Privacy Policy & Data Protection

Last updated: 2025-08-01

Privacy Policy & Data Protection

Effective Date: January 1, 2025
Last Revised: August 1, 2025
Policy Version: 4.2
Data Protection Officer: privacy@apexfinancialpartners.com

Apex Financial Partners, LLC ("Apex," "we," "our," or "us") is committed to safeguarding the privacy and confidentiality of personal information entrusted to us by our clients, prospective clients, and website visitors. This Privacy Policy describes our practices concerning the collection, use, disclosure, retention, and protection of personal information in compliance with the Gramm-Leach-Bliley Act (15 U.S.C. 6801-6809) ("GLBA"), the California Consumer Privacy Act as amended by the California Privacy Rights Act (Cal. Civ. Code 1798.100-1798.199.100) ("CCPA/CPRA"), the General Data Protection Regulation (EU) 2016/679 ("GDPR"), and applicable state and federal privacy statutes.

1. Information We Collect

1.1 Personal Identifiable Information (PII)

In the course of establishing and maintaining client relationships, Apex collects the following categories of personal information directly from individuals or authorized representatives:

  • Identity Data: Full legal name, date of birth, Social Security Number (SSN) or Tax Identification Number (TIN), government-issued identification numbers (driver's license, passport), nationality, and citizenship status.
  • Contact Data: Residential and mailing addresses, telephone numbers, email addresses, and emergency contact information.
  • Employment & Income Data: Employer name and address, occupation, job title, annual income, compensation structure, and employment history.
  • Financial Profile Data: Net worth, liquid assets, investment objectives, risk tolerance, time horizon, existing brokerage and retirement account information, outstanding liabilities, and tax filing status.

1.2 Financial Transaction Data

We collect and maintain records of all financial transactions executed on behalf of clients, including:

  • Securities trades (equities, fixed income, options, mutual funds, ETFs), trade dates, settlement dates, quantities, prices, and commissions.
  • Insurance policy applications, premium payments, claims history, beneficiary designations, and coverage modifications.
  • Wire transfers, ACH transactions, check deposits, distributions, and contributions to advisory accounts.
  • Fee schedules, billing records, and advisory compensation disclosures in accordance with Form ADV Part 2A.

1.3 Usage & Technical Data

When you interact with our digital platforms, we automatically collect:

  • Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
  • Behavioral Data: Pages viewed, click-through paths, session duration, scroll depth, search queries entered into the Apex Concierge, and feature interaction logs.
  • Authentication Data: Login timestamps, session tokens, multi-factor authentication events, and failed access attempts.

We process Usage & Technical Data under the lawful basis of legitimate interest (GDPR Article 6(1)(f)) to maintain platform security, improve user experience, and detect fraudulent activity.

2. How We Use Information

Apex processes personal information for the following purposes, each supported by one or more lawful bases under applicable data protection frameworks:

Purpose Lawful Basis (GDPR) GLBA Category
Provide investment advisory and brokerage services Performance of contract (Art. 6(1)(b)) Financial services
Process insurance applications and claims Performance of contract (Art. 6(1)(b)) Insurance services
Comply with KYC/AML regulatory obligations Legal obligation (Art. 6(1)(c)) Regulatory compliance
Detect and prevent fraud or unauthorized access Legitimate interest (Art. 6(1)(f)) Security
Personalize client experience and recommendations Consent (Art. 6(1)(a)) Marketing
Generate aggregated analytics and performance reporting Legitimate interest (Art. 6(1)(f)) Internal operations
Respond to regulatory inquiries and legal process Legal obligation (Art. 6(1)(c)) Regulatory compliance

We do not use personal financial information for marketing purposes without obtaining affirmative opt-in consent, nor do we sell personal information to third parties for monetary consideration as defined under CCPA Section 1798.140(ad).

3. Information Sharing & Disclosure

3.1 Affiliated Entities

Apex may share personal information with affiliated companies within the Apex Financial Partners corporate family for purposes of providing integrated financial services, including Apex Insurance Solutions, LLC and Apex Retirement Services, Inc. Such sharing is conducted pursuant to GLBA affiliate-sharing provisions and applicable information-sharing agreements.

3.2 Service Providers

We engage third-party service providers who process personal information on our behalf under written data processing agreements that require them to maintain confidentiality and implement appropriate security measures. Categories of service providers include:

  • Custodial and clearing firms (e.g., pershing, National Financial Services)
  • Cloud infrastructure and data hosting providers (SOC 2 Type II certified)
  • Identity verification and anti-fraud screening services
  • Client relationship management (CRM) platforms
  • Email delivery, document management, and e-signature services

Apex may disclose personal information without client consent when required or permitted by law, including disclosures to:

  • The Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), and state securities regulators in connection with examinations, investigations, or enforcement proceedings.
  • The Internal Revenue Service (IRS) for tax reporting obligations (Forms 1099, W-9, FATCA).
  • Law enforcement agencies pursuant to valid subpoenas, court orders, or national security letters.
  • The Financial Crimes Enforcement Network (FinCEN) in connection with Suspicious Activity Reports (SARs) filed under the Bank Secrecy Act.

4. Your Rights

4.1 Right of Access

You have the right to request a copy of the personal information we hold about you. Under CCPA Section 1798.110, California residents may request disclosure of the categories and specific pieces of personal information collected within the preceding twelve (12) months.

4.2 Right to Deletion

Subject to applicable legal and regulatory retention requirements, you may request deletion of your personal information. Apex is required to retain certain records for a minimum of six (6) years under SEC Rule 17a-4 and FINRA Rule 4511, and we cannot delete information necessary to comply with these obligations.

4.3 Right to Opt-Out

You may opt out of: (a) the sharing of personal information with non-affiliated third parties for marketing purposes; (b) the use of cookies and tracking technologies for targeted advertising; and (c) automated decision-making processes that produce legal or similarly significant effects. To exercise opt-out rights, contact us at privacy@apexfinancialpartners.com or call 1-800-APEX-PVY (1-800-273-9789).

4.4 Right to Rectification

You may request correction of inaccurate personal information. We will verify your identity and process corrections within thirty (30) business days, notifying downstream recipients of the corrected data where feasible.

4.5 Right to Data Portability

Under GDPR Article 20 and CCPA Section 1798.130, you may request your personal information in a structured, commonly used, and machine-readable format (JSON or CSV) for transfer to another service provider.

5. Data Security

Apex maintains a comprehensive information security program designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Key controls include:

  • Encryption: AES-256 encryption at rest; TLS 1.3 encryption in transit for all client-facing applications.
  • Access Controls: Role-based access control (RBAC), principle of least privilege, mandatory multi-factor authentication (MFA) for all employee and client accounts.
  • Network Security: Web application firewalls (WAF), intrusion detection/prevention systems (IDS/IPS), network segmentation, and continuous vulnerability scanning.
  • Monitoring: 24/7 Security Operations Center (SOC) monitoring, SIEM-based threat detection, and automated anomaly alerting.
  • Vendor Management: Annual SOC 2 Type II assessments for critical service providers, contractual security requirements, and periodic penetration testing.
  • Incident Response: Documented incident response plan tested semi-annually, with notification to affected individuals within 72 hours of confirmed breach in accordance with GDPR Article 33 and applicable state breach notification statutes.

6. Cookies & Tracking Technologies

Our digital platforms use the following categories of cookies and similar technologies:

  • Strictly Necessary Cookies: Required for platform functionality, authentication, and security. Cannot be disabled.
  • Performance Cookies: Collect anonymized usage data for platform improvement and analytics. Processed under legitimate interest.
  • Functional Cookies: Remember user preferences such as language, region, and display settings.
  • Marketing Cookies: Used with explicit consent to deliver relevant financial education content and service communications.

You may manage cookie preferences through the cookie consent banner displayed upon first visit or by adjusting browser settings. Note that disabling certain cookies may limit platform functionality.

7. Children's Privacy

Apex Financial Partners does not knowingly collect personal information from individuals under the age of eighteen (18). Our services are designed for adults who meet the eligibility requirements set forth in our Terms of Service. If we become aware that we have inadvertently collected personal information from a minor, we will promptly delete such information and terminate any associated account.

8. Data Retention

We retain personal information for the duration of the client relationship plus any applicable regulatory retention period. Specific retention periods include:

  • Account records and transaction history: Seven (7) years after account closure (SEC Rule 17a-4).
  • Communications and correspondence: Three (3) years from the date of communication (FINRA Rule 4511).
  • AML/KYC documentation: Five (5) years after account closure (BSA/31 CFR 1010.430).
  • Marketing consent records: Duration of consent plus two (2) years.
  • Website analytics data: Twenty-six (26) months from collection date.

9. Changes to This Policy

Apex reserves the right to amend this Privacy Policy at any time. Material changes will be communicated to clients via email notification and prominent website posting at least thirty (30) days prior to the effective date of the revised policy. Continued use of our services after the effective date constitutes acceptance of the revised terms.

10. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact:

Apex Financial Partners, LLC
Attn: Privacy & Data Protection Office
One Financial Center, Suite 4200
New York, NY 10004

Email: privacy@apexfinancialpartners.com
Telephone: 1-800-APEX-PVY (1-800-273-9789)
Online: Submit a request through the Apex Client Portal

For complaints regarding data protection practices, you may also contact the SEC Office of Investor Education and Advocacy at 1-800-SEC-0330 or the appropriate state attorney general's office.

Privacy Policy Terms of Service SLA Compliance