1. Introduction

LuxReg Solutions, Unipessoal Lda. (hereinafter referred to as “LuxReg Solutions”) is committed to protecting the privacy, confidentiality and security of the personal data of its clients, partners and users. This Privacy Policy (the “Policy”) is issued on behalf of LuxReg Solutions, a company incorporated in Portugal, with registered offices at Edifício 11 – Praça Marquês de Pombal, 2530-127 Lourinhã, Portugal. This Policy is based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “General Data Protection Regulation” or “GDPR”), as well as on any other applicable national or European legislation issued in this area. You are encouraged to read this Policy together with any other privacy notices or policies that we may provide in relation to the collection and processing of personal data, in order to obtain a complete understanding of how your data is used. If you have any questions regarding this Policy or wish to exercise any of your legal rights, please contact us using the details set out in Section 11.

2. Data Controller

The data controller for the processing of personal data in connection with the website https://luxregsolutions.com/ is LuxReg Solutions, Unipessoal Lda., with registered offices in Portugal at Edifício 11 – Praça Marquês de Pombal, 2530-107 Lourinhã. LuxReg Solutions determines the purposes and means of the processing of the personal data concerned.

3. Personal Data Collected and Purpose

Personal Data Privacy

LuxReg Solutions ensures the following with respect to the personal data provided through use of the website, in accordance with this Privacy Policy:

i. The collection of personal data is limited to what is strictly necessary to carry out the operations requested by the user through the website;

ii. Each operation uses the collected personal data independently, and any use of data across operations is carried out only with the prior knowledge and consent of the data subject;

iii. At the time of collection of personal data, this Privacy Policy is made available to inform the data subject of the specific purpose of the processing;

iv. The transmission of personal data to third parties or subcontractors is carried out exclusively for the execution of the operations expressly identified at the time of collection and always under the supervision and control of LuxReg Solutions;

v. LuxReg Solutions may send periodic communications to users for the purpose of validating and updating their data. LuxReg Solutions reserves the right to delete the personal data of inactive users, with inactivity being understood as the absence of any interaction. Any interaction — including responses to communications via human or automated systems, or confirmation of receipt of previously consented emails — automatically renews the validity period of the user’s consent;

vi. The data subject may, at any time, opt out of receiving email communications, in which case LuxReg Solutions will cease processing personal data related to that specific consent;

vii. LuxReg Solutions undertakes to apply appropriate security procedures and techniques to minimise the risk of loss, unauthorised access or breach of personal data. In the event of a personal data breach, LuxReg Solutions will notify the data subject and the competent data protection authority as promptly as possible;

viii. LuxReg Solutions provides clear information regarding the processing of users’ personal data on the website, in compliance with applicable data protection and privacy legislation, as detailed in this Privacy Policy.

Website Tracking Data (“Cookies”)

LuxReg Solutions respects the privacy of its users and provides mechanisms allowing control over the level of tracking carried out during website navigation. Upon the user’s first visit, a “Cookie Settings” window is displayed, enabling access to “Cookie Preferences” where the user may select the desired level of consent.

• Users may choose to “Accept all cookies”, enabling a full and personalised browsing experience;

• The minimum level of cookies required, designated as “Strictly Necessary Cookies”, is essential for the proper functioning of the website’s basic features and is deleted at the end of the browsing session;

• “Functionality Cookies” allow a personalised experience by remembering user preferences during website use;

• “Performance Measurement Cookies” collect aggregated data on traffic and visitor behaviour, enabling LuxReg Solutions to optimise website content.

These cookies do not identify users individually and are used solely for global statistical purposes. LuxReg Solutions fully respects users’ choices regarding the processing of their personal data, ensuring transparency and control.

4. Information Request Form

During navigation on the LuxReg Solutions website, users may encounter an information request form. When submitting an information request, the following personal data may be collected:

• Identification data (first and last name);

• Contact data (email address);

• Records of communications and interactions (information requests, emails, completed forms, mentoring sessions).

LuxReg Solutions does not collect sensitive personal data, including data relating to racial or ethnic origin, religious or philosophical beliefs, sexual life or orientation, political opinions, trade union membership, health data, biometric or genetic data, or data relating to criminal convictions or offences.

The collected data is used exclusively to enable LuxReg Solutions to respond to the information request via email and is deleted after the response has been sent, with no further processing carried out.

If the user wishes to receive commercial communications from LuxReg Solutions beyond the initial request, specific consent must be provided through the Privacy Notice available on the form.

The form is always accompanied by a Privacy Notice explaining the purpose of data collection and offering choices regarding data processing. Users may review and amend their consents and preferences at any time.

This Policy aims to inform clients, visitors and prospective clients about LuxReg Solutions’ data processing practices, both in relation to service provision and website use, regardless of geographic location, and to explain users’ privacy rights and applicable legal protections.

5. Legal Basis and Retention of Personal Data

The processing of personal data by LuxReg Solutions is based on different legal grounds, depending on the specific purpose of the processing. These may include:

• the performance of a contract, particularly in the context of agreed services;

• compliance with legal or regulatory obligations;

• LuxReg Solutions’ legitimate interests, such as service improvement, information security and institutional communications;

• the explicit consent of the data subject, for example in relation to newsletters or promotional communications.

Personal data is processed in strict compliance with applicable data protection legislation and stored in secure databases created exclusively for that purpose. Data retention periods vary according to the purpose of processing, and data is retained only for as long as strictly necessary. Where specific legal or regulatory retention obligations apply, such obligations shall prevail. In the absence of such requirements, data will be securely deleted once the purpose of collection and processing has been fulfilled.

6. Data Sharing with Third Parties

Personal data may be shared with third parties contracted by LuxReg Solutions for service provision under a written agreement defining their obligations as data processors.

Such entities may process personal data solely for the purposes set out in this Privacy Policy, and any use for their own or third-party purposes is strictly prohibited.

Personal data may be shared with:

• Technology, administrative and operational service providers acting as processors;

• Judicial, regulatory or administrative authorities where disclosure is legally required.

Personal data is never sold, transferred or disclosed for commercial or promotional purposes. All third parties accessing personal data are bound by contractual confidentiality obligations and strict data protection standards, ensuring data security and integrity.

7. Data Subject Rights

Under the GDPR, data subjects have the right to:

• Access their personal data;

• Rectification or updating;

• Erasure (where applicable);

• Restriction of or objection to processing;

• Data portability;

• Withdraw consent at any time.

Exercising your rights

To process access requests or other rights, LuxReg Solutions may request additional information to verify the data subject’s identity, as a security measure. Additional information may also be requested to clarify the scope of the request. No fee is required to exercise data protection rights. However, LuxReg Solutions may charge a reasonable fee or refuse a request where it is manifestly unfounded, repetitive or excessive, as permitted under the GDPR. LuxReg Solutions endeavours to respond to all legitimate requests within one month. If a request is complex or multiple requests are made, this period may be extended, and the data subject will be informed accordingly.

8. Security and Confidentiality

LuxReg Solutions implements rigorous technical and organisational measures to ensure the security, confidentiality, availability and integrity of personal data, in line with the GDPR and international information security best practices.

These measures include:

• Restricted access to personal data on a need-to-know basis, subject to confidentiality obligations;

• Protection against unauthorised access, misuse, destruction or disclosure through access controls and authentication mechanisms;

• Periodic monitoring and review of security practices and policies;

• Secure data storage, including encryption where applicable;

• Incident management procedures, including detection, response and notification of personal data breaches.

LuxReg Solutions promotes a continuous data protection and information security culture among its personnel.

9. Policy Updates

This Privacy Policy is reviewed regularly to reflect regulatory, technological and operational developments. The most recent version shall always apply to the personal data held by LuxReg Solutions.

LuxReg Solutions reserves the right to amend this Policy at any time. Updated versions will be published on the website.

10. Complaints

If a user has a complaint regarding this Policy or the processing of personal data, they should contact LuxReg Solutions as set out in Section 11.

If the user is located in the EEA and is not satisfied with the response, they have the right to lodge a complaint with their local data protection authority. In Portugal, this authority is the CNPD – Comissão Nacional de Proteção de Dados https://www.cnpd.pt/.

Users located in the EEA may also consult the list of data protection authorities available at: https://edpb.europa.eu/about-edpb/board/members_en

11. Contact Details

The management of LuxReg Solutions is responsible for overseeing matters relating to this Privacy Policy. For any questions regarding this Policy, data protection matters or the exercise of legal rights, please contact us at: geral@luxregsolutions.com