Castle Rock International Law & Investments (“Castle Rock International,” “the Company,” “we,” “our,” “us”) prioritizes your privacy and is committed to safeguarding your personal and financial information, whether provided verbally, in paper form, or electronically. We treat your privacy with the utmost importance and highest priority. This Privacy Policy (the “Policy”) applies to former, existing, and potential clients, as well as visitors to our website (“you,” “your”).

About Castle Rock International

Bryan Wawman, CEO and Founder of Castle Rock International Law & Investments, provides independent financial advisory services to both individuals and businesses outside the UK:

• Within the European Union (EU): We offer Insurance Brokerage services as an ‘Introducer’ via NFS Insurance Advisors, Agents, and Sub Agents Ltd, regulated by the Insurance Companies Control Service (ICCS), Licence No. 5689. NFS Insurance Advisors, Agents, and Sub Agents Ltd introduce business to NFS Network Financial Services Ltd, which is regulated and authorized under MiFID by the Cyprus Securities & Exchange Commission, Licence No. 328/17.
• Globally (non-EU): We provide Investment Advice and Insurance Brokerage services as an ‘Introducer’ via Financial Services Network Ltd, regulated by the Mauritius Financial Services Commission, Licence No. C116016070.

About This Notice

This Policy provides information on the type of information we collect, how it is used, stored, shared with third parties, and your rights and obligations under the law.

Introduction

We are responsible as the ‘data controller’ of your personal information, and we adhere to the EU General Data Protection Regulation (GDPR).

For clients introduced to NFS Insurance Advisors, Agents and Sub Agents Ltd, and NFS Network Financial Services Ltd, your personal information will be shared with them to process advice and meet compliance and regulatory obligations. These entities act as ‘data controllers’ under the EU GDPR, while we act as ‘data processors.’

For clients introduced to Financial Services Network Ltd, your personal information will be shared with them for similar purposes. They act as ‘data controllers’ under the Mauritius Financial Services Commission regulations, while we act as ‘data processors.’

Consent

By providing us with your personal data, using our website, or entering into an agreement with us, you consent to the terms of this Policy. You agree to the collection, processing, storage, use, and disclosure of your personal data by the Company, as outlined in this Policy. You also consent to the transmission of your personal data to third parties for regulatory purposes or to implement our services effectively.

What is Personal Data?

Personal data refers to any information that identifies or can be used to identify an individual, directly or indirectly, including names, identification numbers, location data, online identifiers, and specific physical, physiological, genetic, mental, economic, cultural, or social identities.

Collection of Personal Data

We collect and process personal information necessary to fulfill legal and regulatory requirements and to improve our services. This information may include:

• Information provided by you through forms, correspondence, phone, email, or in person, such as your name, address, email address, phone number, financial information, and personal descriptions.
• Information from third parties and partners, such as business partners, brokers, vendors, insurers, platforms, fund houses, trustees, search information providers, and credit reference agencies.

You are responsible for the accuracy of the personal information you provide. We will regularly verify and update your information as needed. Notify us of any changes by emailing our Administration Team at info@castlerocklawinvestments.com.

Use of Personal Data

We use your personal information lawfully to perform our services, improve our offerings, and inform you of relevant products, services, or promotions. If you wish to opt out of promotional communications, contact us via the ‘Contact Us’ page on our website or email info@castlerocklawinvestments.com.

Protection and Security of Personal Data

We do not sell, license, or lease your personal data. We ensure data security and compliance with GDPR, especially when data is transferred internationally.

You are responsible for maintaining the confidentiality of your usernames and passwords. We cannot guarantee the security of data transmitted over the internet; any transmission is at your own risk. Once we receive your data, we will use strict security measures to prevent unauthorized access.

Disclosure of Your Personal Data

We may share your data with:

• Business partners, brokers, vendors, insurers, platforms, fund houses, trustees, search information providers, and other third parties required for service delivery.
• Credit reference agencies, banking institutions, auditors, law enforcement agencies, and regulatory bodies for compliance purposes.
• Analytics and search engine providers for website improvement and optimization.

We will disclose your data to third parties when necessary for service delivery, legal and regulatory compliance, or in the event of a business acquisition.

Your Rights

Under GDPR, you have the following rights:

1. Access: Request a copy of your personal data and information on its processing.
2. Rectification: Request correction of inaccurate or incomplete data.
3. To be forgotten: Request erasure of your data under certain conditions.
4. Restriction of processing: Request limited processing of your data under specific circumstances.
5. Data portability: Request transfer of your data to another controller.
6. Objection: Object to data processing for direct marketing or automated decision-making.
7. Withdrawal of consent: Withdraw consent for data processing at any time.
8. Complaint: Lodge a complaint if your concerns are not addressed.

Use of Cookies

Our website uses cookies to enhance performance and improve services. You can refuse cookies or change your browser settings to disable them.

Cookies are small text files that are stored on your computer or mobile device when you visit a website.

• First-party cookies are set by the website you’re visiting and can only be accessed by that site.
• Third-party cookies are set by external services used by the website, which may also store cookies on your device.

There are two main types of cookies: session cookies, which are automatically deleted when you close your browser, and persistent cookies, which remain on your device until you delete them or they expire.

When you visit the Castle Rock International Law & Investments website, you’ll be asked to accept or decline cookies. This allows the site to remember your preferences—such as username, language, and settings—so you don’t have to re-enter them during the same session.

Cookies may also be used to generate anonymous statistics, helping us understand how visitors use our site and improving the overall user experience.

Amendment/Review of the Privacy Policy

We reserve the right to amend this Privacy Policy at any time. The latest version will be available on our website.

How to Contact Us

If you have questions about this Policy or how we process your personal data, please contact us at:

• Phone: +44 (0)1803 392564
• Email: info@castlerocklawinvestments.com