Here at Xynics we take the protection of information we hold about our clients (including our client's clients), suppliers, employees and other personal data very seriously.
We like to avoid long words, legal clauses and technical jargon to make it simple for visitors to make informed decisions about how we store and use their personal data. This policy together with our Terms and Conditions, sets out the bases upon which we collect personal data from you or about you, and how that data will be used.
We will never share any personal data with a third-party except for during the course of conducting normal business, which may include the use of external suppliers whom we have verified meet our own strict privacy & data protection policies.
Xynics Data Solutions Ltd, a company registered in England & Wales company number 05778233.
You can contact us at our registered office and trading address which is
Newton House, Northampton Science Park, Kings Park Road, Northampton NN3 6LG.
Xynics are a Data Controller and our Information Commissioner’s Office registration number is Z9953789.
We are also members of the UK Direct Marketing Association membership number 73139 and have been certified as adopting Information Security Standards in line with the ISO27001, and you can view our current certificate here.
We are registered with HM Revenue & Customers for VAT purposes, registration number GB912 8634 22.
The primary contact within our company for all privacy and data protection queries is: Michael Kilby (Director).
When we collect your personal information, we will tell you why we are collecting it, what it will be used for and how long we'll keep it but for your convenience, here's the main areas where we process personal information.
When using our website
We will use our Legitimate Interest to understand how our website and content is used, and your Legitimate Interest to have access to relevant, informative and up-to-date content, to collect
- Your Internet Address (IP Address) or Device ID
- The operating system and internet browser your device is using
- Which pages of our website you visit
- Your Internet Service Provider
- Any link you follow to our website, search terms you used, or links on our website which take you to other sites.
This information is collected anonymously and is shared with Google for analytical purposes and we keep this information in an anonymous form for up to 3 years.
If you use our Contact Us form or Live Chat
By using our Contact Form or Live Chat, you are asking us to respond to your request. We will collect the information requested on the form to Perform a Contract, or negotiate the performance of a contract in respond to your query.
If the information is provided in our Live Chat, it is retained for 3 months following the end of that chat session.
If the information is provided in our Contact Us form, it is emailed to our admin team who will determine the nature of the enquiry and use the information to respond to you. We keep enquiries for up to 12 months unless we form an ongoing relationship with you.
Subscriptions to our e-Newsletter
Xynics use our Legitimate Interest to market our services and activities to customers, suppliers, prospective customers and other interested parties by allowing individuals to subscribe to our e-Newsletter, or by obtaining lists of Corporate individuals whom we feel may benefit from receiving this information.
When we do this we will gather;
- Your name
- Company Name
- Email Address
- Consent where it is lawfully required
We also obtain contacts (Names, Companies & Email Addresses) for this purpose from LinkedIn, Networking, Events and Seminars we attend or host, if we engage with you as a business partner, client or supplier, or where business cards are exchanged with one of our team.
Regardless of where we obtain your information, you may opt out from our e-Newsletter at any time by clicking the unsubscribe link on any of our emails, or by contacting one of our team on 01604 807120 or by email to email@example.com.
We will retain this information for up to 3 years and try to ensure that it is current by communicating with you regularly, only continuing to email to addresses which actively view our emails.
Xynics work with a number of partners whom may recommend us to their clients. It is our normal process that these partners will inform us that they have passed on our contact details to you and to expect contact from you.
Should we not hear from a recommendation, we will use the Legitimate Interest of the recommended clients to benefit from the recommendation in order to contact them, and rely upon the referring partner to ensure they have the necessary consent to share that information with us.
We only keep this information for up to 1 year in order to communicate with you, and to analyse the type and means of our referral enquiries.
When we enter into a contract with you to supply or receive services, we will retain your contact information in our CRM Database and Office 365 Outlook & Sharepoint systems. If we are supplying services, we will use the Performance of a Contract to collect your information. If we are receiving services, we will use our Legitimate Interest to conduct business and maintain a supplier relationship to collect your information.
In either case, we normally collect your
- Company Name
- Email Address
- Telephone Number
- Postal and/or Billing Address
- Other business attributes such as Business Type, Lead Source, Date of Engagement etc.
Should we need to collect any additional information we will tell you at the time.
We keep this information for as long as there is an ongoing business relationship, and for up to 7 years following termination of that relationship as we are required to do for taxation and accounting purposes, or to protect our legal interests.
Employees & Contractors
When we engage you as an employee or contractor with Xynics, we will use the Performance of a Contract to collect and maintain records about you which will include
- Your name (an any previous names)
- Your home address (or office address in the case of a contractor)
- Your date of birth
- Your gender
- Your National Insurance number (if you are on our payroll)
- Your Next of Kin (in case of an emergency)
- Any allergies or health conditions we need to be aware of
- A copy of your Driving Licence, Photo ID or Passport, and/or proof of eligibility to work
- References & Recommendations
- Your Social Media Profiles
We collect this information in order to employ you and ensure your continued health and safety at work, as well as to ensure that we can cater for your needs as an employee. We collect social media information in order to ensure our Social Media and Communications policies are adhered to in line with your contract of employment.
We retain this information for up to 7 years following the termination of your employment in order to comply with United Kingdom Employment Law and to protect the legal interest of the company.
Your right . . .
to expect that any data you provide to us will be treated fairly, lawfully, transparently and with the upmost respect.
Xynics will be fully transparent with you when you provide information to us, or when we obtain it from another party and we communicate with you.
We will tell you where we obtained your information, why we obtained it, how we will use it and how long we will keep it, at the time we collect it or as soon as possible after receiving the information.
We will only collect and process data where it is necessary to either;
- Negotiate and/or enter into a contract with you to supply or receive services
- Communicate to interested parties, the services of our business
- Employ or engage resources or services
- Provide tailored advice and guidance to you
We will never use data for a purpose that it was not intended without first informing you of that change of use, and we will always give you a genuine choice over how that data may be used.
at any time, to ask us to stop capturing your personal data, such as the tracking data we capture.
It is not currently possible to turn off our tracking technologies for individual visitors to our websites however you can normally exercise this right yourself by turning on the "Do Not Track" feature of your internet browser, or by using the "In Private" or "InCognito" browsing modes of your internet browser.
If you do turn on or use these features, it may affect the operation of our website and some content or features may not be available to you or work as intended.
to withdraw consent, object to our processing of your personal data, or to ask us to erase your personal data.
You have the right to ask us to stop processing or to permanently delete the information we hold about you.
You also have the right to revoke any consent we have implied or been given to receive marketing material from us.
We will of course respect any request to cease using your information in full or in part, however there are circumstances where we may not be able to entirely cease holding that information, such as to comply with our legal obligations, or to maintain an "Opt Out" list for our marketing. Where such cases arise, we will inform you of the reasons why we cannot fully comply with the request.
of access to all personal data we hold about you.
You may ask us at any time and free of charge, to provide you a copy of all information we hold about you.
You can make such a request by any channel, such as by Email, Telephone, Social Media or in person however it will help us to respond to your request if you complete our online form here. This form will ensure that you provide to us everything necessary to properly identify you and find your information.
The GDPR requires that we respond to you within no more than one calendar month of receiving a valid request. If you choose not to complete our Subject Request Form your request may be delayed if we are unable to validate your identity.
We are entitled to extend the one calendar month deadline by up to two further months if a request is particularly complex. We will inform you if we feel that such an extension is necessary.
to have incorrect data rectified
We will ensure such corrections are applied within one calendar month or sooner.
to complain about how we store or use your personal information
As a business who's services are to advise and guide our clients on compliance with Data Protection legislation and the lawful and effective processing of personal data, we would hope that no person has reason to complain about how we handle their personal data.
If however you are unhappy with how we hold or process your information, we encourage you to first raise this with our data protection team;
- by email to firstname.lastname@example.org
- by calling 01604 807120
- by writing to us at: Xynics Data Solutions Ltd, Newton House, Northampton Science Park, Kings Park Road, Northampton NN3 6LG
- or in person by appointment at our correspondence address
In the event we are unable to satisfactorily resolve your complaint, you may complain to the Information Commissioners Office by using the form on the ICO website at www.ico.org.uk/concerns or by writing to them at:
Information Commissioner's Office
Security & Confidentiality
Where we keep your personal information
Xynics use our own ISO27001 certified Data Centres located within the United Kingdom to host all our systems and software.
We also use Microsoft Office 365 for Email and Microsoft Sharepoint, which are hosted in Microsoft Data Centres located within the United Kingdom.
How we keep your personal information secure & confidential
All portable computing devices that access or use Personal Data are encrypted by default, and all Xynics systems require Two-Factor Authentication for access and no Personal Data can be accessed from outside our corporate network without the use of a Virtual Private Network to ensure digital communications are secure. Where we need to share personal data it is done so using an encrypted cloud based service called Sync.com.
We enforce strict user permissions using a "lowest possible permission" structure meaning that only those persons who need access to information, have access to that information at a per-attribute level.
We encourage all suppliers and clients to never send personal data to us via email and provide a free service for such data transmission using our Sync.com encrypted cloud file exchange solution.
Who will use your personal information
Except where we are lawfully required to share information, only Xynics personnel and appointed representatives of Xynics will use your personal information. Where we do use an external agency to undertake activity on our behalf using your information, we ensure they meet our strict Data Protection policies and procedures, and we ensure that we have full rights to audit their processes to ensure they meet our standards.
This Privacy & Data Protection Policy was revised, reviewed and published on the 6th January 2020 by Mike Kilby PC.dp, a certified Data Protection Practitioner on behalf of Xynics Data Solutions Ltd.
Frequently asked questions
Everyone has their own view on what is meant by Privacy and Data Protection and it's not always possible to cover every question that is asked. The below are a few Frequently Asked Questions which although may not be entirely relevant to how we hold or process your personal data, may be of interest to you.
What do you do with Payment Information?
Xynics does not hold any payment information.</p><p>If you have made a purchase from us via EventBrite, our Website or another payment service you will have been guided through a checkout process using PayPal, or GoCardless.
Both PayPal and GoCardless are independent payment processors and collect your payment information separately to any information gathered by Xynics. The only information we receive (over that we gather directly), is an indication that your payment was successful and the amount paid.
We strongly advise anyone submitting payment information online to check that the padlock symbol is present in their browser address bar, and that they are actually on the site they expect to be on when making that payment as Xynics cannot be held responsible for fraudulent transactions or incorrect use of personal data resulting out of the use of the payment processor.
Do you transfer Personal Data outside the United Kingdom?
As far as possible, Xynics do not use services or send data outside of the UK.
We do use a cloud based File System called sync.com as a data storage system which synchronises data stored on our local computers and network shares to a secure encrypted cloud service. Sync.com is based in Canada which has been approved as having adequate data protection legislation in place, and Sync.com further use the Amazon Cloud for data storage in an encrypted form.
You can be assured that any personal data we might store in Sync.com is fully encrypted and is only accessible by Xynics
Where is my data stored?
Xynics operates two Data Centres in Northampton and Milton Keynes with private communications circuits ensuring 100% confidentiality of data.
Our servers are locked away in secure racks and both sites are monitored 24x7 by CCTV and in person security.
Most of our data systems run on Microsoft SQL Server on Windows Server 2019, or Oracle MySQL running on Centos Linux 7. All data systems are held behind secure firewalls with strict monitoring and automated intrusion detection, and Xynics have been independently certified as compliant with the ISO27001 standard in Information Security.
What all this means for you is simple. Your data is held safely, in a controlled manner on systems that we control, often exceeding the core ISO standard that is recognised around the globe.
Are your premises secure?
Nobody can every be 100% certain that their premises are 100% secure, but we chose Northampton Science Park because it is a gated business community requiring secure RFID tokens to access the site in addition to each building, and each of our offices has independent RFID access control and independent security alarms.
Visitors to the site must be announced or they are turned away, and all visitors must be escorted around the site.
There is 24x7 monitored CCTV on-site and should a security alarm be triggered, we are alerted within 3 minutes, often with a physical presence before that call is made to verify the alarm condition.
Are your systems secure?
All our servers are hosted behind firewalls and on dedicated networks which are not accessible to the outside world. Each requires specific Administrative Permissions controlled by a central authentication server.
Web Facing systems are hosted in "Demilitarised Zones", behind firewalls, and again require dedicated admin privileges however their default permissions are much more restricted, such as being unable to directly access data servers without multi-factor authentication.
Our internal desktop infrastructure is all Apple Macintosh OSX. We chose this partially because it is less targeted as an operating system, but also because it is much more secure by default.
To log on to any of our systems you need either biometric security or two-factor authentication (a physical device / something you have) in addition to a username and complex password. Instead of enforcing password changes every one or two months, we implement the Two Factor Authentication and much stronger passwords, which discourages staff from using the same password everywhere or using easily guessed passwords.
We run a comprehensive Anti-Malware regime using three different Anti-Virus and Anti-Malware products across all devices, just to add a layer of protection that if one product misses a virus, another one may detect it.
Are your staff responsible, will they look after my data?
Xynics whole recognises that people are the largest weak-link in the security chain and that everyone needs to be aware of their responsibilities to keep data secure and confidential.
We thoroughly vet every employee with references and competency tests to ensure they are trustworthy and capable of doing their job with minimal risk to the data they handle. Where necessary we do undertake DBS Checks and we implement lowest privilege permissions to further protect information.
Every new member of staff is thoroughly trained in our Information Security and Data Protection policies and procedures and most of all, all our staff are certified within 6 months of joining us in Data Protection, with all management staff and key personnel qualified to the Practitioner Certificate in Data Protection.
We undertake annual refresher training and undertake regular security and data protection policy testing to ensure all staff are adhering to our policies.
How do you dispose of personal data?
If it's digital, our systems are all configured with a Secure Delete function which will overwrite the data with several passes of random data. Without getting too technical, this method is supported by the US Department of Defence and the UK's GCHQ.
If there's an entire server or storage device that is to be wiped, we can engage a professional data destruction partner to securely erase the entire device.
If it's paper based, we use in-house micro-cross-cut shredders which are emptied into secure paper waste bins which are taken off-site and used to be recycled into new clean paper.