Maison X · Aurum X Capital

Privacy Policy.

Last updated: 5 May 2026

1. Introduction

Maison X is a private members' club operated by Aurum X Capital Ltd, a company registered in England and Wales (registered office: 20 Wenlock Road, London, N1 7GU, United Kingdom).

This Privacy Policy describes how we collect, use, share, and protect personal data about visitors to our website, prospective members, members, and other individuals who interact with us.

We take privacy seriously. Discretion is the foundation of everything we do, online as everywhere.

For the purposes of UK and EU data protection law, Aurum X Capital Ltd is the data controller of the personal data described in this policy.

If you have any questions about this policy, contact our Data Protection Officer at office@maisonx.global.

2. The personal data we collect

Visitor data

When you visit our website at maisonx.global, we may collect:

  • Technical information including IP address (anonymised after collection), browser type, device type, operating system, time zone, and language preferences
  • Information about your visit including pages viewed, referring website, time on page, and approximate location (country and city, derived from IP)

We use a small number of essential cookies necessary for the website to function. We do not use cookies for tracking or advertising purposes.

Prospective member data

If you correspond with us about possible membership, we may collect:

  • Your name, email address, telephone number, and any other contact details you provide
  • Information about how you came to know of Maison X
  • Any information you choose to share about your interests, residence, or preferences

Member data

When you become a member, we collect and process:

  • Identity data including name, date of birth, nationality, and any identification documents required for verification
  • Contact data including email address, telephone number(s), correspondence addresses, and the details of authorised representatives (such as personal assistants, partners, or family members) where you have authorised us to communicate with them
  • Financial data including payment card details, billing address, and transaction history (we do not store full card numbers; payment processing is handled by our card processor in line with PCI-DSS standards)
  • Service-related data including dietary requirements, travel preferences, important dates, and other information you share with us in the course of our service to you
  • Communication history with our team
  • Special Categories of Personal Data may be collected only where you actively share it with us. We process such data only to provide the service you have asked for

Aggregated data

We also use aggregated data (statistical or demographic data derived from personal data but not capable of identifying you) for any lawful business purpose. Where aggregated data is combined with personal data such that it can identify you, we treat the combined data as personal data.

3. How we collect personal data

We collect personal data through:

  • Direct interactions: when you visit our website, correspond with us, apply for membership, or use our services as a member
  • Referrals: when an existing member or trusted third party introduces you to us, they may share basic contact information so that we can reach out
  • Public sources: in limited circumstances, we may obtain information from publicly available sources to verify member identity or to inform a request you have made of us
  • Cookies and similar technologies: see Section 7 below

4. The lawful bases on which we process personal data

Under UK GDPR and EU GDPR, we rely on the following lawful bases:

  • Performance of a contract: where we process personal data to provide the membership and services you have asked for
  • Legitimate interests: where we process personal data to operate, develop, and improve our service, including managing our member relationships, preventing fraud, and protecting our business, provided these interests do not override your rights and freedoms
  • Consent: where we rely on your consent (for example, for any direct marketing or for processing Special Categories of Personal Data), you have the right to withdraw consent at any time
  • Legal obligation: where we are required to process personal data to comply with applicable law, regulation, or court order

5. How we use personal data

We use personal data to:

  • Provide the membership and services you have asked for
  • Communicate with you about your membership and ongoing matters
  • Personalise the service we provide based on your stated preferences
  • Process payments and maintain financial records
  • Verify identity where required for compliance with anti-money-laundering regulations
  • Coordinate with suppliers (hotels, restaurants, transport providers, residences, partners) only as necessary to fulfil specific requests, and only with the minimum data required
  • Maintain the security of our systems and detect or prevent fraud
  • Comply with legal and regulatory obligations
  • Manage and improve our service through aggregated analysis

We do not sell personal data, ever. We do not share personal data for advertising purposes.

6. Sharing personal data

We share personal data only as follows:

  • With suppliers and partners as necessary to fulfil requests you have asked us to handle (for example, when arranging a residence or booking, we may share your name and dates with the property; we do not share unrelated information)
  • With service providers including our payment processor, our hosting and IT providers, our email service providers, and our professional advisors (legal, accounting, audit), each operating under written agreements that limit how they may use your data
  • With regulatory authorities, law enforcement, or courts where required by law

We never share personal data with third parties for their own marketing purposes.

International transfers: where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place (such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses, or transfer to jurisdictions with an adequacy decision).

7. Cookies and similar technologies

We use a limited number of cookies on the maisonx.global website:

  • Strictly necessary cookies: required for the website to function, such as session cookies that remember your interaction during a visit. These do not require your consent
  • Analytics: we use privacy-preserving analytics that do not use cookies and do not collect personal identifiers. No tracking pixels, no cross-site tracking, no advertising integration

Where we serve a cookie notice, you may decline non-essential cookies at any time. You can also disable cookies through your browser settings, though this may affect some functionality.

We do not use third-party advertising or marketing cookies.

8. How long we keep personal data

We keep personal data only as long as necessary for the purposes for which it was collected:

  • Visitor data: retained for up to 12 months in aggregated form for statistical purposes
  • Prospective member correspondence: retained for up to 24 months unless you become a member, in which case it forms part of your member record
  • Member data: retained for the duration of your membership and for up to 7 years after termination, to comply with legal, regulatory, and accounting obligations
  • Financial records: retained for 7 years in line with UK statutory requirements
  • Special Categories of Personal Data: retained only for as long as actively necessary to provide the service you asked for, and then deleted

After the relevant retention period, personal data is securely deleted or anonymised.

9. Your rights under UK and EU GDPR

You have the following rights in respect of your personal data:

  • The right to be informed about how we collect and use personal data. This Privacy Policy is part of how we meet that right
  • The right of access: you may request a copy of the personal data we hold about you
  • The right to rectification: you may ask us to correct any personal data that is inaccurate or incomplete
  • The right to erasure: you may ask us to delete personal data, subject to exceptions where we are legally required to retain it
  • The right to restrict processing: you may ask us to limit how we use personal data in certain circumstances
  • The right to data portability: you may ask us to provide personal data in a structured, machine-readable format, and to transmit it to another controller
  • The right to object: you may object to processing based on legitimate interests, in which case we will stop unless we can demonstrate compelling legitimate grounds
  • The right to withdraw consent: where we rely on consent, you may withdraw it at any time
  • Rights related to automated decision-making: we do not make decisions about you based solely on automated processing without human review

To exercise any of these rights, contact us at office@maisonx.global. We will respond within one calendar month.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or with the data protection authority in your country of residence.

10. Security

We protect personal data with appropriate technical and organisational measures, including:

  • Encryption of data in transit and at rest
  • Access controls limiting who within Maison X can see what data
  • Secure hosting on infrastructure with appropriate data residency where applicable
  • Regular security review and incident response procedures
  • Confidentiality obligations binding all members of our team

In the event of a personal data breach that risks your rights and freedoms, we will notify the ICO within 72 hours of becoming aware, and notify affected individuals where required.

11. Children

Our services are intended for adult members. We do not knowingly collect personal data from anyone under 18. If we become aware that we hold such data, we will delete it. Where a member's request involves a minor (for example, family travel arrangements), we collect only the minimum information needed and only with the member's instruction.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The version date at the top reflects when the policy was last updated. Where we make material changes, we will notify members directly through the channels of communication we already use.

13. Contact us

For any questions, requests, or concerns about this Privacy Policy or our handling of personal data:

Data Protection Officer Aurum X Capital Ltd 20 Wenlock Road London, N1 7GU United Kingdom

Email: office@maisonx.global