Welcome to XTRATEK INC’s (trading as XTRATEK Cloud & Cybersecurity, and hereinafter referred to as XTRATEK) privacy notice.
We recognise the importance of the privacy and security of your personal information. This privacy notice explains what we do to look after your personal data.
It is important that you read this privacy notice together with any other privacy information we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how we use and handle your data.
Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our services. If you still have any questions or concerns, please contact us as described in the Contacting Us section.
Who we are
XTRATEK is a technology solutions company proposing cloud and cybersecurity services to businesses and organisations of all sizes.
We provide holistic cybersecurity risk management services including governance and compliance.
We act as trusted advisor to guide in defining a future-state business operating model and transformational plan for our clients with regards to cloud solutions provisioning, implementation, monitoring, and security.
Our website address is: https://xtratekinc.com.
What does this privacy notice cover?
This Privacy Policy applies to the processing of personal information by XTRATEK of visitors and users of our business sites, including our websites on xtratekinc.com, computer or mobile software applications and our social media pages that link to this Privacy Policy (collectively referred to as the sites).
It also applies to how we handle data collected about our customers and prospective customers and their representatives contacting us via email and phones, as wells as subscribers to our publications and newsletters, suppliers and business partners and their representatives.
Furthermore, this privacy policy applies to those we contact via email or telephone for the purpose of advertising and marketing our services, and whose contact information we have obtained through third parties.
Changes to this Privacy Policy and your duty to inform us of consequential changes to your personal data
The current version of this privacy policy is dated July 2024 and any historic versions can be obtained by contacting us.
The management of XTRATEK is the designated controller of your data in accordance with the requirements of the GDPR data protection regulations.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Contacting Us
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice.
If you would like to exercise one of your rights as set out in this privacy notice, or you have a question or a complaint about this privacy notice or the way your personal information is processed, please contact the DPO using the details set out below.
By email: info@xtratekinc.com
By post: Data Protection Officer, XTRATEK INC. LTD, 405 Ashton Old Road, Manchester M11 2DL.
What legal bases do we rely on to process your information?
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose, or you have given such permission to third parties. You can withdraw your consent at any time.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our services or at your request prior to entering into a contract with you.
- Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to: Send users information on our products and services generally , information about special offers and discounts on our products and services, develop and display personalized and relevant advertising content for our users, analyze how our Services are used so we can improve them to engage and retain users, support our marketing campaigns and activities, diagnose problems and/or prevent fraudulent activities, to understand how our users use our products and services so we can improve user experience, et cetera.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
In legal terms, we are generally the “data controller” under European data protection laws, of the personal information described in this privacy notice, since we determine the means and/or purposes of the data processing we perform.
This privacy notice does not apply to the personal information we process as a “data processor” on behalf of our customers or client businesses.
In those situations, the customer that we provide services to and with whom we have entered into a data processing agreement is the “data controller” responsible for your personal information, and we merely process your information on their behalf in accordance with your instructions.
If you want to know more about our customers’ privacy practices, you should read their privacy policies and direct any questions you have to them.
Do we process any sensitive personal information?
We do not process sensitive personal information.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service for verification purposes only. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you are authorised to do so and you edit or publish an article on our website, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
We may share data that we collect about you with the following parties.
- External Third Parties or contractors, with whom we are partners or associate to render contractual services.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use the data that we collect in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
For parts of our website that are password protected, If you request a password reset, your IP address will be included in the reset email.
Visitor comments may be checked through an automated spam detection service.
Email Marketing and Marketing Campaigns
You will receive marketing communications from us if you have requested information from us or if we can demonstrate that we have a legitimate interest in sending marketing material to you (and you have not opted-out).
We practise email marketing which means that we address information on our services and products to potential clients from email addresses and other information that we have gathered through third-party services such as online marketing applications, and databases including public registries like those of the Companies House.
Also in order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may collect data from public databases, marketing partners, social media platforms, and other outside sources.
Notably, XTRATEK uses the third-party services of LinkedIn, Apollo.io , HubSpot , and Brevo, amongst others, who thus are data processors in this context. Please Click on the links to read their respective privacy policies.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time, except that they cannot change their username. Website administrators can also see and edit that information.
Essentially, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
In some circumstances you can ask us to delete your data by requesting erasure as specified below.
In some circumstances we may anonymise your personal data, so that it can no longer be associated with you, for eventual use in research or statistical purposes in which case we may use that information indefinitely without further notice to you.
What rights do you have over your data?
You have certain rights under applicable data protection laws. These may include the right
- (i) to request access and obtain a copy of your personal information,
- (ii) to request rectification or erasure;
- (iii) to restrict the processing of your personal information;
- (iv) if applicable, to data portability; and
- (v) not to be subject to automated decision-making.
In certain circumstances, you may also have the right to object to the processing of your personal information. You can make requests to exercise the above rights by contacting us using the contact details provided in the Contacting Us section.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
How do we protect your information?
We have implemented measures to protect your personal information, including by using the European Commission’s Standard Contractual Clauses for transfers of personal information between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations.
We also have elaborate organizational and technical processes and procedures in place to protect your personal information.
However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our best efforts at data security and improperly collect, access, steal, or modify your information.