Privacy Policy

1. Introduction

infinionex SARL ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website or use our services. We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Collection

We collect and process the following types of personal data:

• Contact Information: Name, email address, phone number, and business address when you contact us or request our services
• Business Information: Company name, industry, business size, and financial information relevant to our consulting services
• Website Data: IP address, browser type, device information, and browsing behaviour through cookies and similar technologies
• Communication Records: Records of our correspondence and interactions with you
• Service Data: Information related to the services we provide, including financial analysis and recommendations

3. How We Use Your Information

We use your personal data for the following purposes:

• Service Delivery: To provide cash flow management consulting and related services
• Communication: To respond to your enquiries and maintain ongoing business relationships
• Business Operations: To manage our business, including administration, accounting, and legal compliance
• Website Improvement: To analyse website usage and improve user experience
• Marketing: To send relevant information about our services (with your consent where required)
• Legal Compliance: To comply with legal obligations and protect our legitimate interests

4. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please see our Cookie Policy.

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: Where you have given specific consent for processing activities
• Contract: To perform our contractual obligations in providing services
• Legitimate Interests: For business operations, marketing, and website analytics
• Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: Third-party vendors who assist with our business operations (under strict confidentiality agreements)
• Professional Advisors: Legal, accounting, and other professional service providers
• Regulatory Bodies: When required by law or to protect our legal rights
• Business Transfers: In connection with mergers, acquisitions, or business sales

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, including:

• Client Data: For the duration of our business relationship and up to 7 years thereafter for legal and tax purposes
• Marketing Data: Until you withdraw consent or we determine it's no longer needed
• Website Data: Analytics data is typically retained for 26 months
• Legal Requirements: As required by applicable laws and regulations

8. Your Rights

Under GDPR and other applicable data protection laws, you have the following rights:

• Access: Request access to your personal data and information about our processing activities
• Rectification: Request correction of inaccurate or incomplete personal data
• Erasure: Request deletion of your personal data in certain circumstances
• Restriction: Request restriction of processing in certain situations
• Portability: Request transfer of your data to another organisation
• Objection: Object to processing based on legitimate interests or for direct marketing
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

9. International Data Transfers

As we operate within the European Union, your personal data is primarily processed within the EU/EEA. If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including adequacy decisions, standard contractual clauses, or other approved mechanisms.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data
• Regular security assessments and updates
• Access controls and staff training
• Secure data storage and transmission protocols

11. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by posting the updated policy on our website and updating the "last updated" date.

13. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data processing practices, please contact us:

14. Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory authority if you believe we have not complied with applicable data protection laws. In Luxembourg, this is the Commission Nationale pour la Protection des Données (CNPD).