We are committed to protecting your personal data in accordance with the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulations (GDPR).
XfE processes personal data as both a Data Controller and Data Processor, as defined in the Directive and the General Data Protection Regulation (GDPR). We are a Data Controller with regard to the client information we process for our own purposes, and we are a Data Processor with regard to all information clients upload to our systems, platforms or software’s.
Clients may request a Data Processing Agreement (DPA) to govern our processing relationship by contacting us on firstname.lastname@example.org
Our Data Protection Officer (DPO), who is responsible for matters relating to privacy and data protection, is Kevin.Tong@thornewidgery.co.uk
XfE operates as a business-to-business (B2B) organization. Any personal information from you is collected in your capacity as an agent, employee or representative of your business. When submitting information to XfE you warrant and represent that you will submit business information (rather than personal information) wherever possible.
Contact details are used to provide you with information about our services and other information which we think will be of interest to you unless you tell us not to.
We are subject to legal, regulatory, and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
We take the security of your data we hold seriously. We have a policy including procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
How we collect your data
- Information you provide to us directly:
We might ask you to provide personal data to us. For example, we ask for your contact information when you sign up or contact us with an enquiry.
- Analytics: We may use the personal data we collect about you and other users of our website to produce aggregated and anonymised analytics and reports
How we use your data
Third parties that we share data with
We use marketing provider Mailchimp to send marketing emails
Under the DPA (2018) and GDPR, Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.
Access to data
You have a right to access your personal data held by us and you can exercise that right by contacting us below. Our aim is to respond a request promptly and within the legally required limit of 40 days.
Update of personal data
If you wish to update personal data submitted to us, please contact us at email@example.com. Once we are informed that any personal data held by us is no longer accurate, we will make changes based on your updated information.
Withdrawal of consent
Where we hold data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please contact us at firstname.lastname@example.org
This statement is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
If you do want to complain about our use of your personal data, please contact Kevin.Tong@thornewidgery.co.uk with the details of your complaint. You also have the right to register a complaint with the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to their website.