Westmount Wealth Management Inc. Privacy Policy

Effective: April 2026

This Privacy Policy applies to Westmount Wealth Management Inc. and its affiliates (“WWM”, “we”, “us”, or “our”). It explains how we collect, use, and share your personal information under three Canadian privacy laws: the federal Personal Information Protection and Electronic Documents Act (PIPEDA), the BC Personal Information Protection Act (BC PIPA), and the Alberta Personal Information Protection Act (Alberta PIPA). Where these laws set different standards, we follow the most protective one.

This Policy covers personal information we collect through our website at www.westmountwealth.com, through the investment and financial planning services we provide to clients, and through other interactions with you. It does not cover information about WWM employees, partners, or contractors.

What is “personal information”? It is any information that identifies you or could be used to identify you. Examples include your name, address, date of birth, social insurance number, financial account details, investment holdings, and tax information.

1. Accountability

Our Privacy Officer is responsible for overseeing our privacy practices and handling all privacy questions, requests, and complaints. Their contact details are at the end of this Policy.

When we share your information with third parties who process it on our behalf, we remain responsible for how it is handled. We require those parties to protect your information to a standard comparable to our own, regardless of where they are located.

All WWM staff who handle personal information are trained on their privacy obligations.

2. Personal Information We Collect

We collect four main types of personal information:

2.1 Identity Information

This includes your legal name, address, date of birth, citizenship or residency status, government ID, and social insurance number (SIN). We need this information to verify your identity, open and maintain your accounts, and meet our legal obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and other laws. Providing your SIN is required for tax reporting under the Income Tax Act.

2.2 Financial and Investment Information

This includes your income, net worth, assets, debts, investment portfolios, banking relationships, tax profile, and beneficiary designations — the financial picture we need to manage your portfolio and give you suitable investment advice.

2.3 Risk Profile, Goals, and Know Your Client (KYC) Information

This includes your investment objectives, time horizon, liquidity needs, risk tolerance, risk capacity, investment knowledge, and any other preferences relevant to managing your portfolio. We use it to build your Investment Policy Statement (IPS), assess the suitability of investment decisions, and comply with securities laws.

We use a multi-dimensional risk assessment tool to evaluate how much investment risk you are willing and able to take. Your risk score underpins every investment decision we make on your behalf.

2.4 Website, Technical, and Other Information

When you visit our website, we automatically collect technical data such as your IP address, browser type, pages visited, and referring URLs. We use cookies and similar tools as described in Section 9. We also collect your login credentials (email address and password) to give you secure access to our client portal. We do not have access to your password or security questions.

If you apply for a job at WWM, we collect the information in your application, including work history, education, and contact details.

3. Why We Collect and Use Your Personal Information

We only collect and use your personal information for purposes a reasonable person would expect. These are:

  • Opening and maintaining your accounts

  • Executing and managing investment transactions

  • Preparing account statements, performance reports, and tax documents

  • Assessing and maintaining the suitability of investment advice

  • Meeting our AML/CTF obligations under the PCMLTFA and FINTRAC regulations

  • Income tax reporting as required by the Income Tax Act

  • Communicating with you about your accounts, markets, and our services

  • Sending marketing communications with your consent, in accordance with Canada’s Anti-Spam Legislation (CASL)

  • Responding to your questions and complaints

  • Detecting and preventing fraud and unauthorized account access

  • Complying with our legal, regulatory, and contractual obligations

  • Internal risk management, compliance, and business improvement

  • Evaluating employment applications

We will not use your personal information for any other purpose without first getting your consent, unless the law requires or permits it.

4. Consent

We collect, use, and share your personal information with your consent, or as the law otherwise permits or requires.

4.1 Express Consent

Because the information we handle – your financial details, investment holdings, income, net worth, SIN, and banking information – is sensitive, we always get your express consent before collecting, using, or sharing it. You give that consent when you sign our Investment Management Agreement at account opening, or through a separate written or electronic consent at any other time.

4.2 Implied Consent

In limited, non-sensitive situations we may rely on implied consent. For example, if you hand us your business card and ask to receive our newsletter, we take that as your consent to add you to our mailing list.

4.3 Withdrawing Consent

You can withdraw your consent at any time by contacting our Privacy Officer. We will explain the consequences before proceeding. Withdrawing consent may mean we can no longer provide certain services to you.

To stop receiving marketing emails, click the “unsubscribe” link in any marketing message or contact us directly.

4.4 When Consent Is Not Required

There are limited situations where the law allows us to collect, use, or share your information without consent. For example, to comply with a court order or search warrant, to investigate fraud or a breach of contract, or where there is imminent danger to someone.

5. Artificial Intelligence Tools and Meeting Recordings

We may use AI-assisted transcription and note-taking tools (“AI Notetakers”) during client meetings, calls, and video conferences to help us keep accurate records.

5.1 What AI Notetakers Do

These tools listen to meetings in real time and generate summaries and key points, such as your instructions, financial goals, and action items. The results go into your client file and support our recordkeeping obligations.

5.2 Your Express Consent Is Required

We will always ask for your express consent before using an AI Notetaker. Specifically, we will:

  • Tell you clearly at the start of the meeting that we would like to use an AI Notetaker

  • Name the specific tool and explain what it does

  • Give you a genuine opportunity to say no, with no penalty or impact on the services you receive

  • Take notes manually if you decline

We will record your choice. You can change your preference at any time by telling your Portfolio Manager or contacting our Privacy Officer.

5.3 How AI-Generated Data Is Used and Protected

Meeting recordings, transcripts, and AI-generated summaries:

  • Are used only to support service delivery, maintain client records, and meet regulatory recordkeeping obligations

  • Can only be accessed by authorized WWM staff with a legitimate need

  • Are sent to and stored on the AI vendor’s servers, which may be outside Canada (see Section 7)

  • Are governed by data processing agreements with the vendor requiring strong security safeguards

  • Are kept for the periods described in Section 8, then securely destroyed

We do not permit our AI vendors to use your personal information to train or improve their AI models. Our vendor contracts explicitly limit use of your data to meeting transcription and summarization for WWM’s benefit only.

5.4 Human Oversight of AI-Generated Content

AI tools assist with documentation and recordkeeping only. They are never used to make decisions about your account without review and approval by a qualified WWM team member.

AI-generated content – transcripts, summaries, action items – is not part of your official client record until a qualified team member has reviewed, verified, and approved it. Official records are maintained in line with securities laws and applicable privacy legislation.

No investment decision, suitability assessment, or KYC determination will be based solely on AI-generated output.

5.5 Your Right to Opt Out of AI Processing

Beyond declining an AI Notetaker in a specific meeting (Section 5.2), you can ask us at any time to stop processing your personal information through AI tools more broadly, including generative AI used for tasks like drafting reports, assisting with correspondence, or summarizing CRM records.

To do so, contact our Privacy Officer. We will confirm the steps taken in writing. Where AI processing is required to meet a legal or regulatory obligation, we will let you know. You can update or withdraw an opt-out at any time.

5.6 Electronic Transmission of Meeting Recordings and AI-Generated Content

WWM and its AI service providers transmit and store meeting transcripts and summaries using the Internet and encrypted cloud channels. We require all service providers to meet the same security standards we do (see Section 12), but no Internet-based transmission is completely secure.

By consenting to the use of an AI Notetaker (Section 5.2), you acknowledge the inherent risks of transmitting personal information electronically to third-party providers. We use contractual and technical safeguards to reduce these risks but cannot guarantee transmissions will always be free from interception or security vulnerabilities.

If you have concerns about the security of information transmitted through AI tools, contact our Privacy Officer immediately.

6. How We Share Your Information

We only share your personal information as described in this Policy, or as required or permitted by law.

6.1 Service Providers

We work with third-party service providers to deliver services on our behalf, including:

  • Qualified custodians that hold your assets

  • Portfolio management and trading platforms

  • Financial planning and reporting software

  • Technology providers (cloud hosting, cybersecurity, data backup)

  • AI transcription and note-taking tools (see Section 5)

  • Accounting, legal, and audit firms

  • Marketing and communications providers

All service providers are required to use your information only for the specific services we have contracted them to provide, and to protect it to a standard comparable to our own. Some providers are located in the United States or other countries outside Canada. See Section 7 for details.

6.2 Affiliates

With your express consent, we may share your information with Westmount Wealth Planning Inc. (a wholly owned subsidiary), which offers insurance and financial planning services.

6.3 Regulatory and Legal Disclosure

We may share your information as required or permitted by law, including:

  • In response to a court order, search warrant, subpoena, or other legally valid demand

  • With FINTRAC, the Canada Revenue Agency, the BCSC, ASC, OSC, and other regulators as required

  • With law enforcement in connection with investigating fraud, money laundering, or other illegal activity

  • Where necessary to establish, pursue, or defend a legal claim

6.4 Securities Issuers

Securities law requires us to share certain information about you with companies whose securities you hold in your account. Specifically, under National Instrument 54-101 (Communication with Beneficial Owners of Securities of a Reporting Issuer), we may disclose your name, contact information, and the securities you hold to the issuers of those securities, or to their agents.

Issuers use this information to send you materials they are legally required to deliver to shareholders and securityholders, such as annual reports, financial statements, proxy circulars, and other regulatory documents.

You have the right under NI 54-101 to instruct us on how you wish to receive these materials, including whether you consent to the issuer having access to your identity. These preferences are collected as part of your account opening documentation. If you wish to update your instructions, please contact your Portfolio Manager.

6.5 Business Transactions

If WWM is involved in a merger, acquisition, sale of assets, or restructuring, your personal information may be shared with prospective or actual buyers as part of due diligence, subject to appropriate confidentiality protections. You will be notified if your information becomes subject to a materially different privacy policy as a result.

7. International Transfer and Storage of Information

Some of our service providers – including AI tools, cloud hosting services, and software vendors – store and process data on servers in the United States and potentially other countries. Your information may therefore be subject to the laws of those jurisdictions, including laws that allow government authorities to access personal information.

Regardless of where your information is processed, WWM remains responsible for it. When we transfer personal information to foreign providers, our contracts generally require them to:

  • Use your information only for the specific purposes we’ve disclosed to you

  • Apply security safeguards equivalent to our own

  • Restrict access to authorized personnel

  • Notify us promptly of any breach affecting your information

  • Return or securely destroy your information when it is no longer needed

No contract can override foreign law. Personal information stored in the United States may be accessed by US authorities under laws including the USA PATRIOT Act, the CLOUD Act, and the Foreign Intelligence Surveillance Act (FISA), in ways that would not be permitted under Canadian law.

Where your data may be processed: Currently, Canada (primary) and the United States (cloud hosting, AI tools, CRM, and other software-as-a-service providers). We will update this section if we engage providers in additional countries.

For more information about our cross-border transfer practices, contact our Privacy Officer.

8. Retention of Personal Information

We keep your personal information only as long as we need it for the purposes described in this Policy, or as required by law or regulation.

9. Website, Cookies, and Online Analytics

Our website at www.westmountwealth.com uses cookies and similar tracking tools. By using our website, you consent to their use as described in this section.

9.1 What Are Cookies?

Cookies are small data files stored on your device when you visit a website. They help the site remember your preferences between visits. Some are essential for the site to work; others support analytics or marketing.

9.2 Types of Cookies We Use

  • Functional Cookies: Remember your preferences and settings.

  • Analytics Cookies: Help us understand how visitors use our site so we can improve it. We use Google Analytics for this purpose (see Section 9.3).

  • Marketing Cookies: Deliver relevant content. Activated only with your consent.

9.3 Google Analytics

We use Google Analytics to understand how our website is used. The cookies it places on your device send information – including your IP address – to Google’s servers, which may be in the United States. You can opt out by installing the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.

9.4 Managing Cookies

You can set your browser to block cookies or alert you before one is stored. If you block cookies, some website features – including the client portal – may not work. You can also update your cookie preferences using the tool on our website.

10. Marketing Communications

We may send you marketing communications about our products, services, market insights, and events, in compliance with Canada’s Anti-Spam Legislation (CASL).

Consent: We will only send you marketing emails or newsletters if you have given us express consent, or if our existing business relationship qualifies as implied consent under CASL. Marketing materials are never a condition of receiving services.

Opting out: Click the “unsubscribe” link in any marketing email, or contact us. We will process your request within 10 business days. You will continue to receive account-related and regulatory communications required by law or your Client Agreement.

11. Access and Correction

You have the right to ask for access to the personal information we hold about you, and to have any inaccuracies corrected. Submit a written request to our Privacy Officer using the contact information at the end of this Policy.

We will respond within 30 calendar days. In some situations we may not be able to provide full access – for example, if the information relates to another individual, is legally privileged, or is subject to another legal restriction. If we cannot provide full access, we will explain why in writing.

We may ask you to verify your identity before processing your request.

Keeping your information current: Please notify us promptly if your contact details, financial circumstances, or KYC information changes.

12. Security Safeguards

We use physical, organizational, and technical safeguards appropriate to the sensitivity of the information we hold, including:

  • Encryption of personal information at rest and in transit

  • Role-based access controls so only authorized staff can access your information

  • Multi-factor authentication for systems containing personal information

  • Regular cybersecurity risk assessments

  • Annual staff privacy and cybersecurity training

  • Vendor due diligence and data processing agreements with all third-party service providers

  • Incident response procedures for privacy breaches

  • Secure destruction of physical and electronic records at end of retention

No internet-based system is completely secure. Information submitted electronically is transmitted at your own risk. If you think your interactions with us have been compromised, contact us immediately.

13. Privacy Breach Notification

If a privacy breach involving your personal information creates a real risk of significant harm to you, we will:

  • Report the breach to the Office of the Privacy Commissioner of Canada (OPC) – and to the Alberta Information and Privacy Commissioner where applicable – as soon as we determine a reportable breach has occurred

  • Notify you directly, describing what happened, what information was involved, what we are doing about it, and what you can do to protect yourself

  • Keep records of all breaches – whether reportable or not – for at least 24 months

“Real risk of significant harm” includes risks of identity theft, financial loss, damage to your credit, reputational harm, humiliation, or other harm from unauthorized access to or use of your personal information.

14. Third-Party Websites

Our website may link to external websites for your convenience. WWM is not responsible for how those sites handle personal information. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Privacy Policy

We may update this Policy at any time to reflect changes in our practices or the law. We will post the revised Policy on our website with an updated effective date. If we make material changes that significantly affect how your information is used, we will notify you directly. We encourage you to review this Policy periodically.

You can request a current copy at any time by contacting us.

16. Contact Us — Privacy Officer

For any privacy questions, access or correction requests, or complaints, please reach out to our Privacy Officer:

Privacy Officer
Westmount Wealth Management Inc.
#1900 – 650 West Georgia Street
Vancouver, BC V6B 4N7

Email: compliance@westmountwealth.com
Website: www.westmountwealth.com

You may also escalate unresolved complaints to the applicable privacy commissioner for your province.

Provincial and Federal Privacy Commissioners
Office of the Privacy Commissioner of Canada (OPC):
www.priv.gc.ca | 1-800-282-1376

BC Information and Privacy Commissioner (OIPC BC):
www.oipc.bc.ca | 250-387-5629

Alberta Information and Privacy Commissioner (OIPC Alberta):
www.oipc.ab.ca | 780-422-6860

This Privacy Policy was last reviewed and updated in April 2026. Westmount Wealth Management Inc. is a registered Portfolio Manager in British Columbia, Ontario, and Alberta.