This privacy statement is effective as of January 2020 and will be updated regularly to reflect any changes in the way we handle your personal data or any changes in applicable laws.
This page will provide you with everything you need to know about Xperience Ltd and any newly acquired companies (“Xperience”; “we”) and will protect the personal data we process and control relating to you (“your personal data”; “your data”) and which rights you have in relation to the processing of your personal data.
Below, we will provide you with an outline of how Xperience protects your personal data. Further below, we also include specific information on the following:
How does Xperience protect your personal data?
Xperience takes your right to privacy and the protection of your data seriously. Our aim is to make you feel secure that when you deal with Xperience, your personal data is in safe hands.
We protect your personal data in accordance with the law and our data privacy policies. In addition, Xperience has taken the correct business and technical measures to protect your personal data against unauthorised or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction or damage.
Which categories of personal data do we collect and how do we process such personal data?
We collect personal data of our employees, potential employees, clients, suppliers, business contacts, shareholders and website users. If we collectdata that is not listed in the privacy statement, we will provide the data we collect are not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how they will be used.
Except for certain information that is required by law or by Xperience policies, your decision to provide any personal data to us is voluntary. You are not obliged to provide personal data, but if you do not provide certain information, we may not be able to achieve some of the elements or purposes outlined in this privacy statement, and you may not be able to use certain tools and systems which require the use of such personal data.
If you provide us with personal data not relating to you for example another person (for instance, a potential employee/referral), you are responsible for ensuring that the person is made aware of the information contained in this privacy statement and that the person has given you their consent for sharing the information with Xperience.
We may collect data from you via a number of ways either directly from you (for example, when you provide information to sign up for a newsletter or register to download content from the our website) or indirectly from certain third parties (for example, through our website’s technology). Such third parties include our public websites and social media, suppliers and vendors.
For which purposes and on what legal basis do we use your personal data?
Xperience uses your personal data only where required for specific purposes. Please view the table below for a list of the purposes for which Xperience uses your personal data and an overview of the legal basis for each such purpose.
|Managing our employee contractual relationships||Employee contractual obligations to which you are party to.|
|Recruitment||Based on our legitimate interest for facilitating the recruitment of the appropriate employees.|
|Maintaining communication with you (for emergencies, and to provide you with requested information, or to notify you about updates to our service)||Based on our legitimate interests for maintaining appropriate communication and emergency handling within the business.|
|Operating and managing our business||Based on our legitimate interests for maintaining the efficient and appropriate functioning of our business operations.|
|Legal compliance||Based on legal compliance to which we are subject.|
|Monitoring your use of our systems (including monitoring the use of our website and any systems or apps that you use)||Based on our legitimate interests of remaining compliant and to protect our reputation.|
|Social listening (assessing and analysing the wellbeing of our brand on social media (only publicly accessible content and to understand sentiment, intent, mood and market trends. We may do this through key-word searches and our goal is to gain insights in conversation trends over a specified period and not to identify an individual||Based on our legitimate interest of protecting our assets and our brand on social media .|
|Reviewing the functionality and security and functioning of our website, networks and information||Based on our legitimate interests for ensuring that you receive the best possible user experience and to ensure that our IT infrastructure and information is secure.|
|Undertaking data analysis, to improve company performance||Based on our legitimate interests to ensure that the business functions properly.|
|Marketing our products and services to you (unless you objected against such processing)||Based on our legitimate interest in ensuring that we can grow our business.|
Where we have stated “legitimate interests” this is based on not over-riding your legitimate interests, rights or freedoms.
We will only process your personal data for the purposes mentioned in the table above and with your prior consent.
To the extent you are asked to click on/check “I accept”, “I agree” or similar buttons/checkboxes/functionalities in relation to a privacy statement, doing so will be considered as providing your consent to process your personal data.
We will not use your personal data for other purposes other than those listed in the table and where you have been informed, unless it is required or authorised by law, or it is in your own important interest for example in case of a medical emergency.
Will we share your personal data with third parties?
We may transfer personal data to third parties in the case where we are working with a trusted partner to provide you with a solution. For example; for registration of your Software Licencing and Warranty with our third-party vendors or third level support e.g. Microsoft, Sage, Infor, IBM, Sophos. We will not provide your personal data to third parties without your prior conse
What about sensitive data?
We do not collect sensitive data (also known as special categories) through our website or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with data privacy law requirements and/or ask for your consent.
These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).
What about data security?
We as an organisation maintain physical and technical security arrangements for all the personal data we hold. We have protocols, policies, procedures and guidance to maintain these arrangements and to minimise risks associated with the personal data and the processing we undertake.
We hold market leading security measures to protect your personal data. This includes:
- We hold an ISO27001 certification, which indicates that we adhere to the highest and strictest information security standards. This is a security standard awarded by the British Standards Institution (“BSI”) that serves as international certification that Xperience adheres to the highest and strictest standards.
- We have regular penetration testing performed to ensure that our technical defences are maintained
Where will your personal data be processed?
Xperience operates within the UK only, therefore all data is processed and is only accessible in the UK. Any transfers of data between our locations in Lisburn, Peterborough and Glasgow will take place in accordance with data privacy laws.
How long will your personal data be retained by us?
We will only hold your personal data for as long as is necessary. We maintain specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time.
Which rights do you have with respect to the processing of your personal data?
You are entitled under the following conditions (there may be exceptions according to the applicable laws) to:
- Access to Your Personal Data: This right allows you to confirm that your personal data is being processed and to allow you to check if the processing is lawful.
- Correcting Any Mistakes: The right of rectification allows you to instruct an organisation that is processing your personal data, to rectify any mistakes.
- Right to be Forgotten: You have the right to instruct an organisation to erase your personal data.
- Stop Processing: The right to stop the processing of your personal data
- Moving Data: The right to data portability means that under certain circumstances you will be able to ask for your personal data to be transferred from one organisation to another.
- Right to Object to Direct Marketing: You have the right to object to the processing of your personal data for the purposes of direct marketing.
- Object to Profiling: Under certain circumstances, you are able to object to profiling and/or automated decision making.
- Right to complain to the Information Commissioners Office (ICO): If you are not happy with an aspect of how Xperience is processing your data, you can lodge a complaint to the supervisory authority, which is the ICO. (ico.org.uk) Before it gets to that situation, please make sure you contact firstname.lastname@example.org if you wish to exercise any of your rights or if you have any questions about the processing of your personal data.
- Under GDPR, you are entitled to view, amend, or delete the personal information that we hold. Email your request to Compliance@xperience-group.com
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting Xperience. This will not affect Xperience’s right to process personal data obtained prior to the withdrawal of your consent.
If, despite our efforts to protect your personal data, you believe that your data privacy rights have not been adhered to, we encourage individuals to seek a resolution with Xperience in the first instance.
How do we use personal data when you visit Xperience’s website?
Which personal data do we gather?
Xperience collects personal data at its website either through individuals signing uo to a newsletter or downloading marketing collateral or through our website technology.
We may collect and process the following personal data:
- We will gather personal data if an individual fills in a form, subscribes to services or newsletters or registers for a conference etc. It is at the discretion of the individual as to whether they want to provide their personal data.
- If you do provide your details we may retain a record of that correspondence.
- We may at times run surveys on our website to improve the user experience but you do not have to respond to them.
- Our website collects personal data about your computer, including (where available) your IP address, operating system and browser type, for system administration, to filter traffic, to look up user domains and to report on statistics.
- Details of your visits to our website, the pages you view and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data.
Do we include (links to) websites and programs of third parties?
Our websites may include:
- Links to and from the sites of our partner networks
- Certain programs of third parties. Where this is the case, note that such third parties may process your personal data collected through such programs for their own purposes.
We do not accept any responsibility or liability for such third parties’ sites or programs.
How do we use personal data that we collect from our websites?
As part of day to day maintenance we analyse your IP and browser information to determine what is most effective about our website, to help us identify ways to improve the customer experience it and make it more effective
We analyse our website on a continual basis to ensure that we have provide the best user experience and to optimise the site.
By using our website, you agree that we can place cookies and other similar technologies on your device as explained in our cookies policy
How do we use personal data when you visit our offices?
When you come to our offices across the various locations we will ask for your details to provide you with a pass. This process is part of our ISO 270001 accreditation which requires that we know who is in our offices at all times to ensure that we protect the security of our data.
How do we use personal data for marketing purposes?
What are the sources of marketing data?
Sources of marketing data include individuals who have subscribed to a newsletter, downloaded marketing collateral from our website, from events, individuals or companies with whom we have been in discussions with from a sales perspective and those who we currently do business with. We may also obtain contact information from publicly available sources such as social media websites, to make an initial contact with a relevant individual at a client or other company.
Do we send targeted e-mails?
Do we maintain Customer Relationship Management (CRM) databases?
We have a Customer Relationship Management system to track and manage our sales and marketing activities. Our CRM database holds personal data belonging to individuals at our client companies, suppliers, and other companies with whom we already have a business relationship or want to develop one. The information that we hold will only include contact information, products or solutions that have been purchased, products or solutions that a prospect may be interested in. It may also include publicly listed information that we have gleaned from social media, interest that has been shown in relation to commercial emails or visits to the Xperience website.
Do we share personal data with third parties?
We do not share information with third parties unless it is required as part of the contractual agreement that we have with the client. For example; we work with third parties to deliver some of our solutions and would be required to provide contact details of the client in order to provide the full solution. We do however, we ensure that we inform and gain consent from individual / companies prior to releasing information to the third party.
What are your rights regarding marketing communications?
You can stop marketing emails at any time by checking certain boxes on the forms we use to collect your personal data, or by opting-out of emails that we send you. Even if you have opted into emails you can stop emails by unsubscribing to them.
If you have any questions, please contact us at the following:
- Email: email@example.com
- Write to our Data Protection Officer, Xperience, Knockmore Hill Industrial Park, 11 Ferguson Drive, Lisburn, Co.Antrim, BT28 2EX, Northern Ireland