Introduction
Xcina Consulting Limited (“XCL”) is committed to safeguarding an individual’s personal and sensitive personal data and is bound to comply with the UK Data Protection Act 2018 (“DPA”) and EU General Data Protection Regulation (“GDPR”), along with similar and applicable laws in other countries around the world. This Privacy Notice forms part of XCL’s obligation to be fair and transparent with all individuals whose personal and sensitive personal data it processes, whilst visiting the XCL website, and to provide details around how it processes such data.
Who we are?
XCL provides business and technology risk assurance and advisory services and is headquartered in London, UK with branches in Chicago, USA and Frankfurt, Germany.
In the UK, its registered company number is 10857115 and its registered address is 22 Great James Street, London, WC1N 3ES. Its trading address is 1 King William Street, London, EC4N 7AF.
XCL is part of the Shearwater Group plc (“SWG”), an Alternative Investment Market (“AIM”) listed company, whose UK registered company number is 05059457 and registered address is 22 Great James Street, London, WC1N 3ES.
What personal data do we process?
We process personal data of web visitors, each time they visit our website, and registered users to access gated content, notably: –
We also process the following kinds of personal data if you provide it to us via our website: –
Why do we process your personal data?
We use your personal data for the following purposes: –
If you cannot provide personal data
Who do we share your data with?
We only disclose your personal data in ways set out in this Privacy Notice or subject to any contractual agreements that are in place with us. The following circumstances may apply: –
We do not sell, rent or trade any of your personal data.
Data retention
We hold your personal data for as long as necessary in line with any legislative, regulatory or business need.
You have the right to request we erase your data, where we do not have any overriding legal, regulatory or contractual obligations.
How do we protect your data?
We aim to ensure that your personal data is secure. In order to prevent unauthorised access, loss, misuse or alteration, we have put in place appropriate physical, technical and organisational measures to safeguard and secure the personal data we collect. Our service providers are required to do the same. They will only process your personal data on our instructions and they are subject to a duty of confidentiality and oversight.
In addition, we limit access to your personal data on a least privilege, need to know basis. We also carry out regular security testing to ensure that your personal data is protected.
Any personal data sent to us, either in writing or email, may be insecure in transit and we cannot guarantee its delivery.
International data transfers
Personal data that we collect is only stored in countries, which have adequate security controls in place, notably the UK, Germany and the USA.
Your legal rights
You may instruct us to provide you with any personal data we hold about you as part of a Subject Access Request. The provision of such information will be subject to evidencing your identity.
In certain instances, where exemptions exist, we may withhold personal data that you request, and which are permissible by law.
You have the right to rectification and may wish to contact us if the personal data that we hold about you needs to be corrected or updated.
You have the right to object to us processing your data, and the right to request we restrict the processing of your data.
You may instruct us at any time not to process your personal data for marketing and communications purposes by means of :€˜opting-out’.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex. In such instances, we will notify you and keep you updated.
Updates to this policy
In order to remain compliant with any legal and regulatory obligations, or as part of our evolving business practices, we may update this Privacy Notice from time to time by publishing a new version. In certain instances, we may notify you.
Data Protection Registration
We are registered as a data controller with the UK Information Commissioner’s Office and our data protection registration number is: ZA269764.
How to contact us
You can contact us as follows: –
Email: | dpo@xcina.co.uk |
Web: | www.xcinaconsulting.com |
Telephone: | +44 (0)20 3985 8467 |
In Writing: | Data Protection Officer Xcina Consulting Limited 1 King William Street London EC4N 7AF United Kingdom |
Making a complaint
If you feel your rights have not been respected, or do not feel a situation was resolved satisfactorily, you have the right to raise a complaint to the UK Information Commissioner.
You can contact them as follows: –
Web: https://ico.org.uk/make-a-complaint/
Telephone: +44 (0)303 123 1113
Live Chat: https://ico.org.uk/global/contact-us/live-chat
In writing:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.
Subscribe >>