Privacy Policy

This Privacy Policy also serves as Vigeo Urban Development Corporation’s public privacy notice.

Spanish / español: vigeourban.com/privacidad

Effective Date [YYYY-MM-DD]: 2026-03-24
Last Updated [YYYY-MM-DD]: 2026-03-24

Vigeo Urban Development Corporation (“Vigeo Urban”, “we”, “us”, or “our”) is committed to handling personal information responsibly and in accordance with applicable privacy, data protection, banking, compliance, and recordkeeping requirements.

This Privacy Policy (“Policy”) explains how we collect, use, disclose, store, protect, handle, process, and otherwise deal with personal information relating to website visitors, clients, users of our services, investors and prospective investors, lenders and prospective lenders, counterparties, service providers, advisors, business contacts, and other individuals who interact with us in connection with our business activities.

In this Privacy Policy, “personal information” generally means information about an identified or identifiable individual. In some cases, information relating to a business, trust, partnership, fund, or other organization may also include personal information about directors, officers, beneficial owners, representatives, employees, applicants, tenants, prospective tenants, clients, users, or other identifiable individuals connected to that organization. This Privacy Policy applies to the personal information we collect, use, disclose, store, handle, process, and otherwise deal with about such identifiable individuals.

Personal information relating to employees, candidates, tenants, prospective tenants, financing applicants, and certain other categories of individuals may, where applicable, be governed by separate privacy notices.

1. Scope

This Privacy Policy applies to personal information we collect or receive in connection with:

• our website and related online communications;

• inquiries, meetings, calls, and other communications with us;

• our services, whether delivered online, digitally, remotely, in person, or through third parties acting on our behalf;

• prospective or actual financing, investment, lending, real estate, commercial, operational, advisory, or service relationships;

• compliance reviews, due diligence, know-your-client (KYC), anti-money laundering (AML), anti-terrorist financing (ATF), sanctions, fraud prevention, risk management, banking, legal, tax, accounting, audit, regulatory, or compliance processes;

• onboarding, contracting, payment, administration, security, and recordkeeping activities.

This Privacy Policy should be read together with any additional privacy notice, collection notice, consent request, transaction document, application document, service-specific notice, or other applicable policy or procedure that we may provide in a particular context.

2. Who is responsible for your information

Vigeo Urban is responsible for the personal information we collect and handle in connection with our business activities. This means we determine the purposes for which personal information is collected, used, disclosed, retained, handled, processed, and otherwise dealt with, subject to applicable law, contractual commitments, and the privacy practices described in this Privacy Policy.

In some cases, we may also process personal information on behalf of another organization, or receive personal information from service providers, advisors, financial institutions, counterparties, public sources, and other lawful sources acting within an authorized role.

3. How this Policy applies in practice

The type and amount of personal information we collect, use, disclose, retain, handle, and process depend on the nature of the relationship, the stage of the interaction, the service requested, the transaction or activity involved, and applicable legal or compliance requirements.

For example, a person who only visits our website or subscribes to updates will normally be subject to a much lighter level of data collection than a person who seeks to receive a service, enter into a transaction, undergo a compliance review, submit supporting documentation, or establish an ongoing business relationship with us.

We aim to collect only the personal information that is reasonably necessary, proportionate, and appropriate for the relevant purpose.

4. Personal information we may collect

Depending on the context, we may collect or receive the following categories of personal information:

a. Identification and contact information

• full name;

• business or residential address;

• telephone number;

• email address;

• date of birth;

• citizenship, residency, and jurisdictional ties;

• government-issued identification details;

• tax, registration, corporate, or similar identification numbers.

b. Business, transactional, and relationship information

• role or relationship with us;

• information relating to investments, loans, transactions, services, real estate matters, or other business dealings;

• entity ownership, control, authority, and beneficial ownership information;

• payment, banking, and financial transaction information;

• communications, records of meetings, and related correspondence.

c. Compliance and due diligence information

• information relevant to KYC, AML, ATF, sanctions, anti-fraud, reputational, legal, banking, or regulatory screening;

• information from compliance certificates, declarations, forms, supporting documentation, and related correspondence;

• information from public registries, corporate records, court records, sanctions lists, insolvency records, adverse media, verification providers, or other lawful sources.

d. Website, technical, and usage information

• IP address;

• browser and device information;

• website usage, interactions, and navigation data;

• cookies and similar technologies, where applicable.

e. Professional and service-provider information

• qualifications, credentials, licences, memberships, work history, CV or résumé information, references, and business contact details.

5. How we collect personal information

As applicable to the particular relationship, interaction, or service, we may collect personal information:

• directly from you;

• through forms, portals, emails, phone calls, video meetings, text messages, messaging platforms, and website interactions;

• through transaction documents, compliance documents, service requests, applications, and onboarding materials;

• from your authorized representatives, disclosed beneficial owners, affiliates, or other persons authorized to provide information on your behalf;

• from banks, financial institutions, payment providers, and legal, tax, accounting, compliance, risk, intelligence, due diligence, or other service providers or advisors;

• from public registries, public records, databases, sanctions lists, media sources, and other lawful third-party sources;

• from other persons or organizations where permitted by law and reasonably necessary for the relevant purpose.

Where required by applicable law, we seek consent or authorization in an appropriate form. In other situations, we may process personal information where necessary for pre-contractual steps, contractual performance, legal or regulatory compliance, fraud prevention, legitimate business interests, or other lawful grounds.

6. Why we process personal information

As applicable to the relationship, interaction, service, transaction, or legal context, we may collect, use, disclose, handle, process, and otherwise deal with personal information for the following purposes:

• to communicate with you and respond to inquiries;

• to provide, administer, improve, protect, and support our services and business operations;

• to assess, structure, document, manage, and administer prospective or actual transactions, relationships, and services;

• to verify identity, authority, beneficial ownership, source of funds, source of wealth, and consistency of information provided;

• to conduct compliance reviews, due diligence, risk assessment, screening, and related checks concerning clients, users of our services, investors and prospective investors, lenders and prospective lenders, counterparties, service providers, and other relevant persons or entities;

• to carry out KYC, AML, ATF, sanctions, anti-fraud, banking, legal, tax, accounting, audit, and regulatory compliance activities;

• to open, maintain, and support banking, payments, and financial relationships;

• to maintain records, supporting documents, and internal controls;

• to protect our business, systems, personnel, assets, rights, stakeholders, and lawful interests;

• to enforce agreements, respond to disputes, and comply with legal obligations, court orders, lawful requests, regulatory expectations, and financial institution requirements;

• to manage website functionality, analytics, security, and user experience;

• for any other purpose explained to you at or before the time of collection, or otherwise permitted by law.

We do not use personal information for purposes that are incompatible with the original purpose of collection without further notice or another lawful basis where required.

7. Legal bases, consent, and choice

Depending on the jurisdiction and context, we may rely on one or more of the following:

• your consent or authorization;

• steps requested before entering into a contract;

• performance of a contract;

• compliance with legal, regulatory, banking, tax, audit, or recordkeeping obligations;

• legitimate interests, including risk management, fraud prevention, due diligence, business administration, security, and protection of our operations and stakeholders, where such interests are not overridden by applicable rights.

Where consent is required, we seek to make it meaningful, specific, and appropriately documented.

Where explicit consent is required by law or appropriate due to the sensitivity of the information or the context, we will seek it in that form.

You are not required to provide personal information in all cases. However, if you choose not to provide information that is necessary for a requested service, transaction, compliance review, onboarding process, application, or legal requirement, we may be unable to proceed, continue the relationship, or provide the requested product or service.

If you provide personal information about another person, you must have authority or a lawful basis to do so.

8. With whom we may share personal information

As appropriate and lawful in the circumstances, we may disclose personal information to:

• banks, financial institutions, payment service providers, and financing-related intermediaries;

• legal, tax, accounting, audit, compliance, risk, due diligence, intelligence, technology, security, and other professional advisors or service providers;

• IT, hosting, storage, document-management, communications, analytics, and administrative service providers;

• counterparties, business partners, intermediaries, or their advisors where reasonably necessary in connection with a transaction, service, dispute, or compliance matter;

• public registries, verification providers, screening providers, sanctions-screening providers, and other lawful data sources;

• regulators, courts, tribunals, governmental authorities, law-enforcement agencies, and other authorities where required or permitted by law;

• other persons or entities where you direct us to do so or where otherwise permitted by law.

We do not sell your personal information to third parties.

9. International and cross-border processing

We may process, store, access, or disclose personal information in Canada and in other jurisdictions where we, our affiliates, banks, financial institutions, advisors, counterparties, or service providers operate or maintain facilities.

As a result, personal information may be subject to the laws of jurisdictions outside your place of residence, including laws that may permit access by courts, regulators, law-enforcement authorities, or governmental authorities in those jurisdictions.

Where required or appropriate, we use contractual, organizational, and technical measures designed to provide an appropriate level of protection for cross-border processing and disclosures.

10. Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to satisfy legal, regulatory, banking, tax, accounting, audit, recordkeeping, dispute-resolution, risk-management, and enforcement requirements.

Retention periods may vary depending on the nature of the information, the relationship, the legal context, and the purpose for which the information was collected.

When personal information is no longer required, and we are not required or permitted to retain it, we aim to securely delete, anonymize, de-identify, or destroy it.

11. Security safeguards

We use administrative, technical, physical, and contractual safeguards designed to protect personal information against unauthorized access, collection, use, disclosure, copying, modification, loss, misuse, interference, and destruction.

Depending on the circumstances, these measures may include:

• role-based access controls and need-to-know limitations;

• confidentiality obligations;

• multi-factor authentication and password protections;

• secure storage and restricted-access environments;

• encryption and secure transmission where appropriate;

• vendor due diligence and contractual controls;

• logging, monitoring, and incident response procedures;

• secure destruction or de-identification procedures.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Your privacy rights

Depending on the jurisdiction and the circumstances, you may have the right to:

• request access to personal information we hold about you;

• request correction, updating, or rectification of inaccurate or incomplete information;

• request deletion, suppression, or de-identification where applicable;

• withdraw consent or authorization, subject to legal, contractual, operational, or evidentiary limits;

• object to or request restriction of certain processing in some jurisdictions;

• request information about categories of recipients, cross-border processing, or retention practices;

• request a copy of this Privacy Policy or any more specific privacy policy or privacy notice that applies to your relationship with us;

• complain to the applicable privacy or data-protection authority.

To exercise your rights, contact us at: privacy@vigeourban.com

We may request reasonable information to verify identity, authority, and the scope of the request before responding.

13. Sensitive personal information

We seek to avoid collecting sensitive personal information unless reasonably necessary, proportionate, and lawful. Where sensitive personal information is involved, we will handle it with additional care and in accordance with applicable law.

Where applicable law requires explicit consent or a clear notice regarding optional responses for sensitive data, we will seek to comply with those requirements.

14. Children

Our website, services, business activities, and compliance processes are not directed to children. We do not knowingly collect personal information from children in these contexts unless clearly authorized and legally permitted.

15. Third-party websites and services

Our website or communications may contain links to third-party websites, platforms, tools, or services. Their privacy practices are governed by their own policies and terms, not by this Privacy Policy.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, services, privacy practices, legal obligations, or technology.

The updated version will be posted on our website with a revised effective date. Where required by law, we will provide additional notice or obtain additional consent for material changes.

17. Contact us

For privacy questions, requests, complaints, or concerns, please contact:

Vigeo Urban Development Corporation
18 King Street East, Suite #1400

Toronto, ON M5C 1C4

CANADA
Privacy email: privacy@vigeourban.com

General contact email: info@vigeourban.com
Telephone: +1 647-872-8972

If you are not satisfied with our response, you may have the right to contact the privacy or data-protection authority with jurisdiction over your complaint.