Each company of the CONSULTLUX GmbH Holding (collectively, “CONSULTLUX GmbH” or “we”) recognizes the importance of the proper and adequate protection of personal data of natural persons. This privacy policy helps you to understand why and how we process your data. We explain how we collect and use as well as what we do to protect your data and what are your rights in relation to your personal data.

This privacy policy is applicable to you if you are our investor, a representative or related party to a legal entity investor or investor, if you submit an information request in our website or contact us for any other purpose, if we have received your personal data from third parties, and if you visit our website: https://consult-lux.com.

1. Terms and definitions

Personal data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing of personal data – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller – means the natural or legal entity, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Joint-controller – two or more controllers who jointly determine the purposes and means of data processing. They have equal responsibilities for compliance with the obligations under the GDPR in ensuring the rights of the data subject are met, the data subjects are appropriately informed and there is designated contact point for data subjects.

Processor – means a natural or legal entity, public authority, agency or other body which processes personal data on behalf of the controller;

Third party – means a natural or legal entity, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Data subject – a person whose personal data is processed (e.g. client who is a natural person, website user or a contact person of a legal entity client).

Investor – a person who through our platform invests in pre-vetted, short-term, property-backed loans in Europe.

Investor data –natural person who has registered as user on the platform. When an investor is a legal entity, then the personal data is the name, ID number, date of birth, and contact data of a natural person related to that legal entity.

investor – a legal entity receiving finance to their real estate development project.

investor data – personal data of natural persons related to the investor, including but not limited to the contact person, the managers and the beneficial owners of the investor and any natural persons providing collateral for securing the financing transaction concluded with the investor. investor data also includes loan guarantors data, who can be a legal (company) or a natural person. We ask for loan guarantors to make investments more secure for our investors

User – CONSULTLUX GmbH’s investor or investor. When investor or investor is a legal entity, then contact data of natural person of that legal entity.

2. The controller

CONSULTLUX GmbH can be a controller, joint-controller or processor in various personal data processes.

CONSULTLUX GmbH is the controller for all investor and investor data, for all data you have registered on our website, for all data we obtain through public registers or internet, for our supplier or partner personal data and for the data of website visitors.

3. Contact data of DPO

We have a DPO overseeing data protection at group level. If you have any questions regarding this privacy policy or our processing of personal data or have requests regarding your personal data, please contact us at: contact@consult-lux.com

4. What type of personal data do we process?

We collect directly following personal data:

Identification data – first and last name, personal code and/or date of birth, age, language and profession;

Contact data –phone number, e-mail address, home address;

Authentication data – personal ID number and type, date of issue and validity of an identification document with a photo, gender and citizenship;

Compliance data – to apply know your customer, anti-money laundering and prevention of terrorism financing principles we conduct background checks when you join us and monitor your transactions once you are our client. The data we check, includes but is not limited to your residency data, profession, origin of funds used in transactions, qualifications or connections to politically exposed persons, and whether or not you are subject to international financial sanctions;

Transactions data – financial transactions made via the portal, user’s preferences of transaction profile types and user’s automatic lending placement settings;

Contract data – any contracts concluded by the user via the portal;

Bank account data – for natural persons account holder, account number, IBAN, Swift, name of the bank;

Payment services data – for natural persons name, surname, e-mail, date of birth, country of residence, nationality, proof of residence, copy of identification document and IP address used for registration, payer or recipient.

Usage data – time and number of log-ins, including log-ins via Facebook, LinkedIn or other third-party service provider and log-in token.

Internet data – data on website visitors’ sessions, cookies, log data and IP addresses.

5. Purpose of processing and lawful base when processing your personal data?

CONSULTLUX GmbH processes personal data to ensure performance of a contract, to comply with legal obligations, out of legitimate interest, or with data subject’s consent.

5.1 Data processing required for performance of a contract.

Data processing is necessary for performance of a contract concluded with you or for taking measures required prior to signing of the contract.

Purpose of processing Personal data categories.

Investing identification data, contact data, authentication data, compliance data, bank account data, transactions data, contract data, usage data and internet data.

Borrowing (legal entity) identification data, contact data, authentication data, compliance data, bank account data, usage and internet data.

Registering on the platform Identification data, contact data, Compliance data
Commencing investments Bank account data.

5.2. Processing to fulfill legal obligations of CONSULTLUX GmbH

Legal obligations of processing include all personal data processing under relevant laws and regulations in all of our locations for example European financial sector regulations, accounting law or crowdfunding regulations. These laws and regulations mandate the type of data collected and data retention periods.
Purposes of processing Personal data categories
Compliance checks of investors Contact data, identification data and compliance data.

5.3. Data processing based on CONSULTLUX GmbH’s legitimate interest

A legitimate interest means that data processing is necessary for our business purposes. We process personal data based on our legitimate interest only if we have conducted balance test to measure the impact of the processing on your privacy and data protection rights. You have a right to receive additional information about our or third-party legitimate interest and to object to the personal data processing. If you object to the processing of your personal data under our legitimate interests, we shall no longer process the personal data for that purpose unless we demonstrate compelling legitimate grounds for the processing. When you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.