The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
X-ray Leads Ltd is a limited company incorporated under the laws of England and Wales, registered number 11345967 with its registered office address at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ (“XR” “we”).
XR is firmly committed to respecting and protecting the privacy of all personal data received or collected, in strict adherence to Data Protection Legislation (defined below) and best business practice.
Gary Vantil is the data protection officer for XR to contact the data protection officer please email firstname.lastname@example.org.
XR’s data protection and privacy measures are governed by the (i) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 2018 (“Data Protection Legislation”).
Where XR cannot determine the use of such personal data and is provided with that personal data by its clients, third parties or by users of XR’s Services who are not in a direct contract with XR, XR will be data processor of such personal data on behalf of the data controllers who determine how that personal data is processed, in accordance with their instructions. In such instances, those data controllers will be responsible to those individuals whose personal data may be processed by XR on behalf of that data controller in respect of how their personal data is processed, in accordance with that data controller’s own privacy statements.
Personal data collected
XR may collect, use, store and transfer different kinds of personal data about you and because of the nature of the Services we provide, the types of data we process can be quite varied, but will usually include:
If you fail to provide personal data
Where XR need to collect personal data by law, or under the terms of a contract XR has with you (or our customer for whom you are acting on behalf of) and you fail to provide that data when requested, XR may not be able to perform the contract it has or are trying to enter. In this case, XR may have to cancel the Services but will notify you if this is the case.
How is your personal data collected?
Where XR is acting as a data controller, XR uses different methods to collect personal data from and about you, including through:
How XR will use your personal data
XR will only use your personal data in ways in which the law allows. Where acting as the data controller, most commonly we will use;
How your personal data may be shared
All our third parties are required to respect the security of the personal data we provide them and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with the instructions we have provided them.
Purposes for which XR will use your personal data
The details below set out a description of all the ways we plan to use your personal data where we are the data controller for your personal data, and which of the legal basis for doing so.
We have also identified what our legal bases are where appropriate and for further details please contact XR if you need the legal ground, we are relying on to process your personal data where more than one ground has been set out below.
Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
* We will use your: (a) Identity (b) Contact data* Legal basis = Performance of a contract, Consent (for use of special categories of data) and /or Compliance with a legal requirement
– To process and deliver the Services including: (a) managing payments, fees and charges (b) collecting and recovering money owed to us (c) contacting you and corresponding about the Services
* We will use your: (a) Identity (b) Contact (c) Financial (d) Transaction data
* Legal basis = Performance of a contract, Necessary for our legitimate interests (to recover debts due to us), Compliance with a legal requirement
– To respond to queries, complaints, claims and enquiries
* We will use your: (a) Identity (b) Contact data
* Legal basis= Legitimate interests
* We will use your: (a) Identity Data (b) Contact Data
* Legal basis = Legitimate interests, or Consent (where an individual consumer)
What if the purpose changes?
XR will only use your personal data for the purposes for which it was collected for at the beginning of our relationship, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact XR.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above or where this is required or permitted by law.
How XR stores personal data
For secure storage, XR does not transfer your personal data outside the European Economic Area (EEA). We do not normally share your personal data with anyone outside the EEA, however, we may do so when a circumstance or the Services we provide to you requires us to do so, whilst ensuring that adequate measures are in place in order to keep your personal data secure when transferring your personal data to that third party.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions (where we act as data controller) and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator or a breach where we are legally required to do so
Personal Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Generally, we keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice. These retention periods depend on the nature of the information and are subject to change. If you have any questions in this regard, please contact us using the details below.
We may send you marketing material where you are a business customer and we consider the marketing material to be relevant to you or where you are a business customer and we have previously provided you with Services, and you have not opted out of receiving such communication.
You can update your marketing preferences by emailing email@example.com
Under certain circumstances, you have rights under Data Protection Legislation in relation to your personal data. Your rights are as follows:
To exercise any of the above rights please contact us using the details below.
Where you exercise your right to erasure or where information is deleted in accordance with XR’s retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data, please request this during the period XR retains the data. Please note that where you make a request for us to delete your personal data, we may have another legal basis for retaining your personal data and we may do so for so long as the other legal basis remains valid.
Where you exercise your right to request access to the information XR processes about you, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Where you provide us with information it is your responsibility to ensure that all such information is complete in all material respects and not misleading. The accuracy and appropriateness of our advice may be affected as a consequence of your failure to do so. If any information changes, please let us know so that we can keep it updated on our systems.
The Website is not intended for children and XR will not knowingly collect any personal data from persons under the age of 18. XR may collect personal data about children which is incidental to the Services it provides. In this case XR will ensure that such personal data is processed securely.
If you would like to make a complaint in relation to how XR may have stored, used or processed your personal data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
XR would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Remember the Risks Whenever You Use the Internet
XR is committed to ensuring that your information is secure and has in place reasonable and proportionate safeguards and procedures to protect your personal information. While XR does its best to protect your personal information, XR cannot guarantee the security of any information that you transmit to XR and you are solely responsible for maintaining the secrecy of any passwords or other account information.
Questions and Contact information
For any questions or for further information, please contact:firstname.lastname@example.org