Privacy Statement
Our role in your privacy
XP Power is committed to protecting your data, and this document outlines how we collect and use your data; how we may share your data with our trusted partners and how we protect and secure your data.
We respect your privacy. We will be transparent in why we hold your data, as well as your rights and the choices you can make with respect to the data we hold about you.
We continually pursue operational excellence in all areas of our business. We welcome your feedback on any aspect of our privacy policy: dataprotection@xppower.com
Our responsibilities
If you are an XP Power customer, an XP Power employee or a visitor to our website, we act as the ‘data controller’ of your personal data. This means we determine how and why your data are processed.
How we collect your data
There are a number of ways in which we might collect and process your data, either directly provided by you or automatically captured via our website.
These are outlined in the table below:
| Data you provide | Data we capture |
| You phone us | You browse our website |
| We phone you | You open a datasheet |
| You e-mail us | You use our product selector |
| You subscribe to our product news | You engage with our marketing materials |
| You sign a contract | |
| You send us a debit note | |
| You place an order with us | |
| You request product samples | |
| You request to download a 3D model of our products | |
| You register for employee benefits |
Types of data we might collect
Contact data:
Your e-mail address, name, job title, company name, address, telephone number, zip/postal code, country, industry, etc.
Financial data:
Your bank account number, sort code or IBAN, bank address.
Identity data:
Your IP address, browser type, domain names, browsing device details, etc.
Website browsing data:
Pages visited, form validation errors, time spent on our web pages, activity on our web pages, etc. We only ask for data through forms on our website that we intend to use to help improve your interaction and experience with our brand, Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through XP Power public message boards such as social media feeds, this information may be collected and used by others. Note: XP Power does not read any of your private online communications.
Sensitive personal data:
If you are an XP Power employee we may collect some health related information, should you choose to provide it to us voluntarily, travel related data and information collected as part of a background check.
How we use cookies
Our website uses tracking software and cookies to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies. If you choose to personalise XP Power pages or register with XP Power sites or services, a ‘persistent cookie’ helps us to recall your specific information on subsequent visits. When you return to the same XP Power website, the information you previously provided can be retrieved, so you can easily use the features that you customised.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our services or the websites you visit.
How and why we collect and process your data
We are mindful of the data protection regulations that require us to process your data lawfully, fairly and in a transparent manner. Under EU and UK data protection laws, we may only collect and process your data for specific purposes where we have a legal basis to do so. We may collect certain personal data from you to deliver the services or products which you have expressed an interest in.
Operational reasons:
We collect and use your personal data to effectively run the business to deliver the products and services you have requested.
Marketing reasons:
We may send you relevant marketing information from time to time to inform you of new products and services available from XP Power and its affiliates; company news, surveys, promotional material and other tailored content that we think will be of interest to you. You can update your preferences or unsubscribe completely at any time.
Improving our customer service and delivery for you:
We may contact you to conduct research about your opinion of current services or of potential new services that may be offered.
We may track the web pages on the XP Power website that our customers visit in order to determine which services are the most popular. This data facilitates providing focussed, more appropriate marketing content to our customers.
What does “legal basis” mean?
Consent:
You have given clear consent for us to process your personal data for a specific purpose. You may freely withdraw your consent at any time, either through updating your preferences on our website or by contacting dataprotection@xppower.com. If you choose to withdraw your consent, and if we do not have another legal basis for processing your data, then we will stop processing your personal data.
Performance of a Contract:
Processing your personal data is necessary for the performance of a contract you have engaged with us, or because we have asked you to take specific steps before entering into that contract.
Legitimate Interests:
Processing of your data is necessary for our legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your rights and interests. These legitimate interests include:
- Gaining insights from your behaviour on our website
- Enabling us to enhance, customise or modify our services and communications
- Determining whether marketing campaigns are effective
- Enhancing our data security controls
In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests
Lawful Requirement:
The collection, processing and/or sharing of your personal data is required to fulfil a legal obligation of XP Power, such as those introduced by employment law, tax laws under UK HMRC, national security, anti-money laundering, sanctions agreements, etc.
How we secure your data
We have physical and electronic security measures in place to safeguard your personal data, as well as an information governance framework that guides our information risk management, led by the Global IT Manager, and data management procedures. All XP Power staff handling personal data will be provided information security and secure data handling practices, both at induction as well as at regular intervals.
XP Power engages our 3rd party partners to conduct regular audits of our information security and data management practices to ensure that we employ best practice when it comes to protecting our data.
The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”) - including by staff operating outside the EEA who work for XP Power or for one of our suppliers or partners (this includes staff engaged in, among other things, the fulfilment of your orders, operations and logistics, and the provision of support services). Where your personal data are transferred outside of the EEA, we shall ensure that appropriate safeguards are in place.
How long we hold your data for
We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Privacy Policy or in order to comply with applicable laws, and are in the process of defining appropriate timescales for holding personal information. These timescales will vary depending on the purpose for which we are holding the personal information. XP Power will securely dispose of personal data, either physically or electronically, in line with our defined retention periods.
How we may share your data with third parties
We may share personal data with our international offices within XP Power, including offices outside the EEA. We may also share your personal data with third parties to allow you to benefit from improved services and greater security. We may also share your information with our distribution partners, in cases we deem appropriate, to allow them to contact you regarding a matter which you have expressed an interest in.
The main third-party service providers that we provide your personal data can be viewed below:
| Service provider | Service | Data Collected or Shared | Purpose | Place of Processing |
|---|---|---|---|---|
| CSI. Regulatory compliance | Watch list screening | Data that identifies you | Legal compliance | USA |
| Salesforce.com | CRM & Customer Communications | Contact details Customer sales information Marketing information |
Customer Account Management & Engagement Monitoring | EEA |
| Flightcentre | Provision of employee travel bookings | Contact details Travel booking information |
Facilitating Travel Arrangements for employees | UK |
| Compass Executive Cars | Provision of employee travel bookings | Contact details Travel booking information |
Facilitating Travel Arrangements for employees | UK |
| Microsoft | Infrastructure | Contact details Data that identifies you Data from your contracts |
Provision of IT infrastructure | EEA |
| Infrastructure & analytics Cookies | Cookies How you use our website |
Customer Engagement Monitoring | EEA | |
| Osborne Clarke | Legal Counsel | Contact details Data that identifies you Data from your contracts |
Provision of legal counsel | UK |
| Thrings | Legal Counsel | Contact details Data that identifies you Data from your contracts |
Provision of legal counsel | UK |
| DocuSign | eSignatures of legal documents | Contact details Data that identifies you |
Provision of eSignatures management | EEA |
| Sage | Payroll | Contact details Data that identifies you Data from your contracts |
Provision of payroll services | EEA |
| Xperior | Market Research | Customer insights | Monitoring customer attitudes and behaviours | UK |
Your privacy choices and your rights
You can make choices about the personal information we hold on you and you also have legal rights that you can exercise by contacting us at dataprotection@xppower.com.
Preferences:
You can choose to amend your preferences in relation to the e-mail marketing literature you receive from us, or you may choose to unsubscribe or opt out altogether using the preferences or unsubscribe link included at the bottom of all our marketing communications.
Cookies:
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our services or the web pages you visit.
Right of Access:
You have a right to ask us whether or not we are processing personal data about you, and where this is the case, you may request access to this information as well as asking how it is being used, how long we will hold it for and whether we are sharing this information with any third party. We aim to respond to any such request as promptly as we can and within one month of receiving the request.
Right to Data Portability:
You have a right to receive your personal data in a structured, commonly used and machine-readable format to transmit this data to someone else.
Right to Rectification:
You have a right to request that we rectify your personal data if it is found to be inaccurate.
Right to Erasure:
You have a right to request that your personal data be erased (a right to be forgotten) if it is no longer being used by us for the purpose for which it was collected or if you choose to withdraw consent for us to use it.
Right to Restriction of Processing:
You have a right to request that we restrict our processing of your personal data, for example profiling you for products / services that we deem suitable for you.
Complaints:
You have a right to lodge a complaint if you think that we have infringed on your personal data rights.
Our privacy policy
We will occasionally update this Privacy Policy, compliant with the General Data Protection Regulation (GDPR), to reflect changes within our business systems or with improvements from customer feedback.
We welcome your comments regarding this policy at dataprotection@xppower.com.