Privacy Policy

At Xono Limited, (“we,””our,” and “us”) respects your privacy and is committed to protecting your personal data. The purpose of this Privacy Policy (together with our Subscription Agreement, Website Terms of Use, EULA and any other documents referred to in it) is to explain how we use your personal data, why we use it and who we share it with in relation to our services when you visit our website (regardless of where you visit it from) and about the privacy rights you have under relevant Data Protection legislation and how the law protects you.

We process your personal data for the purposes set out in this Privacy Policy. The two main purposes for our processing activities are (i) in order to offer to you and provide you with our services, for which you will be required to register a customer account and where applicable transact for the use of our services; (ii) to ensure compliance with our legal and regulatory obligations, which includes keeping records of transactions made using our services.

By visiting our website https://www.xono.online (our “Website”) or downloading or using our Mobile App (our “App”) and/or using any of our services, you are accepting and consenting to the practices described in this Privacy Policy.

Our Website is not intended for children and we do not knowingly collect data relating to children.

It is important you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of ow and why we are using your personal data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

Xono Limited of 96 Fairways Drive, Mount Murray, Santon, Isle of Man, IM4 2JF is the controller and responsible for your personal data. This is who we refer to when referring to “Xono”, “we”, “our” and “us” etc.

We have appointed a designated Data Protection Officer. They can be reached at DataOfficer@Xono.online. Whilst our Data Protection Officer can be contacted, our customer support team at support@xono.online will be your initial point of contact should you wish to exercise your data protection rights.

You have the right to make a complaint at any time to the Isle of Man Information Commissioner (“ICO”), the Isle of Man regulator for data protection issues (www.inforights.im). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

We keep our Privacy Policy under regular review. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can be directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Through the use of our services by you or your authorised users, there may, from time to time be personal data processed which is considered Special Category Data, (for example this may include details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union, membership, information about your health, and genetic and biometric data).

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We use different methods to collect data from and about you including through:

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

User Generate Content. Through using our App and/or Services, users may be able to submit user generate content (“UGC"). Business subscribers and other authorised users may have visibility of UGC and in some instances, UGC may be anonymised within our platform. We will make clear through the use of messaging or colour coding (or such other means), if a particular area of the platform is anonymised or not.

Marketing. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Promotional offers from us. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased our services from us and you have not opted our of receiving that marketing.

Third-party marketing. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out. You can ask us or third parties to stop sending you marketing messages at any time by (i) contacting us at support@xono.online; (ii) logging into our Website and/or App and checking or unchecking relevant boxes to adjust your marketing preferences; or (iii) following the opt-out links on any marketing message sent to you. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of use of our products/services.

Cookies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please not that some parts of this Website may become inaccessible or not function properly. For more information about the cookies we use, please see Cookie Policy.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

Please not that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We may share your personal data with the parties set out below for the purposes set out in this Privacy Policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specific purposes and in accordance with our instructions.

We typically store and process personal data through the use of secure data centres in Ireland.

If you are an Isle of Man business, we may discuss alternative arrangements with you direct, to agree the use of a dedicated data centre in the Isle of Man, (being a territory which has received an Adequacy Decision from the European Commission regarding its suitable data protection laws). You acknowledge and agree this will be on a case by case basis, is in our sole discretion and will be agreed with you in writing.

In certain circumstances, personal data collected from you may be transferred to, and stored at, a destination outside of the European Union (“EU”). It may also be processed by staff operating outside the EU who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. In cases where your personal data is shared outside of the EU, we will ensure standard contractual clauses (as amended), or an adequacy decision is in place to safeguard personal data. By using our Website or App and/or submitting any of your personal data to us, you agree to this transfer, storing or processing.

We will take appropriate security, technical and organisational measures reasonably necessary to ensure your personal data is treated securely and in accordance with this Privacy Policy.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legal required to do so.

Information you provide is stored on our servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website or App, in accordance with our Subscription Agreement, Website Terms of Use and EULA you are responsible for keeping this password confidential as well as your login details. We ask you not to share a password with anyone.

In accordance with our Subscription Agreement, Website Terms of Use, EULA , you acknowledge and agree, unfortunately, the transmission of information via the internet is not completely secure and security can never be guaranteed. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our Website or App; any transmission is at your own risk, and you will not hold us liable.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transactional Data) for six years after they cease being customers.

In some circumstances you can ask us to delete your data: see section 9 and your legal rights below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

You have the following rights in relation to your personal data:

If you wish to exercise any of your rights, you can do so by contacting our support team: support@xono.online. Kindly note, there may be situations where we are unable to accommodate your request and where we are still entitled to continue processing your information. This includes where we may have a legal or regulatory obligations, which means we may refuse your request of may only be able to comply with part of it.

When you make a request in respect of your rights, we will ask for proof of identification. We will also ask you to clarify your request to us. When responding to requests, this my take up to 30 days following confirmation of your identity, but it may take longer in some instances and we will contact you to inform you if this is the case. We reserve the right to not respond to any unreasonable, vexatious, or illegitimate requests in our sole discretion.

From time to time, or Website or App may contain links to and from websites of third parties. If you follow a link to any of these websites, you should take care to be aware of and check their privacy policies before you submit any personal data to these websites. We do not take responsibility for the policies of third party websites or the way in which they will process your personal data.

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

This Privacy Policy may be updated from time to time, so we recommend you review it regularly. If we make material changes to this Privacy Policy, we will take steps to alert you to those changes.

If you have any questions or concerns about this Privacy Policy, you can contact us via:

Last Updated: 1/30/2024. We may update and change this Privacy Policy and you are advised to check it from time to time.