Xama Technologies, as a provider of outsourced software services, deal with personal information daily. We do this both as:
- a data controller with our own customers, staff and associates;
- a data processor, handling data on behalf of our customers.
Xama Technologies collects your Personal Information
For you as a direct customer, associate, staff member or subscriber to Xama Technologies, this describes the personal information we will collect. Our software services all require us to collect and process some personal information as part of our service delivery. The personal data we require may include full name, bank account details, contact details and information of the goods and services provided. We may collect personal data from you when you show an interest in any of our service areas, and further data at the point when the service commences.
Xama Technologies will use your personal information for limited purposes
For you as a direct customer, associate, staff member or subscriber to Xama Technologies, this describes the limits of how we will use your information and process it.
Provision of Service:
- This is the primary purpose for which we process the data and to provide you with the services you have contracted with us for.
- Providing technical support.
- Review and feedback of service provided.
Communication with You:
- In relation to existing services contracted.
- To respond to a request for information from you.
- To make you aware of related services being offered by Xama Technologies.
Related Purposes such as:
- Verifying your identity.
- Informing you of updates or additional services related to your account.
- Delivering training and guidance related to the services you subscribed to.
- Compliance with relevant laws and regulations (including AML).
By entering into a contract with Xama Technologies, you agree that we may collect, hold and use your personal information in the way described in this Policy. Xama Technologies will not use your personal data for any purpose other than that described in this Policy, unless we have your express permission or instruction to do so.
Information provided by you about others
For you as a data controller, providing Xama Technologies with personal data relating to your data subjects, to enable us to process it on your behalf. In most cases (Outsourcing, Consulting and Software services), we are required to collect and process information about others from you as part of our service delivery. This makes us a data processor in these cases.
Xama Technologies will process all data in accordance with the process that is agreed with you as the data controller. We will establish processes and procedures that keep the data secure and we will not share it with any other third parties, nor use it for any other purposes. We will work with you fully to support any GDPR compliance requirements, and where appropriate change our working practice to meet your needs. We will advise you of areas that we become aware of within your own processing, that in our opinion compromise the GDPR compliance.
It remains your responsibility, as the data controller, to comply fully with GDPR in relation to this data, including:
- You must ensure you are authorised to disclose such information and for it to be processed by Xama Technologies in the manner requested.
- You must ensure that the individuals concerned are aware that their personal information is being collected and for what purpose, who the intended recipients of the information are and of their right to obtain access to that information.
You must ensure that your own systems and processes in relation to such data are compliant.
Data Access Requests
In cases where there is a subject access request, this should always be directed to you as data controller. You may request assistance from Xama Technologies in this matter. Xama Technologies will do all they can to assist in these requests.
Xama Technologies protects your data
For you as a direct customer, associate, staff member or subscriber to Xama Technologies, but also as a data controller for the data provided to Xama Technologies to process.
Across all services
Xama Technologies will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Xama Technologies use trusted third-party service providers for the processing and storage of personal information. These all have their own privacy policies to be compliant with GDPR and data transfer protocols. Some of these providers store data outside of the EU, mainly in the United States. While we carefully select our third-party service providers, Xama Technologies is not responsible for the privacy policies or practices of any third party.
For data integration services
Xama Technologies facilitate the transfer of data between two systems both of which are under your control.
- Xama Technologies are the data processor and you are the data controller.
- Xama Technologies’ software hosting provider is based in the UK and Germany within a secure data center facility.
Xama Technologies’ integration software uses secure authentication and data transfer protocols to ensure that any personal data is protected, at all stages within the transfer.
In the unlikely event that a breach of data privacy occurs, Xama Technologies will inform you as soon as we become aware. Where the breach affects data that is owned by you as the data controller it will be your responsibility to notify the data subjects affected.
Sharing your data
This section applies to both data being handled as a data controller (our own customers, staff and associates) and as a data processor (your data, and your staff, customers, supporters etc.). Xama Technologies commits to only use your personal information for the intended purpose and service delivery. It might be necessary to share this information with carefully selected third parties where they facilitate this service delivery, but only in cases where this is required, and limited to that purpose. On principle, Xama Technologies will never otherwise share your information with a third party, unless we have your express consent. There are a limited number of instances where we are legally required to do so (such as with HMRC) to comply with legislation and processes. Where that disclosure is required, we will inform you, unless we are prevented from doing so by law.
This section relates to Data in both Categories. Personal data of our customers, staff, associates and subscribers, but also data that we are processing on behalf of our clients. Any personal information we hold, will only be kept for as long as it is required to provide the requested service. Where appropriate, the data will be moved so that it is only on the data controller’s own systems. It will then be the responsibility of the data controller to manage that data in accordance with GDPR. In some cases, we have a legal obligation to keep your information for a specified amount of time, which might be longer than the intended purpose (e.g. due diligence information required to comply with laws relating to money laundering, the required period for retention of financial records).
This section relates to your rights as a Data Subject: customer, associate, staff member or subscriber of Xama Technologies. Under GDPR, you have several rights as a Data Subject. These include, but are not limited to:
- You have the right to request access to the information that we hold about you, and to request updates to such information.
- If you become aware of any inaccuracy in the personal data that we hold about you, you should inform us and we will correct it appropriately.
- If you wish for any of your personal data to be removed, this will be deleted as far as is legally permitted.
- If you wish to change our records on how we should communicate with you then you may request that.
Any such requests should be submitted in e-mail to email@example.com, or in writing to Xama Technologies’ registered address.
Unless we are legally prohibited from providing this information, we will process your request as soon as is practicable, and within 40 days of receiving your request. If we are unable to process your request, we will let you know why. Xama Technologies will not process your data to arrive at an automated decision.
If you have a complaint about how your personal information is handled, you should provide full details either to:
- e-mail to firstname.lastname@example.org
- letter to The Data Privacy Officer, Xama Technologies Ltd, 133 Deepcut Bridge Road, Camberley, GU16 6SD
Policy may be updated from time to time
Xama Technologies has the right to change this Policy when needed. Such changes will become effective when posted to this Website. We will make a reasonable effort to communicate any significant changes via email, but your continued use of our services will be deemed as your acceptance and agreement to our policy.