The information we collect about you, if you agree to provide it, will allow us to contact you and send information to you about products and/or services where you have registered an interest.
- In providing us your information you thereby consent to us processing it for this purpose.
- We will not pass your information on to any third party.
For the purposes of the General Data Protection Regulation (GDPR) the data controller is XRM.
Information that we may collect from you
We may collect and/or process the following data about you:
Information you provide to us including
- Information you provide to us by filling in forms on our website xrm.je (our site) or by entering into a contract with us, or by correspondence with us by email, letter, phone or other methods, which includes data provided by you by registering to use our site, commenting on blog posts, or by subscribing for newsletters or other information services, or by joining our web forum, or by placing an order for products or services, and when reporting a problem with our site, or otherwise contacting us.
- Personally Identifiable Information (PII) – the information you give us may include: your name, address, email address, IP address, phone number, together with financial and credit card information. All of which is PII and subject to the GDPR.
Information we collect about you with regard to your use of our website may be automatically collected and comprises the following:
- technical information – such as your; internet protocol (IP) address, login information, time zone, browser type/version with plug-in types/versions, device information (operating system and platform);
- information about your visit – such as your; Uniform Resource Locators (URL), including the date and time, products and services viewed/searched; site response times, downloads, errors, page visit time length, interaction (scrolling, clicks, mouse-overs), exit methods away from pages, phone numbers (i.e. used to call our customer service number), route to our site from other websites, with the address of other sites, or from search engine links to our site including search engine address and search term used.
Information we receive from other sources – information about you may be received by us if you use another website or service that we operate.
- Third-parties may also provide information to us about you, specifically from any of the following; our business partners and/or sub-contractors or credit reference agencies for payment and delivery services, or advertising and marketing services, or our technical and analytics providers, or our search engine and search information providers.
Data Integrity and Security
All PII data we hold is protected by us in accordance with the Principles (Article 5) of the GDPR including the use of two-factor access control and encryption wherever possible.
We use reasonable efforts to maintain accurate information and use physical and technical safeguards to secure your data.
We use third-party providers to provide the technology required to provide our Services including hardware, networking, software and storage.
These facilities may be located outside of the European Economic Area. By submitting your personal information, you agree to this.
Although we will use reasonable efforts to secure network communications and our Sites, we cannot guarantee that the information submitted to, maintained on, or transmitted from our systems will be completely secure.
Sharing data with third parties
Information we collect and receive may be disclosed to third parties in and out of the European Economic Area as (i) described in this policy, (ii) if you otherwise give your consent, or (iii) if the disclosure is legally required.
If you choose to contact us using a contact form like the one on our contact page you choose to subscribe to service, or if you choose to request information like an e-book or download through one of our online forms, the information that you submit will be forwarded to Mailchimp and Hubspot who provide us with email and CRM services. We consider Mailchimp and Hubspot to be third party data processors.
If you choose to email us through an email link the information your supply will not be stored by this website but will be sent to us in an email. Our email servers are provided by Microsoft. We consider Microsoft to be a third party data processor.
We use a number of third party data processors to process data on our behalf. These third parties may transfer your data outside of the country from which you are accessing this website including but not limited to the USA and, are EU-US Privacy Shield compliant. We have a data processing agreement/contract in place with each data processor.
- ClickDimensions – Marketing Service Provider
- Google – Website Analytics Provider
- Facebook – Marketing Service Provider
- LinkedIn – Marketing Service Provider
We may disclose aggregated or anonymous information where reasonable steps have been taken to ensure the data does not contain your personally identifying information.
How your information is used
The information we hold about you is used as follows:
- Information that you provide to us – this information is used to meet our obligations within any contracts between you and us, and,
- to meet your requests for information, and/or products and services, or
- to notify you of changes to our products or services, or make suggestions/recommendations that may interest you, or
- to improve the content of our site and ensure it is presented effectively for you and your device.
- Information that we collect about you – we use this information:
- to manage our website as well as for our efficient operations, which includes analysis, research, statistical and survey uses, together with testing and troubleshooting;
- to improve our website and content for users and their devices;
- to allow you to interact with our website and take advantage of our online services, whenever you may elect to do so;
- to ensure our site is safe and secure by monitoring activities within the context of continual process improvement, which is a best practice requirement of the GDPR;
- to monitor advertising and marketing effectiveness for users, and/or to fine-tune advertising by relevance to users;
- to enable targeted suggestions/recommendations to users about products and services that may be of interest.
- Information we receive from other sources – we may use third-party information, which may be combined with information you provided to us and/or information collected by us, which may be used for the purposes we have defined above.
Know your rights
Under the GDPR all individuals, who are the owners of their personally identifiable information (PII), have specific and clear rights, which are;
Right to Erasure
Every individual has the right the right to be forgotten upon request. The data controller must remove your PII data from its systems and request the same of any third-party systems of that controller.
Right to Access
Every individual has the right to access the PII data held about them upon request.
Right to Portability
Every individual has the right to request their PII data and use it for other parties they wish to engage with.
Right to be Informed
Every individual has the right to be informed about how their PII data is being used, which may be provided upon request of the individual, or before the controller changes any use of that data, giving the individual the right to consent or object.
Right to Objection
Every individual has the right to object to the use of their PII data for any purpose proposed by a controller.
Right to Rectification
Every individual has the right to have errors in their PII data to be corrected.
Right to Restrict
Every individual has the right to restrict the uses of their PII data for any specific type of processing.
Rights on automated decisions & profiling
Every individual has the right to restrict or object to automated decision-making processes or profiling based on their PII data.
Data Retention & Deletion
We will retain a customer’s personal information for so long as its account is active or as reasonably needed by us to provide our Services. We may also retain and use such information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you can demonstrate that we do not have a legitimate reason for keeping information about you, we will delete it. Contact us to make this request.
Disclosures by Children
If you are under 16 years of age you must obtain parental consent before providing us with any personal information.
Revoke your consent
In accordance with the GDPR, to the revoke consent for the processing of your data send an email with the word “Revoke” in the subject field to firstname.lastname@example.org.
Subject Access Request (SAR)
In accordance with the GDPR,
- you may request us to send you details about any PII data that we may hold about you, or
- you may request that we correct any errors, or
- you may request us to delete any/all PII data about you.
In accordance with the GDPR, any SAR is provided free of charge within  days, unless a particular SAR is subject to other regulatory requirements as defined within the GDPR, in which case we will inform you as required by those specific regulations.
For any questions relating to your PII data, or to submit a SAR, please contact us:
+44 1534 50 50 10
Xrm does not accept any responsibility or liability for the privacy policies of any third-party.
We reserve the right to notify any/all registered users of our services of any major change to our policies by email, except for users that have elected to opt out or revoke communications from us.