Privacy Policy

Chartwell Financial Advisory, Inc. and CCS Transactions, LLC (collectively, “Chartwell”, “We”, “Our”, or “Us”) value Your (“You” or “Your”) privacy and are committed to complying with the applicable data privacy and security requirements in the states in which We operate. This Privacy Policy (“Privacy Policy”) describes how We collect, process, and share Personal Data, Your Rights & Choices, and other important information about how We handle Your Personal Data.

ATTENTION: PLEASE READ THIS PRIVACY POLICY CAREFULLY. ACCESSING OR USING OUR SERVICES INDICATES THAT YOU ACKNOWLEDGE THIS PRIVACY POLICY IN FULL. IF YOU DO NOT ACCEPT THIS PRIVACY POLICY, DO NOT ACCESS OR USE OUR SERVICES.

1. Scope of this Privacy Policy

This Privacy Policy applies to Your use of our “Services” which include the following:

• Our “Offline Services” – In-person services You use or receive when You visit one of our office locations, contact Us over the phone, and attend an event or workshop.
• Our “Digital Services” – Our websites, www.chartwellfa.com, social media pages, and other online services.

This Website and content available within is for informational purposes only. Neither the Website nor the content available within constitutes legal, financial, accounting, or other professional advice, and neither should be relied upon by You or any third party, including to operate or promote Your business, secure financing or capital in any form, obtain any regulatory or governmental approvals, or otherwise be used in connection with procuring services or other benefits from any entity. Chartwell assumes no liability for readers’ use of the information herein and please note, before making any decision or taking any action, You should consult with legal and professional advisers.

Chartwell hereby authorizes You to display on Your computer, download, and print pages of this Website, subject to the following provisions: (i) the copyright notice appears on all such printouts; (ii) the information will not be altered in any manner; and (iii) the content is only to be used for personal educational and non-commercial use and will not be redistributed, broadcast, or copied to any other media.

You acknowledge (a) that You have read and understood this Privacy Policy; (b) that this Privacy Policy shall have the same force and effect as a signed agreement; and (c) that by agreeing to this Privacy Policy, You consent to receive notifications regarding security incidents to the email address We have on file for You.

Unless explicitly stated otherwise, any new features that augment or enhance our current Services shall be subject to this Privacy Policy. Please review the Privacy Policy each time You use our Services.

2. Controller/How to Contact Us

The controller of Your Personal Data under this Privacy Policy is Chartwell Financial Advisory, Inc. You may contact our Data Privacy Team as follows:

General Inquiries and Data Updates: visit our Contact Page or email Us at Data.Privacy@chartwellfa.com

Opt-Out of Data Sales or Sharing; Limit uses of Sensitive Personal Data: email Us at Data.Privacy@chartwellfa.com or call 844-840-5434.

Regional Data Rights: email Us at Data.Privacy@chartwellfa.com, mail to the address below, or call 844-840-5434.

Direct Marketing Disclosure Inquiries: mail to the address below or email Us at Data.Privacy@chartwellfa.com.

Physical Address: Chartwell Financial Advisory, Inc. Attn: Privacy                                      

150 South Fifth Street, Suite 2700, Minneapolis, MN 55402

Securities Investor Protection Corporation (SIPC) Disclosure

Although CCS Transactions, LLC does not maintain customer accounts or accept customer funds or securities, We are a member of SIPC. To obtain more information about SIPC, including a SIPC brochure, You may contact SIPC directly by telephone at 201-371-8300 or refer to www.sipc.org.

3. Categories and Sources of Personal Data

The following describes how We process data relating to identified or identifiable individuals and households (“Personal Data”).

Categories of Personal Data We Process

The categories of Personal Data We process may include:

• Audio/Visual Data – Audio files and records, such as voicemails, call recordings, and the like.
• Contact Data – Information such as name and contact details (email, phone number, mailing address).
• Identity Data – Information such as Your name; address; email address; telephone number; gender; date of birth, age and/or age range.
• Services Data – Information about the Services We provide to You and about transactions You make with Us or other companies related to our Services.
• Employment Data – Data relating to professional and employment history, educational history, professional experience, qualifications, and similar biographic information.
• General Location Data – Non-precise location data, e.g. location information derived from social media tags/posts, or generally collected when You visit our website.
• Device / Network Data – Browsing history, search history, and information regarding Your interaction with a website, application, or advertisement (e.g. IP Address, MAC Address, SSIDs, application ID/AdID/IDFA, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.
• Sensitive Personal Data – Personal Data deemed “sensitive” under California or other laws, such as social security, driver’s license, state identification card, or passport number; account log-in and password, financial account, debit card, or credit card number; precise location data; racial or ethnic origin, religious or philosophical beliefs, etc. We collect the following categories of Sensitive Personal Data:
  • “Government ID Data” Data relating to official government identification, such as driver’s license or passport numbers, including similar Identity Data protected as Sensitive Data under applicable law.
  • “Health Data” Information related to your health, including, but not limited to, disability accommodations.
  • “Payment Data” Information such as bank account details, payment card information, including similar data protected as Sensitive Data under applicable law, and relevant information in connection with a financial transaction.
• User Content – Unstructured/free-form data that may include any category of Personal Data, e.g. data that You give Us in free text fields such as comment or contact boxes.

Sources of Personal Data We Process

We collect Personal Data from various sources, which include:

• Data You provide us – We receive Personal Data when You provide them to us, when You purchase our services, complete a transaction via our Services, or when You otherwise use our Services.
• Data We collect automatically – We collect Personal Data about or generated by any device used to access our Digital Services.
• Service Providers – We receive Personal Data from service providers who may perform services on our behalf.
• Data We create or infer – We and certain third party Service Providers operating on our behalf, create and infer Personal Data such as Preference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Policy, and We may correlate this data with other data We process about you.

4. Data Processing Contexts / Notice at Collection

Offline Services

We may process Contact Data, Identity Data, Service Data, Government ID Data, and Payment Data when You visit one of our office locations, contact Us over the phone, or attend an event or workshop.

We use this Personal Data as necessary to provide our Offline Services, including financial advisory, corporate finance, transaction opinion, and valuation services. We may also process this Personal Data for our Business Purposes and Commercial Purposes.

Digital Services

Generally We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Preference Data when You visit our website or otherwise interact with Us through our Digital Services. You may also be able to contact us or enroll in marketing communications through our Digital Services.

We use this Personal Data as necessary to operate our Digital Services, such delivering pages, etc., for our Business Purposes, and our other legitimate interests, such as:

• ensuring the security of our websites, mobile applications and other technology systems; and
• analyzing the use of our Services, including navigation patterns, clicks, etc. to help understand and make improvements to the Services.

We may process this Personal Data for our Commercial Purposes.

Cookies And Other Tracking Technologies

We process Identity Data, Device/Network Data, Contact Data, Preference Data, and General Location Data, in connection with our use of cookies and similar technologies on our Digital Services. We may collect this data automatically.

We and authorized third parties may use cookies and similar technologies for the following purposes:

• for “essential” purposes necessary for our Digital Services to operate (such as maintaining user sessions, CDNs, and the like);
• for “analytics” purposes and to improve our Digital Services, such as to analyze the traffic to and on our Digital Services (for example, We can count how many people have looked at a specific page, or see how visitors move around the website when they use it, to distinguish unique visits/visitors to our Digital Services, and what website they visited prior to visiting our website, and use this information to understand user behaviors and improve the design and functionality of the website);

We may also process this Personal Data for our Business Purposes and Commercial Purposes. See Your Rights & Choices for information regarding opt-out rights for cookies and similar technologies.

Marketing Communications

We send marketing email communications through our service provider: Emma, Inc. We process Device/Network Data, Contact Data, Identity Data, and Preference Data in connection with marketing emails or similar communications, and when You open or interact with those communications. You may receive marketing communications if You consent and, in some jurisdictions, as a result of a purchase.

We process this Personal Data to contact You about relevant products or services and for our Business Purposes. Marketing communications may also be personalized as permitted by applicable law. See Your Rights & Choices to limit or opt out of this processing.

Contact Us; Support

We collect and process Identity Data, Contact Data, and User Content when You contact us, e.g. through a contact Us form, or for support. If You call Us via phone, We may collect Audio/Visual data from the call recording.

We process this Personal Data to respond to Your request, and communicate with you, as appropriate, and for our Business Purposes. If You consent or if permitted by law, We may use Identity Data and Contact Data to send You marketing communications and for our Commercial Purposes.

Forms and Questionnaires

We may process Identity Data, Contact Data, Preference Data, and User Content collected in connection with questionnaires or forms related to sign-up for webinars or other events. We process this Personal Data as necessary to respond to requests, for our Business Purposes, and other legitimate interests.

We may process this Personal Data for our Commercial Purposes. We may share data relating to third party partners with those partners, who may use it for their own purposes.

Hosted Events

We process Identity Data, Contact Data, and Services Data when you sign up to attend one of our hosted events. If you provide it, we also process Employment Data. If you attend a paid event, we process Payment Data via our third-party payment service provider. We do not permanently store your Payment Data.
We process Identity Data, Contact Data, and Services Data as necessary to operate events and provide our services to you, for our Business Purposes, and our other legitimate interests, including:

• verifying your identity for authentication, fraud prevention, and security purposes;
• to help us to return lost property to its rightful owner; and
• managing access to our events.

We use Identity Data, Contact Data, and Services Data collected in this context for our Commercial Purposes.

Professional Engagement

We process Identity Data, Contact Data, Government ID Data, Employment Data, User Content, and Payment Data in connection with your application for employment or to become an independent contractor. We may process Health Data, such as disability accommodations, if you provide it.
We process this Personal Data as necessary to evaluate, establish, and maintain the employment relationship, including, but not limited to, to conduct background checks, to provide employment benefits, and for financial administration. We may also process this Personal Data for human resources purposes, such as managing identity and credentials, administering security and loss prevention, or analyzing and consolidated reporting. We may further process Personal Data in this context for our Business Purposes. We do not sell or share Personal Data processed in this context. We process Health Data only as necessary for Business Purposes where permitted under applicable law.
California applicants, employees, and independent contractors can review our California HR Privacy Notice for more details.

5. Processing Purposes

Business Purposes

We and our Service Providers process Personal Data We hold for numerous business purposes, depending on the context of collection, Your Rights & Choices, and our legitimate interests. We generally process Personal Data for the following “Business Purposes.”

Service Delivery

We process Personal Data as necessary to provide our Services, including financial advisory, corporate finance, transaction opinion, and valuation services. For example, We process Personal Data to fulfill our contractual obligations to you, provide You with the information, features, and services You request, and create relevant documentation.

Internal Processing and Service Improvement

We may use any Personal Data We process through our Services as necessary in connection with our legitimate interests in improving the design of our Service, understanding how our Services are used or function, for customer service purposes, for internal research, technical or feature development, to track service use, QA and debugging, audits, and similar purposes.

Security and Incident Detection

We may process Personal Data in connection with our legitimate interest in ensuring that our Services are secure, identify and prevent crime, prevent fraud, and ensure safety. Similarly, We process Personal Data on our Digital Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns, and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security activities.

Aggregated Data

We process Personal Data using third-party analytics tools to better understand who is using the website and how people are using it. These tools may use cookies and other technologies to collect information about Your use of the Website and Your preferences and activities. These tools collect information sent by Your device or the Website and other information that our third-party analytic vendors may use to assist Us in improving the Website, such as Website pages visited, places where users click, time spent on each Website page, Internet Protocol address, type of operating system used, language preference, location-based data, device ID, search traffic, gender, and age. This information may be used to analyze and track data, determine the popularity of certain content, and better understand Your online activity. Our analytics providers may track Your activity over time and across websites.

Compliance, Health, Safety, Public Interest

We may also process Personal Data as necessary to comply with our legal obligations, such as where You exercise Your rights under data protection law, for the establishment and defense of legal claims, where We must comply with requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent required or permitted under applicable law. Please see the Disclosure/Sharing of Personal Data section for more information about how We disclose Personal Data in extraordinary circumstances.

Commercial Purposes

We and certain third parties process Personal Data to further our commercial or economic interests (“Commercial Purposes,”) depending on the context of collection and Your Rights & Choices.

Please Note – We may require Your consent, or We may not engage in processing of Personal Data for Commercial Purposes in some jurisdictions. See the Regional Supplement section below for more information.

Marketing Communications

We may send You marketing and promotional communications if You sign up for such communications or with Your consent after You register for our Services. These communications may be personalized based on Your user profile. We may also collect Device/Network Data and Contact Data so that We can determine whether You have opened an email or interacted with our communications.

6. Disclosure/Sharing of Personal Data

We may share Personal Data with third parties in accordance with our Privacy Policy. Please note that You may choose not to share certain information as described in Your Rights & Choices.

• Affiliates – We may share Your Personal Data with our affiliates in order to streamline certain business operations, and in support of our Business Purposes, and Commercial Purposes.
• Third-Party Service Providers and Business Partners – We may share Your Personal Data with third-party service providers and business partners who perform functions in connection with our Services, such as payment processing, social sharing, marketing, site analytics, data aggregation, customer relationship management, functions related to analyzing and improving the website usefulness, reliability, user experience, and operation, storing data, and in connection with our (or our Service Providers’) Business Purposes.
• Video Hosting and Sharing Platforms – By using third-party service providers and business partners who in turn may access some of Your information when you visit the Website, We may in effect be deemed to share Your Personal Data with third-party service providers and business partners in order for them to perform functions in connection with video hosting and sharing, including Your name, email address, address, title, industry, IP address, user ID, device ID, browser and device information, time of visit, pages visited, geolocation, queries searched, ads viewed, videos watched, and user names.
• Social Media Platforms – If You access social media platforms through our website, We may share certain Personal Data with those social media platforms in support of our Business Purposes and Commercial Purposes. We may allow these third parties to operate through our Services.
• Successors or Other Business Recipients – We may share Personal Data if We go through a merger, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction, or if the ownership of all or substantially all of our business otherwise changes.
• Lawful Recipients – We may share Personal Data to third parties if We believe that such disclosure is necessary to:
  • Comply with the law or guidance or cooperate with government or law enforcement officials or private parties;
  • Investigate, prevent, or take action regarding suspected illegal activities, suspected fraud, the rights, reputation, safety, and property of us, users, or others, or violations of our policies or other agreements with us;
  • Respond to claims and legal process (for example, subpoenas); and/or
  • Protect against legal liability.

7. International Transfers of Your Personal Data

We operate in and use service providers located in the United States. If You are located outside the U.S., Your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in other jurisdictions, such as Canada, the EEA, UK, and Switzerland. Contact Us for additional information regarding the mechanisms to ensure adequate protection of data subject to these laws.

8. Data Security

We implement a variety of security measures to protect the safety of Your Personal Data when You enter, submit, or access Your Personal Data.

While We take reasonable measures to protect the information You submit via the Website against loss, theft, and unauthorized use, disclosure, or modification, We cannot guarantee its absolute security. No Internet, email, or mobile application transmission is ever fully secure or error free. Email or other messages sent through the Website may not be secure. You should use caution whenever submitting information through the Website and take special care in deciding with which information You provide us.

We cannot guarantee that transmissions of Your Personal Data will be fully secure and that third parties will never be able to defeat our security measures or the security measures of our partners. WE ASSUME NO LIABILITY FOR DISCLOSURE OF YOUR INFORMATION DUE TO TRANSMISSION ERRORS, THIRD-PARTY ACCESS, OR CAUSES BEYOND OUR CONTROL.

9. Data Retention Policy

We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Privacy Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when We determine how long to retain data (without limitation):

• Retention periods established under applicable law;
• Industry best practices;
• Whether the purpose of processing is reasonably likely to justify further processing;
• Risks to individual privacy in continued processing;
• Applicable data protection impact assessments;
• IT systems design considerations/limitations; and
• The costs associated continued processing, retention, and deletion.

We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.

10. Links to Other Services or Applications

Except for processing by our service providers (described above), this Privacy Policy does not apply to third party websites, products, or services. The Website may contain links to other websites or apps or may forward users to other websites or apps that We may not own or operate and to which this Privacy Policy does not apply. The links from the Website do not imply that We endorse or have reviewed these websites or apps. The policies and procedures We describe here do not apply to these websites or apps. We neither can control nor are responsible for the privacy practices or content of these websites or apps. We suggest contacting these websites or app providers directly for information on their privacy policies. Nonetheless, We seek to protect the integrity of our Website and welcome any feedback about these linked websites and mobile applications.

11. Children

Our Website is not intended for children under 18 years of age. We do not knowingly collect Personal Data from an individual under age 18. If You are under the age of 18, please do not submit any Personal Data through the Website. If You have reason to believe that We may have accidentally received Personal Data from an individual under age 18, please contact Us immediately at www.chartwellfa.com/contact.

12. Changes to Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this Privacy Policy periodically, and especially before You provide any information. This Privacy Policy was made effective on the date indicated below.

13. USA Patriot Act Identity Verification Notice

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who, or entity that, establishes an account. While there are exceptions to this requirement, We may ask for certain investor information such as legal name, legal address and/or principal place of business, state of incorporation, Taxpayer Identification number, Drivers License number, date of birth, etc. that will allow Us to demonstrate compliance with these regulations. In some cases, We may also ask for additional documents.

14. Your Rights & Choices

You may have certain rights and choices regarding the Personal Data We process. Please note, these rights may vary based on the state where You reside, and our obligations under applicable law.

Your Rights

You may have certain rights regarding the Personal Data We process. See the Regional Supplement section below for rights available to You in Your jurisdiction. To submit a request, contact our Data Privacy Team. We verify Your identity in connection with most requests, as described below.

Verification of Rights Requests

Before We can fulfill the Your data rights requests, We must verify Your identity. We will require You to provide Us with Your name, telephone number, home address, and email address, together with a signed declaration under penalty of perjury that You are the consumer whose Personal Data is the subject of the request. We will match this information to the Personal Data We maintain.

You can also authorize another person, called an agent, to exercise Your rights on Your behalf. You must provide the authorized agent written and signed permission to act on Your behalf. We may deny requests to opt out from an authorized agent who does not submit proof that they are authorized to act on Your behalf. Furthermore, We may require You to verify Your identity directly with us. We may also require You to directly confirm with Us that You have provided the authorized agent permission to submit a request on Your behalf. An authorized agent can make a request on Your behalf by contacting us.

Change Your Information

You may change Your information by contacting us.

Marketing Communications/Opt-Out

You may withdraw any consent You have provided at any time. You can withdraw Your consent to receive marketing communications by clicking on the unsubscribe link in an email (for email), or for other communications, by contacting us. To opt-out of the collection of information relating to email opens, configure Your email so that it does not load images in our emails.

Cookies and Similar Technologies

• General – If You do not want information collected through the use of cookies, You can manage/deny cookies (and certain technologies) using Your browser’s settings menu or our Manage Cookies page. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out.
• Do-Not-Track – Our Services do not respond to Your browser’s do-not-track request.

15. Information Notice

This notice, in summary form, is intended to inform You who has access to the above mentioned Personal Data once We receive it. Chartwell considers all Personal Data We have about You to be confidential and pursuant to any existing or potential business relationship with you, including the fact that You may be a client of Chartwell Financial Advisory, Inc. and/or CCS Transactions, LLC. We restrict access to Personal Data about You to those employees who need to know that information in order to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with applicable regulatory standards to maintain the confidentiality of Your Personal Data.

16. Regional Supplement

US State & California Privacy Rights & Choices

Under the California Consumer Privacy Act (“CCPA”) and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations.

• Confirm – Right to confirm whether We process Your Personal Data.
• Access/Know – Right to request any of following: (1) the categories of Personal Data We have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which Your Personal Data was collected; (3) the purposes for which We collected or sold/shared Your Personal Data; (4) the categories of third parties to whom We have sold/shared Your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data We have collected about you.
• Portability – Right to request that We provide certain Personal Data in a common, portable format.
• Deletion – Right to delete certain Personal Data that We hold about you.
• Correction – Right to correct certain Personal Data that We hold about you.
• Non-Discrimination – California residents have the right to not to receive discriminatory treatment as a result of Your exercise of rights conferred by the CCPA.
• List of Direct Marketers – California residents may request a list of Personal Data We have disclosed about You to third parties for direct marketing purposes during the preceding calendar year.
• Remove Minors’ User Content – Our Website is not intended for children under 18 years of age. Nevertheless, if We accidentally received data from a residents of California under the age of 18, such California Minors can delete or remove posts using the same deletion or removal procedures described above, or otherwise made available through the Services. If You have questions about how to remove Your posts or if You would like additional assistance with deletion, contact Us using the information below. We will work to delete Your information, but We cannot guarantee comprehensive removal of that content or information posted through the Services.

Please view the California HR Privacy Notice for more details.

Submission of Requests

You may submit requests as follows (please our review verification requirements section). If You have any questions or wish to appeal any refusal to take action in response to a rights request, contact Us at Data.Privacy@chartwellfa.com. We will respond to any request to appeal within the period required by law.

Access/Know, Confirm Processing, Portability, Deletion, Correction, List of Direct Marketers, or Remove Minors’ User Content

You may call Us at: 844-840-5434. You will be directed to leave a voicemail where You can provide Your email address, phone number and address We have on file, along with Your request. You may send mail to our Contact address above with Your email address, phone number and address We have on file, along with Your request. Contact Us via email to our privacy team at Data.Privacy@chartwellfa.com.

Categories of Personal Data Disclosed for Business Purposes

For purposes of the CCPA, We have disclosed to Service Providers for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:

Category of Personal Data	Category of Recipients
Contact Data	Affiliates; Third-Party Service Providers and Business Partners; Social Media Platforms; Successors or Other Business Recipients; Lawful Recipients
Identity Data
Services Data
Employment Data
General Location Data
Device/Network Data
User Content
Government ID Data	Affiliates; Successors or Other Business Recipients; Lawful Recipients
Payment Data

Categories of Personal Data Sold, Shared, or Disclosed for Commercial Purposes

For purposes of the CCPA, We do not “sell” or “share” Personal Data.

Categories of Sensitive Personal Data Used or Disclosed

For purposes of CCPA, We may use or disclose the following categories of Sensitive Personal Data: Government ID Data; Health Data; Payment Data. However, We do not sell or share Sensitive Personal Data, or use it for purposes other than those listed in CCPA section 7027(m).

Effective: January 31, 2025