Privacy Policy
Who we are
Our website address is: https://xonder.net
Parties
“we”, “us”, “our”, “Xonder” refers to the company Xonder Ltd (company number 09229843, registered address The Exchange, 26 Haslucks Green Road, Shirley, Solihull, B90 2EL)
“you”, “your” refers to any person(s) using our website, or any person(s) sharing their personal data with us
“affiliates” refers to any one of our partner companies or resellers
Responsible entities
We are the controller and processor of your Personal Data and responsible for the collection, processing and disclosure of your Personal Data as described in this Privacy Statement, unless expressly specified otherwise.
Your rights
Under the GDPR, you have a number of rights. In relation to our site, and the service that we provide, those rights are set out in the table above. Your rights in relation to the GDPR are as follows:
- Right of access – You have the right at any time to ask us for a copy of the personal information that we hold about you, and to check that we are lawfully processing it
- Right of rectification – If personal information that we hold about you is not accurate or is out of date and requires amendment or correction you have a right to have the data rectified or completed
- Right of erasure – In certain circumstances, you have the right to request that personal information we hold about you is erased (e.g. if the information is no longer necessary for the purposes for which it was collected or processed)
- Right to object to or restrict processing – In certain circumstances, you have the right to object to our processing of your personal information. For example, if we are processing your information on the basis of our legitimate interests, and there are no compelling legitimate grounds for our processing which override your rights and interests.
- Right of data portability – In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format
- Right to withdraw consent – In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
What we don’t do with your data
Before confirming what data we collect, and why, here’s what we definitely don’t do with your data, unless clearly set out in this notice:
- We don’t share it with anyone else without your consent
- We don’t use it for any purpose (including retargeting, commingling across multiple advertisers’ campaigns or allowing piggybacking or redirecting with tags), except on an aggregate and anonymous basis, and only to assess the performance and effectiveness of our advertising campaigns.
- We don’t use it to build, append to, edit, influence or augment user profiles, including profiles associated with any mobile device identifier or other unique identifiers that identify any particular user, browser, computer or device.
- We don’t transfer it (including any anonymous, aggregate or derived data) to any advertising network, advert exchange, data broker, or other advertising or monetisation-related service.
How we collect your data
When you contact us to express interest in our products and services, we may store that data on our system for marketing purposes. Data stored on our system can come from a variety of sources, such as:
- Details you have provided to us via our website’s web forms
- Details you have provided to us on our website’s live chat
- Details you have provided to us over the phone
- Details provided to us by our affiliates in accordance with their own Data Protection policies (in this case we have adequate contracts in place to ensure the protection and confidentiality of your data)
Information we collect may include:
- Your name
- Your business name
- Your contact number(s)
- Your email address(s)
- Your address(s) and postcode(s)
- Which products and services you are or may be interested in
How we use your data
We may use your data in the following ways:
- To call you in order to target you with our products and services
- To send you marketing emails and text messages to target you with our products and services
In each of these cases, the use of your data comes under our ‘legitimate interests’ and your consent is implied by the use case. Where we have identified legitimate interests as the legal basis for our processing, we have conducted a legitimate interests assessment. You may exercise your rights in relation to this by contacting us using the details provided below.
We may also use your data for the following:
- To share your details with third parties (such as card terminal providers) to call you regarding other relevant products and services
- To share your details with third parties (such as card terminal providers) to send you marketing emails and text messages regarding other relevant products and services
In these cases, you must provide us with ‘consent’ before we share your data. Again, you may exercise your rights in relation to this by contacting us using the details provided below.
Storing your data
We have a data retention policy which clearly sets out how long we keep data for and for what reasons, and we will keep your data only for as long as is necessary to fulfil the purpose(s) for which it was collected in the first place. Any personal data we have collected will remain on our system for five years in order for us to target you with our products and services unless you ask us to remove it from our database by exercising your rights as described above. If five years has elapsed since your last enquiry expressing interest in our products and services, we will automatically remove the data from our database for you.
Exercising your rights
You can exercise your right to withdraw consent or any of your other rights under the GDPR by emailing us at gdpr@xonder.co.uk. We will then provide you with a suitable response within 30 days of any request.
Data Security
We commit ourselves to protect your privacy and to treat your personal data confidentially. In order to avoid manipulation, loss or misuse of data stored with us, we take extensive technical and organisational security precautions, which are regularly checked and adapted. In the case of any real or suspected data breach, we agree to notify you within 72 hours of the breach occurring.
Users should be aware that it is however their responsibility to transmit information to us in a responsible way. Any information sent to us via unencrypted methods may be subject to a data breach which is outside of our control, and is therefore not our responsibility.