Privacy Policy
Effective Date: Jan 01, 2025
This Privacy Policy explains how Coastal Business Acquisitions, LLC ("CBA," "we," "us," or "our") collects, uses, discloses, and safeguards information about visitors to www.coastalba.com (the "Site") and users of our related services, including prospective and current clients/investors (collectively, the "Services").
By using the Services, you agree to the practices described in this Privacy Policy. Capitalized terms not defined here have the meanings given in our Terms of Service.
1) Who We Are & How to Contact Us
Controller: Coastal Business Acquisitions, LLC
Email: admin@coastalba.com
EU/UK Contacts (if applicable): If we are not established in the EU/UK but target or monitor individuals there, we may appoint an EU/UK representative under GDPR/UK GDPR Art. 27. Contact details will be added here if/when appointed.
2) Scope
This Policy applies to information we collect:
On the Site and through related online forms, scheduling tools, and email communications;
From prospective and current clients/investors in the ordinary course of business; and
From third parties acting on our behalf (e.g., service providers).
It does not apply to information collected in connection with specific transactions governed by separate agreements (e.g., NDAs, subscription agreements, side letters). Those agreements may contain additional privacy terms.
3) Information We Collect
a) Personal Data You Provide
Contact details (name, email, phone, address)
Professional details (company, title, industry)
Scheduling information and meeting content you choose to share
Account credentials (if you create an account)
Investor/client information provided during diligence, onboarding, KYC/AML screening, and ongoing relationship management
Preferences for communications and marketing
b) Information Collected Automatically ("Usage Data")
Device and browser information, IP address, operating system, and identifiers
Pages viewed, links clicked, referring/exit pages, timestamps, and session duration
For mobile access: device type, OS, device identifiers, and crash diagnostics
c) Cookies and Similar Technologies
We use cookies, pixels, tags, and local storage to operate the Site, remember preferences, analyze traffic, secure the Services, and (if enabled) for advertising/remarketing. See Section 8 (Cookies & Tracking).
d) Sources of Personal Data
Directly from you
Automatically from your devices
From service providers (e.g., analytics, hosting, CRM, scheduling)
From publicly available sources and third parties (e.g., professional networks, data vendors) where lawful
4) How We Use Personal Data
We use Personal Data to:
Provide, operate, maintain, and improve the Services
Communicate with you, including service notices and marketing (you can opt out of marketing at any time)
Facilitate scheduling, events, and investor/client onboarding
Conduct diligence, comply with legal and regulatory obligations (including KYC/AML where applicable)
Monitor, secure, debug, and prevent fraud/abuse of the Services
Perform analytics, research, and product development
Enforce contracts and pursue/defend legal claims
5) Legal Bases for Processing (GDPR/UK GDPR)
Where the GDPR/UK GDPR applies, we process Personal Data on the following bases:
Contractual necessity (Art. 6(1)(b))
Consent (Art. 6(1)(a)) for certain marketing/cookies—withdraw any time
Legitimate interests (Art. 6(1)(f)), such as securing and improving the Services and communicating with business contacts, balanced against your rights
Legal obligations (Art. 6(1)(c)) (e.g., accounting, sanctions/KYC/AML, recordkeeping)
If we rely on consent, you may withdraw it at any time without affecting prior processing.
6) Sharing & Disclosures
We share Personal Data with:
Service providers/Processors (hosting, analytics, security, CRM, email delivery, scheduling, cloud storage, payment and identity/KYC providers) under contracts that restrict use to our instructions;
Professional advisers (lawyers, auditors) under confidentiality;
Affiliates and transaction parties in connection with a corporate transaction (merger, acquisition, financing, or sale) subject to confidentiality; and
Authorities and third parties where required by law, regulation, subpoena, or to protect rights, safety, and security.
We do not sell Personal Data for money. If we engage in online advertising/remarketing that constitutes a "sale" or "sharing" under California law, see Section 9 (California Privacy Rights).
7) Retention
We retain Personal Data for as long as necessary to fulfill the purposes described above, including to meet legal, accounting, or reporting requirements. By way of example (subject to change based on legal needs):
Contact/marketing data: up to 3 years after last interaction or until you opt out
Contract and investor/client records: 7 years after relationship ends (or longer if required by law)
Usage logs and security records: 12–24 months
We will delete or anonymize data when it is no longer needed, unless we must keep it to comply with our obligations or defend legal claims.
8) Cookies & Tracking
Where required by law, we use non-essential cookies only with your consent. You can manage cookie preferences via our cookie banner or your browser settings. Disabling certain cookies may impact Site functionality.
Examples of cookies we use:
Session cookies for core functionality
Preference cookies to remember settings
Security cookies to enhance protection
Analytics/advertising cookies (if enabled) for measurement and remarketing
Analytics & Ads (examples):
Google Analytics: traffic measurement and Site performance. Opt-out: https://tools.google.com/dlpage/gaoptoutand ad settings at https://www.google.com/settings/ads
Meta (Facebook) pixel/ads (if used): interest-based advertising controls are available through platform settings and industry opt-out tools (e.g., DAA).
Do Not Track & Global Privacy Control: We do not respond to browser DNT signals. Where required by law (e.g., California), we honor Global Privacy Control (GPC) signals as an opt-out of sale/share for advertising cookies.
9) California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following rights (subject to exceptions):
Right to Know/Access the categories and specific pieces of Personal Information we collected about you
Right to Delete Personal Information we collected from you
Right to Correct inaccurate Personal Information
Right to Opt-Out of Sale/Sharing of Personal Information (for cross-context behavioral advertising)
Right to Limit Use/Disclosure of sensitive Personal Information (if collected)
Right to Non-Discrimination for exercising these rights
Notice of Collection: We collect the categories described in Section 3 from the sources in Section 3(d) for the purposes in Section 4 and share as described in Section 6.
How to Exercise Rights: Email us at admin@coastalba.com with “California Privacy Request” in the subject or use our web form (if available). We will verify your request and respond within statutory timelines. You may also use an authorized agent (with proof of authority).
Opt-Out of Sale/Sharing: If our use of analytics/ads constitutes a sale/share, you can opt out via our cookie banner or by sending a request to admin@coastalba.com. We honor GPC signals as an opt-out where required.
10) International Data Transfers
If you access the Services from outside the United States, your information may be transferred to and processed in the U.S. and other countries that may not offer the same level of protection as your home jurisdiction. Where required, we use appropriate safeguards such as the EU Standard Contractual Clauses (and UK addendum) for transfers from the EEA/UK.
11) Security
We implement administrative, technical, and physical safeguards designed to protect Personal Data (e.g., encryption in transit, access controls, logging, periodic reviews). However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12) Children’s Privacy
The Services are intended for individuals 18 years and older and are not directed to children. We do not knowingly collect Personal Data from anyone under 18. If we learn we have collected such data, we will delete it.
13) Third-Party Links
The Services may contain links to third-party sites or services. We are not responsible for their privacy practices. Please review the privacy policies of those sites.
14) Changes to This Policy
We may update this Policy from time to time. We will post the updated version on this page and revise the Effective Date. If changes are material, we may also provide additional notice (e.g., email or banner) as required by law.
15) Your Rights & Choices (GDPR/UK GDPR)
Subject to applicable law, you may have the right to access, rectify, erase, restrict, object to processing, and port your Personal Data, and to withdraw consent where processing is based on consent. To exercise these rights, contact admin@coastalba.com. We may request information to verify your identity.
16) Nevada & Other Jurisdictions
If you are a Nevada resident, you may opt out of the sale of certain Personal Information by emailing admin@coastalba.com with the subject “Nevada Opt-Out.” Residents of other jurisdictions may have additional rights under local law.
17) Glossary (Selected)
Personal Data/Personal Information: Information that identifies or can reasonably be linked to an identifiable person.
Processor/Service Provider: An entity that processes Personal Data on behalf of a controller/business.
Sale/Sharing (California): Disclosing Personal Information for monetary or other valuable consideration (sale) or for cross-context behavioral advertising (sharing).
Sensitive Personal Information: As defined by applicable law (e.g., government IDs, precise geolocation, financial account credentials). We do not seek to collect sensitive information through the Site except as required for investor/client onboarding or legal compliance.
Questions?
Contact us at admin@coastalba.com. If you are in the EEA/UK, you may also lodge a complaint with your local supervisory authority.