Privacy Policy

Effective Date: April 2026

Ladd & Co. is committed to protecting the privacy and security of personal information entrusted to the firm. This Privacy Policy explains how the firm collects, uses, stores, discloses, and safeguards personal information in connection with its website at laddco.com (the "Website") and the provision of its advisory services.

This Privacy Policy is designed to comply with the firm's obligations under:

the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("EU GDPR");
the United Kingdom General Data Protection Regulation, as incorporated into UK law ("UK GDPR"), and the Data Protection Act 2018 (UK);
the Personal Data Protection Act 2012 (Singapore) ("PDPA");
the Personal Data (Privacy) Ordinance (Cap. 486) (Hong Kong);
the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data;
the Cayman Islands Data Protection Act, 2017; and
applicable privacy and data protection laws in the United States, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA),

together with any other privacy or data protection legislation applicable in the jurisdictions in which the firm operates.

1. Who We Are

For the purposes of applicable data protection legislation, Ladd & Co. Pty Ltd (ABN 99 673 336 206), a company incorporated in New South Wales, Australia, together with its affiliated offices and entities (collectively, "Ladd & Co.", the "firm", "we", "us", "our"), is the data controller responsible for the processing of personal information described in this Privacy Policy.

For the firm's full corporate structure and the legal entities operating in each jurisdiction, please refer to the firm's Legal Entity Disclosure.

2. Scope of this Policy

This Privacy Policy applies to personal information collected by the firm:

through the Website;
through enquiries made by email, telephone, video conference, or in person;
in the course of providing advisory services to clients under engagement agreements;
through professional and business interactions, including referrals from professional intermediaries;
through publicly available sources and third-party data providers; and
through any other channel through which the firm interacts with individuals.

3. Personal Information We Collect

The firm collects only the personal information necessary for the purposes set out in this Privacy Policy. The categories of personal information collected may include:

3.1 Information you provide directly

identifying information, including name, title, professional role, and organisation;
contact information, including email address, telephone number, and postal address;
communications and correspondence with the firm, including the content of enquiries, messages, and meeting notes;
professional and biographical information you choose to share;
any other information you voluntarily provide in the course of an enquiry or engagement.

3.2 Information collected automatically through the Website

technical information, including IP address, browser type and version, operating system, device identifiers, language preferences, and screen resolution;
usage information, including referring URLs, pages visited, time spent on pages, navigation paths, and the date and time of access;
information collected through cookies and similar technologies, as described in the firm's Cookies Policy.

3.3 Information from third parties

information from publicly available sources, including company registers, regulatory filings, professional directories, news media, and social and professional networks;
information from professional intermediaries (including lawyers, accountants, private bankers, and family office advisors) who refer clients or counterparties to the firm;
information from credit reference, fraud prevention, sanctions screening, and politically exposed persons (PEP) screening providers, used by the firm in the course of meeting its anti-money laundering, counter-terrorism financing, and other compliance obligations;
information from counterparties, financial institutions, and other parties involved in a transaction or engagement.

3.4 Information collected in the course of providing services

In the course of providing advisory services, the firm may collect additional categories of personal information as required to fulfil its obligations under an engagement agreement and to comply with applicable regulatory requirements. This may include:

identification documents, including passport, national identification, and proof of address;
source of wealth and source of funds information;
tax residency, tax identification numbers, and related fiscal information;
corporate, trust, and other entity information involving individuals connected to a client;
financial information relevant to a transaction or engagement;
information regarding family members, beneficiaries, or other connected persons, where relevant to a matter.

The firm does not, in the ordinary course of its business, seek to collect special categories of personal data (sensitive personal data) such as data revealing racial or ethnic origin, political opinions, religious beliefs, or health information. Where such data is necessarily processed in connection with a specific matter, the firm will do so only on an appropriate legal basis under applicable law.

4. How We Use Personal Information

The firm uses personal information for the following purposes:

Responding to enquiries — to acknowledge, evaluate, and respond to enquiries received through the Website or other channels.
Providing advisory services — to provide and administer advisory and related professional services under engagement agreements, including coordinating with professional intermediaries and counterparties.
Compliance and risk management — to comply with legal, regulatory, professional, and contractual obligations, including anti-money laundering (AML), counter-terrorism financing (CTF), know-your-client (KYC), tax reporting, sanctions screening, and politically exposed persons (PEP) screening.
Record-keeping — to maintain records as required by professional, regulatory, and tax obligations across the jurisdictions in which the firm operates.
Operating and improving the Website — to administer, secure, monitor, and improve the Website and the firm's digital infrastructure.
Communications — to communicate with clients, prospective clients, professional intermediaries, and other contacts in connection with the firm's services and matters.
Risk and dispute management — to identify, manage, and respond to legal, financial, operational, reputational, and security risks, including the prevention, investigation, and resolution of disputes, fraud, and unauthorised activity.
Corporate matters — for the firm's internal governance, audit, business continuity, insurance, and corporate transactions.
Legal proceedings — to establish, exercise, or defend legal claims, and to comply with directions of courts and regulatory authorities.

5. Legal Bases for Processing (EU GDPR / UK GDPR)

Where the EU GDPR or UK GDPR applies, the firm processes personal data on one or more of the following legal bases:

Contract — where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
Legal obligation — where processing is required for the firm to comply with a legal or regulatory obligation, including AML/CTF, sanctions, tax reporting, and professional record-keeping obligations.
Legitimate interests — where processing is necessary for the firm's legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms. The firm's legitimate interests include providing and improving its services, conducting client and counterparty due diligence, managing risk, securing its systems and premises, marketing its services to existing and prospective clients in a proportionate manner, and pursuing or defending legal claims.
Consent — where you have given clear and explicit consent for the processing of personal data for one or more specific purposes. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Vital interests — in rare cases where processing is necessary to protect the vital interests of an individual.

Where the firm processes special categories of personal data, it does so on an additional lawful basis under Article 9 of the EU GDPR or UK GDPR, including (as relevant) explicit consent, the establishment, exercise, or defence of legal claims, or reasons of substantial public interest.

6. Personal Information of Other Individuals

In the course of advisory engagements, clients may provide the firm with personal information relating to family members, beneficiaries, employees, counterparties, or other individuals connected to a matter. Where you provide such information, you confirm that you have the authority to do so and have, where required, informed those individuals of the disclosure and of the firm's processing of their personal information in accordance with this Privacy Policy.

7. Disclosure of Personal Information

The firm treats personal information with discretion and discloses it only where necessary, lawful, and consistent with the firm's professional obligations. Personal information may be disclosed to:

Affiliated entities of the firm across jurisdictions, where necessary for the coordination of advisory services and the management of the firm's business;
Professional advisors and service providers, including legal counsel, accountants, auditors, tax advisors, compliance consultants, and other professionals engaged by the firm or by its clients in connection with a matter;
Counterparties, financial institutions, and other transaction parties, where disclosure is necessary to fulfil the firm's obligations under an engagement;
Regulatory, tax, law enforcement, and judicial authorities, where disclosure is required by applicable law, regulation, court order, or other legal process;
Technology and infrastructure providers, including cloud hosting providers, communications platforms, document management systems, document execution systems (such as DocuSign), payment processors, identity verification providers, and analytics providers, in each case subject to appropriate contractual safeguards;
Insurers, advisors, and acquirers, in connection with the firm's insurance arrangements, professional advice, or any actual or proposed corporate transaction involving the firm.

The firm does not sell, rent, or trade personal information to third parties for marketing purposes.

8. International Transfers

Given the international nature of the firm's practice, personal information may be transferred to, stored in, or processed in jurisdictions outside the country of your residence, including Australia, the United States, the United Arab Emirates, the United Kingdom, Switzerland, Singapore, Hong Kong, the Cayman Islands, and other jurisdictions in which the firm operates or engages service providers.

Where personal data is transferred outside the European Economic Area, the United Kingdom, or another jurisdiction with applicable cross-border transfer requirements, the firm ensures that an appropriate safeguard or transfer mechanism is in place. These may include:

adequacy decisions or determinations adopted by the relevant authority;
standard contractual clauses (or equivalent instruments) approved by the relevant authority;
binding corporate rules or equivalent intra-group transfer mechanisms; or
other lawful transfer mechanisms permitted under applicable law.

You may request further information about the safeguards in place for international transfers by contacting privacy@laddco.com.

9. Data Retention

The firm retains personal information for as long as necessary to fulfil the purposes for which it was collected, to comply with legal, regulatory, and professional obligations, to resolve disputes, and to enforce the firm's agreements.

In general:

personal data relating to client engagements is retained for a minimum of seven years following the conclusion of the engagement, or longer where required by law, regulation, or professional standards;
AML, CTF, and KYC records are retained for the periods required under applicable financial crime and tax legislation;
enquiry and prospective-client records are retained for as long as the firm has a legitimate business interest in retaining them, after which they are securely deleted or anonymised;
technical and Website log data is retained only as long as required for security, analytics, and operational purposes.

When personal information is no longer required, the firm will securely delete, destroy, or anonymise it in accordance with its data retention and disposal procedures.

10. Security of Personal Information

The firm implements appropriate technical and organisational measures to protect personal information against unauthorised access, disclosure, alteration, loss, or destruction. These measures include access controls, encryption (in transit and, where appropriate, at rest), secure authentication, network security, physical security at the firm's premises, employee training, and contractual safeguards with third-party service providers.

No method of transmission over the internet or electronic storage is fully secure. While the firm takes the protection of personal information seriously, it cannot guarantee absolute security and is not liable for any unauthorised access or use of personal information arising from circumstances beyond its reasonable control.

11. Your Rights

Subject to applicable law and any limitations or exemptions provided thereunder, you may have the following rights in relation to personal information held by the firm:

Access — to request confirmation of whether the firm holds personal information about you and to obtain a copy of that information;
Correction (rectification) — to request that inaccurate or incomplete personal information be corrected or completed;
Erasure — to request the deletion of your personal information, subject to legal and regulatory retention obligations;
Restriction of processing — to request that the firm limit the processing of your personal information in certain circumstances;
Data portability — to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller;
Objection — to object to the processing of your personal information where the firm relies on legitimate interests as the legal basis;
Withdrawal of consent — where the firm relies on consent, to withdraw that consent at any time, without affecting the lawfulness of prior processing;
Right not to be subject to automated decision-making — the firm does not engage in automated decision-making (including profiling) that produces legal or similarly significant effects in relation to individuals.

Specific jurisdictions may grant additional rights. For example:

California residents may have additional rights under the CCPA/CPRA, including the right to know what personal information has been collected, sold, or shared; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information; and the right to non-discrimination for exercising these rights;
Australian residents may make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au;
Residents of the European Economic Area may lodge a complaint with the supervisory authority in their member state;
United Kingdom residents may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk;
Singapore residents may make a complaint to the Personal Data Protection Commission (PDPC);
Hong Kong residents may make a complaint to the Office of the Privacy Commissioner for Personal Data (PCPD).

To exercise any of these rights, please contact privacy@laddco.com. The firm will respond to your request within the time periods required by applicable law. The firm may, where permitted, request information necessary to verify your identity before responding to a request.

12. Cookies and Similar Technologies

The Website uses cookies and similar technologies. Information about how the firm uses these technologies, the categories of cookies used, and how you may manage your preferences is set out in the firm's Cookies Policy.

13. Marketing Communications

The firm may, on a limited basis, send communications to clients, professional intermediaries, and other contacts regarding the firm's services, perspectives, or events. Where required by law, such communications will be sent only with your consent or in reliance on another lawful basis.

You may opt out of receiving marketing communications at any time by following the unsubscribe instructions included in the relevant communication or by contacting privacy@laddco.com. Opting out of marketing communications does not affect operational and service-related communications relating to an existing engagement.

14. Children's Privacy

The Website and the firm's services are not directed at children, and the firm does not knowingly collect personal information from children. If you believe that a child has provided personal information to the firm, please contact privacy@laddco.com and the firm will take appropriate steps.

15. Changes to this Privacy Policy

The firm may update this Privacy Policy from time to time to reflect changes in its practices, applicable law, or for other operational, legal, or regulatory reasons. The "Effective Date" at the top of this Privacy Policy indicates when it was last updated. Material changes will be notified through the Website or by other appropriate means.

16. Contact

For any questions, requests, or complaints regarding this Privacy Policy or the firm's processing of personal information, please contact:

Ladd & Co. Privacy Enquiries: privacy@laddco.com General: office@laddco.com Website: laddco.com

Request an Introduction →