Privacy & Data Protection

Privacy Policy

How we protect and process your personal information

1

Introduction

AFA Management Sàrl (the "Company", "we", "us" or "our") is committed to respecting the privacy of visitors to its website and to protecting personal data in accordance with Regulation (EU) 2016/679 (the "GDPR") and applicable Luxembourg data protection laws.

This Privacy Policy describes how personal data is collected, processed and protected when you visit our website or contact us.

2

Data Controller

The data controller within the meaning of the GDPR is:

AFA Management Sàrl

2C, Parc d'Activités

L-8308 Capellen

Grand Duchy of Luxembourg

Email: [email protected]

3

Categories of Personal Data

Contact data

We may collect personal data such as name, company name, professional role, email address and the content of communications when you contact us via the website or by email.

Technical data

When accessing our website, limited technical data may be processed, including IP address, browser type, device information, date and time of access and pages viewed. This information is generated through standard web server logs.

4

Purposes of Processing

Personal data is processed for the following purposes:

  • responding to enquiries and communications;
  • operating, maintaining and improving the website;
  • ensuring website security and integrity;
  • complying with applicable legal or regulatory obligations;
  • establishing, exercising or defending legal claims.
5

Legal Basis for Processing

Processing of personal data is based on one or more of the following legal grounds:

  • the data subject's consent, where applicable;
  • the Company's legitimate interests, including communication, security and business administration;
  • compliance with legal or regulatory obligations.
6

Data Recipients

Personal data may be disclosed, on a need-to-know basis, to:

  • IT and website service providers;
  • professional advisers (including legal, tax and accounting advisers);
  • competent authorities or regulators, where required by applicable law.

Personal data is not sold or used for marketing lists.

7

International Data Transfers

Personal data is processed primarily within the European Union.

Where personal data is transferred outside the EU/EEA, appropriate safeguards will be implemented in accordance with the GDPR.

8

Data Retention

Personal data is retained only for the period necessary to fulfil the purposes for which it was collected and to comply with applicable legal or regulatory retention requirements.

Contact-related data is generally retained for up to three (3) years, unless a longer retention period is required or justified.

9

Data Subject Rights

In accordance with the GDPR, data subjects have the right to:

  • access their personal data;
  • request rectification or erasure;
  • request restriction of processing or object to processing;
  • request data portability, where applicable;
  • withdraw consent at any time, without affecting the lawfulness of prior processing;
  • lodge a complaint with a competent supervisory authority, including the Commission nationale pour la protection des données (CNPD) in Luxembourg.

Requests may be addressed to [email protected].

10

Data Security

The Company implements appropriate technical and organisational measures to safeguard personal data against unauthorised access, loss, alteration or disclosure.

11

Cookies

The website does not currently use cookies for tracking or analytics purposes.

Should cookies be implemented in the future, this Privacy Policy will be updated accordingly and relevant notices will be provided.

12

Amendments

This Privacy Policy may be updated from time to time to reflect changes in legal, regulatory or operational requirements. The latest version will always be available on the website.

Questions About This Policy?

If you have questions about this privacy policy or our data practices, please contact us at [email protected]

This Privacy Policy is effective as of January 2026