Our role in your privacy
XP Power is committed to protecting your data, and this document outlines how we collect and use your
data; how we may share your data with our trusted partners and how we protect and secure your data.
We respect your privacy. We will be transparent in why we hold your data, as well as your
rights and the choices you can make with respect to the data we hold about you.
We continually pursue operational excellence in all areas of our business. We
welcome your feedback on any aspect of our privacy policy: [email protected]
Our responsibilities
If you are an XP Power customer, an XP Power employee or a visitor to our website, we act
as the ‘data controller’ of your personal data. This means we determine how and
why your data are processed.
How we collect your data
There are a number of ways in which we might collect and process
your data, either directly provided by you or automatically captured via our
website.
These are outlined in the table below:
|
Data you provide
|
Data we capture
|
|
You phone us
|
You browse our website
|
|
We phone you
|
You open a datasheet
|
|
You e-mail us
|
You use our product selector
|
|
You subscribe to our product news
|
You engage with our marketing materials
|
|
You sign a contract
|
|
|
You send us a debit note
|
|
|
You place an order with us
|
|
|
You request product samples
|
|
|
You request to download a 3D
model of our products
|
|
|
You register for employee
benefits
|
|
Types of data we might collect
Contact data:
Your e-mail address, name, job title, company name, address,
telephone number, zip/postal code, country, industry, etc.
Financial data:
Your bank account number, sort code or IBAN, bank address.
Identity data:
Your IP address, browser type, domain names, browsing device
details, etc.
Website browsing data:
Pages visited, form validation errors, time spent on our web
pages, activity on our web pages, etc.
We only ask for data through forms on our website that we intend to use to help improve
your interaction and experience with our brand,
Please keep
in mind that if you directly disclose personally identifiable information or
personally sensitive data through XP Power public message boards such as social
media feeds, this information may be collected and used by others. Note: XP
Power does not read any of your private online communications.
Sensitive personal data
If you are an XP Power employee we may collect some health related
information, should you choose to provide it to us voluntarily, travel related data
and information collected as part of a background check.
How we use cookies
Our website
uses tracking software and cookies to help you personalise your online
experience. A cookie is a text file that is placed on your hard disk by a web
page server. Cookies cannot be used to run programs or deliver viruses to your
computer. Cookies are uniquely assigned to you, and can only be read by a web
server in the domain that issued the cookie to you.
One of the primary purposes of
cookies is to provide a convenience feature to save you time. The purpose of a
cookie is to tell the web server that you have returned to a specific page. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies.
If you choose to personalise XP
Power pages or register with XP Power sites or services, a ‘persistent cookie’
helps us to recall your specific information on subsequent visits. When you
return to the same XP Power website, the information you previously provided
can be retrieved, so you can easily use the features that you customised.
You have
the ability to accept or decline cookies. Most web browsers automatically
accept cookies, but you can usually modify your browser setting to decline
cookies if you prefer. If you choose to decline cookies, you may not be able to
fully experience the interactive features of our services or the websites you
visit.
How and why we collect and process your data
We are mindful of the data protection regulations that require us
to process your data lawfully, fairly and in a transparent manner. Under EU and
UK data protection laws, we may only collect and process your data for specific
purposes where we have a legal basis to do so.
We may collect certain personal data from you to deliver the
services or products which you have expressed an interest in.
Operational reasons:
We collect
and use your personal data to effectively run the business to deliver the
products and services you have requested.
Marketing reasons:
We may send you relevant marketing
information from time to time to inform you of new products and services
available from XP Power and its affiliates; company news, surveys, promotional
material and other tailored content that we think will be of interest to you.
You can update your preferences or unsubscribe completely at any time.
Improving our customer service and delivery for you:
We may
contact you to conduct research about your opinion of current services or of
potential new services that may be offered.
We may
track the web pages on the XP Power website that our customers visit in order
to determine which services are the most popular. This data facilitates
providing focussed, more appropriate marketing content to our customers.
What does “legal basis” mean?
Consent
You have given clear consent for us to process your personal
data for a specific purpose. You may freely withdraw your consent at any time,
either through updating your preferences on our website or by contacting [email protected]. If you choose to withdraw your consent, and if we do not have another legal basis for processing your data, then we will stop processing your personal data.
Performance of a Contract
Processing your personal data is necessary for the
performance of a contract you have engaged with us, or because we have asked
you to take specific steps before entering into that contract.
Legitimate Interests
Processing
of your data is necessary for our legitimate interests or the legitimate
interests of a third party, provided that those interests are not outweighed by
your rights and interests. These legitimate interests include:
- Gaining
insights from your behaviour on our website
- Enabling us to enhance, customise or modify our services and communications
- Determining whether marketing campaigns are effective
- Enhancing our data security controls
In each
case, these legitimate interests are only valid if they are not outweighed by
your rights and interests
Lawful Requirement
The collection, processing and/or sharing of your personal data is required to
fulfil a legal obligation of XP Power, such as those introduced by employment
law, tax laws under UK HMRC, national security, anti-money laundering,
sanctions agreements, etc.
How we secure your data
We have physical and electronic security measures in place
to safeguard your personal data, as well as an information governance framework
that guides our information risk management, led by the Global IT Manager, and
data management procedures. All XP Power staff handling personal data will be
provided information security and secure data handling practices, both at
induction as well as at regular intervals.
XP Power engages our 3rd party partners to
conduct regular audits of our information security and data management
practices to ensure that we employ best practice when it comes to protecting
our data.
The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”) - including by staff operating outside the EEA who work for XP Power or for one of our suppliers or partners (this includes staff engaged in, among other things, the fulfilment of your orders, operations and logistics, and the provision of support services). Where your personal data are transferred outside of the EEA, we shall ensure that appropriate safeguards are in place.
How long we hold your data for
We will retain
your personal data for as long as we need it in order to fulfil our purposes
set out in this Privacy Policy or in order to comply with applicable laws, and are in the process of defining appropriate timescales for holding
personal information. These timescales will vary depending on the purpose for
which we are holding the personal information. XP Power will securely dispose of personal data, either physically
or electronically, in line with our defined retention periods.
How we may share your data with third parties
We may share personal data with our international offices within
XP Power, including offices outside the EEA. We may also share your personal data with third parties to allow you
to benefit from improved services and greater security. We may also share your
information with our distribution partners, in cases we deem appropriate, to
allow them to contact you regarding a matter which you have expressed an
interest in.
The main third-party service providers that we provide your personal data can be
viewed below:
|
Service
provider
|
Service
|
Data Collected
or Shared
|
Purpose
|
Place
of Processing
|
|
CSI. Regulatory compliance
|
Watch list screening.
|
Data that identifies you
|
Legal compliance
|
USA
|
|
Salesforce.com
|
CRM & Customer
Communications
|
Contact details
Customer sales information
Marketing information
|
Customer Account Management
& Engagement Monitoring
|
EEA
|
|
Flightcentre
|
Provision of employee travel
bookings
|
Contact details
Travel booking information
|
Facilitating Travel
Arrangements for employees
|
UK
|
|
Compass Executive Cars
|
Provision of employee travel
bookings
|
Contact details
Travel booking information
|
Facilitating Travel
Arrangements for employees
|
UK
|
|
Microsoft
|
Infrastructure
|
Contact details
Data that identifies you
Data from your contracts
|
Provision of IT infrastructure
|
EEA
|
|
Google
|
Infrastructure & analytics
|
Cookies
How you use our website
|
Customer Engagement Monitoring
|
EEA
|
|
Osborne Clarke
|
Legal Counsel
|
Contact details
Data that identifies you
Data from your contracts
|
Provision of legal counsel
|
UK
|
|
Thrings
|
Legal Counsel
|
Contact details
Data that identifies you
Data from your contracts
|
Provision of legal counsel
|
UK
|
|
DocuSign
|
eSignatures of legal documents
|
Contact details
Data that identifies you
|
Provision of eSignatures
management
|
EEA
|
|
Sage
|
Payroll
|
Contact details
Data that identifies you
Data from your contracts
|
Provision of payroll services
|
EEA
|
Your privacy choices and
your rights
You can
make choices about the personal information we hold on you and you also have legal
rights that you can exercise by contacting us at [email protected].
Preferences
You can choose to amend your preferences in relation to the e-mail
marketing literature you receive from us, or you may choose to unsubscribe or
opt out altogether using the preferences or unsubscribe link included at the
bottom of all our marketing communications.
Cookies
You can choose to accept or decline cookies. Most web browsers
automatically accept cookies, but you can usually modify your browser setting
to decline cookies if you prefer. If you choose to decline cookies, you may not
be able to fully experience the interactive features of our services or the web
pages you visit.
Right of Access
You have a right to ask us whether or not we are processing
personal data about you, and where this is the case, you may request access to
this information as well as asking how it is being used, how long we will hold
it for and whether we are sharing this information with any third party. We aim
to respond to any such request as promptly as we can and within one month of
receiving the request.
Right to Data Portability
You have a right to receive your personal data in a structured,
commonly used and machine-readable format to transmit this data to someone
else.
Right to Rectification
You have a right to request that we rectify your personal data if
it is found to be inaccurate.
Right to Erasure
You have a right to request that your personal data be erased (a
right to be forgotten) if it is no longer being used by us for the purpose for
which it was collected or if you choose to withdraw consent for us to use it.
Right to Restriction of Processing
You have a right to request that we restrict our processing of
your personal data, for example profiling you for products / services that we
deem suitable for you.
Complaints
You have a right to lodge a complaint if you think that we have
infringed on your personal data rights.
Our privacy policy
We will occasionally update this Privacy Policy, compliant with the General Data Protection Regulation (GDPR), to reflect changes within our business systems or with improvements from customer feedback.
We welcome your comments regarding this policy at [email protected].