Privacy Policy

Last updated: 1st January 2026

Introduction

BrightFutureium Ltd ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. We operate in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Information

BrightFutureium Ltd is the data controller for the personal data we process. Our company is registered in Cyprus with registration number HE823467 and VAT number CY64823917X. Our registered office is located at Omirou Avenue 33, 6073 Larnaca, Cyprus.

Data We Collect

We collect various types of information in connection with the services we provide, including:

• Personal Information: Name, email address, phone number, company name, and postal address when you contact us or request our services.
• Communication Data: Records of correspondence and communications between you and BrightFutureium.
• Technical Information: IP address, browser type, operating system, referring URLs, and pages visited on our website.
• Financial Information: Relevant financial data provided in connection with our legacy finance transfer planning services.
• Cookie Information: Data collected through cookies and similar technologies as described in our Cookie Policy.

How We Use Your Information

We use the data we collect for the following purposes:

• To provide and deliver our legacy finance transfer planning services
• To respond to your enquiries and communicate with you about our services
• To process and manage client relationships and service agreements
• To comply with legal and regulatory obligations
• To improve our website functionality and user experience
• To send you relevant information about our services (with your consent)
• To protect our business interests and enforce our terms of service

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our services or take steps at your request before entering into a contract
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and website functionality
• Legal Compliance: Processing required to comply with applicable laws and regulations
• Consent: Where you have provided explicit consent for specific processing activities

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Sharing and Disclosure

We may share your personal data with:

• Professional advisors (lawyers, accountants, auditors) when necessary for our services
• Regulatory authorities when required by law
• Service providers who assist us in operating our business (under strict confidentiality agreements)
• Third parties with your explicit consent

We do not sell, trade, or otherwise transfer your personal data to third parties for marketing purposes without your consent.

Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Generally, we retain client data for a minimum of seven years after the conclusion of our services to comply with regulatory requirements. Technical and cookie data is typically retained for shorter periods as described in our Cookie Policy.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of processing under certain conditions
• Right to Data Portability: Request transfer of your data to another organisation
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure data transmission, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

As we operate within the European Union, your data is primarily processed within the EU/EEA. If we need to transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory authority if you believe we have not complied with applicable data protection laws. In Cyprus, you can contact the Office of the Commissioner for Personal Data Protection.