Xcina Consulting Limited (“XCL”) is committed to safeguarding an individual’s personal and sensitive personal data and is bound to comply with the UK Data Protection Act 2018 (“DPA”) and EU General Data Protection Regulation (“GDPR”), along with similar and applicable laws in other countries around the world. This Privacy Notice forms part of XCL’s obligation to be fair and transparent with all individuals whose personal and sensitive personal data it processes, whilst visiting the XCL website, and to provide details around how it processes such data.
Who we are?
XCL provides business and technology risk assurance and advisory services and is headquartered in London, UK with branches in Chicago, USA and Frankfurt, Germany.
In the UK, its registered company number is 10857115 and its registered address is 22 Great James Street, London, WC1N 3ES. Its trading address is 1 King William Street, London, EC4N 7AF.
XCL is part of the Shearwater Group plc (“SWG”), an Alternative Investment Market (“AIM”) listed company, whose UK registered company number is 05059457 and registered address is 22 Great James Street, London, WC1N 3ES.
What personal data do we process?
We process personal data of web visitors, each time they visit our website, and registered users to access gated content, notably: –
- Technical information about your computer such as domain name, browser type and version, operating system and platform, IP address, cookie information and time zone setting; and
- Information about your visit including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time), what web pages you visited on the Site and how long you spend on each page, page interaction information (such as scrolling, clicks and mouse-overs), page response times, download errors, traffic data, location data, weblogs, methods used to browse away from the page and information on what website you visited before accessing the Site.
We also process the following kinds of personal data if you provide it to us via our website: –
- Your name, email address, business address and job title.
Why do we process your personal data?
We use your personal data for the following purposes: –
- To alert you of new content that is posted on the XCL website, depending on your previously selected preferences.
- To process and respond to requests, enquiries and complaints received by you, in accordance with our legitimate interest to provide you with a responsive service.
- To provide services, requested by you, which may be required to fulfil a contractual obligation.
- To maintain accurate personal data records and for audit purposes.
- To prevent or detect fraud.
- To comply with requests from law enforcement and regulatory authorities.
- To analyse trends and profiles with the aim of improving or personalising our services and communications for the benefit of our clients.
- To carry out customer satisfaction research with the aim of improving or personalising our services and communications for the benefit of our clients.
- If you make enquiries through our site, and agree in the contact form to receiving email updates, we will send you such updates on the grounds of your consent.
- To enable third parties, if required, to support us in operating our business.
If you cannot provide personal data
- In some instances, we need to collect your data in order to provide you with our whitepapers, or other thought leadership and insights. If you do not provide your data then we would be unable to provide you with such content.
Who do we share your data with?
We only disclose your personal data in ways set out in this Privacy Notice or subject to any contractual agreements that are in place with us. The following circumstances may apply: –
- With the Shearwater Group plc, company Number 05059457.
- Across the SWG portfolio companies, as part of a need to know basis; as part of improving our existing services or as part of providing new services. These portfolio companies include: –
- Brookcourt Solutions Limited, company number 05356175;
- Geolang Limited, company number 05719222;
- Pentest Limited, company number 11925182; and
- SecurEnvoy Limited, company number 04866711.
- We may share personal data with third parties who provide us with support services. Such providers assist us with administering or troubleshooting our website; assist us with our mailing campaigns or provide us with electronic or physical storage services.
- We may disclose your personal data with law enforcement agencies or our professional advisors if we are under a duty to do so.
- If we are acquired by another organisation, such parties will have access to your personal data as part of any due diligence or onboarding activities.
We do not sell, rent or trade any of your personal data.
We hold your personal data for as long as necessary in line with any legislative, regulatory or business need.
You have the right to request we erase your data, where we do not have any overriding legal, regulatory or contractual obligations.
How do we protect your data?
We aim to ensure that your personal data is secure. In order to prevent unauthorised access, loss, misuse or alteration, we have put in place appropriate physical, technical and organisational measures to safeguard and secure the personal data we collect. Our service providers are required to do the same. They will only process your personal data on our instructions and they are subject to a duty of confidentiality and oversight.
In addition, we limit access to your personal data on a least privilege, need to know basis. We also carry out regular security testing to ensure that your personal data is protected.
Any personal data sent to us, either in writing or email, may be insecure in transit and we cannot guarantee its delivery.
International data transfers
Personal data that we collect is only stored in countries, which have adequate security controls in place, notably the UK, Germany and the USA.
Your legal rights
You may instruct us to provide you with any personal data we hold about you as part of a Subject Access Request. The provision of such information will be subject to evidencing your identity.
In certain instances, where exemptions exist, we may withhold personal data that you request, and which are permissible by law.
You have the right to rectification and may wish to contact us if the personal data that we hold about you needs to be corrected or updated.
You have the right to object to us processing your data, and the right to request we restrict the processing of your data.
You may instruct us at any time not to process your personal data for marketing and communications purposes by means of ‘opting-out’.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex. In such instances, we will notify you and keep you updated.
Updates to this policy
In order to remain compliant with any legal and regulatory obligations, or as part of our evolving business practices, we may update this Privacy Notice from time to time by publishing a new version. In certain instances, we may notify you.
Data Protection Registration
We are registered as a data controller with the UK Information Commissioner’s Office and our data protection registration number is ZA269764.
How to contact us
You can contact us as follows: –
|Telephone:||+44 (0)20 3985 8467|
|In Writing:||Data Protection Officer
Xcina Consulting Limited
1 King William Street
Making a complaint
If you feel your rights have not been respected, or do not feel a situation was resolved satisfactorily, you have the right to raise a complaint to the UK Information Commissioner.
You can contact them as follows: –
Telephone: +44 (0)303 123 1113
Information Commissioner’s Office