, including to meet legal, accounting, compliance, and dispute-resolution requirements.
9.2 Retention periods may vary depending on the type of data and the nature of the engagement.

10. Your rights
10.1 Depending on your circumstances and the applicable law, you may have rights including:
(a) access; (b) rectification; (c) erasure; (d) restriction; (e) objection; (f) data portability; and rights relating to automated decision-making where applicable.
10.2 Where we rely on consent, you may withdraw consent at any time (this does not affect lawfulness before withdrawal).
10.3 You also have the right to complain to the UK Information Commissioner’s Office (ICO).

11. Children
11.1 Our Website and services are not intended for children. If you believe a child has provided personal data to us, please contact us.

12. Changes to this Privacy Policy
12.1 We may update this Privacy Policy from time to time. The current version will be available on our Website.