GLOBAL MOUNTAIN GROUP LLC

Last Updated: April 2026

Global Mountain Group LLC (“Company”, “GMG”, “we”, “us”, or “our”) is an international company operating in software development, digital security, strategic advisory, commercial sourcing, and related business support activities.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data in connection with our website, communications, services, and business operations.

1. Scope of This Policy

This Privacy Policy applies to personal data processed in connection with:

• our website and digital pages
• general inquiries and contact requests
• business, advisory, and commercial communications
• software development, SaaS, and technical services
• verification, due diligence, and case-related support
• service delivery, contractual discussions, and compliance screening

This Policy does not apply to independent third-party websites or services not controlled by the Company.

2. Role of the Company

Depending on the context, Global Mountain Group LLC may act as:

• Data Controller for personal data processed for our own business, website, communications, and services
• Data Processor / Service Provider where we process data on behalf of a client under a separate written agreement

Unless expressly agreed otherwise, the Company acts as the Data Controller.

3. Categories of Personal Data We May Process

Depending on the activity, we may process the following categories of personal data:

A. Identity and Contact Data

Name, company name, position, email address, telephone number, mailing address, and other contact details.

B. Business and Inquiry Data

Information submitted through contact forms, email communications, business requests, advisory discussions, or commercial sourcing inquiries.

C. Verification and Advisory Data

Information relevant to due diligence, verification support, case handling, or structured reporting, to the extent necessary and lawful.

D. Technical and Platform Data

Account data, authentication details, usage records, system logs, audit information, and technical data connected to software or SaaS operations.

E. Communications Data

Email correspondence, messages, support requests, attachments, and related records of communication.

F. Compliance and Risk Data

Data relevant to internal review, sanctions screening, business eligibility checks, regulatory review, and risk assessment where applicable.

G. Website and Security Data

IP address, browser type, device information, access timestamps, and security-related logs collected through normal website operation.

4. How We Collect Personal Data

We may collect personal data:

• directly from you
• through our website or email communications
• through client, partner, or counterparty communications
• through lawful business, compliance, or verification sources
• through technical systems, logs, and platform use

5. Legal Bases for Processing

Where applicable, we process personal data on one or more of the following grounds:

• Contractual necessity – to provide services or respond to pre-contractual requests
• Legitimate interests – business operations, security, fraud prevention, internal governance, and service improvement
• Legal obligation – to comply with laws, regulations, sanctions, export controls, or lawful requests
• Consent – where required under applicable law

6. Purposes of Processing

We may use personal data to:

• respond to inquiries and manage communications
• review business opportunities and requests
• deliver services, software, or advisory support
• operate, secure, and improve our website and systems
• carry out internal compliance, risk, or eligibility reviews
• maintain records, enforce agreements, and protect our legal interests

7. Disclosure of Personal Data

Personal data may be disclosed on a need-to-know basis to:

• authorized contractors and service providers
• hosting, infrastructure, cloud, or security providers
• professional advisors such as legal, compliance, or audit professionals
• business partners involved in a specific approved engagement
• governmental or regulatory authorities where legally required

We do not sell personal data and we do not use personal data for consumer advertising profiling.

8. International Data Transfers

As an internationally operating company, we may transfer or process personal data across multiple jurisdictions, including the United States and other countries where our providers, partners, or operations are located.

Where required, we apply appropriate safeguards consistent with applicable legal requirements.

9. Data Security

We implement commercially reasonable administrative, technical, and organizational measures to protect personal data against unauthorized access, misuse, alteration, disclosure, or loss.

No method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

10. Data Retention

We retain personal data only for as long as necessary for business, contractual, legal, compliance, audit, or security purposes. Retention periods may vary depending on the nature of the relationship, activity, or applicable law.

11. Data Subject Rights

Where applicable under relevant law, individuals may have rights relating to access, correction, deletion, restriction, objection, or data portability. These rights may be limited in certain cases where legal, contractual, compliance, or third-party rights apply.

12. Children’s Data

Our website and services are not directed to children under 18 years of age. We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date above indicates the latest version.

14. Contact

For privacy-related inquiries, please contact: