Privacy Policy

Midwood Asset Management LLC ("Midwood," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you visit our website midwoodam.com (the "Site"), use our services, or otherwise interact with us.

By accessing or using our Site, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Site.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including but not limited to:

• Contact Information: Name, email address, phone number, company name, and mailing address when you submit a contact form, subscribe to our newsletter, or otherwise reach out to us.
• Inquiry Details: The content of messages, questions, or comments you send us through our contact forms or email.
• Investment Interest Information: Information related to your investment interests, accredited investor status, net worth, income, and investment experience, if voluntarily provided during discussions about potential investment opportunities.
• Professional Information: Job title, company affiliation, professional background, and industry role, when relevant to our business relationship.
• Event Registration: Information provided when registering for events, webinars, or educational sessions hosted by Midwood.

1.2 Information Collected Automatically

When you visit our Site, certain information is collected automatically through cookies, web beacons, and similar tracking technologies:

• Device Information: Browser type and version, operating system, device type (desktop, tablet, mobile), screen resolution, and device identifiers.
• Usage Data: Pages visited, time spent on pages, click patterns, scroll depth, referring URL, exit pages, and navigation paths through the Site.
• Network Information: Internet Protocol (IP) address, Internet Service Provider (ISP), approximate geographic location derived from IP address, and connection type.
• Cookie Data: Information stored in cookies and similar technologies, including session identifiers, preferences, and authentication tokens. See Section 7 for more details.

1.3 Information from Third Parties

We may receive information about you from third parties, including:

• Analytics Providers: Aggregated and anonymized data from web analytics services such as Google Analytics, including demographic information and interest categories.
• Hosting and Infrastructure Providers: Our hosting provider (Netlify) may collect server logs, performance data, and security-related information in connection with delivering our Site.
• Public Sources: Publicly available information from business registries, professional networking sites, real estate databases, and other public records, when relevant to our business relationship.
• Business Partners and Referrals: Contact information provided by mutual business contacts, brokers, attorneys, or other professionals who refer you to us with your knowledge or consent.

2. How We Use Your Information

2.1 Business Operations and Communications

• Responding to your inquiries, requests, and communications.
• Providing information about our investment services, portfolio, and opportunities.
• Processing and managing your newsletter subscription.
• Facilitating potential investment discussions and due diligence processes.
• Maintaining our business relationship and providing customer support.
• Sending periodic email communications related to our services, market updates, and investment insights (with your consent where required by law).

2.2 Site Improvement and Analytics

• Analyzing how visitors use our Site to improve its design, content, and functionality.
• Monitoring Site performance, loading times, and user experience metrics.
• Identifying and resolving technical issues, bugs, and security vulnerabilities.
• Conducting A/B testing and content optimization.
• Generating aggregate, non-identifying statistical reports about Site usage.

2.3 Legal and Compliance

• Complying with applicable federal, state, and local laws and regulations, including securities laws, anti-money laundering (AML) requirements, and Know Your Customer (KYC) obligations.
• Enforcing our Terms of Service and other agreements.
• Protecting our rights, property, and safety, and the rights, property, and safety of our users, investors, and partners.
• Responding to lawful requests from law enforcement, regulatory authorities, and other government agencies.
• Establishing, exercising, or defending legal claims.

2A. SMS / Text Messaging Privacy

This section applies specifically to information collected and used in connection with SMS and text messaging communications from Midwood Asset Management.

2A.1 Information Collected via SMS

When you engage in SMS communications with Midwood Asset Management, we may collect:

• Your mobile phone number.
• The content of text messages you send to us.
• Date, time, and frequency of messages sent and received.
• Your opt-in and opt-out status and history.

2A.2 How We Use SMS Information

We use your phone number and SMS data to:

• Respond to your business inquiries related to commercial real estate.
• Send deal updates, follow-ups on property listings, and meeting confirmations.
• Process your opt-out requests and maintain our do-not-contact list.

2A.3 Consent and Opt-In

You consent to receive SMS messages from Midwood Asset Management by providing your phone number during in-person business meetings, phone calls, email exchanges, or through our website contact forms. Consent to receive SMS messages is not a condition of any purchase or business relationship with Midwood Asset Management.

2A.4 Message Frequency and Charges

Message frequency varies. Typical frequency is 1–5 messages per month depending on active business discussions. Message and data rates may apply. Contact your wireless carrier for details about your messaging plan.

2A.5 Opt-Out

You may opt out of SMS messages at any time by replying STOP to any message from us. After opting out, you will receive a one-time confirmation message and no further SMS messages from that number. You may also opt out by emailing Max@midwoodam.com or calling (561) 567-0801.

2A.6 Help

For assistance with our SMS program, reply HELP to any message, or contact us at Max@midwoodam.com or (561) 567-0801.

2A.7 No Sharing of SMS Data

We do not sell, rent, loan, trade, lease, or otherwise transfer for profit any phone numbers or personal information collected through our SMS program to any third party. Your phone number and opt-in data are used solely for the purposes described in this Privacy Policy. We may share SMS-related data only with our messaging service provider (Twilio) solely for the purpose of transmitting messages, and they are contractually prohibited from using your data for any other purpose.

2A.8 Supported Carriers

Our SMS program is supported on all major U.S. wireless carriers including AT&T, Verizon, T-Mobile, Sprint, and others. Carriers are not liable for delayed or undelivered messages.

3. Legal Basis for Processing (Where Applicable)

Where required by applicable law (such as the GDPR), we process your personal information based on the following legal grounds:

• Consent: Where you have given explicit consent for one or more specific purposes (e.g., subscribing to our newsletter).
• Contractual Necessity: Where processing is necessary for the performance of a contract or pre-contractual steps.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our Site and preventing fraud, provided those interests are not overridden by your rights.
• Legal Obligation: Where processing is necessary for compliance with securities regulations, tax reporting requirements, and anti-money laundering laws.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf, including website hosting (Netlify), email service providers, web analytics (Google Analytics with IP anonymization), CRM platforms, and professional advisors (attorneys, accountants, consultants). These providers are contractually obligated to use your information only for the purposes of providing services to us and must maintain its confidentiality and security.

4.2 Legal Requirements

We may disclose your information if required by law or in good faith belief that such disclosure is necessary to: comply with a legal obligation, court order, subpoena, or governmental request; enforce our Terms of Service; protect the rights, property, or safety of Midwood, our users, or the public; or detect, prevent, or address fraud or security issues.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or other business transaction, your information may be transferred as part of that transaction. We will notify you via prominent notice on our Site of any such change in ownership.

4.4 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected:

• Contact form submissions: Duration of business relationship plus seven (7) years for legal and regulatory compliance.
• Newsletter subscriptions: Until you unsubscribe or request deletion.
• Investment-related information: Minimum of seven (7) years from end of investment relationship, or longer per applicable securities/tax laws.
• Website analytics data: Up to thirty-eight (38) months in aggregated, anonymized form per analytics provider's retention policies.
• Server logs: Up to twelve (12) months for security and troubleshooting.

When personal information is no longer needed, we will securely delete or anonymize it in accordance with applicable law.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption: SSL/TLS encryption (HTTPS) for data in transit.
• Access Controls: Restricted access on a need-to-know basis.
• Infrastructure Security: Netlify's DDoS protection, automated threat detection, and regular security audits.
• Form Security: Honeypot fields and server-side validation to prevent spam.
• Regular Review: Periodic security practice reviews and updates.

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for Site function — session management and security. Cannot be disabled.
• Performance and Analytics Cookies: Collect anonymous information about visitor behavior for Site improvement.
• Functionality Cookies: Remember choices you make to provide enhanced, personalized features.

7.2 Third-Party Cookies

We may use Google Analytics, which uses cookies to collect standard log information and visitor behavior in anonymous form. Visit Google's Privacy Policy for more information. Opt out via the Google Analytics Opt-out Add-on. Our hosting provider (Netlify) may also use cookies for load balancing and security.

7.3 Managing Cookies

You can manage cookies through your browser settings, the "Do Not Track" browser signal (which we honor where feasible), or third-party opt-out tools such as the NAI opt-out page. Disabling cookies may affect Site functionality.

8. Your Rights and Choices

8.1 All Users

• Opt-Out of Marketing: Unsubscribe via the link in any marketing email or by contacting us directly.
• Access and Correction: Request access to your personal information and correction of inaccuracies.
• Data Deletion: Request deletion, subject to our legal retention obligations.

8.2 California Residents (CCPA/CPRA)

California residents have additional rights under the CCPA as amended by the CPRA:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom we share it.
• Right to Delete: Request deletion of personal information, subject to exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share it for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: Limit processing of sensitive data to authorized purposes.
• Right to Non-Discrimination: We will not deny services, charge different prices, or provide different quality because you exercised your privacy rights.

To exercise your rights, contact us per Section 12. We will verify your identity before processing. You may designate an authorized agent for requests.

8.3 EEA, UK, and Swiss Residents (GDPR / UK GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under GDPR/UK GDPR:

• Right of Access: Obtain confirmation of processing and access to your personal data.
• Right to Rectification: Have inaccurate data corrected and incomplete data completed.
• Right to Erasure: Request deletion when data is no longer necessary, you withdraw consent, or it was unlawfully processed.
• Right to Restriction: Request restricted processing in certain circumstances.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing.
• Right to Lodge a Complaint: File a complaint with a supervisory authority in your country of residence.

8.4 Other U.S. State Privacy Rights

Residents of states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights to access, correct, delete, and opt out. We honor valid requests per applicable state law. Contact us per Section 12.

9. Children's Privacy

Our Site and services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us immediately and we will promptly delete it.

10. International Data Transfers

Our Site is hosted in the United States. If you are accessing from outside the United States, your information may be transferred to, stored, and processed in the United States. Where required by law, we implement appropriate safeguards (such as Standard Contractual Clauses) to ensure adequate data protection.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last Updated" date, post a prominent notice on our Site, and where required by law, notify you by email. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your personal information, contact us at:

Midwood Asset Management LLC
Attn: Privacy Inquiries
407 Lincoln Rd. Suite 6H PMB 7173
Miami Beach, FL 33139
Email: Max@midwoodam.com
Phone: (561) 567-0801

We will respond within thirty (30) days or such shorter period as required by law. For CCPA/CPRA requests, we will respond within forty-five (45) days, subject to a possible 45-day extension where reasonably necessary.