Welcome to Xono Limited's Privacy Policy.
At Xono Limited, (“we,””our,” and “us”) respects your
privacy and is committed to protecting your
personal data. The purpose of this Privacy Policy (together with our Subscription Agreement,
Website Terms of Use, EULA and any other documents referred to in it) is to explain how we
use
your personal data, why we use it and who we share it with in relation to our services when
you visit
our website (regardless of where you visit it from) and about the privacy rights you have
under
relevant Data Protection legislation and how the law protects you.
We process your personal data for the purposes set out in
this Privacy Policy. The two main
purposes for our processing activities are (i) in order to offer to you and provide you with
our
services, for which you will be required to register a customer account and where applicable
transact
for the use of our services; (ii) to ensure compliance with our legal and regulatory
obligations, which
includes keeping records of transactions made using our services.
By visiting our website
https://www.xono.online (our “Website”) or downloading or using our
Mobile App
(our “App”) and/or using any of our services, you are accepting and consenting to the
practices
described in this Privacy Policy.
Our Website is not intended for children and we do not
knowingly collect data relating to children.
It is important you read this Privacy Policy together with
any other privacy policy or fair processing
policy we may provide on specific occasions when we are collecting or processing personal
data
about you so that you are fully aware of ow and why we are using your personal data. This
Privacy
Policy supplements other notices and privacy policies and is not intended to override them.
WHO IS THE CONTROLLER?
Xono Limited of 96 Fairways Drive, Mount Murray, Santon,
Isle of Man, IM4 2JF is the controller and
responsible for your personal data. This is who we refer to when referring to “Xono”, “we”,
“our”
and “us” etc.
We have appointed a designated Data Protection Officer. They
can be reached at
DataOfficer@Xono.online. Whilst our Data
Protection Officer can be contacted, our customer
support team at
support@xono.online will be your
initial point of contact should you wish to
exercise your data protection rights.
You have the right to make a complaint at any time to the
Isle of Man Information Commissioner
(“ICO”), the Isle of Man regulator for data protection issues (
www.inforights.im). We would,
however, appreciate the chance to deal with your concerns before you approach the ICO so
please
contact us in the first instance.
We keep our Privacy Policy under regular review. It is
important that the personal data we hold
about you is accurate and current. Please keep us informed if your personal data changes
during
your relationship with us.
THE DATA WE COLLECT ABOUT YOU.
Personal data, or personal information, means any
information about an individual from which that
person can be identified. It does not include data where the identity has been removed
(anonymous data). We may collect, use, store and transfer different kinds of personal data
about you which we
have grouped together as follows:
- Identity Data: first name, last name;
- Contact Data: billing address, delivery address, email address and telephone
numbers;
- Financial Data:company name, bank account and payment card details;
- Transactional Data: details about payments to and from you and other details of
products and
services you have purchased from us;
- Technical Data: internet protocol (IP) address, your login data, browser type and
version, time
zone setting and location, browser plug-in types and versions, operating system and
platform and
other technology on the devices you use to access this Website;
- Profile Data: your username and password, purchases or orders made by you, your
interests,
preferences, feedback and survey responses;
- Usage Data: information about how you use our Website, products and services;
- Marketing and Communications Data: your preferences in receiving marketing from
us and our
third parties and your communication preferences.
We also collect, use and share
Aggregated Data such
as statistical or demographic data for any
purpose. Aggregated Data could be derived from your personal data but is not considered
personal
data in law as this data will
not directly or indirectly reveal your identity.
For example, we may
aggregate your Usage Data to calculate the percentage of users accessing a specific website
feature.
However, if we combine or connect Aggregated Data with your personal data so that it can be
directly or indirectly identify you, we treat the combined data as personal data which will
be used in
accordance with this Privacy Policy.
Through the use of our services by you or your authorised
users, there may, from time to time be
personal data processed which is considered Special Category Data, (for example this may
include
details about race or ethnicity, religious or philosophical beliefs, sex life, sexual
orientation, political
opinions, trade union, membership, information about your health, and genetic and biometric
data).
If you fail to provide personal data
Where we need to collect personal data by law, or under the
terms of a contract we have with you,
and you fail to provide that data when requested, we may not be able to perform the contract
we
have or are trying to enter into with you (for example, to provide you with goods or
services). In this
case, we may have to cancel a product or service you have with us but we will notify you if
this is the
case at the time.
HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you
including through:
- Direct interactions. You may give us information about you by filling in forms on
our Website or
App or by corresponding with us by post, phone, e-mail or otherwise. This includes
information
you provide when you register to use our Website or App, subscribe to our service,
search for a
product, place an order an our Website or through our App, participate in surveys on our
Website
or App, browse certain categories of products on our Website or App, when you make a
purchase
and when you report a problem with our Website or App.
- Surveys. From time to time businesses which subscribe to our Services may
circulate surveys in the App or
otherwise to their authorised users. Answers to such surveys will be anonymous.
We may send surveys to your contacts representing the business by email regarding the
use of
our App and/or Services. Answers to our surveys will not be anonymous and are for the
purpose
of improving our services.
- Automated technologies or interactions.As you interact with our Website, we may
collect
Technical Data about your equipment, browsing actions and patterns. If we collect this
data it
will be through the use of cookies, server logs and other similar technologies. We may
also
receive Technical Data about you if you visit other websites employing our cookies.
Please see
our Cookie Policy for further
details. We do not collect Technical Data from or through the use of our App.
- Third parties or publicly available sources. We may receive information about you
from other
sources. We also work closely with third parties (including, for example, business
partners, sub-
contractors in technical, payment and delivery services, advertising networks, analytics
providers,
search information providers, credit reference agencies) and may receive information
about you
from them.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us
to. Most commonly, we will use your
personal data in the following circumstances:
- where we need to perform the contract we are about to enter into or have entered into
with
you;
- where it is necessary for our legitimate interests (or those of a third party) and your
interests
and fundamental rights do not override those interests;
- where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for
processing your personal data although we
will get your consent before sending third party direct marketing communications to you via
email or
text message. You have the right to withdraw consent to marketing at any time by contacting
us.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of
all the ways we plan to use your personal
data, and which of the legal basis we rely on to do so. We have also identified what our
legitimate
interests are where appropriate.
Note that we may process your personal data for more than
one lawful ground depending on the
specific purpose for which we are using your data.
Purpose |
Lawful Basis for Processing including Basis of Legitimate Interest |
To register you as a new customer |
- Performance of a contract with you
|
Note that we may process your personal
data for more than one lawful ground depending on the
specific purpose for which we are using your data.
- manage payments, fees and charges;
- collect and recover money owed to us
|
- Performance of a contract with you;
- Necessary of our legitimate interests (to recover debts due
to us).
|
To manage our relationship with you
which include:
- notifying you about changes
to our terms or Privacy Policy;
- asking you to leave a review or take a survey
|
- Performance of a contract with you;
- Necessary to comply with a legal obligation;
- Necessary for our legitimate interests (to keep our records
updated and to study how customers use our
products/services).
|
To enable you to partake in a
prize draw, competition or
complete a survey
|
- Performance of a contract with you;
- Necessary for our legitimate interests (to study how
customers use our products/services, to develop them and
grow our business)
|
To administer and protect our
business and our Website and
App (including
troubleshooting, data analysis,
testing, system maintenance,
support, reporting and hosting
of data)
|
- Necessary for our legitimate interests (for running our
business, provision of administration and IT services,
network security, to prevent fraud and in the context of a
business reorganisation or group restructuring exercise)
- Necessary to comply with a legal obligation
|
To deliver relevant website
content and advertisements to
you and measure or
understand the effectiveness
of the advertising we serve to
you
|
- Necessary for our legitimate interest (to study how
customers use our products/services, to develop them, to
grow our business and to inform our marketing strategy)
|
To use data analytics to
improve our Website and App,
products/services, marketing,
customer relationships and
experiences
|
- Necessary for our legitimate interests (to define types of
customers for our products and services, to keep our
Website and App updated and relevant, to develop our
business and inform our marketing strategy)
|
To make suggestions and
recommendations about you
about goods or services that
may be of interest to you
|
- Necessary for our legitimate interests (to develop our
products/services and grow our business)
|
User Generate Content. Through using our App and/or
Services, users may be able to submit user
generate content (“UGC"). Business subscribers and other authorised users may have
visibility of UGC and in some instances, UGC may be anonymised within our platform. We will
make clear
through the use of messaging or colour coding (or such other means), if a particular area of
the
platform is anonymised or not.
Marketing. We strive to provide you with choices
regarding certain personal data uses, particularly
around marketing and advertising.
Promotional offers from us. We may use your Identity,
Contact, Technical, Usage and Profile Data
to form a view on what we think you may want or need, or what may be of interest to you.
This is
how we decide which products, services and offers may be relevant for you (we call this
marketing).
You will receive marketing communications from us if you
have requested information from us or
purchased our services from us and you have not opted our of receiving that marketing.
Third-party marketing. We will get your express
opt-in consent before we share your personal data
with any third party for marketing purposes.
Opting out. You can ask us or third parties to stop
sending you marketing messages at any time by (i)
contacting us at
support@xono.online; (ii) logging
into our Website and/or App and checking or
unchecking relevant boxes to adjust your marketing preferences; or (iii) following the
opt-out links
on any marketing message sent to you. Where you opt out of receiving these marketing
messages,
this will not apply to personal data provided to us as a result of use of our
products/services.
Cookies. You can set your browser to refuse all or
some browser cookies, or to alert you when
websites set or access cookies. If you disable or refuse cookies, please not that some parts
of this
Website may become inaccessible or not function properly. For more information about the
cookies
we use, please see
Cookie Policy.
Change of purpose
We will only use your personal data for the purposes for
which we collected it, unless we reasonably
consider that we need to use it for another reason and that reason is compatible with the
original
purpose. If you wish to get an explanation as to how the processing for the new purpose is
compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated
purpose, we will notify you and will explain
the legal basis which allows us to do so.
Please not that we may process your personal data without
your knowledge or consent, in
compliance with the above rules, where this is required or permitted by law.
DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the parties set out
below for the purposes set out in this
Privacy Policy.
- Any member of our group, which means our subsidiaries, our ultimate holding company and
its subsidiaries;
- Selected third parties including, business partners, suppliers and sub-contractors for
the
performance of any contract we enter into with them or you.
- Advertisers and advertising networks which require the data to select and serve relevant
adverts to you and others. We do not disclose information about identifiable individuals
to
our advertisers, but we may provide them with aggregate information about our users.
- We may also use such aggregate information to help advertisers reach the kind of
audience
they want to target (for example, in a particular postcode). We may make use of the
personal
data we have collected to enable us to comply with our contractual obligations with
advertisers for the displaying of advertisements to a specific target audience.
- Analytics and search engine providers to assist us in the improvement and optimisation
of our
Website and App.
We require all third parties to respect the security of your
personal data and to treat it in accordance
with the law. We do not allow our third party service providers to use your personal data
for their
own purposes and only permit them to process your personal data for specific purposes and in
accordance with our instructions.
WHERE WE STORE YOUR PERSONAL DATA
We typically store and process personal data through the use
of secure data centres in Ireland.
If you are an Isle of Man business, we may discuss
alternative arrangements with you direct, to agree
the use of a dedicated data centre in the Isle of Man, (being a territory which has received
an
Adequacy Decision from the European Commission regarding its suitable data protection laws).
You
acknowledge and agree this will be on a case by case basis, is in our sole discretion and
will be
agreed with you in writing.
In certain circumstances, personal data collected from you
may be transferred to, and stored at, a
destination outside of the European Union (“EU”). It may also be processed by staff
operating
outside the EU who work for us or for one of our suppliers. Such staff maybe engaged in,
among
other things, the fulfilment of your order, the processing of your payment details and the
provision
of support services. In cases where your personal data is shared outside of the EU, we will
ensure
standard contractual clauses (as amended), or an adequacy decision is in place to safeguard
personal
data. By using our Website or App and/or submitting any of your personal data to us, you
agree to
this transfer, storing or processing.
SECURITY
We will take appropriate security, technical and
organisational measures reasonably necessary to
ensure your personal data is treated securely and in accordance with this Privacy Policy.
In addition, we limit access to your personal data to those
employees, agents, contractors and other
third parties who have a business need to know. They will only process your personal data on
our
instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected
personal data breach and will notify you
and any applicable regulator of a breach where we are legal required to do so.
Information you provide is stored on our servers. Where we
have given you (or where you have
chosen) a password which enables you to access certain parts of our Website or App, in
accordance
with our Subscription Agreement, Website Terms of Use and EULA you are responsible for
keeping
this password confidential as well as your login details. We ask you not to share a password
with
anyone.
In accordance with our Subscription Agreement, Website Terms
of Use, EULA , you acknowledge and
agree, unfortunately, the transmission of information via the internet is not completely
secure and
security can never be guaranteed. Although we will do our best to protect your personal
data, we
cannot guarantee the security of any data transmitted to our Website or App; any
transmission is at
your own risk, and you will not hold us liable.
DATA RETENTION
We will only retain your personal data for as long as
reasonably necessary to fulfil the purposes we
collected it for, including for the purposes of satisfying any legal, regulatory, tax,
accounting, or
reporting requirements. We may retain your personal data for a longer period in the event of
a
complaint or if we reasonably believe there is a prospect of litigation in respect of our
relationship
with you.
To determine the appropriate retention period for personal
data, we consider the amount, nature
and sensitivity of the personal data, the potential risk of harm from unauthorised use or
disclosure
of your personal data, the purposes for which we process your personal data and whether we
can
achieve those purposes through other means, and the applicable legal, regulatory, tax,
accounting,
or other requirements.
By law we have to keep basic information about our customers
(including Contact, Identity, Financial
and Transactional Data) for six years after they cease being customers.
In some circumstances you can ask us to delete your data:
see section 9 and your legal rights below
for further information.
In some circumstances we will anonymise your personal data
(so that it can no longer be associated
with you) for research or statistical purposes, in which case we may use this information
indefinitely
without further notice to you.
YOUR LEGAL RIGHTS
You have the following rights in relation to your personal
data:
- A right to access your personal data held by us (known as a subject access request)
- A right to receive certain personal data in machine readable form
- A right to have inaccurate or out of data personal data corrected
- A right to have certain personal data which we no longer require for processing, to be
erased
- A right to object to processing if the lawful basis is in our legitimate interests
- A right to request an explanation regarding any decisions taken about you or your
account if
those decisions have been taken by automated means
- A right to object to direct marketing, which can be done through opting out of receiving
marketing correspondence through your account settings. You also have a right to object
to
profiling based on any direct marketing.
If you wish to exercise any of your rights, you can do so by
contacting our support team:
support@xono.online. Kindly note, there may be
situations where we are unable to accommodate
your request and where we are still entitled to continue processing your information. This
includes
where we may have a legal or regulatory obligations, which means we may refuse your request
of
may only be able to comply with part of it.
When you make a request in respect of your rights, we will
ask for proof of identification. We will
also ask you to clarify your request to us. When responding to requests, this my take up to
30 days
following confirmation of your identity, but it may take longer in some instances and we
will contact
you to inform you if this is the case. We reserve the right to not respond to any
unreasonable,
vexatious, or illegitimate requests in our sole discretion.
THIRD PARTY LINKS
From time to time, or Website or App may contain links to
and from websites of third parties. If you
follow a link to any of these websites, you should take care to be aware of and check their
privacy
policies before you submit any personal data to these websites. We do not take
responsibility for
the policies of third party websites or the way in which they will process your personal
data.
GLOSSARY
LAWFUL BASIS
Legitimate Interest means the interest of our
business in conducting and managing our business to
enable us to give you the best service/product and the best and most secure experience. We
make
sure we consider and balance any potential impact on you (both positive and negative) and
your
rights before we process your personal data for our legitimate interests. We do not use your
personal data for activities where our interests are overridden by the impact on you (unless
we have
your consent or are otherwise required or permitted to by law). You can obtain further
information
about how we assess our legitimate interests against any potential impact on you in respect
of
specific activities by contacting us.
Performance of Contract means processing your
data where it is necessary for the performance of a
contract to which you are a party or to take steps at your request before entering into such
a
contract.
Comply with a legal obligation means
processing your personal data where it is necessary for
compliance with a legal obligation that we are subject to.
CHANGES
This Privacy Policy may be updated from time to time, so we
recommend you review it regularly. If
we make material changes to this Privacy Policy, we will take steps to alert you to those
changes.
CONTACT US
If you have any questions or concerns about this Privacy
Policy, you can contact us via:
Last Updated: 1/30/2024. We may update and change
this
Privacy Policy and you are advised to check it from
time to time.