Skip to main content
Privacy

Privacy Policy

Last updated: December 2025

1. Who we are

Penrose Partners Ltd. (“Penrose”, “we”, “us”) is a digital asset consultancy and advisory firm headquartered in Bermuda. Our registered office is:

16 Par-la-Ville Road
Hamilton HM 08
Bermuda

We are responsible for deciding how and why we use personal information in connection with our services and business operations.

Our designated Privacy Officer is:

Privacy Officer: Emilie Ghaffari
Email: emilie@penrosepartners.com

This Privacy Notice explains how we use personal information in accordance with the Personal Information Protection Act 2016 (PIPA) which went into effect January 1st 2025. 

2. What personal information we collect

The personal information we collect depends on how you interact with us. It may include:

Identification and contact information – name, job title, employer, email address, phone number, and postal address.

Onboarding and due diligence information – date of birth where applicable.

Professional and business information – role, company, business interests, information contained in business cards, correspondence, and meeting notes.

Marketing and communications information – your marketing preferences, event registrations, survey responses, and email engagement data (e.g., opens and clicks).

Website and technical information – IP address, device identifiers, browser type, access logs, and cookie-related information collected when you visit our websites or digital platforms. Our websites may use cookies and similar tracking technologies to improve functionality, analyse usage, and support marketing. You may manage your browser settings to refuse cookies.

Where we need to collect personal information by law or under the terms of a contract, failure to provide required information may limit our ability to provide services or enter into or perform a contract.

Our services are not directed at children, and we do not knowingly collect personal information from individuals under the age of 16. If we become aware that such information has been collected, we will delete it.

3. How and why we use personal information

We use personal information only in a lawful and fair manner and only for legitimate business purposes, including to:

  • Provide and manage our consultancy and advisory services.
  • Onboard clients, including conducting KYC/AML and sanctions screening and other compliance checks.
  • Manage our relationship with clients, suppliers, and partners, including billing and payments.
  • Communicate with you about our services, events, publications, and market insights, including sending marketing emails where permitted.
  • Organise and manage events, webinars, and meetings.
  • Operate, maintain, and improve our websites and digital platforms.
  • Comply with legal and regulatory obligations, including requests from regulators or law enforcement.
  • Protect the security of our premises, systems, data, and personnel.
    Recruit, manage, and administer employees, contractors, and other workers, including payroll and benefits.

We may rely on different legal bases under PIPA depending on the circumstances, including:

  • Your consent, for example where you sign up to receive marketing communications or voluntarily provide certain information.
  • Contractual necessity, where use of your information is required to enter into or perform a contract with you or your organisation.
  • Legal or regulatory obligations, such as anti-money laundering, sanctions compliance, or record-keeping requirements.
  • Legitimate business purposes, where our use is necessary to operate our business in a way that is not unfair or unreasonable and is consistent with your reasonable expectations.

We do not sell personal information.

4. Sensitive personal information

In limited circumstances, particularly during onboarding and compliance checks, we may process sensitive personal information as defined under PIPA (for example, information relating to criminal offences or political opinions for determining politically exposed person status).

We only use sensitive personal information where:

  • it is necessary for a purpose permitted by PIPA (such as compliance with law); and
  • appropriate safeguards are in place.

We do not routinely collect sensitive personal information and will only do so where strictly necessary for compliance or onboarding purposes.

5. Marketing communications

Where permitted, we may use your contact details to send you information about our services, events, thought leadership, and updates that we believe may be relevant to you.

You may opt out of marketing at any time by:

  • clicking the “unsubscribe” link in any marketing email; or
  • by contacting our designated Privacy Officer at emilie@penrosepartners.com 

We will honour any request to cease using your personal information for advertising, marketing, or public relations, as required under PIPA.

6. Who we share personal information with

We may disclose personal information, where appropriate, to:

  • Service providers and vendors who support our operations (e.g., IT and cloud hosting providers, CRM and email platforms, analytics providers, professional services firms). These providers may be located in Bermuda or overseas.
  • Financial institutions and payment processors, in connection with invoicing and payments.
  • Professional advisers, such as lawyers, auditors, and consultants.
  • Regulators, governmental bodies, and law-enforcement authorities, where required or permitted by law.
  • Business partners or counterparties, where necessary in connection with a transaction or engagement and in line with your reasonable expectations.

We require third parties to protect personal information in accordance with PIPA and to use it only for the purposes for which it was disclosed.

7. Transfers outside Bermuda

Because we use global service providers and work with clients and partners in other jurisdictions, your personal information may be transferred to or accessed from countries outside Bermuda.

We will only transfer personal information outside Bermuda where permitted by PIPA, including by:

  • ensuring the recipient is in a jurisdiction with adequate protections;
  • putting appropriate contractual or other safeguards in place; or
  • otherwise complying with PIPA’s requirements for cross-border transfers.

8. How long we keep personal information

We keep personal information only for as long as reasonably necessary to:

  • fulfil the purposes described in this Privacy Notice;
  • comply with applicable laws and regulatory requirements;
  • resolve disputes; and
  • enforce our agreements.

Retention periods may vary depending on the type of information and the context, including legal or regulatory obligations (e.g., financial services, tax, or AML requirements).

9. How we protect personal information

We use appropriate technical and organisational safeguards designed to protect personal information against:

  • loss;
  • unauthorised access, use, modification, disclosure, or destruction; and
  • other misuse.

Access to personal information is limited to employees and service providers who have a business need to know it and who are bound by confidentiality obligations.

10. Your rights under PIPA

Under PIPA, you may have the right to:

  • Access your personal information.
  • Request corrections of inaccurate or incomplete personal information.
  • Request blocking or cessation of certain uses of your personal information, including where such use is causing or is likely to cause substantial damage or distress.
  • Request that we cease using your personal information for advertising, marketing, or public relations.
  • Request erasure or destruction of personal information that is no longer required for the purposes for which it was collected.

To exercise your rights, please contact:

Privacy Officer: Emilie Ghaffari
Email: emilie@penrosepartners.com

Your request must contain sufficient information to allow us to identify the relevant personal information and your contact details so we can respond.

We will acknowledge your request within 4 business days and respond within a reasonable period, typically within 45 days of receiving a complete request, in line with PIPA.

Please note that if you ask us to delete or stop using certain personal information, we may no longer be able to provide some or all of our services.

11. Complaints and contact

If you have any questions about this Privacy Notice or how we handle personal information, or if you wish to make a complaint, please contact our Privacy Officer using the details above.

You also have the right to lodge a complaint with the Office of the Privacy Commissioner for Bermuda (PrivCom) if you are not satisfied with our response.
Website: https://www.privcom.bm

12. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. The “Last Updated” date at the top of this page indicates when it was last revised. Material changes will be highlighted where appropriate.

Join our mailing list

Submit
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

ABOUT

Headquartered in Bermuda, Penrose Partners operates globally across Toronto, Montreal, New York, and London.

info@penrosepartners.com

AWards

Privacy Policy

Penrose Partners Ltd. collects and uses personal information to operate our business, provide advisory services, communicate with you, and comply with legal and regulatory obligations, in accordance with Bermuda’s Personal Information Protection Act 2016 (PIPA). We do not sell personal information. Our website uses cookies and similar technologies to improve functionality and analyse usage.

See Full Privacy Notice