Privacy Policy

Republic of Ireland – GDPR Compliant

Effective Date: 25 February 2026 | Last Updated: 25 February 2026

1. Introduction

This Privacy Policy explains how Amanie Advisors Limited trading as XPO Real (“XPO Real”, “we”, “us”, “our”) collects, uses, processes, stores and shares personal data in connection with the provision of unsecured business funding and related services.

XPO Real provides transaction-by-transaction business funding to business entities only. We do not provide consumer credit and do not offer services to natural persons acting outside their trade, business or profession.

We are committed to processing personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”)
  • The Data Protection Act 2018 (Ireland)
  • Applicable Irish and EU data protection laws

For the purposes of GDPR, Amanie Advisors Limited is the data controller.

Registered Office: 12 Marlborough Road, Dublin 7, Dublin, D07 W2T8, Ireland
Company Number: 514546
Email: funding@xporeal.com

2. Scope of This Policy

This Policy applies to:

  • Directors, shareholders and beneficial owners of applicant businesses
  • Authorised signatories
  • Guarantors (if applicable in future)
  • Employees or representatives of applicant businesses
  • Website users
  • Business partners and introducers

This Policy does not apply to consumer lending, as XPO Real does not provide regulated consumer credit services.

3. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

3.1 Identity Data

  • Full name
  • Date of birth
  • Nationality
  • Government-issued ID details
  • PPSN (where legally required)

3.2 Contact Data

  • Business address
  • Email address
  • Telephone number

3.3 Financial and Transaction Data

  • Bank account details
  • Direct Debit mandate information
  • Card authorisation details
  • Tax returns (where required for credit assessment)
  • Business financial statements
  • Supplier invoice details

3.4 Compliance Data

  • AML / KYC documentation
  • Sanctions screening results
  • Politically Exposed Person (PEP) status
  • Beneficial ownership information

3.5 Public Information

  • Public business updates on nominated channels
  • Companies Registration Office filings
  • Publicly available adverse media

3.6 Marketing Data

  • Marketing preferences
  • Engagement with email campaigns
  • Website analytics data

4. Lawful Basis for Processing

We process personal data on the following lawful bases under Article 6 GDPR:

4.1 Contractual Necessity (Art. 6(1)(b))

To assess funding applications, enter into funding agreements, administer repayments, and enforce contractual rights.

4.2 Legal Obligation (Art. 6(1)(c))

To comply with anti-money laundering legislation, conduct sanctions screening, maintain financial records, and comply with tax obligations.

4.3 Legitimate Interests (Art. 6(1)(f))

To assess creditworthiness, prevent fraud, protect our commercial position, enforce funding agreements, maintain internal risk management systems, and conduct proportionate marketing to business contacts.

Where processing is based on legitimate interests, we conduct balancing assessments to ensure that such interests do not override fundamental rights and freedoms.

4.4 Consent (Art. 6(1)(a))

Where required by law (particularly for certain electronic marketing communications), we will rely on consent. Consent may be withdrawn at any time.

5. Purpose of Processing

We process personal data to:

  • Evaluate and approve funding applications
  • Verify identity and beneficial ownership
  • Settle supplier invoices
  • Collect repayments via Direct Debit
  • Apply late payment charges where contractually agreed
  • Conduct credit and fraud checks
  • Monitor compliance with funding agreement terms
  • Enforce contractual rights
  • Communicate with stakeholders where lawful
  • Send business-related marketing communications

6. Marketing and Business Communications

XPO Real and its business partners may use business contact data and email addresses for advertising and marketing purposes. Marketing may include: funding offers, product updates, business insights, partner offers, and industry-related communications.

6.1 Legal Basis

Marketing communications are sent based on Legitimate interests (B2B marketing), or Consent, where legally required.

Recipients may opt out at any time by clicking “unsubscribe” in marketing emails or contacting us directly.

We do not sell personal data to third parties.

7. Sharing of Personal Data

We may share personal data with:

  • Banks and payment service providers
  • Direct Debit processing providers
  • AML and identity verification providers
  • Professional advisers (legal, audit, compliance)
  • Debt recovery agencies (where applicable)
  • Credit reference agencies (if used)
  • IT and cloud hosting providers
  • Regulatory or law enforcement authorities

We ensure all processors act under written agreements compliant with Article 28 GDPR.

8. International Transfers

Personal data is primarily processed within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses
  • Adequacy decisions
  • Equivalent data protection safeguards

9. Data Retention

We retain personal data only for as long as necessary. Typical retention periods:

  • AML/KYC records: Minimum 5 years after business relationship ends
  • Financial records: 6–7 years (Revenue compliance)
  • Enforcement documentation: Duration of limitation period
  • Marketing data: Until opt-out or 24 months inactivity

Data may be retained longer where required by law or where necessary to establish, exercise or defend legal claims.

10. Data Security

We implement appropriate technical and organisational measures including: encryption, access controls, multi-factor authentication, secure data storage, staff confidentiality obligations, and regular compliance audits.

However, no electronic transmission or storage system is entirely secure. We cannot guarantee absolute security.

11. Automated Decision-Making

We may use automated tools to assist in credit assessment and risk profiling. However, funding decisions are not based solely on automated decision-making without meaningful human review.

12. Your Data Protection Rights

Subject to legal limitations, data subjects have the right to:

  • Access personal data
  • Rectify inaccurate data
  • Erase personal data (“right to be forgotten”)
  • Restrict processing
  • Object to processing based on legitimate interests
  • Object to direct marketing
  • Data portability
  • Withdraw consent (where processing is consent-based)

Requests may be submitted to funding@xporeal.com. We may request proof of identity before fulfilling requests.

13. Complaints

If you believe your data protection rights have been breached, you may contact us in the first instance.

You also have the right to lodge a complaint with the Data Protection Commission (Ireland) at www.dataprotection.ie.

14. Enforcement Communications

Where an Event of Default occurs, XPO Real may communicate with relevant stakeholders regarding recovery action in accordance with Irish defamation law, data protection law, and the funding agreement. We will ensure such communications are lawful, truthful, and proportionate.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Updated versions will be published on our website with a revised “Last Updated” date.

Continued use of our services constitutes acceptance of the updated Privacy Policy.

Progress: %
target: 55%
max: 90%