Privacy and Cookies Policy for the Internet Service

Your Personal Data Controller is:

XTM International Ltd, a company incorporated in England and Wales with registered number 04217452 whose registered office is at C/O Azets Burnham Yard, London End, Beaconsfield, Bucks, United Kingdom, HP9 2JH

You may contact the Personal Data Controller in matters related to your personal data by:

• electronic mail: privacy@xtm.cloud
• traditional mail: C/O Azets Burnham Yard, London End, Beaconsfield, Bucks, United Kingdom, HP9 2JH

Below you will find information about the categories of data, the purposes of data processing, the legal basis for data processing and the time of data processing by the Personal Data Controller in connection with the use of the Internet Service and initiated remote contact with the Personal Data Controller:

• Identification data, that is data provided in the registration form on the Internet Service, i.e. e-mail address, name and family name, telephone number; to provide Services which require the creation of the Account, we process your data specified in the Account, including data on implemented services and paid services  – the legal basis for data processing is Article 6(1) letter b of the GDPR and UK GDPR (processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before concluding the contract – create an account); and also Article 6 (1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is the possibility of determining, pursuing and enforcing claims and defending against claims at the pre-litigation stage, in court proceedings and before other enforcement authorities). The data will be processed for the duration of the contract and for the period of limitation of claims arising from the contract.
• Data provided in connection with the provision of services which do not require that you create the Account, that is to use chat or other Services and to contact in relation with the use of the contact form – the legal basis for data processing is Article 6 (1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is the possibility of answering in connection with initiated contact). Such data will be processed for the duration of the response or other notification process.
• Data provided in connection with browsing the website of the Internet Service, related to your activity in the Internet Service, the amount of time spent on the website of the Internet Service on each subpages, your search history, i.e. information about the content you are viewing, data on the session of your device, system operating, browser, location, unique identifier, IP address – the legal basis for data processing is Article 6(1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is keeping statistics on the use of individual functionalities of the Internet Service, facilitating the use of the Internet Service and ensuring IT security of the Internet Service). The data will be processed for the period indicated in the General Information about the Cookies (below) or until an objection to data processing is raised. Data on users not logged in are stored for a period of time corresponding to the life cycle of Cookies stored on devices or until they are deleted on the user’s device by the user.
• Data provided in connection with the performance of the provision of Services Contract and allow to use functionalities that require the creation of an account, i.e. translation projects management, customers and translator base management, ordering a translation, payment information management, users communications, we process personal data provided by you and forms as well as data regarding your activity on the Internet Service, i.e. data concerning the Services you are viewing, as well as session data, your device, and operating system, browser, location, and a unique ID. The provision of some data is a prerequisite for using certain Services and account functionality (mandatory data). Our system automatically marks mandatory data. As a consequence of your failure to provide such data, we will not be able to provide certain services and functionalities of the Account. Contrary to data marked as mandatory, providing other personal data is voluntary – the legal basis for data processing is Article 6 (1) letter b of the GDPR and UK GDPR (processing is necessary for the performance of a contract to which the data subject is a party), Article 6 (1) letter c  of the GDPR and UK GDPR (processing is necessary for compliance with a legal obligation to which the Personal Data Controller is subject) and Article 6 (1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is the possibility of establishing, pursuing and enforcing claims and defending against claims at the pre-litigation stage, in court proceedings and before other enforcement authorities). The data will be processed for the duration of the contract for the period of limitation of claims arising from the contract and for 5 years from the end of the calendar year in which the tax payment deadline expired (which applies to paid services).
• Data provided by you in complaints, claims and requests or in order to answer questions in a form other than via the contact form, and data contained in documents attached to complaints, claims and requests – pursuant to Article 6 (1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is the consideration of complaints, claims and requests, and responding to user requests). The data will be processed for the period of handling complaints, requests, complaints or providing a response and for the period of limitation of claims in connection with a complaint.
• Data provided by you in forms, in order to conduct market research and opinion polling by us. We do not use data collected as part of market research and opinion polls for advertising purposes – the legal basis for the processing of personal data is Article 6(1) letter f of the GDPR and UK GDPR (processing is necessary for purposes arising from legitimate interests pursued by the Personal Data Controller or by a third party, which is market and opinion research about the Personal Data Controller). The data will be processed until an objection to data processing is raised pursuant to art. 6 (1) letter f. GDPR and UK GDPR. An objection may be made at any time.
• Data provided by you in connection with the marketing of our Services, including the newsletter service and remarketing we process personal data provided by you on the creation of your Account and its updates, data about your activity on the Internet Service including activity recorded and stored via cookies, in particular the history of activity, ordered services, search history, clicks on the Internet Service, history and your activity related to our communication with you. For remarketing, we use data about your activity in order to reach you with our marketing messages outside of the Internet Service, and for this purpose, we use the services of external suppliers. These are based on displaying our messages on web pages other than within the Internet Service. Further details are available in provisions regarding Cookies. The legal basis for the processing of personal data is Article 6(1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is marketing products and services). The data will be processed until an objection to data processing is raised pursuant to art. 6 (1) letter f. GDPR and UK GDPR. An objection may be made at any time.
• Data provided by you in connection with Personal Data Controller social media profiles, such as: Facebook, Linkedin, X.com (formerly Twitter), Vimeo, Instagram and YouTube – such data is co-administered by XTM International Ltd and a social networking site. The legal basis for data processing is Art. 6 (1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is correspondence on or through social networking sites and marketing activities). The data will be processed until an objection to data processing is raised pursuant to art. 6 (1) letter f. GDPR and UK GDPR. An objection may be made at any time.

Your personal data regarding preferences, behaviors, and selection of marketing content may be used as a basis for making automatic decisions to determine the sales possibilities of the Internet Service.

We transfer your personal data to the following categories of recipients:

• State authorities, e.g. prosecutor’s office, Police, President of the Office of Personal Data Protection, President of the Office of Competition and Consumer Protection, if they request so, service providers that we use to run the Internet Service and entities supporting the business activities of the Personal Data Controller. Depending on contractual arrangements and circumstances, these entities act on our behalf or define the purposes and methods of data processing by themselves.

If, as part of the provision of services by the Administrator, data will be transferred outside the European Economic Area (EEA) or UK, the Personal Data Controller will ensure an appropriate level of data protection, in particular in the form of standard contractual clauses in concluded contracts.

Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:

• In the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the GDPR and UK GDPR.
• In the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR.
• There are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you, or
• A specific exception applies under relevant data protection law

You can request information on the security measures applied and a copy thereof by sending a request to privacy@xtm.cloud.

Based on the GDPR and UK GDPR, you have the right to:

• Request access to your personal data;
• Request rectification of your personal data;
• Request erasure of your personal data;
• Request restriction of personal data processing;
• Object to the processing of personal data;
• Request portability of personal data;
• Lodge a complaint with the supervisory authority.

Personal Data Controller will provide you, without undue delay and in any case within one month of receiving the request, with information about actions taken in connection with your request.

Before mentioned one month period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In any event, the Personal Data Controller will inform you of such an extension within one month of receiving the request, giving the reasons for the delay.

If you wish to submit a data subject access request please click on the link below:
Data Subject Access Request

You have the right to obtain from the Personal Data Controller confirmation as to whether your personal data are being processed.

If the Controller is processing your personal data, you have the right to:

• Acquire access to personal data;

• Obtain information about the purposes of the processing, categories of personal data being processed, data recipients or categories of recipients, the envisaged period for which the personal data will be stored or the criteria used to determine that period, information about your rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the data source,automated decision-making, including profiling, and security measures used in connection with the transfer of these data outside the European Union;

• Obtain a copy of your personal data.

If you want to request access to your personal data, please submit your request to privacy@xtm.cloud.

You have the right to request the Personal Data Controller to immediately rectify your personal data that is incorrect, including to supplement it (if the data is incomplete).

If you want to correct your personal data, please submit your request to privacy@xtm.cloud.

You have the right to request the Personal Data Controller to erase your personal data when:

• Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• You have withdrawn your specific consent to the extent to which personal data were processed based on your consent;
• Your personal data have been unlawfully processed;
• You have objected to the processing of your personal data for the purpose of direct marketing, including profiling, to the extent to which the processing of personal data is related to direct marketing;
• You have objected to the processing of your personal data in connection with the processing necessary to perform the task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Personal Data Controller or a third party.
• Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Personal Data Controller is subject;

If you want to request the erasure of your personal data, please submit your request to privacy@xtm.cloud.

You have the right to request the restriction of your personal data processing when:

• You contest the accuracy of your personal data – the Personal Data Controller will restrict the processing of your personal data for a period allowing to verify data accuracy;
• The processing of your personal data is unlawful, but you oppose their erasure and request the restriction of their use instead;
• Your personal data are no longer needed for the purposes of the processing, but they are required for the establishment, exercise or defense of your legal claims;
• You have objected to the processing of your personal data – pending the verification whether the legitimate grounds of the Controller override your grounds mentioned in your objection.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing shall be informed by the Personal Data Controller before the restriction of processing is lifted.

If you want to request the restriction of your personal data processing, please submit your request to privacy@xtm.cloud.

You have the right to object at any time to the processing of your personal data, including profiling, in connection with:

• The processing necessary to perform the task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Personal Data Controller or a third party;
• Processing for direct marketing purposes.

If you want to object to the processing of your personal data, please submit your objection to privacy@xtm.cloud.

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit them to another personal data controller.

You may also request the Personal Data Controller to transmit your personal data directly to another controller (where technically possible).

If you want to request the personal data portability, please submit your request to privacy@xtm.cloud.

If the Personal Data Controller processes your data on the basis of consent (Article 6 (1) letter a of the GDPR), you may withdraw your consent to the processing of your personal data at any time.

Withdrawal of consent to the processing of personal data does not affect the legality of the processing based on your consent before its withdrawal.

If you want to withdraw your consent to the processing of your personal data, please submit your request to privacy@xtm.cloud or use appropriate functionalities in the Account.

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, your place of work, or place of the alleged infringement.

The [UK’s] Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 111

https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-pl

While browsing the pages in the Internet Service, cookie-files are used, hereinafter referred to as the Cookies, i.e. small text files stored in your terminal device in connection with the use of the Internet Service. Their use is aimed to ensure the correct operation of pages in the Internet Service.

These files allow us to identify the software that you use and tailor the Internet Service to your individual needs.

Cookies usually contain the name of the domain from which they originate, their storage time on the device, and the assigned value.

While browsing the pages in the Internet Service, cookie-files are used, hereinafter referred to as the Cookies, i.e. small text files stored in your terminal device in connection with the use of the Internet Service. Their use is aimed to ensure the correct operation of pages in the Internet Service.

These files allow us to identify the software that you use and tailor the Internet Service to your individual needs.

Cookies usually contain the name of the domain from which they originate, their storage time on the device, and the assigned value.