Privacy Policy

This Privacy Policy describes how Xklusivelyelite Ltd (“we”, “us”, “our”), trading as Xklusively Elite (“XE”), collects, uses, stores, and protects your personal data when you use our website, apply for membership, or otherwise engage with our luxury members club and related services.

We are committed to protecting your privacy and processing personal data fairly and lawfully in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

Data controller: Xklusivelyelite Ltd, a company registered in England and Wales.

Registered office: XE House, 15 Ross Way, Northwood, Hertfordshire, HA6 3HU, United Kingdom.

We may collect and process the following categories of personal data, depending on how you interact with us:

Information you provide

Including via forms and correspondence relating to:

• Membership applications — identity and contact details (e.g. name, email, telephone), professional background, preferences, and other information you choose to submit
• Partner enquiries — business contact details, company information, and message content
• Investor relations — contact details, investor status, and information you provide in relation to investment interest or communications
• Share applications — identity, contact, and eligibility information required to process your application and comply with legal obligations
• Records of communications with our team (e.g. email, messages, call notes where applicable)

Information collected automatically

• Technical and usage data when you visit our website, such as IP address, browser type, device identifiers, approximate location derived from IP, pages viewed, and referring URLs
• Cookies and similar technologies — see section 9 and our Cookies Policy for details
• Analytics data — where enabled, aggregated or pseudonymous statistics about how our site is used (e.g. via Google Analytics)

We process personal data only where we have a valid lawful basis under UK GDPR, including:

• Performance of a contract — to assess applications, administer membership, deliver services you request, and manage our relationship with you
• Legitimate interests — to operate and improve XE, secure our systems, understand how our website is used, respond to enquiries, prevent fraud, and protect our legal rights, where such interests are not overridden by your rights and freedoms
• Legal obligation — to comply with applicable law, regulation, court orders, or requests from competent authorities (including in connection with share-related processes where applicable)
• Consent — where required for certain activities, such as non-essential cookies and analytics (where not relying on another basis), and marketing communications where we ask for your opt-in

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal. We will make clear when consent is the basis at the point of collection.

We use personal data for purposes including:

• Delivering our members club experience — reviewing applications, onboarding, member communications, and service fulfilment
• Responding to partner, investor, and other business enquiries
• Processing share applications and related administration where applicable
• Sending service-related messages (e.g. confirmations, updates about your application or account)
• Compliance with legal, regulatory, and tax obligations, and cooperation with regulators or law enforcement where required
• Improving our website, services, and security — including troubleshooting, analytics, and aggregated reporting
• Protecting XE, our members, and third parties — fraud prevention, enforcing terms, and defending legal claims

We apply appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, or misuse.

We do not sell your personal data. We may share data with trusted third parties who process it on our instructions and under contractual safeguards, including:

• Email and transactional communications — we use Resend (or similar providers) to send operational and service-related emails
• Website analytics — where enabled, Google Analytics (Google LLC or its affiliates) to understand site traffic and usage in aggregate or pseudonymous form
• IT, hosting, and infrastructure providers — to host our website, store data securely, and maintain our systems
• Professional advisers — such as lawyers, accountants, or auditors where necessary and subject to confidentiality obligations
• Authorities and regulators — when required by law or to protect our legal rights

We require processors to handle personal data only as we specify and in line with UK data protection law. We may also disclose information if you consent, or as part of a business reorganisation (e.g. merger), subject to appropriate protections.

Some of our service providers may process personal data outside the United Kingdom and the European Economic Area (“EEA”), for example where servers or support teams are located in the United States or other countries.

Where we transfer personal data to countries that are not subject to a UK adequacy regulation, we implement appropriate safeguards required under UK GDPR — such as the UK International Data Transfer Agreement (“IDTA”), UK Addendum, or Standard Contractual Clauses approved for use in the UK — and conduct transfer risk assessments where appropriate.

You may contact us using the details below if you would like further information about the safeguards we rely on for specific transfers.

We keep personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law.

• Application and enquiry data — typically retained for the period needed to assess and respond, and for a reasonable period thereafter in case of follow-up or disputes, unless a longer retention period applies for legal or regulatory reasons
• Member and contractual records — retained for the life of the relationship and for a period after it ends to resolve queries, enforce terms, and meet legal or tax retention requirements
• Marketing preferences and consent records — retained while relevant and for a short period after withdrawal to demonstrate compliance
• Analytics and logs — often retained in shortened or aggregated form according to provider settings and our configuration

When retention periods end, we securely delete or anonymise personal data where possible.

Subject to applicable law, you have the following rights in relation to your personal data:

• Right of access — to obtain confirmation of processing and a copy of your personal data
• Right to rectification — to correct inaccurate data or complete incomplete data
• Right to erasure (“right to be forgotten”) — in certain circumstances, to request deletion of your data
• Right to restrict processing — in certain circumstances, to limit how we use your data
• Right to data portability — where processing is based on consent or contract and carried out by automated means, to receive your data in a structured, commonly used format
• Right to object — to processing based on legitimate interests (including profiling) and to direct marketing at any time
• Rights related to automated decision-making — including the right not to be subject solely to automated decisions with legal or similarly significant effects, where applicable
• Right to withdraw consent — where we rely on consent, without affecting the lawfulness of earlier processing

To exercise any of these rights, please contact us at privacy@xklusivelyelite.co.uk. We may need to verify your identity before responding. We will respond within one month in most cases (extensions may apply for complex requests, as permitted by law).

You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”), the UK supervisory authority — see section 12.

Our website uses cookies and similar technologies to operate the site, remember preferences, and (where you consent) measure performance and analytics. For categories of cookies, retention, and your choices, please read our Cookies Policy.

XE’s services, website, and membership are intended for adults. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a child, please contact us at privacy@xklusivelyelite.co.uk and we will take steps to delete it promptly where appropriate.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the way we deliver XE.

When we make material changes, we will notify you by appropriate means — for example by posting the updated policy on this page with a revised “Last updated” date, and where we have your contact details, by email or an in-service notice where appropriate. We encourage you to review this policy periodically.

For any questions about this Privacy Policy, or to exercise your data protection rights, contact our Data Protection Officer at privacy@xklusivelyelite.co.uk, or write to us at: Data Protection, Xklusivelyelite Ltd, XE House, 15 Ross Way, Northwood, Hertfordshire, HA6 3HU, United Kingdom.

If you are not satisfied with how we have handled your personal data, you have the right to complain to the ICO. Further information is available at https://ico.org.uk/make-a-complaint/.