|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Jun. 30, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
LuxExperience believes that managing cybersecurity, privacy, and data protection and security risk is a vital part of LuxExperience´s responsibilities to the Company´s customers, partners, and employees, and have implemented several cybersecurity processes, technologies, and controls to identify and manage these risks.
Risk Management and Strategy
LuxExperience’s internal audit function, with primary oversight by the Audit Committee, assesses key risks facing the organization across functions and regions. The Management Board is tasked with ensuring risks, including those related to cybersecurity, are properly managed or mitigated and aligning strategic objectives with an appropriate level of risk tolerance. The Chief Technology Officer (CTO) as part of the Cybersecurity Steering Committee, and the Company´s internal Incident Response Team (IRT) operationalize the cyber risk management requirements across the Company and conduct cyber risk identification, assessment, management, monitoring, tracking, and reporting. The Cybersecurity Steering Committee is comprised of the Company´s Chief Operating Officer (COO), CTO, Head of Infrastructure and Security, Director of Engineering, Teamlead Site Reliability Engineering and the IT Senior Security Manager. The IRT is comprised of the IT Services, Compliance, Legal, IT Infrastructure & Security and Finance department. The Cyber Risk Management, Strategy Governance, and Incident Disclosure Policy provides the governance and framework for the Company´s risk management.
The privacy/data protection is built upon the privacy principles of transparency, purpose, control, security, embedded privacy, and accountability, which are set out in LuxExperience Group Privacy Policy. The Compliance Officer as well as the external Data Protection Officer are responsible for identifying, mitigating or managing, and reporting on data protection risks. LuxExperience is leveraging the National Institute of Standards and Technology (NIST) frameworks for cybersecurity. These NIST frameworks helps the Company to align the security functions and provides a holistic risk management framework across LuxExperience. The Company regularly reviews its security and privacy program maturity as well as the current state against these frameworks in monthly cybersecurity steering committee meetings. The results of these assessments are discussed with the Management. LuxExperience develops and executes implementation plans to advance the Company´s program maturity, aligning with the group risk management practice.
As part of the Company’s risk management strategy, LuxExperience requires that all employees complete the data protection and information security trainings. In addition, the Company will run ongoing cybersecurity awareness campaigns by the IT Infrastructure & Security team using posters, phishing campaigns, newsletters, webinars and other communication channels to keep cybersecurity top of mind for all employees.
LuxExperience IT Infrastructure & Security team engage in threat intelligence, predictive modeling, and penetration testing to reduce the risk of incidents. In addition, these teams have established procedures for detecting, mitigating, and remediating cybersecurity incidents, and processes for personnel to escalate incidents within the organization.
LuxExperience´s internal audit function conducts an assurance process on the effectiveness of the cybersecurity process and the data protection training during the annual audit procedures. Our cybersecurity systems are also independently assessed regularly by a third party and potential improvements are implemented accordingly.
The Company relies on certain third-party computer systems and third-party service providers in connection with providing some of the Company’s services. LuxExperience also depends upon various third parties to process payments, including credit cards, for customer transactions around the world. For payment transactions LuxExperience fully relies on third party payment providers and does not store payment data itself. Regardless, all payment security compliance is regulated and assessed annually as part of the PCI standard, LuxExperience complies with. For all relevant third-party computer systems as well as third-party service providers, LuxExperience implemented controls over the adequacy of those systems and providers in the internal control system, which will be subject to regular testing by the internal audit function. Furthermore, the Management Board including the relevant risk owners, review the Company´s risk inventory on a bi-annual basis.
Although the Company dedicates significant resources to protect against security breaches, constantly works on the improvement on rule adjustments and other security measures, the existing security measures may not be successful in preventing certain attacks on the systems. The Company continuously experiences targeted and organized malware, phishing, account takeover attacks, and denial-of-service type attacks on the Company’s systems, for FY25 none of them had any material impact on the Company. For further discussion of how these and other potential cybersecurity, technology and data privacy risks may impact LuxExperience´s business, see Item 3, Item D Risk Factors.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
LuxExperience believes that managing cybersecurity, privacy, and data protection and security risk is a vital part of LuxExperience´s responsibilities to the Company´s customers, partners, and employees, and have implemented several cybersecurity processes, technologies, and controls to identify and manage these risks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
The Management Board and Audit Committee maintain responsibility for LuxExperience risk oversight related to cybersecurity, privacy, and data protection and security. The Audit Committee has delegated the primary responsibility for oversight of compliance and risk management efforts and processes related to cybersecurity, data protection and security, and privacy to the Cybersecurity Steering Committee and the IT Infrastructure & Security team, which was established in 2023. The Cybersecurity Steering Committee oversees management’s efforts and processes to identify, assess, manage, and monitor significant cybersecurity and privacy risks and regulatory developments in this area, and reports periodically on these matters to the Audit Committee and Management Board.
Management’s cybersecurity and privacy efforts are led by the Chief Technology Officer and the Compliance Officer, respectively, and together they have the group-wide responsibility for assessing and managing cybersecurity, data protection and security, and privacy risks. LuxExperience´s Chief Technology Officer has over 19 years’ experience in the security industry and has previously served in various information technology and risk management roles, including as Senior Director of Risk and Technology and Vice President of Technology of two public companies. LuxExperience´s Compliance Officer held positions as General Counsel, In-house Lawyer, and Compliance Officer with over 9 years’ experience.
In addition, the Company´s external Data Protection Officer works together with the Cybersecurity Steering Committee, the IT Infrastructure & Security team and the Compliance Officer to monitor internal and external risks and align strategies to mitigate and remediate data protection risks.
LuxExperience´s Chief Technology Officer, Compliance Officer, IT Infrastructure & Security Team and members of their teams meet to discuss the Company’s cybersecurity and data protection risk exposures, including the steps management has taken to monitor and mitigate such exposures and their potential impact on the Company’s business, operations, and reputation. The Chief Technology Officer then periodically provides updates on these discussions to the Supervisory Board/Audit Committee during the technology update session of the board meeting and to the Management Board during the IT Steering Committee meeting and reports periodically on these matters to the Management Board, the Audit Committee and the Supervisory Board.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Management Board and Audit Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Management Board and Audit Committee maintain responsibility for LuxExperience risk oversight related to cybersecurity, privacy, and data protection and security. The Audit Committee has delegated the primary responsibility for oversight of compliance and risk management efforts and processes related to cybersecurity, data protection and security, and privacy to the Cybersecurity Steering Committee and the IT Infrastructure & Security team, which was established in 2023. The Cybersecurity Steering Committee oversees management’s efforts and processes to identify, assess, manage, and monitor significant cybersecurity and privacy risks and regulatory developments in this area, and reports periodically on these matters to the Audit Committee and Management Board.
|Cybersecurity Risk Role of Management [Text Block]
|
Management’s cybersecurity and privacy efforts are led by the Chief Technology Officer and the Compliance Officer, respectively, and together they have the group-wide responsibility for assessing and managing cybersecurity, data protection and security, and privacy risks. LuxExperience´s Chief Technology Officer has over 19 years’ experience in the security industry and has previously served in various information technology and risk management roles, including as Senior Director of Risk and Technology and Vice President of Technology of two public companies. LuxExperience´s Compliance Officer held positions as General Counsel, In-house Lawyer, and Compliance Officer with over 9 years’ experience.
In addition, the Company´s external Data Protection Officer works together with the Cybersecurity Steering Committee, the IT Infrastructure & Security team and the Compliance Officer to monitor internal and external risks and align strategies to mitigate and remediate data protection risks.
LuxExperience´s Chief Technology Officer, Compliance Officer, IT Infrastructure & Security Team and members of their teams meet to discuss the Company’s cybersecurity and data protection risk exposures, including the steps management has taken to monitor and mitigate such exposures and their potential impact on the Company’s business, operations, and reputation. The Chief Technology Officer then periodically provides updates on these discussions to the Supervisory Board/Audit Committee during the technology update session of the board meeting and to the Management Board during the IT Steering Committee meeting and reports periodically on these matters to the Management Board, the Audit Committee and the Supervisory Board.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|the Chief Technology Officer and the Compliance Officer
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|LuxExperience´s Chief Technology Officer has over 19 years’ experience in the security industry and has previously served in various information technology and risk management roles, including as Senior Director of Risk and Technology and Vice President of Technology of two public companies. LuxExperience´s Compliance Officer held positions as General Counsel, In-house Lawyer, and Compliance Officer with over 9 years’ experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
LuxExperience´s Chief Technology Officer, Compliance Officer, IT Infrastructure & Security Team and members of their teams meet to discuss the Company’s cybersecurity and data protection risk exposures, including the steps management has taken to monitor and mitigate such exposures and their potential impact on the Company’s business, operations, and reputation. The Chief Technology Officer then periodically provides updates on these discussions to the Supervisory Board/Audit Committee during the technology update session of the board meeting and to the Management Board during the IT Steering Committee meeting and reports periodically on these matters to the Management Board, the Audit Committee and the Supervisory Board.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef