What Information We Collect
We collect different types of information depending on how you interact with our platform. Some information you give us directly, other data we gather automatically to improve your experience.
Information You Provide
- Account Details: Your name, email address, phone number when you register
- Financial Information: Investment portfolio data, account preferences, monitoring settings
- Communication Records: Messages you send us, support requests, feedback
- Verification Data: Identity documents if required for regulatory compliance
Information We Collect Automatically
- Technical Data: IP address, browser type, device information, operating system
- Usage Information: Pages visited, features used, time spent on platform
- Performance Data: Error reports, system diagnostics, load times
Important: We never collect sensitive financial credentials like bank passwords or credit card details. You connect accounts through secure third-party integrations that we don't have direct access to.
How We Use Your Information
Your data helps us provide better service and keep your investments monitored effectively. Here's what we do with it:
| Purpose | Data Used |
|---|---|
| Provide monitoring services | Account details, portfolio data, preferences |
| Send alerts and notifications | Contact information, monitoring settings |
| Improve platform performance | Usage data, technical information |
| Customer support | Communication records, account details |
| Security and fraud prevention | Technical data, usage patterns |
| Legal compliance | Verification data, transaction records |
We don't sell your personal information to anyone. Period. We also don't use your data for advertising purposes or share it with marketing companies.
Legal Basis for Processing
Under GDPR, we need a valid legal reason to process your data. Here's our basis for different activities:
- Contract Performance: We process data to provide the monitoring services you signed up for
- Legitimate Interest: We analyze usage to improve platform security and functionality
- Legal Obligation: We comply with Belgian and EU financial regulations
- Consent: For optional features like marketing communications (which you can opt out of anytime)
If we want to process your data for new purposes, we'll ask for your permission first unless we're legally required to do so.
When We Share Your Data
We keep data sharing to a minimum. But sometimes we need to work with other companies to provide our services:
Service Providers
We partner with trusted companies that help us run the platform — cloud hosting, email delivery, data analytics. These partners can only use your data to provide services to us, not for their own purposes. They're bound by strict confidentiality agreements.
Financial Institutions
When you connect investment accounts, we use secure third-party services to retrieve your portfolio data. These connections are read-only and encrypted.
Legal Requirements
We may disclose information if required by law, court order, or government investigation. We'll notify you unless legally prohibited from doing so.
Business Transfers
If Bluxo Cwixu is acquired or merged with another company, your data may be transferred. You'll be notified beforehand and can delete your account if you don't agree.
International Transfers: Some of our service providers are based outside Belgium. When data leaves the EU, we ensure proper safeguards are in place through standard contractual clauses approved by the European Commission.
Your Privacy Rights
GDPR gives you strong control over your personal data. Here's what you can do:
Access Your Data
You can request a copy of all personal information we hold about you. We'll provide it in a readable format within 30 days.
Correct Inaccuracies
Found something wrong? You can update most information directly in your account settings, or contact us to make changes.
Delete Your Information
You can request deletion of your account and associated data. We'll comply unless we're legally required to keep certain records (like financial transaction logs).
Restrict Processing
You can ask us to limit how we use your data while you verify its accuracy or object to our processing.
Data Portability
You can receive your data in a machine-readable format to transfer to another service provider.
Object to Processing
You can object to data processing based on legitimate interests. We'll stop unless we have compelling reasons to continue.
Withdraw Consent
For processing based on consent, you can withdraw it anytime. This won't affect the lawfulness of processing before withdrawal.
How to Exercise Rights: Email us at [email protected] with your request. We'll respond within 30 days and won't charge a fee unless your request is clearly unfounded or excessive.
How We Protect Your Data
Security isn't just a feature — it's fundamental to everything we build. Here's how we keep your information safe:
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Staff access is limited to those who need it, with multi-factor authentication required
- Regular Audits: We conduct security assessments and penetration testing quarterly
- Monitoring: 24/7 system monitoring detects and responds to security incidents
- Secure Development: Code reviews and security testing are part of our development process
- Vendor Management: Third-party providers must meet our security standards
While we implement strong security measures, no system is completely foolproof. If we detect a data breach that affects you, we'll notify you within 72 hours as required by GDPR.
How Long We Keep Your Data
We don't keep information longer than necessary. Here's our retention approach:
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of account + 90 days |
| Financial records | 7 years (Belgian legal requirement) |
| Support communications | 3 years after resolution |
| Marketing consent records | Duration of consent + 2 years |
| Technical logs | 12 months |
| Analytics data (anonymized) | Indefinitely |
When you close your account, we'll delete or anonymize your data according to these schedules. Some information must be retained for legal compliance, but we'll clearly explain what and why.
Updates to This Policy
We review and update this privacy policy regularly to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email or through a prominent notice on the platform.
The "Last Updated" date at the top shows when we last revised the policy. We recommend checking back periodically to stay informed about how we protect your information.
Previous versions of this policy are available upon request if you want to see what changed.
Questions About Privacy?
If you have questions about this policy or how we handle your data, we're here to help.
Email: [email protected]
Phone: +32 51 200 570
Address: Rue Bonne Nouvelle 7, 4000 Liège, Belgium
You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données) if you believe we've mishandled your information.