1. Introduction

Shipstern and its affiliates ("we," "us," "our") are committed to ensuring the privacy and security of the personal and business information we collect and process. This Privacy Policy explains how we collect, use, store, share, and protect personal data and business-related information in the course of our operations, including consulting, fractional leadership services, and investment activities.

This Policy applies to all clients, partners, members, employees, and individuals who engage with Shipstern. By using our services or interacting with us, you acknowledge that your information will be handled as described in this Policy.

2. Information We Collect

Shipstern collects and processes information necessary to facilitate its business operations, including but not limited to:

A. Business Information

We collect business-related data to assess opportunities, enhance operations, and foster synergies among Shipstern clients and partners. This includes business strategies, financial projections, growth targets, industry positioning, operational goals, and competitive outlooks.

B. Communication Data

To ensure efficiency, collaboration, and service improvements, Shipstern collects internal communication data between its members, employees, contractors, owners, and partners, as well as communications between Shipstern and its clients. However, we do not collect external communications conducted on behalf of a client, such as interactions with suppliers or third-party vendors.

C. Personal Data

Shipstern collects and processes personal data when necessary for its operations, which may include contact details, job titles, professional history, financial data for business operations, and compliance-related information such as identity verification and regulatory requirements.

3. How We Use Information

Shipstern processes collected information for the following purposes:

• To provide and improve consulting, fractional leadership, and investment services.

• To identify strategic synergies and business opportunities within our network.

• To comply with regulatory obligations, such as financial reporting and legal compliance.

• To assess and evaluate investment opportunities for Shipstern Ventures.

• To ensure security, fraud prevention, and adherence to corporate governance standards.

We process data based on contractual necessity, legal requirements, legitimate business interests, and, where required, user consent.

4. Information Sharing & Transfers

Shipstern does not sell personal or business-related data. However, in the course of business, we may share data with trusted third parties, affiliates, and service providers to support our operations. Such transfers may include:

• Internal sharing within Shipstern affiliates for the purpose of service enhancement and investment opportunities.

• Trusted third-party service providers for secure data handling and analysis.

• Legal and financial professionals, including auditors, compliance advisors, and legal counsel, when necessary.

• Regulatory and governmental authorities when required by law or as part of legal proceedings.

Shipstern ensures that any data shared externally is handled securely, and financial data used for analysis or synergy identification is anonymized and white-labeled where appropriate.

5. Conflict of Interest & Data Protections

Given that Shipstern partners may work with companies in the same industry, strict conflict of interest measures are in place. Partners cannot use previously gained knowledge to inform business decisions for a competing entity. When a new partner joins, access to competing company data will be restricted. The Shipstern synergy team may analyze data for mutual opportunities, but no company will be prioritized over another to ensure fairness and neutrality.

6. Shipstern Ventures & Investment Ethics

Shipstern Ventures operates independently from Shipstern’s consulting and leadership divisions. Partners engaged in leadership roles within a company cannot vote on investment decisions involving their respective companies. Investments made by Shipstern do not alter a leader’s primary obligation to their client. This ensures that professional integrity remains intact, and no conflict arises from investment activity.

7. Legal Compliance & Data Retention

Shipstern complies with all applicable legal and regulatory obligations regarding data processing. Personal and business-related data may be disclosed when legally required, including but not limited to:

• Compliance with tax, securities, banking, and financial regulations.

• Responses to legal proceedings, subpoenas, or regulatory investigations.

• Fraud prevention, security enforcement, and corporate risk management.

Shipstern retains data only for as long as necessary to fulfill operational, legal, and compliance requirements. Clients may request data deletion, subject to legal and contractual limitations.

8. Data Security & Protection

Shipstern employs physical, electronic, and administrative safeguards to protect personal and business data. While we strive to ensure the highest level of security, no method of data storage or transmission is entirely secure. In the event of a data breach, affected parties will be notified in accordance with applicable legal requirements.

9. Data Subject Rights

Individuals may have certain rights regarding their data, depending on applicable data protection laws. These rights may include:

• The right to access and review personal data.

• The right to request corrections or updates to inaccurate data.

• The right to restrict processing or object to the use of personal data.

• The right to request data deletion where legally permissible.

• The right to data portability for applicable information.

• The right to file a complaint with a relevant data protection authority.

Requests to exercise these rights should be submitted in writing, and verification may be required before processing. Shipstern will respond within the legally mandated timeframe.

10. Cross-Border Data Transfers

Given Shipstern’s international operations, data may be transferred across borders to jurisdictions where data protection laws may differ. We ensure that adequate safeguards, including standard contractual clauses and regulatory compliance measures, are in place to protect transferred data.

11. Updates to This Policy

Shipstern reserves the right to modify this Privacy Policy as needed to reflect changes in business practices or legal requirements. Clients, partners, and stakeholders will be notified of material changes at least 14 days in advance.

For further inquiries regarding this policy or to exercise data rights, please contact Shipstern at emmett@shipstern.ca