Privacy Policy

1. Introduction

Welsbach Corporate Solutions LLC-FZ (“Welsbach”, “we”, “our”, or “us”) is a global investment banking and capital markets advisory firm headquartered in Singapore. We provide a comprehensive range of services to high-growth companies, institutional investors, family offices, SPAC sponsors, and corporate clients across the world, including capital markets advisory, SPAC and IPO advisory, mergers and acquisitions, private capital raising, investor relations, strategic advisory, and corporate finance.

We are committed to protecting the privacy and security of personal data entrusted to us by clients, prospective clients, investors, service providers, website visitors, job applicants, event participants, and all other individuals who interact with us or our digital platforms. This Privacy Policy sets out how we collect, use, share, store, and protect personal data in connection with our business activities and the operation of our website at www.welsbach.group (the “Website”).

This Privacy Policy applies to all personal data we process as a data controller and is intended to meet the requirements of the Singapore Personal Data Protection Act 2012 (PDPA), the European Union General Data Protection Regulation (EU GDPR), the UK General Data Protection Regulation (UK GDPR), the Hong Kong Personal Data (Privacy) Ordinance (PDPO), and other applicable data protection laws in the jurisdictions where we operate.

We encourage you to read this document carefully. If you have any questions about how we handle your personal data, please contact our Privacy Officer using the details provided in Section 16.

2. Information We Collect

We collect personal data in various ways, including directly from you, automatically through your use of our Website, and from third parties in the ordinary course of our advisory and capital markets activities.

2.1 Information You Provide Directly

When you contact us, complete a form on our Website, register for an event or webinar, subscribe to our publications, submit a career application, or otherwise engage with us, you may provide us with the following categories of personal data:

• Identification and contact information: full name, email address, telephone number, postal address, and country or region of residence
• Professional and organisational information: job title, company or employer name, industry, seniority level, and professional affiliations
• Communication records: the content of correspondence, inquiries, meeting notes, and any information you share in emails or contact forms
• Financial and transactional information: where relevant to the provision of advisory services, information relating to investment interests, deal parameters, funding requirements, or corporate transaction details
• Event and registration information: dietary preferences, accessibility requirements, and attendance preferences for conferences, seminars, and webinars
• Career application information: curriculum vitae, cover letter, employment history, academic qualifications, and any other information submitted as part of a recruitment process

2.2 Professional and Corporate Information

In connection with our advisory mandates, due diligence processes, and relationship management activities, we may collect and process additional professional information, including:

• Corporate ownership structures, shareholder information, and directorship records
• Information about investors, counterparties, co-advisers, and other transaction participants
• Publicly available information from corporate registries, regulatory filings, and professional networks
• Information provided by referrers, intermediaries, or third-party introducers

2.3 Automatically Collected Information

When you visit our Website, we automatically collect certain technical and usage data through cookies and similar tracking technologies. This may include:

• IP address and geolocation data at the city or country level
• Device information, including device type, operating system, and hardware model
• Browser type, version, and language preferences
• Pages visited, time spent on each page, and navigation pathways through our Website
• Referring URLs and search terms used to reach our Website
• Cookie identifiers and session identifiers

Please refer to Section 6 for detailed information about our use of cookies and tracking technologies.

3. How We Use Personal Data

We use personal data for clearly defined purposes that are proportionate to the information collected. We process personal data only where we have a lawful basis for doing so, as described in Section 4. Our primary purposes include:

3.1 Service Delivery and Client Relationship Management

• Responding to inquiries and providing information about our services
• Delivering capital markets advisory, SPAC advisory, IPO advisory, M&A advisory, private capital raising, and strategic advisory services
• Managing ongoing advisory mandates, including due diligence coordination and transaction execution
• Maintaining client and counterparty relationship records
• Facilitating communications between transaction parties, advisers, and regulatory contacts

3.2 Business Development and Marketing

• Identifying and engaging with prospective clients, investors, and strategic partners
• Distributing capital markets research, thought leadership publications, market intelligence reports, and sector updates
• Sending newsletters and regulatory or market briefings to subscribers
• Issuing event invitations, webinar registrations, and conference materials
• Managing opt-in and opt-out preferences for marketing communications

3.3 Regulatory Compliance, Risk Management, and Legal Obligations

• Meeting our obligations under applicable financial services regulation, securities laws, anti-money laundering (AML) requirements, and know-your-client (KYC) procedures
• Conducting sanctions screening and financial crime risk assessments
• Maintaining records required by law or regulatory guidance
• Responding to regulatory enquiries, court orders, legal proceedings, or lawful requests from public authorities
• Assessing and managing legal, reputational, and operational risk

3.4 Recruitment and Talent Management

• Reviewing and evaluating career applications submitted through our Website or directly to our team
• Conducting recruitment assessments, background screening, and reference checks
• Communicating with candidates throughout the hiring process
• Maintaining a talent pool for future suitable opportunities, where candidates have consented

3.5 Website, Technology, and Operational Purposes

• Operating, maintaining, and improving our Website and digital platforms
• Conducting internal analytics and performance measurement to enhance user experience
• Monitoring Website security, detecting and preventing fraud, and safeguarding our systems and data
• Administering IT infrastructure, cybersecurity protocols, and disaster recovery procedures
• Supporting corporate transactions such as mergers, acquisitions, restructurings, or the sale of business units, where personal data may be transferred as part of due diligence or completion

4. Legal Bases for Processing Personal Data

For individuals located in the European Economic Area, the United Kingdom, or other jurisdictions subject to equivalent data protection laws, we rely on the following legal bases to process personal data:

• Consent: Where you have expressly agreed to our processing of your personal data for a specific purpose, such as subscribing to our newsletter or opting into marketing communications. You may withdraw your consent at any time by contacting us as set out in Section 16 or using the unsubscribe mechanism in our communications.
• Performance of a Contract: Where processing is necessary to fulfil an advisory or services agreement with you or your organisation, or to take steps at your request prior to entering into such an agreement.
• Legal Obligation: Where we are required to process personal data to comply with applicable laws and regulations, including financial services regulation, AML obligations, tax reporting requirements, and mandatory disclosure requirements.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided that such interests are not overridden by your data protection rights. Our legitimate interests include operating and growing our advisory business, maintaining relationships with clients and stakeholders, conducting research and analysis, ensuring the security of our systems, and preventing fraud and financial crime.
• Protection of Vital Interests or Legal Claims: In limited circumstances, we may process personal data where necessary to protect vital interests or to establish, exercise, or defend legal claims.

For individuals in Singapore, our processing is governed by the PDPA. We rely on consent (express or deemed) and applicable exceptions under the PDPA, including the business improvement purpose and legitimate interests purpose introduced by the 2020 amendments.

5. Marketing Communications

We may send you marketing and informational communications, including:

• Capital markets newsletters and sector research
• SPAC market updates, IPO pipeline summaries, and M&A commentary
• Thought leadership publications, whitepapers, and conference reports
• Invitations to events, webinars, panel discussions, and roundtables
• Announcements regarding our firm’s capabilities, mandates, and team updates

We will only send you marketing communications where you have consented to receive them, or where we have a legitimate interest in doing so as an existing contact or where applicable law otherwise permits. Each communication will include a clear and simple mechanism to unsubscribe or update your preferences.

To manage your subscription preferences or opt out of marketing communications at any time, you may use the unsubscribe link in any email communication or contact our Privacy Officer at the details set out in Section 16. Please allow a reasonable period for your preferences to take effect.

6. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance functionality, analyse usage, and support our marketing activities. Cookies are small text files placed on your device when you visit our Website. We use the following categories of cookies:

6.1 Essential Cookies

These cookies are strictly necessary for the operation of our Website and cannot be disabled without affecting Website functionality. They include session management cookies, security cookies, and load-balancing cookies. No consent is required for these cookies under applicable law.

6.2 Functional Cookies

Functional cookies remember your preferences and settings, such as language selection or form completion data, to provide a more personalised experience on return visits.

6.3 Analytics and Performance Cookies

We use analytics tools, including Google Analytics, to understand how visitors interact with our Website, which pages attract the most traffic, and where users navigate before and after visiting us. This helps us improve the quality and relevance of our content. The data collected is aggregated and generally does not identify individual visitors. You may opt out of Google Analytics tracking at any time via the Google Analytics opt-out browser add-on available at tools.google.com/dlpage/gaoptout.

6.4 Marketing and Targeting Cookies

We may use marketing cookies, including the LinkedIn Insight Tag, to track conversions from advertising campaigns, build audiences for retargeting, and measure the effectiveness of our promotional activities on third-party platforms. These cookies may share data with third-party advertising platforms. You may opt out of personalised advertising through your LinkedIn account settings or by using the platform-level opt-out tools referenced in Section 7.

6.5 Managing Cookie Preferences

When you first visit our Website, you will be presented with a cookie consent banner that allows you to accept, decline, or customise non-essential cookie categories. You may also manage cookie settings at any time through your browser settings. Please note that disabling certain cookie categories may affect the functionality or availability of some features on our Website.

7. How We Share Personal Data

We do not sell personal information. We do not trade, rent, or commercially exploit personal data belonging to any individual. We disclose personal data only on a need-to-know basis and to the categories of recipients described below. All recipients are required to handle personal data in accordance with applicable law and our data protection standards.

7.1 Welsbach Group Entities and Affiliates

We may share personal data within the Welsbach group of companies for the purposes described in this Privacy Policy, including for service delivery, business development, compliance, and operational support.

7.2 Service Providers and Technology Vendors

We engage trusted third-party service providers who process personal data on our behalf as data processors, under contractual arrangements that impose appropriate data protection obligations. These include:

• Cloud hosting and data storage providers
• Customer relationship management (CRM) platform providers
• Email distribution and marketing automation platforms
• Website analytics and performance monitoring tools
• Event management and webinar platforms
• IT security, cybersecurity, and infrastructure providers
• Document management and electronic signature platforms

7.3 Professional Advisers and Counterparties

In the course of our advisory mandates and transactions, we may share relevant personal data with co-advisers, legal counsel, auditors, accountants, tax advisers, financial institutions, and transaction counterparties where necessary to deliver our services or facilitate deal execution.

7.4 Regulatory Bodies, Law Enforcement, and Legal Proceedings

We may disclose personal data to regulators, law enforcement agencies, courts, government bodies, or other authorities where required or authorised by law, or where we reasonably believe disclosure is necessary to comply with a legal obligation, respond to a valid legal process, protect our rights or property, or safeguard the interests of our clients, staff, or third parties.

7.5 Corporate Transactions

In the event of a merger, acquisition, sale of assets, restructuring, or other corporate transaction involving Welsbach, personal data may be disclosed to potential or actual acquirers, investors, or other parties as part of due diligence or transaction completion processes, subject to appropriate confidentiality obligations.

8. International Data Transfers

Welsbach operates globally, with clients, partners, and service providers located across Asia, Europe, the Americas, and other regions. In providing our services, personal data may be transferred to, stored in, or processed in countries outside your home jurisdiction, including countries that may not offer the same level of data protection as your country of residence.

Where we transfer personal data from the European Economic Area or the United Kingdom to countries not recognised as providing an adequate level of data protection, we implement appropriate safeguards. These may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner’s Office
• Binding corporate rules or equivalent frameworks within the Welsbach group
• Other lawful transfer mechanisms recognised under the GDPR or UK GDPR

For transfers from Singapore, we apply appropriate contractual protections consistent with the requirements of the PDPA and the PDPC’s Advisory Guidelines. For transfers involving data subjects in Hong Kong, we comply with the requirements of the PDPO and apply equivalent standards.

You may request further information about the specific safeguards applicable to any cross-border transfer of your personal data by contacting our Privacy Officer.

9. Data Security

We implement and maintain a comprehensive programme of technical, administrative, and organisational security measures designed to protect personal data against unauthorised access, accidental loss, disclosure, alteration, destruction, or unlawful processing. Our security measures include, but are not limited to:

9.1 Technical Safeguards

• Encryption of personal data in transit using Transport Layer Security (TLS) and at rest using industry-standard encryption protocols
• Multi-factor authentication requirements for access to systems containing personal data
• Regular penetration testing, vulnerability scanning, and security patch management
• Intrusion detection and prevention systems and endpoint security controls
• Secure cloud infrastructure hosted with reputable providers subject to recognised security certifications

9.2 Organisational Safeguards

• Role-based access controls ensuring that personal data is accessible only to authorised personnel with a legitimate need
• Data protection training and awareness programmes for all relevant staff
• Information security policies, acceptable use policies, and confidentiality obligations for employees and contractors
• Data breach response procedures, including notification protocols consistent with regulatory requirements
• Regular review and audit of our data protection practices

Notwithstanding the foregoing, no information security programme can guarantee absolute security against all threats. We therefore encourage you to take appropriate steps to protect any personal data transmitted to us over the internet. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately at the contact details set out in Section 16.

10. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law or regulatory obligation. The following principles guide our retention practices:

• Client and advisory mandate records: Retained for a minimum of seven (7) years following the conclusion of an engagement, in accordance with applicable financial services regulatory requirements and professional standards, unless a longer period is required by law.
• Marketing and communication records: Subscriber and contact records are retained for as long as you remain opted in to our communications, and for a period of up to three (3) years following your last substantive interaction with us, unless you request deletion.
• Recruitment records: Applications from unsuccessful candidates are retained for a period of up to twelve (12) months following the conclusion of the relevant recruitment process, or longer where required by employment law or where you have separately consented to inclusion in our talent pool.
• Website usage and analytics data: Aggregated usage data is retained in line with our analytics provider settings, typically up to twenty-six (26) months, after which it is anonymised or deleted.
• Legal and compliance records: Records required for the purpose of legal proceedings, regulatory investigations, or the establishment, exercise, or defence of legal claims are retained for as long as the relevant matter remains active, plus applicable statutory limitation periods.

When personal data is no longer required, we securely delete or anonymise it in accordance with our data disposal procedures.

11. Your Privacy Rights

Depending on your location and the applicable data protection laws, you may have the following rights in relation to the personal data we hold about you:

11.1 Rights Under GDPR and UK GDPR

• Right of Access: You may request a copy of the personal data we hold about you, together with information about how we use it.
• Right to Rectification: You may ask us to correct inaccurate or incomplete personal data.
• Right to Erasure: You may request the deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purpose for which it was collected, or where you have withdrawn consent.
• Right to Restrict Processing: You may ask us to suspend processing of your personal data in certain circumstances, for example where you contest its accuracy or the lawfulness of our processing.
• Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you may request that we provide your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to processing based on our legitimate interests, including for direct marketing purposes. Where you object to direct marketing, we will cease such processing promptly.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
• Rights in Relation to Automated Decision-Making: Where we make decisions based solely on automated processing that produce significant effects, you have the right to request human review of such decisions.

11.2 Rights Under Singapore PDPA

If you are located in Singapore, you have the right to request access to and correction of your personal data held by us, subject to the exceptions set out in the PDPA.

11.3 Rights Under Hong Kong PDPO

If you are located in Hong Kong, you have the right to request access to and correction of personal data relating to you, in accordance with the PDPO.

11.4 Exercising Your Rights

To exercise any of your privacy rights, please submit a written request to our Privacy Officer using the contact details in Section 16. We will acknowledge your request promptly and endeavour to respond within the timeframe required by applicable law (typically thirty (30) days, subject to complexity). We may request reasonable verification of your identity before processing your request.

You also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction, including the Personal Data Protection Commission of Singapore, the UK Information Commissioner’s Office, or the relevant EU supervisory authority.

12. Recruitment and Careers

When you apply for a position at Welsbach, whether through our Website, a recruitment platform, or directly to a member of our team, we collect and process the personal data you provide in your application, including your curriculum vitae, cover letter, employment history, educational qualifications, and any other supporting materials.

We use this information to assess your suitability for the role applied for, to conduct appropriate pre-employment screening, to verify professional references, and to communicate with you throughout the recruitment process. Where we receive applications through third-party recruitment platforms, those platforms operate under their own privacy policies in respect of your personal data.

If your application is unsuccessful, we may retain your personal data in our talent pool for up to twelve (12) months in order to consider you for future suitable opportunities, unless you notify us that you do not wish to be included in our talent pool or request deletion of your records. Where we wish to retain your data for a longer period, we will seek your separate consent.

We do not use automated decision-making processes as the sole basis for recruitment decisions.

13. Third-Party Websites and External Links

Our Website may contain hyperlinks to third-party websites, including the websites of regulatory bodies, partner firms, media outlets, and industry organisations. These links are provided for your convenience only. We have no control over the content, privacy practices, or data handling of such third-party websites and accept no responsibility for them. This Privacy Policy does not apply to any personal data you provide to, or that is collected by, third-party websites. We encourage you to review the privacy policy of any website you visit.

14. Children’s Privacy

Our Website and services are intended solely for use by adults, and we do not knowingly collect, use, or process personal data relating to individuals under the age of eighteen (18) years. If we become aware that we have inadvertently collected personal data from a minor, we will take prompt steps to delete such data. If you believe that we may have collected personal data from or about a minor, please contact us immediately at the details provided in Section 16.

15. Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy from time to time to reflect changes in applicable law, regulatory guidance, our business operations, or our data processing practices. When we make material changes to this Privacy Policy, we will update the effective date at the top of the document and, where required by law or where we consider it appropriate, notify affected individuals by email or by posting a prominent notice on our Website.

We encourage you to review this Privacy Policy periodically. Your continued use of our Website or engagement with our services following the posting of any revised Privacy Policy constitutes your acknowledgement of the changes.

16. How to Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please reach out to us: contact@welsbach.sg

We will endeavour to respond to all legitimate privacy-related inquiries within thirty (30) calendar days of receipt. Where a request is particularly complex or you have submitted multiple requests, we may extend this period by a further thirty (30) days, in which case we will notify you and provide reasons for the extension.