Privacy Policy

1. Who We Are

Halvern LLC ("Halvern," "we," "us," or "our") is an M&A advisory firm. This Privacy Policy explains how we collect, use, disclose, retain, transfer, and otherwise process Personal Information in connection with our websites, communications channels, and related business operations.

2. Scope of This Policy

This Privacy Policy applies to Personal Information collected through and in relation to Halvern websites (including https://www.halvern.com), inquiry and partner forms, direct email communications, voice calls, SMS/text messaging, scheduling workflows, investor and prospect communications, and related business interactions. This Policy does not govern third-party websites, products, or services that are not controlled by Halvern, even where linked from our site.

3. Contact Details

Halvern LLC can be contacted at the following addresses:

• New York office: 250 Park Avenue, 9th Floor, New York, NY 10017, United States.

• Miami office: 830 Brickell Plaza, 19th Floor, Miami, FL 33131, United States.

• Email: info@halvern.com

• Phone: +1 (917) 246-7038

4. Definitions

For purposes of this Policy, "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable individual. "Processing" means any operation performed on Personal Information, including collection, storage, organization, use, analysis, transfer, disclosure, retention, and deletion.

5. Categories of Information We Process

Depending on the context of your interaction with us, we may process the following categories of Personal Information:

• Identifying and business contact information — name, company, role, business email, and phone number.

• Communications data — email, SMS, call content and metadata, scheduling records, and follow-up history.

• Technical and network information — IP address, browser and device characteristics, operating system, referral and usage logs, and session timing data.

• Professional and commercial context information — service interest and relationship-stage information.

• Security and compliance records — anti-abuse indicators, system logs, and investigation artifacts.

6. Sources of Information

We may obtain Personal Information directly from you, from your authorized representative, from your organization, from public business and professional sources, from business referrals, from service providers acting on our behalf, and from technologies used to operate and secure our websites and communications infrastructure.

7. Purposes of Processing

We process Personal Information to respond to inquiries, schedule and confirm meetings and calls, provide and improve communications and services, maintain relationship and CRM records, conduct quality assurance, perform website and security analytics, detect and prevent fraud or abuse, satisfy legal and regulatory obligations, preserve evidence and records, and establish, exercise, or defend legal rights.

8. Legal Bases (Where Applicable)

Where required by applicable law, we process Personal Information on one or more lawful bases, including consent, performance of a contract or pre-contractual steps, legitimate interests, and legal obligations.

9. Disclosures to Third Parties

We may disclose Personal Information to:

• Service providers that support hosting, infrastructure, analytics, scheduling, messaging, telephony, CRM, and security operations;

• Professional advisors such as legal, tax, accounting, and compliance counsel;

• Law enforcement or regulators where required by law; and

• Transaction counterparties and their advisors in a merger, financing, restructuring, acquisition, disposition, or similar transaction.

10. Sale and Sharing Statement

Halvern does not sell Personal Information for monetary consideration. Halvern does not share Personal Information for third-party cross-context behavioral advertising. Halvern does not sell, rent, or share mobile opt-in and consent data for third-party marketing.

11. Telephony, SMS, and Mobile Privacy

When you provide your contact information and engage with Halvern, we may use SMS/text and voice channels for one-to-one conversational and transactional communications related to active business interactions, including call scheduling, confirmations, post-call follow-up, and responses to your inquiries. Message frequency varies and message and data rates may apply according to your carrier plan. You may opt out of text messages at any time by replying STOP and may request assistance by replying HELP or contacting info@halvern.com.

12. Mobile Information Non-Sharing Commitment

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be sold, rented, or shared for third-party marketing. Mobile data may be disclosed only to communications service providers strictly as necessary to deliver messages and calls on our behalf.

13. Call Recording

Where permitted by law, calls may be monitored or recorded for quality assurance, training, security, compliance, and documentation.

14. Cookies and Similar Technologies

We and our providers may use cookies, tags, pixels, local storage, and related technologies to operate and secure the website, preserve session integrity, measure performance and traffic, improve user experience, and support internal analytics.

15. DNT and Global Privacy Control

Where required by applicable law, we process recognized browser privacy preference signals, including Global Privacy Control (GPC), for applicable opt-out workflows.

16. International Processing

Personal Information may be processed in the United States, Canada, and other jurisdictions where Halvern and its providers operate. Data protection and government-access frameworks may differ by jurisdiction.

17. Retention

Halvern retains Personal Information only for as long as reasonably necessary for disclosed purposes and applicable legal obligations. Typical retention ranges include:

• Security and technical logs — approximately 12 to 36 months.

• Analytics data — approximately 12 to 26 months (subject to platform settings).

• Inquiry and communication records — approximately 3 to 7 years.

• Transaction-support records — approximately 7 to 10 years, or longer if required by legal hold, litigation, audit, or law.

18. Security

Halvern implements administrative, technical, and organizational safeguards designed to protect Personal Information, including access management, credential protections, monitoring controls, vendor oversight, and incident-response procedures. No system can guarantee absolute security.

19. Your Rights

Subject to applicable law and verification requirements, you may have rights to access, correct, delete, restrict, object, withdraw consent, request portability, and appeal certain decisions.

20. Rights Request Process

To exercise rights, submit a request to info@halvern.com with sufficient information for identity and jurisdiction verification. Halvern may request additional information to authenticate identity and authority, including where requests are submitted by authorized agents.

21. Response Timing and Appeals

Halvern responds within legally required timelines and may use extensions where permitted by law. Where applicable law provides an appeals process, Halvern will provide appeal instructions in any denial response.

22. Non-Discrimination

Halvern will not discriminate against individuals for exercising applicable privacy rights.

23. Minors

Halvern services are not directed to children under 13 (or other age threshold required by applicable law), and Halvern does not knowingly collect Personal Information from children.

24. Third-Party Links

Halvern is not responsible for third-party privacy practices, security, or content for websites or services outside Halvern control.

25. Changes to This Policy

Halvern may revise this Privacy Policy from time to time. Revisions are effective when posted unless otherwise required by law.

26. Applicability

This Addendum applies to residents of U.S. states that provide privacy rights, including California and other states as enacted and amended.

27. Categories, Purposes, and Recipients

In the preceding 12 months, Halvern may have processed categories of identifiers and contact data, communications data, professional and commercial context data, internet and network data, security and compliance data, and inferences for operational communications, relationship management, security, analytics, legal compliance, and service administration. Such data may be disclosed to service providers, advisors, legal authorities, and transaction counterparties where appropriate.

28. Rights

Depending on your state, rights may include access, correction, deletion, portability, opt-out rights for certain processing, sensitive-data use limitations where applicable, and appeal rights.

29. Verification

To protect privacy and security, Halvern verifies requests before fulfilling them. Verification may require confirmation of identifying details already maintained in Halvern systems.

30. Authorized Agents

Where permitted, an authorized agent may submit a request on your behalf. Halvern may require evidence of authority and separate identity verification.

31. California Supplement

Where California law applies, California residents may request categories and specific pieces of Personal Information, categories of sources and recipients, business and commercial purposes, and correction or deletion of eligible data, and may exercise additional rights provided by the CCPA and CPRA. Halvern does not discriminate for exercising rights. California residents may submit relevant privacy requests to info@halvern.com.

32. Applicability

This Addendum applies where Canadian privacy law applies, including PIPEDA and applicable provincial frameworks.

33. Consent and Purpose Limitation

Halvern processes Personal Information for reasonable and lawful business purposes. Where required, consent is obtained consistent with applicable legal standards. Consent may be withdrawn subject to legal and contractual limitations.

34. Access and Correction

Individuals may request access to and correction of Personal Information, subject to legal exceptions and identity verification.

35. Cross-Border Processing

Personal Information may be processed outside Canada, including in the United States and other jurisdictions, where foreign laws may permit lawful governmental access.

36. Complaints

If unresolved, individuals may contact the Office of the Privacy Commissioner of Canada or an applicable provincial regulator.

37. Cookie Categories

Halvern may use the following categories of cookies and similar technologies:

• Necessary cookies — security and session functions.

• Analytics cookies — website performance and usage measurement.

• Functional and preference cookies — user experience settings.

38. Cookie Management

You may manage cookies through your browser settings. Disabling cookies may reduce website functionality.

39. Cookie Register Format

Halvern may maintain a cookie register identifying cookie name, provider, purpose, category, duration, and lawful basis where applicable.

40. How to Reach Us

For all privacy and data protection requests, please contact:

• Halvern LLC

• New York: 250 Park Avenue, 9th Floor, New York, NY 10017, United States

• Miami: 830 Brickell Plaza, 19th Floor, Miami, FL 33131, United States

• Email: info@halvern.com