Our role in your privacy

 

XP Power is committed to protecting your data, and this document outlines how we collect and use your data; how we may share your data with our trusted partners and how we protect and secure your data.

We respect your privacy. We will be transparent in why we hold your data, as well as your rights and the choices you can make with respect to the data we hold about you.

We continually pursue operational excellence in all areas of our business. We welcome your feedback on any aspect of our privacy policy: [email protected]

 

Our responsibilities
If you are an XP Power customer, an XP Power employee or a visitor to our website, we act as the ‘data controller’ of your personal data. This means we determine how and why your data are processed.

 

How we collect your data
There are a number of ways in which we might collect and process your data, either directly provided by you or automatically captured via our website.

These are outlined in the table below:

Data you provide

Data we capture

You phone us

You browse our website

We phone you

You open a datasheet

You e-mail us

You use our product selector

You subscribe to our product news

You engage with our marketing materials

You sign a contract

 

You send us a debit note

 

You place an order with us

 

You request product samples

 

You request to download a 3D model of our products

 

You register for employee benefits

 

 

Types of data we might collect

 

Contact data:
Your e-mail address, name, job title, company name, address, telephone number, zip/postal code, country, industry, etc.

 

Financial data:
Your bank account number, sort code or IBAN, bank address.

 

Identity data:

Your IP address, browser type, domain names, browsing device details, etc.

 

Website browsing data:
Pages visited, form validation errors, time spent on our web pages, activity on our web pages, etc.

We only ask for data through forms on our website that we intend to use to help improve your interaction and experience with our brand,

Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through XP Power public message boards such as social media feeds, this information may be collected and used by others. Note: XP Power does not read any of your private online communications.

 

Sensitive personal data
If you are an XP Power employee we may collect some health related information, should you choose to provide it to us voluntarily, travel related data and information collected as part of a background check.

 

How we use cookies
Our website uses tracking software and cookies to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies.

If you choose to personalise XP Power pages or register with XP Power sites or services, a ‘persistent cookie’ helps us to recall your specific information on subsequent visits. When you return to the same XP Power website, the information you previously provided can be retrieved, so you can easily use the features that you customised.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our services or the websites you visit.

 

How and why we collect and process your data
We are mindful of the data protection regulations that require us to process your data lawfully, fairly and in a transparent manner. Under EU and UK data protection laws, we may only collect and process your data for specific purposes where we have a legal basis to do so.

We may collect certain personal data from you to deliver the services or products which you have expressed an interest in.

 

Operational reasons:
We collect and use your personal data to effectively run the business to deliver the products and services you have requested.

 

Marketing reasons:
We may send you relevant marketing information from time to time to inform you of new products and services available from XP Power and its affiliates; company news, surveys, promotional material and other tailored content that we think will be of interest to you. You can update your preferences or unsubscribe completely at any time.

 

Improving our customer service and delivery for you:

We may contact you to conduct research about your opinion of current services or of potential new services that may be offered.

 

We may track the web pages on the XP Power website that our customers visit in order to determine which services are the most popular. This data facilitates providing focussed, more appropriate marketing content to our customers.

 

What does “legal basis” mean?

 

Consent
You have given clear consent for us to process your personal data for a specific purpose. You may freely withdraw your consent at any time, either through updating your preferences on our website or by contacting  [email protected]. If you choose to withdraw your consent, and if we do not have another legal basis for processing your data, then we will stop processing your personal data.

 

Performance of a Contract
Processing your personal data is necessary for the performance of a contract you have engaged with us, or because we have asked you to take specific steps before entering into that contract.

 

Legitimate Interests
Processing of your data is necessary for our legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your rights and interests. These legitimate interests include:

- Gaining insights from your behaviour on our website

- Enabling us to enhance, customise or modify our services and communications

- Determining whether marketing campaigns are effective

- Enhancing our data security controls

In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests

 

Lawful Requirement
The collection, processing and/or sharing of your personal data is required to fulfil a legal obligation of XP Power, such as those introduced by employment law, tax laws under UK HMRC, national security, anti-money laundering, sanctions agreements, etc.

 

How we secure your data
We have physical and electronic security measures in place to safeguard your personal data, as well as an information governance framework that guides our information risk management, led by the Global IT Manager, and data management procedures. All XP Power staff handling personal data will be provided information security and secure data handling practices, both at induction as well as at regular intervals.

XP Power engages our 3rd party partners to conduct regular audits of our information security and data management practices to ensure that we employ best practice when it comes to protecting our data.

The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”) - including by staff operating outside the EEA who work for XP Power or for one of our suppliers or partners (this includes staff engaged in, among other things, the fulfilment of your orders, operations and logistics, and the provision of support services). Where your personal data are transferred outside of the EEA, we shall ensure that appropriate safeguards are in place.

 

How long we hold your data for
We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Privacy Policy or in order to comply with applicable laws, and are in the process of defining appropriate timescales for holding personal information. These timescales will vary depending on the purpose for which we are holding the personal information. XP Power will securely dispose of personal data, either physically or electronically, in line with our defined retention periods.

 

How we may share your data with third parties
We may share personal data with our international offices within XP Power, including offices outside the EEA. We may also share your personal data with third parties to allow you to benefit from improved services and greater security. We may also share your information with our distribution partners, in cases we deem appropriate, to allow them to contact you regarding a matter which you have expressed an interest in.

The main third-party service providers that we provide your personal data can be viewed below:

Service provider

Service

Data Collected or Shared

Purpose

Place of Processing

CSI. Regulatory compliance

Watch list screening.

Data that identifies you

Legal compliance

USA

Salesforce.com

CRM & Customer Communications

Contact details

Customer sales information

Marketing information

Customer Account Management &  Engagement Monitoring

EEA

Flightcentre

Provision of employee travel bookings

Contact details

Travel booking information

Facilitating Travel Arrangements for employees

UK

Compass Executive Cars

Provision of employee travel bookings

Contact details

Travel booking information

Facilitating Travel Arrangements for employees

UK

Microsoft

Infrastructure

Contact details

Data that identifies you

Data from your contracts

Provision of IT infrastructure

EEA

Google

Infrastructure & analytics

Cookies

How you use our website

Customer Engagement Monitoring

EEA

Osborne Clarke

Legal Counsel

Contact details

Data that identifies you

Data from your contracts

Provision of legal counsel

UK

Thrings

Legal Counsel

Contact details

Data that identifies you

Data from your contracts

Provision of legal counsel

UK

DocuSign

eSignatures of legal documents

Contact details

Data that identifies you

Provision of eSignatures management

EEA

Sage

Payroll

Contact details

Data that identifies you

Data from your contracts

Provision of payroll services

EEA

 

Your privacy choices and your rights
You can make choices about the personal information we hold on you and you also have legal rights that you can exercise by contacting us at [email protected].

 

Preferences
You can choose to amend your preferences in relation to the e-mail marketing literature you receive from us, or you may choose to unsubscribe or opt out altogether using the preferences or unsubscribe link included at the bottom of all our marketing communications.

 

Cookies
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our services or the web pages you visit.

 

Right of Access
You have a right to ask us whether or not we are processing personal data about you, and where this is the case, you may request access to this information as well as asking how it is being used, how long we will hold it for and whether we are sharing this information with any third party. We aim to respond to any such request as promptly as we can and within one month of receiving the request.

 

Right to Data Portability
You have a right to receive your personal data in a structured, commonly used and machine-readable format to transmit this data to someone else.

 

Right to Rectification
You have a right to request that we rectify your personal data if it is found to be inaccurate.

 

Right to Erasure
You have a right to request that your personal data be erased (a right to be forgotten) if it is no longer being used by us for the purpose for which it was collected or if you choose to withdraw consent for us to use it.

 

Right to Restriction of Processing
You have a right to request that we restrict our processing of your personal data, for example profiling you for products / services that we deem suitable for you.

 

Complaints
You have a right to lodge a complaint if you think that we have infringed on your personal data rights.

 

Our privacy policy
We will occasionally update this Privacy Policy, compliant with the General Data Protection Regulation (GDPR), to reflect changes within our business systems or with improvements from customer feedback.

We welcome your comments regarding this policy at [email protected].