What type of personal information do we collect?
You may visit our site anonymously.
We collect information so that we can provide the best possible experience when you utilize our Services. Much of what you likely consider personal data is collected directly from you when you:
(1) create an account or purchase any of our Services (ex: order informations, name, email, paypal email or credit card number);
(2) request assistance from our customer support team (ex: name, email);
(3) complete contact forms or request newsletters or other information from us (ex: name, email); or
(4) participate in contests and surveys, or otherwise participate in activities we promote that might require information about you.
However, we also collect additional information when delivering our Services to you to ensure necessary and optimal performance. These methods of collection may not be as obvious to you, so we wanted to highlight and explain below a bit more about what these might be (as they vary from time to time) and how they work:
Login Informations are may collected when purchasing our Services, such as login email and password for website or layout hosting services. We do not share this informations with any third-parties. They are required to do the installation and upload process for you.
Cookies and similar technologies on our websites and our mobile applications allow us to track your browsing behavior, links clicked, items purchased, your device type, and to collect various data, including analytics, about how you use and interact with our Services. This allows us to provide you with more relevant product offerings, a better experience on our sites and mobile applications, and to collect, analyze and improve the performance of our Services. We may also collect your location (IP address) so that we can personalize our Services. For additional information, and to learn how to manage the technologies we utilize, please visit our Cookie Declaration.
Data about Usage of Services is automatically collected when you use and interact with our Services, including metadata, log files, cookie/device IDs and location information. This information includes specific data about your interactions with the features, content and links (including those of third-parties, such as social media plugins) contained within the Services, Internet Protocol (IP) address, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data, information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and error data, and some of this data collected might be capable of and be used to approximate your location.
How we collect personal information
We may collect personal information directly when you provide it to us, automatically as you navigate through the Sites or through other people when you use services associated with the Sites.
When you provide personal information to us via the Sites you’re consenting to us collecting and using that information in line with this policy and the user terms of each of the Sites. You are likely to provide personal information when you complete registration and buy or provide items or services on our Sites, subscribe to a newsletter, email list, submit feedback, enter a contest, fill out a survey, or send us a communication.
If you choose not to provide personal information, we may not be able to provide you with our services and you may not be able to carry out transactions or access the full range of features available through our Sites.
Personal information we collect about you from others
Although we generally collect personal information directly from you, we may on occasion also collect information about you from other people (such as the payment provider account details required to process a transaction) and by using tracking technologies such as cookies, web beacons and other web analytics software or services.
How do we use personal information?
We may use your personal information in order for us to:
– operate the Sites and provide you with services described on the Sites, like to verify your identity when you sign in to any of our Sites, to facilitate and process transactions that take place on the Sites, to respond to support tickets and to help facilitate the resolution of any disputes
– customise our services and websites, like advertising that may appear on the Sites, in order to provide a more personalised experience
– update you with operational news and information about our Sites and services like to notify you about changes to our Sites, website disruptions or security updates
– provide you with information that you request from us or, where we have your consent to do so, provide you with information about products and services which we feel may interest you
– carry out technical analysis to determine how to improve the Sites and services we provide
– monitor activity on the Sites, like to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the Sites
– manage our relationship with you, like by responding to your comments or queries submitted to us on the Sites or asking for your feedback or whether you want to participate in a survey
– manage our legal and operational affairs
– provide general administrative and performance functions and activities.
When may we disclose your personal information?
We may disclose personal information to people like:
– subcontractors and service providers who assist us in connection with the ways we may use personal information (as set out above)
– our professional advisers (lawyers, accountants, financial advisers etc)
– regulators and government authorities in connection with our compliance procedures and obligations
– a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase
– other people where we are authorised or required by law to do so.
We use a network of global subcontractors and service providers in order to ensure that we maintain the best possible service standards. Some of the subcontractors and service providers to whom we may disclose your personal information, like service providers who provide us with cloud storage solutions. In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
How do we store your personal information?
We store personal information on secure servers that are managed by us and our service providers, and occasionally hard copy files that are kept in a secure location. Personal information that we store is subject to security and access controls, including username and password authentication and data encryption where appropriate.
Databases are continuously backed up to enable restore to any point in time within a retention period of 35 days. Backups are stored on file storage at the same geographical location as the database.
No installation of software is required to use the Service. The login-protected Service Manager is accessible through a standard web browser, automatically using an encrypted https-connection for all communications between your browser and XLay’s server to protect any data from being intercepted during network transfers.
How do we protect your personal information?
XLay implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.
We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate.
We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records.
If you have any questions about the security or retention of your personal data, you can contact us at support@XLay.vision.
How can you access your personal information?
You can access some of the information that we collect about you by logging in to your account. You also have the right to make a request to access other information we hold about you and to request corrections of any errors in that information. You may also close the account you have with us at any time. To make an access or correction request use the forms below.
Access in detail, export data
You may at any time obtain confirmation from XLay as to whether or not personal data concerning you are being processed.
You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by XLay as spreadsheet files in Microsoft Excel-format. Logical relations between datasets will be preserved in form of unique identifiers.
Rectification of personal data
You may at any time obtain without undue delay rectification of inaccurate personal data concerning you.
Erasure of personal data
You may without undue delay request the erasure of personal data concerning you, and XLay shall erase the personal data without undue delay when one of the following applies:
Data retention policy
Account Data will due to tax regulations be retained for up to five full fiscal years from your cancellation of your Service account.
Configuration Data and System Generated Data will be erased immediately when you cancel the Service account.
End User Data will be erased on an ongoing basis after 12 months from registration, and immediately when you cancel the Service account.
Data retention for compliance with legal requirements
You cannot require XLay to change any of the default retention periods, except for the reasons for erasure, but may suggest changes for compliance with specific sector laws and regulations.
Data restitution and/or deletion
No data except Account Data will be retained after the termination of the contract. You may request a data copy before termination. You must not cancel the Service account until the data copy has been delivered, as XLay otherwise will not be able to deliver the data copy.
Cookies (not the type you eat!) and web analytics
Cookies are used to enhance your use of the Sites, such as remembering that you are logged in. You are able to minimise or block cookies using the privacy settings in your internet browser, but this may restrict your use of the Sites. For general information on cookies, see http://www.allaboutcookies.org.
When you visit our Sites, there’s certain information that’s recorded which is generally anonymous information and may not reveal your true super-hero identity. The fancy term for this is ‘web analytics information’, and we only use this information for statistical and website development purposes and to improve our services to you. If you’re logged into your account some of this information could be associated with your account. We’re talking about the following kinds of details:
– your IP or proxy server IP
– basic domain information
– your Internet service provider is sometimes captured depending on the configuration of your ISP connection
– the date and time of your visit to the website
– the length of your session
– the pages which you have accessed
– the number of times you access our site within any month;
– the size of file you look at
– the website which referred you to our Sites
– the operating system which your computer uses
See XLay’s Cookie Declaration at www.XLay.vision/cookie-declaration for information on the cookies we use.
EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).
If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information at the top of the page.
In order to enter into a contract regarding the purchase of XLay’s Service, you must provide us with the required personal data. If you do not to provide us with all the required information, it will not be possible to deliver the Service.
California Online Privacy Protection Act Compliance
Because XLay values your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute any personal information to outside parties without your consent except as stated in clause 6.
As part of the California Online Privacy Protection Act, all users of our website may make any changes to their information at any time by logging into their account and navigating to the “Account Details” page.
Children’s Online Privacy Protection Act Compliance
XLay is in compliance with the requirements of the Children’s Online Privacy Protection Act. We will not intentionally collect any information from anyone under 13 years of age. Our website, products and services are all directed at people who are at least 13 years old or older.
Do we disclose any information to outside parties?
XLay does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Microsoft has adopted the international code of practice for cloud privacy, ISO/IEC 27018.
XLay will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from XLay, XLay strives to limit the disclosure. XLay will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, XLay will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
Information you make public or give to others
XLay uses the extensive range of built-in logging features and audits trails provided by Microsoft. XLay also logs all system updates, configuration changes and access to provide an audit-trail if unauthorized or accidental changes are made.
You may request a data protection audit performed by an independent third party who is also accepted by XLay. You will pay €5,000 plus applicable taxes for an audit request along with €200 per hour XLay is spending in connection with the audit as well as any other costs related to the audit, including the auditor.
XLay will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.
Terms of Service
Please also visit our Terms of Service section establishing the use, disclaimers, and limitations of liability governing the use of our website at http://www.XLay.vision/terms-and-conditions
When we need to update this policy
We may need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices. When we do amend the policy, the changes will be effective straightaway. We’ll usually publish information about changes to be made to this policy on our Sites – but please be aware that it is your responsibility to check in and make sure you keep up to date with any changes to this policy.
How can you contact us?
If you have any questions about our privacy practices, please contact us at the support page and contact form.
If you have any concerns about how we have been managing your personal information, or if you think we have not been complying with privacy law, you can make a complaint. We will consider your complaint and contact you to resolve the matter.