Xama Technologies, as a provider of outsourced software services, deal with personal information daily. We do this both as:
This Policy is primarily intended to set out how we handle personal information as a data controller. In relation to data we handle as a data processor, this Policy is provided for general information only and will not govern the handling of your personal information – if you would like to understand how and why your personal information is being processed by us, please contact the data controller who has used our service to process your data.
Since we take privacy very seriously, we have updated our privacy policy to reflect how we deal with both categories of personal information. Please read the Policy below to help you decide how you want to share your personal data with us. You have the option to withhold or limit the use of some categories of personal information held and processed by us, but that may prevent us from being able to provide that service to you. By using our services, you consent to the terms of this Policy.
This Policy applies to individuals whose personal information we collect and process during the course of our business.
Our software services all require us to collect and process some personal information as part of our service delivery. The personal data we require may include full name, bank account details, contact details and information of the goods and services provided.
We may collect personal data from you when you show an interest in any of our service areas, and further data at the point when the service commences.
We may also collect personal information relating to our suppliers, service providers, agents and subcontractors in connection with goods and services we receive from them and our dealings with them.
This Policy applies to personal information whether provided by you directly, collected during the course of the provision or receipt of goods or services, or gathered via technical measures, such as through our website and software.
We will only use personal information to the extent necessary and subject to having a lawful basis for doing so. Examples of our data processing activities include:
Provision of Service:
Communication with You:
Related purposes such as:
Our receipt of your goods and/or services:
Communication with You:
Related purposes such as:
By entering into a contract with Xama Technologies, you agree that we may collect, hold and use your personal information in the way described in this Policy. Xama Technologies will not use your personal data for any purpose other than that described in this Policy, unless we have your express permission or instruction to do so.
Our website and services may collect certain information about you automatically (such as your IP address, geographical location, browser type and version, operating system).
We may process your data for a variety of reasons, including because:
In some instances, we will rely on your consent to process personal data and where we do this, it will be flagged to you at the time.
Our service enables customers to perform searches and checks on businesses and associated individuals. This involves providing Xama Technologies with personal data, to enable us to process it on the customer’s behalf. In most cases (Outsourcing, Consulting and Software services), we are required to collect and process information about others as part of our service delivery. This makes us a data processor in these cases and our processing obligations are governed by our Terms of Service.
We will work with our customer fully to support any GDPR compliance requirements, and where appropriate change our working practice to meet the customer’s needs.
It remains our customers’ responsibility, as data controller, to comply fully with data protection laws in relation to the data input via our services, including:
We will use technical and organisational measures to safeguard your personal data, for example:
Xama Technologies will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Xama Technologies use trusted third-party service providers for the processing and storage of personal information. We store your personal data on third party servers with trusted hosting providers, typically based in the UK/EEA. These all have their own privacy policies to be compliant with GDPR and data transfer protocols. Some of these providers store data outside of the EU, mainly in the United States.
Information that Xama Technologies collects may be stored and processed in and transferred between any of the countries in which Xama Technologies operates to enable the use of the information in accordance with this privacy policy. Any transfer of your data will be subject to a UK approved contract that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach. You agree to such cross-border transfers of personal information.
In the unlikely event that a breach of data privacy occurs, Xama Technologies will inform you as soon as we become aware. Where the breach affects data that is owned by you as the data controller it will be your responsibility to notify the data subjects affected.
Xama Technologies commits to only use your personal information for the intended purpose and service delivery. It might be necessary to share this information with carefully selected third parties where they facilitate this service delivery, but only in cases where this is required, and limited to that purpose. Our key processors / sub-processors are currently:
On principle, Xama Technologies will never otherwise share your information with a third party. There are a limited number of instances where we are legally required to do so (such as with HMRC) to comply with legislation and processes or there is a legitimate business interest in doing so.
For example, we may disclose your personal data to:
Any personal information we hold, will only be kept for as long as it is required to provide the requested service. In some cases, we have a legal obligation to keep your information for a specified amount of time, which might be longer than the intended purpose (e.g. due diligence information required to comply with laws relating to money laundering, the required period for retention of financial records).
This section relates to your rights as a Data Subject of Xama Technologies. Under GDPR, you have several rights as a Data Subject. These include, but are not limited to:
Any such requests should be submitted in e-mail to info@xamatech.com, or in writing to Xama Technologies’ registered address. Where we are not the data controller, a request should be submitted to the data controller and not to Xama Technologies.
Unless we are legally prohibited from providing this information, we will process your request as soon as is practicable and in accordance with data protection laws. If we are unable to process your request, we will let you know why.
Xama Technologies will not process your data to arrive at an automated decision.
If you have a complaint about how your personal information is handled, you should provide full details either to:
You can also lodge a complaint with the UK supervisory body, the Information Commissioner’s Office (the ICO) here. If you have a concern or complaint about the way we handle your data, we ask that you contact us in the first instance to allow us to investigate and resolve the matter as appropriate.
Xama Technologies has the right to change this Policy when needed. Such changes will become effective when posted to this Website. We will make a reasonable effort to communicate any significant changes via email, but your continued use of our services will be deemed as your acceptance and agreement to our policy.
For information on the cookies we use and how to control your cookie settings, please visit our Cookie Policy.