This Privacy Policy informs you of important information about how BFC Capital LLC, Bostonia Partners LLC and its affiliates (together, “Bostonia” “we”, “our”, or “us”) process the personal data we collect in online and offline formats through the Services. “Personal data” or “Personal Information” means data that reasonably can be used to identify a living person, or that reasonably relates to a living person.

When we use the term “Services” we refer collectively to:

  • The provision of financial advisory and placement services to our clients and prospective clients (“Client Services”);
  • The websites and mobile applications owned and controlled by us that link to this Privacy Policy (“Sites”); and
  • Our marketing and business development activities, including events we host, social media properties we create, and emails that we send (“Marketing Activities”).

We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our individual clients and prospective clients, their representatives, visitors to our offices, visitors to our Sites, vendors, and other individuals.

Clients and Prospective Clients

We operate in a regulated industry. This means we are required to obtain certain information before we can accept someone as a client. For individual clients, this includes, but is not limited to:

  • Name
  • Contact details
  • Financial information
  • Information to verify identity, such as driver’s license or passport

Most of our clients are corporate entities and data about entities is not personal data. But we do process personal data of company employees, representatives and other personal data clients provide to us, or allow us to collect on their behalf, while providing the Client Services. This includes contact information and any other personal data that is relevant to or necessary for us to perform a proper background check, or a required “Anti-Money Laundering” or “Know Your Customer” background check, or otherwise to deliver the Client Services.

We also process personal data to assist in building relationships. This includes name, contact information and job title and may also include education information, work history and gender.

We collect and use this information to provide the Client Services and for other legitimate business interests. For example, we use contact details to send communications, news updates and invitations to events. You can update your communication preferences by clicking on the link at the bottom of one of our marketing emails.

We also obtain personal data from third-party sources in connection with Client Services and general internet searches. We use this information to perform relevant diligence, conduct investigations and perform conflict checks.

Our legal basis for processing personal data in connection with Client Services is:

  • To comply with legal obligations and professional responsibilities;
  • To perform contracts;
  • To pursue our legitimate interests of:
  •   ensuring that we deliver the best possible service to our clients,
  •   keeping individuals informed of developments in the markets,
  •   business development and general marketing,
  •   providing you with information on our services and events, and
  •   ensuring we build and maintain a good working relationship with you
  • For your consent, but where we make it clear to you in advance that we are relying on your consent

For prospective clients, or an employee or representative of a prospective client, we will process personal data including your name and contact details as well as details of any interactions you may have with us or our employees (for example, meetings you have had or pitches to which you have invited us).

We may obtain this information directly from you, from your employer or from publicly available sources like your employer’s website.

The legal basis we rely on to process your personal data is:

  • To take steps requested by you prior to entering into a contract with you;
  • To pursue our legitimate interests in building our business and developing a relationship with potential new clients.

Visitors to Our Site

Certain visitors may interact with our Site in ways that lead us to gather personal data. The amount and type of data that we gather depends on the nature of the interaction. Visitors can always refuse to supply personal data, with the caveat that it may prevent them from engaging in certain Site-related activities.

The legal basis we rely on to process this information is:

  • To pursue our legitimate interests in developing and growing our business, operating and improving the Sites; and
  • Your consent, where we make it clear to you in advance that we are relying on your consent (for example, when you subscribe to our mailing list).

Visitors to Our Offices

For visitors to our offices we keep a record of name and contact information. This information is recorded for legitimate business purposes and for health and safety purposes so that we know who is in the building in event of an emergency.

The legal basis we rely on to process your personal data is:

  • To comply with our legal obligations;
  • To pursue our legitimate interests in ensuring the safety and security of our employees an visitors.

Vendors and Business Partners

We process personal data of vendors and business partners, including name and contact details. For vendors, we do this so that we can liaise about the services the vendors are providing to us now and in the future. For business partners, we do this to support, grow and maintain the relationship. For individual vendors and business partners, we also may hold financial information in order to pay invoices. Sometimes we receive this information from a third party who is recommending the service to us.

The legal basis we rely on to process this personal data is:

  • To pursue our legitimate interests of managing and operating our business, including through use of vendors.

Other Individuals

When we provide certain types of Client Services, we may be provided with personal data from third parties about a number of individuals other than those described explicitly in this Privacy Policy. The personal data we process will depend on the type of matter for which our client has retained us. The primary reason we process this personal data is to provide the Client Services, fulfill our professional duties, comply with the law and operate our business.

The legal basis we rely on to process your personal data is:

  • To comply with our legal obligations and meet our professional responsibilities; and
  • To pursue our legitimate interests of operating our business, providing Client Services and conducting Marketing Activities.

E-mail Marketing

We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.

Additional Uses of Personal Data

In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances, be based on your consent, may be necessary to fulfill our contractual commitments to you, or are necessary to serve our legitimate interests in the following business operations:

  • Operating our business and administering the Services;
  • Contacting you to respond to your requests or inquiries;
  • Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
  • Providing you with marketing information;
  • Conducting research, surveys, and similar inquiries to help us understand trends and client needs;
  • Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Information, our website or data systems; or to meet legal obligations; and
  • Enforcing our Terms of Use and other agreements.

Sensitive Information

Generally, we do not collect sensitive information about you unless required by law or where you consent for us to do so (and in any event only where it is relevant to your product). We will not collect sensitive information about you where this is expressly prohibited by local law. Sensitive information includes information relating to:

  • Race;
  • political or religious beliefs;
  • sexual orientation and sexual life;
  • criminal convictions;
  • membership of professional or trade associations or unions;
  • biometric and health information; or
  • information about your affiliation with certain organizations, such as professional associations.

How We Share and Disclose Personal Data

We share personal data with the following categories of recipients: service providers, affiliates, to perform Client Services, corporate transactions or events, and other legal reasons.

Service Providers

We may disclose your personal data to third-party service providers to provide us with services such as background checks (including Anti-Money Laundering and Know Your Customer checks), website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services.


We may disclose personal data to our affiliates for the purposes described in this Privacy Policy, including for their marketing purposes, and to be consistent with our goal of providing superior client service.

To Perform Client Services

We will also disclose personal data to the following categories of third parties: (i) anyone involved in the transaction or other matter we are working on, (ii) law enforcement, tax and regulatory agencies and bodies, (iii) insurers, and (vi) service providers such as IT and network services, catering, document production and postal and delivery services.

Corporate Transactions or Events

We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.

Other Legal Reasons

In addition, we may use or disclose your personal data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of Bostonia, our affiliates, you and others; and (7) to enforce our Terms of Use.

Data Retention

We retain personal data pursuant to our records retention program, for as long as is necessary for the purposes set out above, unless a longer period is required under applicable law or regulation or is needed to resolve disputes or protect our legal rights. The criteria used to determine the period for which personal data about you will be stored varies depending on the legal basis under which we process such personal data:

Legitimate Interests

For a reasonable period of time based on the particular interest, considering the fundamental interests and the rights and freedoms of the data subjects.

Contractual Necessity

For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.

Legal/Regulatory Obligation

For the duration of time we are legally obligated to keep the information.


For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain personal data about you erased (see “Data Subject Rights” below).