Your Privacy Matters

Privacy Policy

At Pillar 3 Legacy, we are committed to protecting your personal information with the highest standards of security and transparency. This policy explains how we collect, use, and safeguard your data.

Last UpdatedJanuary 2026
Effective DateJanuary 1, 2026
Professional trust and partnership

Table of Contents

Introduction

Pillar 3 Legacy ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. As a multi-family office managing over €200 million in assets, we understand the sensitive nature of the financial and personal data entrusted to us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or engage our services.

We operate in accordance with the General Data Protection Regulation (GDPR), Romanian data protection laws, and international best practices in financial services privacy standards. By accessing our services, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect

We collect various types of information to provide and improve our wealth management services. The categories of information we collect include:

Personal Identification

  • Full name and contact information
  • Date of birth and nationality
  • Government-issued identification documents
  • Tax identification numbers
  • Proof of address documentation

Financial Information

  • Net worth and asset holdings
  • Bank account details and statements
  • Investment portfolio information
  • Income and employment details
  • Credit history and financial obligations

Family & Legacy Data

  • Family structure and beneficiary information
  • Estate planning documents
  • Trust and foundation details
  • Philanthropic interests and goals
  • Succession planning preferences

Technical Information

  • IP address and browser information
  • Device identifiers and operating system
  • Website usage and interaction data
  • Cookies and tracking technologies
  • Communication preferences

Know Your Customer (KYC) Compliance

As a regulated financial services provider, we are required by law to collect certain information to verify your identity and comply with anti-money laundering (AML) and counter-terrorism financing regulations.

How We Use Your Data

We process your personal information for specific, legitimate business purposes that are essential to our service delivery and legal obligations. Your data enables us to:

01

Provide Wealth Management Services

Develop personalized investment strategies, manage portfolios, provide financial analysis, execute transactions, and deliver comprehensive wealth stewardship services tailored to your family's goals and values.

02

Legal & Regulatory Compliance

Meet our obligations under Romanian and European financial regulations, including KYC, AML, tax reporting requirements (FATCA, CRS), and maintaining proper records as mandated by financial authorities.

03

Risk Management & Assessment

Evaluate investment suitability, conduct due diligence, assess risk tolerance, monitor portfolio performance, and ensure that our recommendations align with your financial objectives and risk profile.

04

Communication & Reporting

Provide regular portfolio updates, market insights, tax documents, performance reports, and respond to your inquiries. We may also send educational content about wealth management strategies and legacy planning.

05

Service Improvement

Analyze usage patterns to enhance our digital platforms, develop new services, improve client experience, and ensure our offerings continue to meet the evolving needs of entrepreneurial families.

06

Security & Fraud Prevention

Protect your assets and information from unauthorized access, detect and prevent fraudulent activities, maintain system security, and safeguard the integrity of our operations.

Legal Basis for Processing

Under GDPR, we process your data based on:

  • Contractual Necessity: Processing required to fulfill our service agreement with you
  • Legal Obligation: Compliance with financial regulations and reporting requirements
  • Legitimate Interests: Improving services, security, and business operations
  • Consent: Marketing communications and optional services (where you have provided explicit consent)

Data Security Measures

Protecting your financial information is our highest priority. We implement comprehensive security measures aligned with industry best practices and regulatory requirements:

Encryption

All data transmissions use TLS 1.3 encryption. Sensitive data at rest is encrypted using AES-256 encryption standards.

Access Controls

Multi-factor authentication, role-based access permissions, and strict authorization protocols limit data access to authorized personnel only.

Secure Infrastructure

Our systems are hosted in secure, ISO 27001-certified data centers with redundant backups and disaster recovery protocols.

Staff Training

All team members undergo regular security awareness training and sign strict confidentiality agreements.

Monitoring

Continuous monitoring of systems for unusual activity, with automated alerts and incident response procedures in place.

Audit Trails

Comprehensive logging of all data access and modifications, with regular internal and external security audits.

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by GDPR, and take immediate action to mitigate any potential harm.

Your Privacy Rights

Under GDPR and Romanian data protection laws, you have comprehensive rights regarding your personal information. We are committed to facilitating the exercise of these rights:

Right to Access

GDPR Article 15

Request a copy of all personal data we hold about you, including information about how we process it and with whom it is shared.

Right to Rectification

GDPR Article 16

Request correction of inaccurate or incomplete personal information. We will update your records promptly upon verification.

Right to Erasure

GDPR Article 17

Request deletion of your personal data, subject to legal retention requirements for financial records and regulatory compliance.

Right to Restriction

GDPR Article 18

Limit how we process your data in certain circumstances, such as during a dispute about accuracy or lawfulness of processing.

Right to Data Portability

GDPR Article 20

Receive your personal data in a structured, commonly used format and transmit it to another service provider where technically feasible.

Right to Object

GDPR Article 21

Object to processing based on legitimate interests or for direct marketing purposes. We will cease such processing unless we have compelling grounds.

Right to Withdraw Consent

GDPR Article 7

Withdraw consent for processing at any time for activities where consent is the legal basis, without affecting prior processing.

Right to Lodge a Complaint

GDPR Article 77

File a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) if you believe we have not handled your data properly.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the information provided in the Contact section. We will respond to your request within 30 days and may request additional information to verify your identity.

Data Sharing & Third Parties

We do not sell your personal information to third parties. However, we may share your data with trusted partners and service providers who assist us in delivering our services. All third parties are contractually obligated to maintain the confidentiality and security of your information.

Financial Institutions

Banks, custodians, and broker-dealers necessary to execute transactions, maintain accounts, and process payments on your behalf.

Required for Service Delivery

Legal & Tax Advisors

Attorneys, accountants, and tax professionals who provide specialized services for estate planning, tax optimization, and legal compliance.

With Your Consent

Service Providers

Technology platforms, data analytics, cybersecurity services, and administrative support providers operating under strict confidentiality agreements.

Data Processing Agreements

Regulatory Authorities

Financial supervisory authorities, tax authorities, and law enforcement agencies when required by law or to comply with legal processes.

Legal Obligation

Insurance Providers

Insurance companies for policy underwriting, claims processing, and coverage analysis as part of our risk management services.

Service-Related

Professional Advisors

Our auditors, legal counsel, and consultants for quality assurance, compliance reviews, and professional advisory services.

Professional Privilege

Third-Party Due Diligence

All third-party service providers undergo rigorous security assessments and are required to maintain data protection standards equivalent to our own. We conduct regular audits to ensure ongoing compliance.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand user behavior. You can control cookie preferences through your browser settings.

Essential Cookies

Required

Necessary for website functionality, security, and basic operations. These cannot be disabled as they are essential for the site to work properly.

  • Session management and authentication
  • Security and fraud prevention
  • Load balancing and performance

Analytical Cookies

Optional

Help us understand how visitors interact with our website by collecting and reporting information anonymously to improve user experience.

  • Page view and navigation tracking
  • Traffic source analysis
  • Performance metrics

Functional Cookies

Optional

Enable enhanced functionality and personalization, such as remembering your preferences and providing customized features.

  • Language and region preferences
  • User interface customization
  • Accessibility settings

Managing Your Cookie Preferences

You can manage cookies through your browser settings or our cookie preference center. Please note that disabling certain cookies may limit website functionality. Most browsers allow you to:

  • View and delete cookies stored on your device
  • Block third-party cookies
  • Block cookies from specific sites
  • Clear all cookies when closing your browser

International Data Transfers

While our primary operations are based in Cluj-Napoca, Romania, we may transfer your personal data to other countries as part of our cross-border financial services. All international transfers comply with GDPR requirements and include appropriate safeguards.

Adequacy Decisions

When transferring data to countries recognized by the European Commission as providing adequate data protection (such as UK, Switzerland, and other approved jurisdictions).

Standard Contractual Clauses

For transfers to countries without adequacy decisions, we use European Commission-approved Standard Contractual Clauses (SCCs) to ensure equivalent protection.

Binding Corporate Rules

Where applicable, we rely on binding corporate rules approved by data protection authorities for intra-group transfers.

We conduct Transfer Impact Assessments (TIAs) to evaluate risks and implement additional safeguards where necessary, including encryption, access controls, and legal measures to protect your data during international transfers.

Children's Privacy

Our services are designed for adults and families with established wealth. We do not knowingly collect personal information from individuals under 16 years of age without parental consent. While we may collect information about minor beneficiaries as part of legacy planning services, this is done with explicit parental or guardian authorization.

If you believe we have inadvertently collected information from a child without proper consent, please contact us immediately, and we will take prompt action to delete such information from our records.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal, regulatory, and professional obligations.

Active Client Data

Retained throughout the duration of our service relationship and for the period required to provide ongoing support.

Duration of Relationship + 10 Years

Financial Records

Transaction records, account statements, and investment documentation retained in accordance with Romanian financial regulations.

Minimum 10 Years

Tax Documentation

Records required for tax compliance and reporting obligations under Romanian and international tax laws.

Minimum 7 Years

Marketing Communications

Contact information for prospects and marketing consent records retained until withdrawal of consent or reasonable business need expires.

Until Consent Withdrawn

After the retention period expires, we securely delete or anonymize your personal data in accordance with our data destruction policies and applicable legal requirements.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or business operations. We will notify you of any material changes through:

  • Email notification to your registered address
  • Prominent notice on our website
  • In-app notifications (where applicable)
  • Direct communication for significant changes affecting your rights

The "Last Updated" date at the top of this policy indicates when the most recent changes were made. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information. Your continued use of our services after changes take effect constitutes acceptance of the revised policy.