Xoralia privacy policy
Introduction
Xoralia is a software product owned by Content Formula Limited (and these terms apply).
This site is owned by Content Formula. We have put in place this Privacy Policy to tell you about how we collect, use and disclose information that you actively provide us with through use of our site. This Privacy Policy also concerns the collection, use and disclosure of information that may be collected passively whilst you use our site. Please read this privacy policy carefully before using our site and before submitting any information about yourself.
This privacy policy is issued by Content Formula Limited (Content Formula, “us”, “we”, “our”, “ours”) and is addressed to individuals outside our organisation with whom we interact, including customers and their staff, website visitors, users of our software (for example Xoralia and Lightspeed), suppliers and job applicants (“you”, “your”).
This privacy policy details our practices concerning the collection, use, and sharing of your personal information. By accessing or using any of our services, you signify your understanding and acceptance of the collection, processing, and use of your personal data as described in this policy.
This privacy policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this privacy policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this privacy policy. This privacy policy was last updated in May 2024.
For the purpose of the General Data Protection Regulation (“GDPR”), the data controller is Content Formula Limited.
Collection of personal data
We may collect the following personal information:
- Identity data: first name, last name, username.
- Contact data: company name, email address and phone numbers (NB wherever possible we encourage you to share your business contact data, not personal contact data), notice to unsubscribe from a mailing list and data related to such unsubscription.
- Technical data: your IP address, browser type and version, time zone setting and location, operating system, and other technology on the devices you use to access this website and our web-based software, links you have clicked on emails or websites, pages you have visited, content you have viewed, emails you have opened, event timestamps (e.g. for access events, open events, click events).
We collect this data:
- when you contact us and provide your personal data via our website, telephone, email, social media.
- in the course of our relationship with you and/or your organisation
- from sources where you have made this personal data public (e.g. on social media);
- when you visit our websites;
- when you visit third party partners of ours such as social media channels
- when you subscribe to any of our software or services
- when we meet you in person at conferences, events, meetings
- when your data is passed to us by a referrer such as a friend, acquaintance, colleague or ex-colleague.
- we may also receive personal data about you from your employer, your contracting organisation, you as a sole trader (collectively “employer”) if that employer is one of our customers, suppliers or partners.
- in some cases, we may also collect personal data from public registers (e.g. from the company registers).
- we also create personal data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us.
Purposes of processing personal data
Purpose | Personal data | Legal basis |
---|---|---|
Management of a relationship with you as an employee or contractor of one of our customers, suppliers or partners. |
|
Our legitimate interest in managing the relationship with you or your employer to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR), and/or The processing is necessary in connection with a contract that you or your has entered into with us, or to take steps prior to entering into a contract with us (Article 6.1b of the GDPR) |
Sending of newsletters, including marketing that we believe will be relevant to you or your employer |
|
Content Formula's legitimate interest in being able to inform you or your employer about our products and services and to market these to you or your employer, and maintain records of your subscribe status to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR). |
Management of in-person or virtual events organized by us or in cooperation with our partners. |
|
Content Formula's legitimate interest in managing events, to the extent that such legitimate interest is not overridden by the interests, fundamental rights or freedoms of the relevant data subjects (Article 6.1f of the GDPR) |
Improving and updating our services, software, systems and websites |
|
Content Formula's legitimate interest in improving and updating our services, software, systems and websites, to the extent that such legitimate interest is not overridden by the interests, fundamental rights or freedoms of the relevant data subjects (Article 6.1f of the GDPR) |
Maintaining records of sales, finance and customer relationship management. |
|
Content Formula's legitimate interest in maintaining records of sales, finance and customer management, to the extent that such legitimate interest is not overridden by the interests, fundamental rights or freedoms of the relevant data subjects (Article 6.1f of the GDPR) |
Complying with our legal and regulatory obligations under applicable law |
|
The processing is necessary to fulfil our legal obligations (Article 6.1c of the GDPR). |
Establishing, exercising and/or defending legal claims: managing legal claims; establishing facts and claims (including collection, review and production of documents, facts, evidence and witness statements), and exercising and defending legal rights and claims (including formal legal proceedings). |
|
Content Formula's legitimate interest to establish, exercise and/or defend our legal rights, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR). |
Engaging in recruitment activities (receiving CVs, interviewing, analysing suitability for the relevant position, and recording hiring decisions, offer details and acceptance details). |
|
The processing is necessary to fulfil our legal obligations, especially in respect of applicable employment law (Article 6.1c of the GDPR), Content Formula’s legitimate interest in carrying out its recruitment activities and handling job applications (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms) (Article 6.1f of the GDPR); and/or We have obtained your prior consent for the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way) (Article 9(2)a of the GDPR). |
Disclosure of personal data
We may disclosure your personal data to the following categories of recipients:
Recipient type | Purpose and legal basis | Personal data |
---|---|---|
Our third-party service providers (processors acting on our behalf and under our instructions) for example in the areas of IT hosting or cloud service providers (e.g. support tracking and ticketing system). | To fulfil our contractual obligations to you (Article 6.1b of the GDPR) and for the administration of our business needs, to the extent that such legitimate interest is not overridden by their interests, fundamental rights or freedoms (Article 6.1f of the GDPR) |
|
Our third-party service providers (processors acting on our behalf and under our instructions) for example in the areas of cloud service providers (e.g. CRM, web analytics) | Content Formula's legitimate interest in maintaining records of sales, finance, marketing and customer management, to the extent that such legitimate interest is not overridden by the interests, fundamental rights or freedoms of the relevant data subjects (Article 6.1f of the GDPR) |
|
Licensors for products and services resold by Content Formula | Content Formula’s legitimate interest in managing agreements with licensors, e.g., for the licensor to know who the end customer is and their contact person for administration and marketing purposes to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR). |
|
Legal and regulatory authorities, courts, law enforcement, legal representatives | To fulfil our legal obligations (Article 6.1c of the GDPR) and to protect our interests in law. Our legitimate interest in managing cooperation agreements (Article 6.1f of the GDPR). |
|
Buyers (and their advisers and representatives) of our business (whether we sell it in whole or in part) | Content Formula’s legitimate interest is in being able to carry out sales of the entirety or parts of the business to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR). |
|
Data security
Content Formula ensures that your personal data is handled in accordance with appropriate technical and organisational security measures to protect against illicit or unauthorised access to said information as well as destruction, loss, alteration, unauthorised disclosure and other unlawful or unauthorised forms of processing, in accordance with applicable law. At Content Formula, we only handle necessary information, and only by those who need it in order to provide the best service to our customers, suppliers and other people who come into contact with Content Formula.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although Content Formula will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any personal data that you send to us are sent securely.
Data retention
We will retain your personal data only for as long as is necessary for the purposes set out in this privacy policy.
Cross-border data transfers
Because of the international nature of our business, we may use international suppliers and service providers (the categories of which are listed above), whose personnel or systems may be located outside jurisdictions where GDPR applies, resulting in the transfer of your personal data to third countries. In these cases, we will take steps to ensure that your personal data receives an adequate level of protection, such as entering into appropriate data transfer agreements incorporating standard contractual clauses or an alternative mechanism for the transfer of data as approved by applicable regulators or legislators. For transfers of personal data between the UK and EEA, we rely on mutual adequacy decisions.
You have a right to request a copy of any data transfer agreement under which your personal data is transferred, or to otherwise have access to the safeguards used by contacting us. Any data transfer agreement made available to you may be redacted for reasons of commercial sensitivity.
Third-party Links
Our service may contain links to third-party sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
Your rights
Under GDPR, you have various rights including the:
- Right to be informed.
- Right to access.
- Right to rectification.
- Right to erasure.
- Right to restrict processing.
- Right to data portability.
- Right to object.
- Right in relation to automated decision making and profiling.
To exercise any of these rights, please contact us at [email protected]