This privacy notice describes how Xampla collects and uses personal information whilst providing goods or services and afterwards, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Regarding this legislation, Xampla is the “data controller”, meaning that Xampla is responsible for deciding how personal information is held. Xampla’s data protection officer is Simon Hombersley, CEO. Any questions regarding Xampla’s data policy can be sent to email@example.com
Data Xampla collects:
Personal data is defined as any information that can be used to identify a person. The individual providing data is defined herein as the “data provider”. Xampla will collect, store and use the following categories of personal data:
- Personal contact details such as name, title, email address and telephone number if provided through our subscribers mailing list
- Personal contact details such as name, title, position, employer, email address and telephone number if provided via a customer/client product or project enquiry
Xampla will use personal information for the following purposes (“the/those purposes”):
- Xampla’s mailing list subscribers- to provide the subscriber company updates and newsletters, which can be opted out of at any time
- Potential customers who have contacted Xampla through an enquiry- to respond and communicate with customers regarding the enquiry, answering questions, comments and progressing an order/project
Xampla will only use personal information for the purposes for which it was collected it and for reasons that are compatible with those purposes.
Data sharing, security and retention:
We will not share personal information with third parties, unless specifically requested on a customer/project dependent basis. Approval will be given in writing by the customer should this be necessary. Xampla does not allow third parties to use personal data for their own purposes. Xampla requires third parties to respect the security of data and to treat it in accordance with the law. If data is provided to a third party, only data required for the specific purpose will be provided. The third party will be reminded that they shall only process the data in accordance with the purpose. Xampla will not share personal information of the mailing list subscribers with any third parties.
Personal data is held in a locked digital file with limited access on a need-to-know basis, preventing the data from accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Personal data provided by subscribing to Xampla’s mailing list will be retained until Xampla are instructed by the subscriber to cease contact via the ‘unsubscribe’ function. Personal information provided through customer enquiries will be retained as long as necessary to fulfil the purposes for which they were collected. For customer enquiries which develop into orders or projects, Xampla will retain the data for up to 5 years post order/project completion.
Rights of access, rectification, erasure and restriction
The data provider has, under certain circumstances, the:
- Right to access the personal information and to receive a copy of it
- Right to rectification of the personal information held
- Right to erasure of the personal information where there is no acceptable reason for Xampla to retain it
- Right to restrict processing of the personal information held
- Right to request the transfer of the personal information to another party
- Right to object processing of the personal information where Xampla are using the data for direct marketing and processing based upon public tasks or legitimate interests
To action any of these rights please contact us in writing which will be considered under the applicable data protection legislation. No fee will be incurred, however, we may charge a reasonable fee or refuse to comply with your request if your request for access is clearly unfounded or excessive. If you remain dissatisfied you have the right to raise a complaint with the Information Commissioner’s Office at www.ico.org.uk
Right to withdraw consent
Where the data has been provided by consent, the data provider has the right to withdraw consent at any time. After receiving this notification in writing, Xampla will cease to process the data for the purposes originally intended. If data has been provided through the subscriber’s mailing list, the unsubscribe function should be used via the website, or an email should be sent to firstname.lastname@example.org requesting removal from the mailing list.