Xstek Limited is a company registered in England and Wales (07112697) (hereinafter referred to as "We", "Our" or "Us").

We understand and appreciate the fact that your privacy is important to you and that you care about how your personal data is used. Therefore, we are committed to respecting and valuing the privacy of visitors to, and users of, our websites: www.xstek.net, www.xstek.co.uk, or any of the services, software, or applications provided by Us.

This Policy, along with our Terms of Use, set out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. When you visit our websites (www.xstek.net or www.xstek.co.uk), or use any of our products or services, you are accepting and consenting to the practices described in this Policy.Therefore, please read this Privacy Notice carefully in order to understand our practices regarding your personal data.

If you do not accept and agree with this Privacy Policy, you must stop using our site(s), product(s), application(s), or service(s), immediately. If you have any questions, please do not hesitate to contact us using the details provided below.

OVERVIEW& INFORMATION ABOUT US

This Policy, which applies when using the website: www.xstek.net, or any of the service(s), software(s), product(s), or application(s) provided by Us, provides you with information about:

• What personal data we collect.
• How we use your data.
• Who we share your data with.
• How we ensure your privacy is maintained.
• Your rights relating to your personal data.

For the purpose of the General Data Protection Regulation (EU Regulation 2016/679, when applicable, the “GDPR”), and the EU Data Protection Directive (Directive 95/46/EC), the data controller is Xstek Limited of Falcon House, 257 Burlington Road, New Malden, Surrey, KT3 4NE.

INFORMATION WE MAY COLLECT FROM YOU AND OTHER SOURCES

Although the precise details of the personal information collected will vary according to the specific purpose for which we are collecting the information, we may collect and process the following data about you:

• Information That You Provide To Us:

  • This can be information that you provide to us by filling in forms on our social media pages or on our website. It also includes information provided at the time of registering to use our website, subscribing to our service, posting material, or requesting further services. We may also ask you for information when you report a problem with our website and collect billing information from you. Information collected in this manner may include: your name;date of birth;physical and electronic mail addresses; contact information such as telephone and mobile numbers;business name, occupation, professional contact information (including addresses and numbers), profession, job title, working history, etc.
  • If you contact us by phone, email, or otherwise voluntarily, we may keep a record of that correspondence.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. The information you provide in such surveys may be used for the purposes of improving service delivery and improving our product(s).
  • Details of transactions you carry out through our website and of the fulfilment of your orders.
  • Details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access.
  • We may also collect behavioural and browsing data from you for the purposes of offering you a tailored or personalised online experience.
  • We may collect information about your computer, including where available your IP address, operating system, and browser type, for system administration. This is statistical data about our users' browsing actions and patterns, and does not identify any individual. We may also collect any personal information which you allow to be shared that is part of your public profile on a third party social network.

• Information We Receive From Other Sources:

  • We obtain certain personal information about you from sources outside our business which may include our group of companies (further defined below). We may receive your personal information from other sources, such as: public databases, our supplier partners, referrals from health service organisations, joint marketing partners; social media platforms; from people with whom you are friends or otherwise connected on social media platforms, as well as from other third parties. For example, this other personal data helps us to:
    • Provide the relevant services in an accurate manner
    • Review and improve the accuracy of the data we hold
    • Improve and measure the effectiveness of our marketing communications

USES MADE OF THE INFORMATION

We use the information held about you in the following ways:

• To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
• To ensure that content from our website is accessible to you and is presented in the most effective manner for you and for your computer.
• To provide, operate, and manage your Account with Us.
• To provide you with information, products, or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
• To enter into contracts with you, and to carry out our obligations arising from any contracts entered into between you and us.
• To allow you to participate in interactive features of our service, when you choose to do so.
• To enhance and personalize your experience whilst using our website, services, products or applications.
• To ensure the safety and security of data uploaded through our site, product(s), software(s), application(s), and service(s), and to ensure that we have records of those who have interacted with it.
• To communicate with you, including (but not limited to) for the purpose of notifying you about changes to our service.
• If you are an existing customer, we will only contact you by electronic means with information aboutservices that we offer.
• If you are a new customer, we will contact you by electronic means if you have consented to this.
• To comply with any legal or regulatory obligations and to reduce fraud or improper behaviour.
• We may use your personal information to contact you if there is any urgent safety issue to communicate to you where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any personal harm to you. It is in your vital interests for us to use your personal information in this way.

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

DISCLOSURE OF YOUR INFORMATION

In order to make certain services available to you, we may need to share your personal data with third parties.

• We may disclose your personal information to:
  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
  • Our trusted service providers acting on our behalf who provide services such as: web hosting, web analytics, and integration, customer service, service fulfilment, data analysis including data personalisation, infrastructure provision, email marketing data, review sites of our services, auditing services, and other services to enable them to provide services.
  • Selected third parties if you are a new customer and you have consented to this.
  • Third party suppliers who manage our secure payment platform and credit card processing.
• In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
• If Xstek Limited substantially sells all of its assets or is acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of Xstek Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

International Transfers

We store your data within the United Kingdom. However, it is sometimes necessary for us to share your data outside of the European Economic Area (EEA) -this generally occurs when our service providers are located outside of the EEA or you are based outside of the EEA.

If this happens, we will ensure that the transfer will be compliant with the relevant data protections laws including the GDPR.

Our standard practice is to use standard contractual clauses which have been approved by the European Commission for such transfers. Those clauses can be accessed here.

HOW DO WE PROTECT YOUR DATA

We are committed to keeping your personal data safe and secure and employ a number of security measures such as:

• We ensure our data is supported with SSL technology using RSA 2048 bit security standard
• All information you provide to us is stored on our secure servers. For registered users, where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
• We have also put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. This includes transcribers who we engage to perform the transcription and typing services. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We use reasonable organisational, technical, and administrative measures to protect personal information under our control. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

The personal data that you provide to us in order to purchase services and other personal data generated for transactional agreements is processed as it is necessary for the performance of a contract with you.

All other personal data is processed for our legitimate interests (as set out below) and to comply with our legal obligations.

In general, we only rely on consent:

• To send direct marketing communications to customers via email or text message.
• To contact (and allow for selected third parties to contact) new customers by electronic means.

You have the right to withdraw your consent at any time..

Our legitimate interests

The normal legal basis for processing customer data, is that it is necessary for our legitimate interests including:

• Selling and supplying services to our customers and operating their various features including account access, operations, and maintenance.
• Protecting customers, employees, and other individuals and maintaining their safety, health, and welfare.
• Promoting, marketing, and advertising our products and services.
• Sending promotional communications which are relevant and tailored to individual customers.
• Understanding our customer's behaviour, activities, preferences, and needs.
• Complying with our legal and regulatory obligations
• Preventing, investigating, and detecting crime, fraud, or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies.
• Handling customer contacts, queries, complaints, or disputes.
• Managing insurance claims by customers.
• Protecting us and our employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us.
• Effectively handling any legal claims or regulatory enforcement actions taken against us.
• Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.

YOUR RIGHTS

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below in the "Contact" section.

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.

You can also exercise the right at any time by contacting us at Xstek Limited by any of the means outlined below.

Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

HOW LONG DO WE KEEP YOUR DATA?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The email marketing unsubscribe function will remove your details from marketing lists and confirmation of your removal will be sent to your email address.

We will take reasonable steps under Article 17 of the GDPR to meet data subject requests.

CHANGES TO OUR PRIVACY NOTICE

Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you.

CONTACT

If you have any questions about how we use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:

• Email us on: dpo@xstek.co.uk
• Write to us at: Xstek Limited, Falcon House, 257 Burlington Road, New Malden, Surrey, KT3 4NE
• You have the right to make a complaint at any time to the local data protection supervisory authority which, for the UK, is the Information Commissioner's Office (ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Issue Date: 18 May 2018