Privacy Policy

1. Who we are & scope

Nival Management & Consulting LLC (“NMC,” “we,” “us,” or “our”) is a financial industry consulting firm headquartered at 17 State Street, Suite 4000, New York, NY 10004. This Privacy Policy describes how we collect, use, share, and protect personal information when you visit nivalmc.com (the “Site”), submit a form, or otherwise interact with us.

This policy applies to information collected through the Site. Information you provide to us under a consulting engagement is governed by your engagement letter and our internal information-security program.

2. Information we collect

2.1 Information you provide

• Contact details: name, email, phone, firm name when you submit our contact or brochure-request form.
• Inquiry content: any information you include in form messages, emails, or attachments.
• Career inquiries: resumes and biographical information you submit for career opportunities.
• Client portal data (when used): account credentials, documents, invoices, and messages you exchange with us through the portal.

2.2 Information collected automatically

• Device and log data: IP address, browser type, operating system, referring URL, pages viewed, and timestamps.
• Server-side analytics: aggregated, non-personal statistics about Site usage collected by our hosting provider.

2.3 We do not knowingly collect

Sensitive personal information (e.g., government IDs, financial account numbers, health information) through the public Site. Do not submit confidential or privileged information through public forms.

3. How we use information

• To respond to inquiries and provide requested information.
• To evaluate engagement fit and prepare proposals.
• To operate, maintain, and improve the Site.
• To detect, prevent, and respond to fraud, abuse, security incidents, or violations of our Terms.
• To comply with legal obligations and regulatory requirements applicable to our consulting practice.
• To send transactional communications related to your inquiry or engagement.

We do not sell or rent personal information. We do not use personal information for advertising targeting or share it for cross-context behavioral advertising.

4. When we share information

We share information only as needed:

• Service providers: hosting (Netlify), email infrastructure, and analytics providers operating under contracts that restrict their use of your data.
• Professional advisers: our attorneys, accountants, and insurers as reasonably required.
• Legal compliance: when required by law, subpoena, court order, or to protect our rights, property, or safety, or that of our clients or others.
• Business transfer: in connection with a merger, acquisition, or sale of all or part of our business, subject to confidentiality terms.

5. Retention

We retain personal information only as long as needed to fulfill the purposes for which it was collected, to satisfy our records retention obligations under the Investment Advisers Act of 1940 and applicable state and federal law (typically not less than five years for engagement records), or to resolve disputes and enforce agreements.

6. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), access controls, multi-factor authentication for systems handling client data, and periodic risk assessments. No system is perfectly secure, and we cannot guarantee absolute security.

7. Cookies & tracking

The Site uses minimal technical cookies and local storage only as necessary to operate features (for example, caching public regulatory news). We do not use advertising cookies or cross-site tracking on the public Site. We may use privacy-respecting, server-side analytics that do not set cookies. Your browser settings allow you to disable cookies; doing so may affect certain Site features.

8. Your rights (CCPA, CPRA & other state laws)

Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and other states with privacy laws may have rights to:

• Know what categories of personal information we collect and how we use them.
• Access a copy of the personal information we hold about you.
• Correct inaccurate personal information.
• Request deletion of personal information, subject to legal retention exceptions.
• Opt out of the sale or sharing of personal information for targeted advertising (NMC does not sell or share for these purposes).
• Be free from discrimination for exercising these rights.

To exercise these rights, submit a request through our contact form. We will verify your identity before fulfilling requests.

9. European Economic Area / UK rights (GDPR)

If you are in the EEA or United Kingdom, you may have additional rights under the General Data Protection Regulation, including the right to data portability, the right to object to processing, and the right to lodge a complaint with your local supervisory authority. Our lawful bases for processing include consent, legitimate interests, and compliance with legal obligations.

10. Children

The Site is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can delete it.

11. International users

NMC is based in the United States. By using the Site, you understand that information will be transferred to and processed in the United States, which may have different data-protection rules than your jurisdiction.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice on the Site.

13. Contact us

Questions, requests, or complaints about this policy can be directed to:

Nival Management & Consulting LLC
Attn: Privacy
17 State Street, Suite 4000
New York, NY 10004
Contact form: nivalmc.com/contact