Xoomtalk takes the privacy of our Customers very seriously and we are mindful of the importance of supporting our Customers and Partners we do business with in their endeavours. We therefore recognise the need to ensure that any Personal Data we may collect is properly protected and that we are transparent and responsible in the way we handle it.
In this policy you can find information about the types of Personal Data we collect from you, when we collect your Personal Data and how long we keep it for, how we collect your Personal Data, our reasons for collecting and Processing your Personal Data, and information about how we share any Personal Data. It also details the procedures that we have in place to safeguard your privacy.
Who do we collect Personal Data from?
We collect Personal Data in order to interact and to manage our business relationships. We collect data from:
- our prospective and current Partners, their Customers and End Users;
- our prospective and current Customers, their End Users;
- our suppliers, Sub-contractors and other Third Parties (such as professional advisers), as well as their employees;
Who is the controller?
With regard to Personal Data collected in this way Xoomtalk acts as the Controller and collects and Processes such data on the grounds of its legitimate interest in managing and growing these relationships.
What Personal Data do we collect from you?
The Personal Data we may collect, store and Process consists of any or all of the following:
identification data, such as your name, business or personal email address, business or personal address, business or personal telephone number, business or personal social media handles, IP address and location;
- information about your job, such as your position, title, management level, work location, division, department, and position level;
- record of correspondence when you contact us (including email and phone conversations);
- details of transactions you have made with us and the fulfilment of those transactions; and
- information about your access to our network
How and when do we collect your Personal Data?
Your Personal Data is collected during our engagement in our business relationship:
- when you use our products and services
- when you sign up to receive email alerts, marketing information or other communications from us via our website;
- when you report an Incident to our Service Desk, ask us a question or email us, including through any “contact us”, Service Desk system (e.g Freshservice) or web chat channels; and/or
- when you respond to any surveys that we have sent to you via email.
In most cases you provide your Personal Data directly to us by email, phone, meetings, our website and third party applications (e.g Pandadocs). We may also collect Personal Data at networking meetings, shows and events we either attend or are organised by Xoomtalk. However, we may also collect some usage data automatically when you browse our website (IP addresses). This processing of IP Addresses is purely for analytical purposes. The information is not used to identify an individual, only Company names.
How do we use your Personal Data?
We use your Personal Data to carry out the following Processing Activities:
- to carry out our obligations arising from any contract entered into between you and us (e.g. provision or support of our Services or payment collection);
- help you to complete a transaction or order;
- provide you with support or education about our products and services;
- provide you with information about our products and services;
- for training purposes, quality assurance or to record details about the products and services you order from us;
- communicate with you;
- improve your experience when using our websites; and
- comply with our business, regulatory and legal obligations.
Some of the laws that apply to us require us to tell you the legal reason for using your Personal Data. We list these below:
Consent: Where applicable and appropriate, we will ask for your consent to collect and use your Personal Data. If we need your consent to collect and use your Personal Data we will make clear to you that the provision of your consent is voluntary. You have the right to withdraw your consent at any time by contacting us using the contact information set out above.
Our core activities: In many cases using your Personal Data is core to our legitimate business interests. Where we use your Personal Data for these purposes you will have the right to object to our use of your Personal Data by contacting us using the contact information set out below.
We use your Personal Data for our legitimate interests to provide you with information about our products and services and to understand your use of our website, products, and/or services.
Legal Requirement: At times we may receive requests from regulators or other authorised bodies to use your Personal Data to comply with a legal or regulatory obligation. Where this is the case, we will ensure that the request is legitimate.
The following information provides details on a non-exclusive basis on the types of data we process for each activity and their respective purpose and lawful basis. We process your personal data to:
- providing you with our Services including and without limitation to: (i) provisioning or connecting your Service and update you on when we’ll deliver, connect or install your products and Services; (ii) network routing; (iii) investigating and fixing faults in relation to the Services; (iv) web and email Services; and (v) investigating complaints. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;
- send you product or Service-information messages to confirm your order and tell you about any changes that might affect your Service. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;
- following up any payments that you may owe us. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- administering contractual agreements or arrangements necessary to provide services to you. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;
- informing you about Services and events provided or organised by us that may be of interest to you. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- enhancing and personalising the Services that we offer to you. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- providing you access to all parts or features of our Services (including our customer portals) or the Website. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- communicating with you on any matter relating to the provision generally of our Services. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- dealing with your inquiries and requests, including contacting you if necessary. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- carrying out our obligations arising from any contracts entered into between you and us. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- administering accounts records. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- processing your payments. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;
- contacting you for your views on our services and notifying you occasionally about important changes or developments to our Services or the Website. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- carrying out market research campaigns. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;
- improving and developing our services or the Website. Lawful Basis: necessary for our legitimate interests;
- ensuring that content from our Website is presented in the most effective manner for you and for your computer or mobile device. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
- debt recovery or debt tracing, crime, fraud and money laundering compliance. Lawful Basis: performance of our contract with you or necessary for our legitimate interests, or to comply with laws and regulations; and
- help prevent and detect fraud and crime and prevent and detect criminal attacks on our network or against your or our equipment. We monitor traffic over our network, trace nuisance or malicious calls, and track malware and cyber-attacks. Lawful Basis: performance of our contract with you or necessary for our legitimate interests, or to comply with laws and regulations;
- marketing communications about products and services to make suggestions and recommendations about goods or services that may be of interest to you. Lawful Basis: your consent or necessary for our legitimate interests:
- recruiting new employees. Lawful Basis: your consent, necessary for our legitimate interest.
In addition to the above we may use Personal Data to assist the emergency services, trace nuisance or malicious calls, improve and develop our services to you and as training aids for our employees.
Overall, the provision of your Personal Data is voluntary for you and not required by law. However, in order to provide our Services to you, the website to you, to carry out a contractual relationship with you (e.g. provision of our Services) and/or to offer other products and Services to you, your Personal Data are necessary.
Not providing your Personal Data may result in disadvantages where we may not be able to carry out a contractual relationship with you or you may not be able to use certain products and Services or may accept limited functionality. However, not providing your information will not result in legal consequences for you.
We do not wish to receive any sensitive personal information from you, such as any information regarding your medical or health conditions, race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive information. We shall not intentionally request, collect or process or control any such sensitive information.Our services are not aimed at children under 18, being predominantly focused on use in businesses and commercial environments. We shall not intentionally request, collect or process or control any information about a minor.
Who do we share your Personal Data with?
Personal data is shared with our suppliers, Subcontractors or third party Service Providers to enable us to supply Service(s) and Equipment to you, or to market or promote our goods and services to you.
We may share your Personal Data with entities who provide us with legal, regulatory, corporate advisory, talent management, human resources (inc. training, recruitment), marketing, communication and/or IT & product support services (“Data Processors”). To provide such services, our Data Processors process your Personal Data on our behalf. Our Data Processors have met our criteria as trusted guardians of Personal Data and are subject to contractual obligations to implement appropriate security measures to safeguard your Personal Data and to process Personal Data only as instructed by us.
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of your Personal data. Our appointed digital marketing data processors include:
Your Personal Data may also be transferred to Regulators (e.g. Ofcom), Courts, and other authorities (e.g. tax and law enforcement authorities) and independent external advisors (e.g. lawyers, auditors).
We will only disclose Personal Data to our Data Processors or other third parties if we are obliged to do so, or only to the extent necessary to perform their functions. This may include releasing information to others to enforce our legal rights, to protect the safety and security of others or to assist with others within the industry to control fraud, spam or other misconduct.
For the full list of Data Processors and other third parties that we may share your Data with, please contact us as set out below.
We do not sell or rent the personal information we collect from you.
How long do we retain your Personal Data?
We keep your Personal Data for no longer than is necessary for the purpose for which the information is collected and to manage our relationship with you. Where Personal Data is kept, that period will be determined based on applicable local law and as ascribed in our Business General Terms.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) or receive anonymised Personal Data for research or statistical purposes, in which case we may use this information indefinitely without giving further notice to you.
In some circumstances you can ask us to delete your Personal Data.
For further information, please contact us as detailed below.
Do we transfer Personal Data outside the European Economic Area?
In some cases Personal Data may be transferred outside of the European Economic Area (EEA). Where Personal Data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party that have approved transfer mechanisms in place to protect your Personal Data. When we use providers based in the US, we will transfer Personal Data to them if they are part of the Privacy Shield, which requires them to provide similar protection to Personal Data shared between Europe and the US.
Do you securely store my Personal Data?
We apply and maintain strict security standards, controls, and appropriate technical and organisational measures to protect your Personal Data from unauthorised processing, access, loss, or accidental deletion. These include restricting who can have access to your Personal Data and protecting your data with security tools appropriate to the type of information to ensure a level of security and prevention appropriate to the risk e.g. encryption software. Further information regarding this can be found in our Information Security Policy and requested by contacting us as detailed below.
Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that Cookie. Cookies are useful because they allow a website to recognise a user’s device. Cookies allow you to navigate between pages efficiently, remembering your preferences and generally improving the user experience.
What rights do you have in relation to your Personal Data and how you can exercise them?
In relation to your Personal Data, you have the following rights:
- the right to ask us to provide you, or a verified third party, with copies of the Personal Data we hold about you at any time and to be informed of the contents and origin, verify its accuracy, or else request that such information be supplemented, updated or rectified according to the provisions of local law;
- the right to request erasure, anonymisation or blocking of your Personal Data that is processed in breach of the law;
- the right to object on legitimate grounds to the processing of your Personal Data. In certain circumstances we may not be able to stop using your Personal Data. If that is the case, we’ll let you know and explain why; and
- withdrawal of consent. When Personal Data is processed on the basis of consent an individual may withdraw consent at any time (this may apply to processing of special categories of Personal Data where you have instructed us to act on your behalf.
These rights can be exercised by contacting us using the contact details provided below.
If you no longer want to receive any marketing material from us, where available, please use the unsubscribe option (in our marketing emails to you), or if this is unavailable, please email firstname.lastname@example.org.
In the event that you wish to make a complaint about how your Personal data is being processed by us, you have the right to complain. Complaints can be raised to us or with the Information Commissioner’s Office (ICO).
Post: xoomtalk, Platf9rm, Hove Town Hall, Church Rd, Hove BN3 2AF
Telephone: 0333 110 3000
If you think there is a problem with the way we are handling your Personal Data, you have the right to raise concerns to the Information Commissioner’s Office (ICO) at:
Post: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
Updates to your Personal Data
If your personal details change, please help us to keep your information up to date by notifying us at the above.