Privacy Policy

  1. Personal Data Collections

Luxen & Wealth – FZCO respects your privacy and is committed to collecting, storing, and processing personal data carefully and in accordance with applicable data protection regulations. Since there may be links on our website to other, external websites that are not directly related to financial consulting activities, we do not assume responsibility for data protection on those websites.

Luxen & Wealth – FZCO processes data for the purpose of conducting business activities and informing individuals about its offerings by collecting their personal data.

The controller of personal data is:

  • Luxen & Wealth – FZCO, IFZA Business Park, DDP, PO Box 342001, Dubai, United Arab Emirates.
  1. What Types of Data Do We Collect?

We process your data to provide the services, activities, and products of Luxen & Wealth – FZCO. The types of data we collect depend on your use of our services and/or products.

Direct Marketing

Data: First name, last name, and email address.

Purpose: We process this data solely to inform you about updates, webinars, promotional offers, news, and fresh content from the company. We also use email communication to direct you to various events and promotional campaigns related to the company’s activities.

Subscription

Data: First name, last name, billing address, email address, and data related to transactions conducted via our services.

Purpose: If you use our services as a subscriber or make purchases or other financial transactions via our website (e.g., completing a purchase), we also collect data related to the transaction. We process this data to fulfill our contractual obligations. This includes payment data such as name, address, and other account and authentication details, as well as invoicing data.

Cookie Data

Data: Cookie data stored on your device, including cookie IDs and settings.

Purpose: For more information about how we use cookies, please refer to our Cookie Policy.

  1. Sharing Data with Contractual Processors and Independent Partners

We strictly limit how our partners and contractual processors may use and disclose the data we share with them. We enter into data processing agreements with each contractual processor, ensuring the implementation of appropriate technical and organizational measures to protect your personal data. We do not process data for profiling purposes.

Suppliers and Service Providers

We share data and content with suppliers and service providers who provide services to us (e.g., technical infrastructure support, analytics of our services usage, customer services, surveys).

Researchers

We also provide data and content to research partners to conduct studies that support science and innovation, contribute to societal benefit, technological progress, public interest, health, and well-being. However, this data is shared only in pseudonymized form, which does not reveal any personal information to the researchers.

  1. What is our legal basis for processing data?

We collect, use, and share data as described above:

  • based on your consent, which you may withdraw at any time;
  • as necessary for the performance of a contract;
  • as necessary to comply with our legal obligations;
  • in accordance with our legitimate interests, which include our interests in providing innovative, personalized, secure, and profitable services to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms requiring the protection of personal data.
  1. Data Retention, Deactivation, and Account Deletion

5.1. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and processed, in accordance with the principles of purpose limitation and data minimization. Personal data is collected and processed solely for clearly defined and legitimate purposes and only to the extent necessary to achieve those purposes.

5.2. Prior to processing personal data for purposes other than those for which it was originally collected, the Provider shall assess whether the new purpose is compatible with the original purpose, taking into account the nature of the data, the context of collection, potential consequences for the data subject, and the existence of appropriate safeguards.

5.3. Personal data collected based on consent shall be deleted upon withdrawal of consent, unless another legal ground for processing applies.

5.4. Notwithstanding the foregoing, personal data may be retained where necessary:

  • to comply with applicable legal or regulatory requirements under the laws of the United Arab Emirates, including tax and accounting obligations;
  • to establish, exercise, or defend legal claims, in which case personal data shall be retained until the conclusion of the relevant proceedings or until the expiration of the applicable statutory limitation period under UAE law.

5.5. Upon account deactivation or deletion, personal data that is no longer required for legal, regulatory, or contractual purposes shall be securely deleted, anonymized, or otherwise rendered permanently inaccessible.

Where mandatory legal provisions prescribe different retention periods, we retain such personal data for the prescribed duration (e.g., where needed for legal or business purposes such as security, fraud prevention, and keeping financial records). For instance, some accounting data may be subject to permanent storage, although our customers’ personal data is generally not part of accounting records.

Once the applicable retention period expires, we delete or anonymize your personal data (i.e., we remove all identifiers that could link the data back to you as an individual). During deletion, we take special care to ensure that data is securely and completely removed from all our servers or retained only in anonymized form. We always strive to ensure that the operation of our services also ensures appropriate protection of your data against accidental or malicious destruction. For this reason, there may be a delay between the deletion of data and the removal of all copies from our systems and backups.

  1. Data breach response
    In the event of a personal data breach, we will notify the competent authority without undue delay, and no later than 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.

If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify each affected individual without undue delay.

  1. Your rights

Right to withdraw consent

Where we process your personal data based on your consent, you may withdraw that consent at any time by sending a written request to the email address provided above.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You will not receive any less favorable treatment or suffer any negative consequences as a result of withdrawing your consent.

Right of access

You have the right to obtain confirmation from us as to whether or not we are processing your personal data and, where that is the case, access to the data and certain additional information as set out in Article 15 of the General Data Protection Regulation (e.g., processing purposes, retention periods, existence of international transfers, etc.).

Please note that we may deny access if it would adversely affect the rights and freedoms of others.

Right to rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. Upon your request, we will correct or complete such inaccurate or outdated personal data without undue delay.

Right to erasure

Upon your request and subject to the validity of the request, we will erase your personal data without undue delay where:

  • it is no longer needed for the purposes for which it was collected or otherwise processed;
  • it was processed based on withdrawn consent and there is no other legal basis for processing;
  • you have objected to its processing and there are no overriding legitimate grounds for the processing;
  • it was unlawfully processed.

Right to restriction of processing

This right is not absolute and applies only in certain circumstances. During the restriction period, we may continue to store your personal data, but may not otherwise process it.

Upon your request, we will restrict the processing of your personal data without undue delay when:

  • you contest the accuracy of the data (processing will be restricted while we verify its accuracy);
  • processing is unlawful, but you oppose erasure and request restriction instead;
  • we no longer need the data for processing, but you require it for the establishment, exercise, or defense of legal claims; or
  • you object to processing, pending verification of whether our legitimate grounds override yours.

During the restriction period, such data will be processed only:

  • with your consent;
  • for the establishment, exercise, or defense of legal claims;
  • to protect the rights of another natural or legal person; or
  • for reasons of important public interest.

You will be informed before any restriction is lifted.

Right to data portability
Where processing is based on consent or contract and is carried out by automated means, you may request that we transfer your personal data to another controller, where technically feasible.

Right to object

This right is applicable in certain situations. Whether it applies depends on the purpose and legal basis of the processing. You have an absolute right to object to the processing of your personal data where the purpose is direct marketing. You may also object where processing is based on our legitimate interest, although in this case your right is not absolute.

When submitting an objection, you must specify your reasons. Based on your request, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing is necessary for the establishment, exercise, or defense of legal claims.

Right to lodge a complaint
If we do not respond to your request within one month or if we reject your request, you may file a complaint with the Information Commissioner of the Republic of Slovenia — the supervisory authority for personal data protection.

Contact details of the Information Commissioner:

DIFC (Dubai International Financial Centre)

Commissioner of Data Protection – DIFC www.difc.ae

  1. Changes to the Privacy Policy
    Luxen & Wealth – FZCO reserves the right to occasionally amend this Privacy Policy in order to update it or align it with the specific nature of our data processing activities.

The date of the latest update is always indicated at the end of the Privacy Policy.

We recommend that you regularly review this Privacy Policy to stay informed about which personal data we process and how we process it.

  1. Additional information
    For additional information regarding the processing of personal data or to submit suggestions for improvement, please contact us at matjaz@luxen-wealth.ae or by post Luxen & Wealth – FZCO, IFZA Business Park, DDP, PO Box 342001, Dubai, United Arab Emirates.

This Privacy Policy applies until revoked or amended.

Dravograd, Slovenia, August 2025