Privacy Policy Xentio

Last updated: December 29, 2025

1. Introduction

Axenimo BV, established in Belgium with VAT number BE 1031.883.129 (hereinafter "Axenimo", "we" or "us"), operates the website xentio.eu (hereinafter "the Website") and the Xentio brand.

We attach great importance to protecting your privacy and the security of your personal data. This privacy policy explains what data we collect, how we use, store, and protect it, and what rights you have regarding your personal data.

This privacy policy has been drafted in accordance with the General Data Protection Regulation (GDPR) and Belgian privacy legislation.

1.1 Data Controller

Axenimo BV
VAT: BE 1031.883.129
Email: support@axenimo.com
Website: www.xentio.eu

Axenimo is the data controller for all personal data collected through the Website.

2. What data do we collect?

2.1 Data you provide to us

2.1.1 Contact forms and waitlist

When you complete a contact form or sign up for our waitlist/early access program, we collect:

Email address (required)
Number of properties/rental units (optional)
Name (if provided)
Phone number (if provided)
Message or additional information (if provided)

You provide this data to us voluntarily and consciously.

2.2 Automatically collected data

2.2.1 Technical data

When visiting our Website, we automatically collect certain technical information:

IP address (anonymized where possible)
Browser type and version
Operating system
Device type (desktop, mobile, tablet)
Screen resolution
Referring website (which website you came from)
Date and time of visit
Pages visited and click behavior
Geographic location (at country or regional level, not exact)

2.2.2 Google Analytics

We use Google Analytics to gain insight into how visitors use our Website. Google Analytics collects:

Page views
Session duration
Bounce rate
Traffic sources
Demographic information (age, gender) if available
Interests

We have configured Google Analytics to:

Anonymize IP addresses
Not share data with other Google services
Not use advertising features (remarketing, demographics)

For more information about how Google processes data, see: www.google.com/policies/privacy/partners/

2.3 Cookies

Our Website uses cookies. See section 7 "Cookies and tracking" for detailed information.

2.4 Data we do NOT collect

In this marketing phase, we do not collect:

Financial data or bank details
Credit card information
National registration number or other unique identification numbers
Sensitive personal data (race, religion, health, political beliefs, etc.)
Login credentials or account information (there are currently no user accounts)

3. Purposes and legal bases of processing

3.1 Contact requests and waitlist (Legal basis: Consent)

When you sign up for our waitlist or contact us:

Purpose: Inform you about the launch of Xentio, offer early access, answer your questions
Legal basis: Your explicit consent
Retention period: Up to 24 months after registration, or until you unsubscribe

3.2 Website analytics (Legal basis: Consent or legitimate interest)

Purpose: Understand how visitors use our Website, improve the Website, optimize user experience
Legal basis: Your consent (via cookie banner) or legitimate interest (for basic statistics)
Retention period: Google Analytics retains data for a maximum of 26 months

3.3 Technical operation of the Website (Legal basis: Legitimate interest)

Purpose: Make the Website function, ensure security, resolve technical issues
Legal basis: Legitimate interest of Axenimo
Retention period: Log files are kept for a maximum of 12 months

3.4 Legal obligations (Legal basis: Legal obligation)

Purpose: Comply with legal obligations, such as accounting retention requirements
Legal basis: Legal obligation
Retention period: According to legal terms (e.g., 7 years for accounting)

3.5 Marketing and product improvement (Legal basis: Consent)

Purpose: Keep you informed of developments, send newsletters (if you sign up), tailor the product to user needs
Legal basis: Your explicit consent
Retention period: Until you unsubscribe or object

4. Who do we share your data with?

We never sell your personal data to third parties. We only share your data in the following cases:

4.1 Service providers (processors)

We work with carefully selected third parties that provide services to us:

Google Analytics (US): For website analysis. Google is certified under the EU-US Data Privacy Framework.
Email provider (if applicable): For sending emails to waitlist members.
Hosting provider: For hosting our Website and databases.

These service providers process personal data solely on behalf of Axenimo, based on processor agreements, and may not use the data for their own purposes.

4.2 Legal obligations

We may disclose your data if:

We are legally required to do so (e.g., to tax authorities, police, judiciary);
This is necessary for the protection of our rights, property, or safety, or those of others;
This is necessary in the context of legal proceedings.

4.3 Business transfer

In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the successor, provided they commit to compliance with this privacy policy.

4.4 No other third parties

We do not share your data with:

Advertising networks (no targeted advertising)
Social media platforms (no tracking via social plugins)
Data brokers or marketing agencies
Other commercial parties for their own marketing purposes

5. International data transfers

5.1 Transfers outside the EU/EEA

Some of our service providers (such as Google) may process data outside the European Economic Area (EEA).

In such cases, we ensure that:

The receiving party is certified under the EU-US Data Privacy Framework, or;
Standard Contractual Clauses (SCCs) from the European Commission have been concluded, or;
An adequacy decision from the European Commission applies.

5.2 Hosting

Our Website and databases are preferably hosted within the EU/EEA for optimal data protection.

6. Security of your data

We take the security of your personal data very seriously and have implemented appropriate technical and organizational measures to protect your data against loss, misuse, unauthorized access, disclosure, alteration, or destruction.

6.1 Security measures

HTTPS encryption: All communication between your browser and our Website is encrypted via SSL/TLS.
Access security: Access to personal data is restricted to authorized employees who need this access.
Pseudonymization: Where possible, we pseudonymize or anonymize data.
Backups: Regular, encrypted backups to prevent data loss.
Updates and patches: Our systems are regularly updated with the latest security patches.
Monitoring: We monitor our systems for suspicious activity.

6.2 Data breaches

Despite our efforts, no system can be 100% secure. In the unlikely event of a data breach:

We will inform the competent supervisory authority (Data Protection Authority) within 72 hours, if required;
We will inform you directly if the breach poses a high risk to your rights and freedoms;
We will immediately take measures to close the breach and prevent further damage.

7. Cookies and tracking

7.1 What are cookies?

Cookies are small text files that are placed on your device when you visit a website. Cookies help the website remember your preferences and improve your experience.

7.2 What cookies do we use?

Functional cookies (essential)

These cookies are necessary for the basic operation of the Website:

Session cookie: To track your browser session
Cookie preferences: To remember your cookie choices
Retention period: Until end of session or up to 12 months

These cookies do not require consent because they are strictly necessary.

Analytical cookies (Google Analytics)

_ga, _gid, _gat: Google Analytics cookies for visitor statistics
Retention period: Up to 24 months
Legal basis: Consent (opt-in via cookie banner)

We do not use:

Advertising cookies (no targeted advertising)
Social media cookies (no tracking via Facebook/LinkedIn/Twitter pixels)
Affiliate tracking cookies

7.3 Your cookie choices

On your first visit to the Website, you will be asked to consent to the use of analytical cookies. You can:

Give consent: Click "Accept analytics"
Refuse consent: Click "Decline"
Change your choice later via the cookie settings on the Website

You can also manage or delete cookies via your browser settings:

Chrome: Settings > Privacy and security > Cookies and other site data
Firefox: Options > Privacy and security > Cookies and website data
Safari: Preferences > Privacy > Cookies and website data
Edge: Settings > Cookies and site data

Note: Blocking essential cookies may affect the functioning of the Website.

7.4 Do Not Track

Our Website respects "Do Not Track" (DNT) signals. If your browser activates DNT, we will not activate analytical tracking without your explicit consent.

8. Your rights

Under the GDPR, you have the following rights regarding your personal data:

8.1 Right of access (Article 15 GDPR)

You have the right to know whether we process personal data about you, and to request a copy of that data.

8.2 Right to rectification (Article 16 GDPR)

You have the right to have incorrect or incomplete personal data corrected or supplemented.

8.3 Right to erasure / "right to be forgotten" (Article 17 GDPR)

You have the right to have your personal data deleted, for example:

When the data is no longer necessary for the purposes for which it was collected;
When you withdraw your consent and there is no other legal basis;
When you object and there are no overriding legitimate grounds;
When the data has been unlawfully processed.

This right is not absolute and may be limited by legal retention periods.

8.4 Right to restriction of processing (Article 18 GDPR)

You have the right to restrict the processing of your data in certain cases, for example when you contest the accuracy of the data.

8.5 Right to data portability (Article 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller.

8.6 Right to object (Article 21 GDPR)

You have the right to object to the processing of your personal data, particularly:

Against processing based on legitimate interest;
Against direct marketing (you can unsubscribe via the unsubscribe link in every email).

8.7 Right to withdraw consent

If processing is based on your consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing before the withdrawal.

8.8 Automated decision-making and profiling

We currently do not use automated decision-making or profiling that has legal effects or otherwise significantly affects you.

8.9 How can you exercise your rights?

To exercise any of the above rights, send an email to: support@axenimo.com

Include in your request:

Which right you wish to exercise;
Your name and email address;
A copy of your ID (with national registration number made illegible) if necessary for identification.

We will respond within one month after receipt of your request. In complex cases, we may extend this period by two months, of which we will inform you.

8.10 Right to lodge a complaint

If you believe that we do not process your personal data correctly, you have the right to lodge a complaint with the Belgian Data Protection Authority (DPA):

Data Protection Authority
Drukpersstraat 35, 1000 Brussels
Tel: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.gegevensbeschermingsautoriteit.be

9. Retention periods

We do not retain your personal data longer than necessary for the purposes for which it was collected, or to comply with legal obligations.

| Type of data | Retention period | Reason | |--------------|------------------|--------| | Waitlist / contact data | 24 months after registration | Marketing and product launch | | Email correspondence | 3 years | Legal protection | | Google Analytics | 26 months | Analysis and improvement | | Log files (technical) | 12 months | Security and technical operation | | Accounting data | 7 years | Legal obligation |

After the retention period expires, your data will be securely deleted or anonymized.

10. Children

Our Website is not directed at persons under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and suspect that your child has provided personal data to us, please contact us at support@axenimo.com so we can take appropriate action.

11. Future services

11.1 PSD2 and bank data (future)

When Xentio evolves in the future into an active SaaS product with functionalities such as bank connections (PSD2), payment tracking, and dashboards, this privacy policy will be supplemented with:

Specific information about collecting and processing bank transactions;
Legal bases for processing financial data;
Security measures specific to financial data;
Information about PSD2 compliance and third-party providers (TPPs);
Further retention periods for transaction data.

You will be explicitly informed in advance of the launch of such services and asked for consent.

11.2 User accounts (future)

Upon introduction of user accounts, additional data will be collected (username, password, verification data, etc.). A comprehensive privacy policy for this phase will then take effect.

12. Changes to this privacy policy

Axenimo reserves the right to amend this privacy policy. Changes will be published on this page with a new "Last updated" date.

For significant changes, we will inform you via:

A notice on the Website;
An email to waitlist members (if applicable).

We recommend that you regularly consult this privacy policy to stay informed about how we protect your data.

13. Contact and questions

Do you have questions about this privacy policy or how we process your personal data? Please contact us:

Axenimo BV
Data Controller
Email: support@axenimo.com
Website: xentio.eu

We strive to respond to your questions within 5 business days.

This privacy policy has been drafted in accordance with:

Regulation (EU) 2016/679 (GDPR)
Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data
ePrivacy Directive (2002/58/EC)

Version: 1.0 (Marketing & Development Phase)