Privacy Policy

Privacy Policy

Last updated: 27 April 2026
Data controller: Luxe Performance Advisory (sole-trader practice; entity status under review). Postal address available on request.
Contact for data matters: david@luxeperformanceadvisory.com

1. Who we are

Luxe Performance Advisory is a fractional CFO and advisory practice. We provide performance architecture, founder advisory, and capital and CFO support services to founder-led businesses. This policy describes how we handle personal data collected through our website (luxeperformanceadvisory.com) and through our advisory engagements.

For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller of personal data we collect.

2. What personal data we collect

We collect personal data in the following circumstances.

When you submit our contact form (name, email, business name, approximate revenue, message text, location). We collect this data so we can respond to your enquiry and assess fit for our services.

When you subscribe to The Operating Note newsletter (email address, optionally first name). We collect this data so we can send you the newsletter.

When you book a paid diagnostic (name, email, billing address, payment information processed by our payment provider). We collect this data to deliver the diagnostic and to issue an invoice.

When you become a client (the personal data described in our terms of engagement, including billing details, business information, and content shared during the engagement). This data is governed both by this policy and by our terms of engagement.

When you visit our website (technical data, IP address, browser type, pages visited, referrer URL, collected via standard web analytics). We use this data to understand how the site is used and to improve it.

We do not collect special-category personal data (health, religion, ethnicity, political opinions, etc.) and we do not collect data from children under 16.

3. The legal bases on which we process personal data

We process personal data on the following legal bases under UK GDPR Article 6:

  • Article 6(1)(b), performance of a contract. Where you have engaged us as a client or have booked a paid diagnostic, processing your personal data is necessary to deliver the service.
  • Article 6(1)(a), consent. Where you have subscribed to our newsletter, processing your email address is based on your explicit consent. You can withdraw consent at any time.
  • Article 6(1)(f), legitimate interests. Where we process website analytics or respond to a contact-form enquiry, we rely on our legitimate interest in operating and improving our business. We have considered your rights and freedoms in this assessment and believe the processing is proportionate.
  • Article 6(1)(c), legal obligation. Where we are required to retain certain records for tax or accounting purposes (typically for six years under HMRC rules), we rely on legal obligation.

4. How we use your personal data

  • To respond to enquiries and assess fit for our services
  • To deliver paid diagnostic sessions and ongoing client engagements
  • To send The Operating Note newsletter to subscribers
  • To issue invoices and meet our tax and accounting obligations
  • To improve our website
  • To comply with legal and regulatory requirements

We do not use personal data for automated decision-making or profiling that has legal or similarly significant effects on you.

5. Who we share personal data with

We do not sell personal data. We share it only with the following categories of recipient and only where necessary:

  • Our processors and service providers: payment provider (Stripe), email and newsletter platform (Beehiiv), website hosting (WordPress on luxeperformanceadvisory.com), customer relationship management (if used), professional advisors (lawyers, accountants).
  • HMRC and other regulators where legally required.
  • A successor entity in the event of a sale or restructure of the business, and only after appropriate notice.

All processors are contracted under written agreements that comply with UK GDPR Article 28.

6. International transfers

Some of our service providers are located outside the UK and EU. Where we transfer personal data outside the UK, we rely on:

  • UK Adequacy Regulations where the destination country has been assessed as providing adequate protection
  • Standard Contractual Clauses issued by the ICO (the UK International Data Transfer Agreement, or the EU SCCs supplemented by the UK Addendum)
  • Other lawful transfer mechanisms as appropriate

We are based in Indonesia. Personal data we collect may be processed by us in Indonesia under the same legal bases as above and protected by appropriate organisational and technical measures.

7. How long we keep personal data

  • Contact-form enquiries that do not progress: 12 months from the date of last contact, then deleted
  • Newsletter subscribers: until you unsubscribe; we retain a record of unsubscribe for compliance for up to 3 years
  • Client engagements: for the duration of the engagement plus 6 years after, in line with HMRC record-keeping requirements and our professional obligations
  • Website analytics: aggregated and anonymised after 26 months

8. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • The right of access (to obtain a copy of your data we hold)
  • The right of rectification (to correct inaccurate data)
  • The right of erasure (to ask us to delete your data, in defined circumstances)
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing based on legitimate interests
  • The right to withdraw consent at any time, where processing is based on consent

To exercise any of these rights, contact us at david@luxeperformanceadvisory.com. We will respond within one calendar month.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK data protection authority. ICO contact: ico.org.uk, or 0303 123 1113.

9. Security

We use appropriate organisational and technical measures to protect personal data, including encryption in transit (TLS) and at rest where supported by our service providers, access controls, and regular review of our processors. No system is completely secure, and we will notify you and the ICO of any personal-data breach in accordance with our legal obligations.

10. Cookies

This website uses cookies and similar technologies. See our Cookie Notice for details.

11. Changes to this policy

We may update this policy from time to time. The most recent version is always at this URL, dated at the top. Where changes are material, we will notify subscribers and clients directly.

12. Contact

Questions about this policy or about how we handle personal data:
Email: david@luxeperformanceadvisory.com

Scroll to Top