Go to US Site

Privacy

GDPR – STATEMENT OF POLICY

The new EU General Data Protection Regulation comes into force on 25th May 2018. Xe2 are fully aware of the requirements and this statement of policy communicates how Xe2 will be compliant.

Xe2 provide email communication to and from a message platform that is highly secure and that provides data management services for businesses. This includes Exchange email, CRM, Archive solutions, and Mobile device supply and management.

Xe2 go to market through Direct customers and through Reseller channels.

In the context of GDPR, XE2 are a Data Processor, and the lawful basis for processing personal data is Legitimate Interest.

Whether a Direct Customer or a Reseller of our services; each customer that contracts to use our system is required to appoint an administrator of their Xe2 account, that Company then becomes the Data Controller for their users. In order to ensure the system provides an efficient service, the following information is required for the Administrator.

Company Name and Address, First and Last Name, a phone number, an E-mail Address, a Customer Code, a default password, a Mobile Number, and a Fax Number.

Administrators control the information for their end users, and in the context of a Reseller, their customers and end users. End users need to be allocated an email address by the Data Controller.

This Information is used to;

• Provide Xe2 services to the Company and end users
• Provide an invoice for usage of Xe2 services
• Provide notifications regarding Xe2 services
• Provide technical support for our services to the Company

Information that is transmitted.

With regard to each of the email messages and attachments that are processed through our email system and not deleted, that data will be stored in our Microsoft Exchange platform within a fortress data centre, located in Slough UK. User email delivery travels through our Symantec partner, who provide our anti-virus and anti-spam engines, and who log the following information in order to fulfill our services;

• Sending email address
• recipient email address
• date and time
• subject
• attachment names
• mail server IP Address

Marketing Information

Some personal information is collected when Xe2 process end user enquiries about our products or services from our web site. Xe2 asks for information about yourself, your name, your e-mail address and details of your enquiry in order to respond. Until advised otherwise, your enquiry is tagged as opted in and may receive further marketing communications.

However, we will not share your information with other third parties where we have not received your permission to do so.

Cookies are not used on the website and no personal data is collected in this way.

Data Protection and Security

Under GDPR, data breaches will need to be reported to the Commissioner’s Office within 72 hours of discovery by the Data Controller. Data processors will need to ensure they communicate any breaches or compromises of data to the Data Controller as soon as possible.

Xe2’s commitment to their customers to act responsibly as a data processor is covered in the terms and conditions agreed and are covered in our Data Protection and Privacy Policy. Copies are available on request to enquiries@xe2.co.uk

In summary;

• End users data is owned exclusively by the end user
• Xe2 will never use end users data or make end users data available to any third party
• Xe2 ensures the privacy of end users data by utilising industry best practices for security such as password protection, data encryption and secure networks
• Xe2 ensures the safety of end users data through frequent backups to give full disaster recovery
• Provisioning data is stored using secure, highly available Microsoft SQL servers in our Slough Data centre
• Any transfer of sensitive data, such as credit card information, as appropriate, is accomplished over a secure network using secure socket layers (SSL)

If there are further questions, please email dataprotection@xe2.co.uk or alternatively, for more information on GDPR legislation please visit the Information Commissioners Office website at:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

Our Products