PRIVACY POLICY OF WWW.AIWEALTH.EU

Last updated: 03/03/2026

1. DATA CONTROLLER

In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, users are informed that personal data will be processed by:

Asset Ibérica Underwriting, S.L.

Trading name: AI Wealth

Tax ID (CIF): B62178355

Registered address:
Carrer de Mallorca, 272, 2º 3ª, 08037 Barcelona, Spain

Privacy email: lopd@assetiberica.es

Data Protection Officer (DPO): dpo@assetiberica.es

Where AI Wealth operates as a regulated entity or provides services subject to financial or insurance regulations, personal data will also be processed in accordance with the applicable sector-specific regulatory framework.

2. CATEGORIES OF PERSONAL DATA PROCESSED

Depending on the user’s relationship with the website, the following categories of personal data may be processed.

2.1 Identification and contact data

• Name and surname
• Email address
• Telephone number
• Company and professional role

2.2 Browsing data

• IP address
• Device identifiers
• Browser and operating system
• Pages visited
• Time spent on pages
• Data collected through cookies (see Cookies Policy)

2.3 Contractual and financial data (client area)

• User identifiers
• Encrypted credentials
• Access logs
• Contractual information
• Financial information related to contracted services
• Investor or insurance profile (where applicable)

2.4 Data required for regulatory compliance

• Information required under anti-money laundering legislation
• Tax or regulatory information required by financial regulations

2.5 Special categories of personal data

As a rule, special categories of personal data are not processed through the website.

If such data becomes necessary in the context of financial or insurance services, users will be informed accordingly, and enhanced security measures will be applied.

3. PURPOSES AND LEGAL BASES FOR PROCESSING

3.1 Website operation and navigation

Purpose

• Enable website navigation
• Ensure system security
• Prevent unauthorised access
• Generate aggregated statistics

Legal basis

• Legitimate interest (Art. 6.1.f GDPR)
• Consent for non-essential cookies (Art. 6.1.a GDPR)

3.2 Handling enquiries

Purpose

To respond to requests submitted through website forms or email.

Legal basis

• Pre-contractual measures requested by the data subject (Art. 6.1.b GDPR)
• Legitimate interest in responding to communications (Art. 6.1.f GDPR)

3.3 Newsletter and marketing communications

Purpose

Sending financial information, updates and marketing communications.

Legal basis

• Explicit consent (Art. 6.1.a GDPR)

A double opt-in system is used, and proof of consent is retained.

Consent may be withdrawn at any time.

3.4 Client area management

Purposes

• Secure user authentication and account management
• Provision of financial or insurance services
• Contractual document management
• Historical record of interactions

Legal basis

• Contract performance (Art. 6.1.b GDPR)
• Compliance with legal obligations (Art. 6.1.c GDPR)
• Legitimate interest in ensuring security and traceability (Art. 6.1.f GDPR)

3.5 Compliance with financial regulations

Where applicable, personal data may be processed to comply with regulatory obligations, including:

• Spanish Anti-Money Laundering Law (Law 10/2010)
• MiFID II obligations (suitability and appropriateness assessments)
• Insurance Distribution Directive (IDD) requirements
• Tax and accounting obligations
• Requests from supervisory authorities

Legal basis: compliance with a legal obligation (Art. 6.1.c GDPR).

3.6 Financial profiling

In the context of financial or insurance advisory services, AI Wealth may carry out:

• risk profile assessment
• client classification
• suitability analysis

These processes do not involve solely automated decision-making without human intervention.

Legal basis: contract performance and regulatory compliance.

Users may request additional information regarding the logic applied in such assessments.

3.7 Legal defence and fraud prevention

Purpose

• Defence against legal claims
• Fraud prevention
• Protection of digital assets

Legal basis

• Legitimate interest (Art. 6.1.f GDPR)
• Legal obligation where applicable

3.8 Lead generation forms

When users provide personal data through contact forms on the website, the data will be processed for the purpose of:

• managing requests for information regarding financial planning, wealth advisory, investment or insurance services
• contacting the user to provide additional information
• conducting a preliminary assessment of potential professional services

Legal basis

• Consent provided through voluntary submission of the form (Art. 6.1.a GDPR)
• Pre-contractual measures requested by the data subject (Art. 6.1.b GDPR)

Submission of the form does not imply:

• the establishment of a contractual relationship
• the provision of financial advice
• acceptance of the user as a client.

If the requested services require regulatory assessment (for example under MiFID II or insurance distribution rules), such assessment will only take place within the framework of a formal engagement process.

The data provided may be used to contact the user by email or telephone exclusively in relation to the request submitted.

4. DATA RETENTION PERIODS

Personal data will be retained for the following periods:

• Contact data: while the relationship exists and up to 5 years thereafter
• Newsletter data: until consent is withdrawn
• Contractual data: minimum 6 years (Spanish Commercial Code)
• AML data: minimum 10 years (Law 10/2010)
• Tax data: in accordance with applicable tax legislation
• Access logs: according to security policies and regulatory requirements
• Contact form data: until the request is resolved and, if no contractual relationship is established, for a maximum of 12 months, unless the user consents to receiving marketing communications.

Once these periods expire, the data will be securely deleted or legally blocked.

5. DATA RECIPIENTS

Personal data may be accessed by:

• technology providers (hosting, cloud services, IT support)
• email marketing providers
• web analytics providers
• financial or insurance partners
• administrative or judicial authorities when legally required.

All service providers act as data processors under contracts compliant with Article 28 GDPR.

6. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the European Economic Area (EEA), appropriate safeguards will be applied, including:

• European Commission Adequacy Decisions, or
• Standard Contractual Clauses (SCCs), or
• equivalent safeguards under the GDPR.

Additional safeguards may be implemented in accordance with the Schrems II doctrine.

Further information may be requested from the Data Protection Officer.

7. SECURITY MEASURES

AI Wealth implements appropriate technical and organisational security measures, including:

• SSL/TLS encryption
• access control mechanisms
• strong authentication procedures
• logging and monitoring systems
• encrypted backups
• periodic risk assessments
• security incident response plans
• internal data breach management procedures.

8. DATA SUBJECT RIGHTS

Users may exercise the following rights:

• right of access
• right to rectification
• right to erasure
• right to restriction of processing
• right to object
• right to data portability
• right not to be subject to automated decision-making.

Requests may be submitted to:
lopd@assetiberica.es

A copy of an identification document may be required to verify identity.

If users believe their rights have been infringed, they may lodge a complaint with the Spanish Data Protection Authority (AEPD).

9. THIRD-PARTY DATA

If users provide personal data relating to third parties, they guarantee that:

• they have a lawful basis to share such data.
• the data subjects have been informed of this Privacy Policy.

Users also agree not to submit personal data of third parties through the website forms without proper authorisation.

10. MANDATORY DATA

Certain fields in the website forms may be marked as mandatory, as the data is required to:

• respond to enquiries
• enter contractual relationships
• comply with legal obligations.

Failure to provide such data may prevent the requested service from being delivered.

11. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may be updated to reflect:

• legal or regulatory changes
• technological developments
• changes in the services offered.

The most recent version will always be available on the website.