On 25 May 2018, the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) comes into force. 4X Solutions (UK) Ltd, a limited liability company registered and incorporated under the Laws of the United Kingdom (the “Company”, “4X”, “we”, “us”, and “our”), is dedicated to maintaining your trust by explaining to you what, why and how we process your personal data. We have our registered office located at Sterling House, Fulbourne Road, Walthamstow, London, England, E17 4EE, and are identified with company registration number 07098728.
We respect and protect your privacy interests and we are taking seriously your rights in the protection of your personal data. Any question you might have for us in this respect may be addressed to our dedicated e-mail address support@ 4xsolutions.com or may be addressed by means of postal mail to our registered office. You may also contact us using the “Contact Us” form available directly on the Website.
4X is a limited liability company, registered and incorporated under the Laws of the UK.
We are providing our clients’ SaaS services. Our Services are being promoted by carefully selected partners. You may benefit from our Services after enrolling as a client through our Website.
Our “Website” refers to www.4xsolutions.com, and provides a description of us, our Services, and gives access to the Client Portal. After your enrolment as a client, you may use the Client Portal also for your correspondence with us as the portal will store all communications between us and you related to the email registered with us for your client account, along with managing your services. Other features may be added to the Client Portal later and you shall be informed accordingly.
“Personal data” means any information relating to an identified or identifiable natural person, such as, but not limited to, first and last name, date of birth, email address, address, payment card details, trading account details.
By visiting the Website, by using our Services and the Client Portal or otherwise providing your personal data to us, you agree to the collection, use, and sharing of your personal data under this Privacy Notice.
2. CHANGES AND UPDATES
We are aware that the protection of personal data is an ongoing responsibility and we engage to update this Privacy Notice, as necessary, in case of new personal data practices or changes in the privacy policies. All updates and changes are effective immediately upon notice, which we will give by any means, including without being limited to, posting a revised version of this Privacy Notice on the Website or sending a notice by email. We encourage you to check from time to time the Website and the email address registered with us for your client account to see the updates to this Privacy Notice and any changes that could have an impact on you.
The provisions contained in this Privacy Notice supersede all previous notices or statements regarding our privacy practices.
3. 4X COLLECTS PERSONAL DATA DIRECTLY FROM YOU
We collect personal data directly from you when you decide to use our Services and to enroll as a client of ours when you call or email us, or otherwise provide your personal data directly to us.
As part of the enrolment process, you have to fill in personal details in order for us to provide some services to you.
Through the Application Process available within the Client Portal, we are collecting personal data about you such as your name, your email address, your date of birth, your address, phone number, payment card details.
When you correspond with us by email, postal service, or use another form of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry/concern or to keep a record of your such inquiry/concern, the reply provided by us, and the like.
4. 4X MAY COLLECT YOUR PERSONAL DATA AUTOMATICALLY
When you browse our Website or use the Client Portal, we may collect your personal data such as (i) your IP address, (ii) your devices browser and operating system, (iii) the region or general location from where your computer or devices accessed the internet, (iv) usage information about the way you use the Website, including a history of the pages you visited, (v) language preferences, (vi) security login. We may collect the personal data through the use of log files (when visiting the Website) or cookies (on the Client Portal).
5. 4X COLLECTS YOUR PERSONAL DATA FROM OTHER SOURCES
We may obtain your personal data from other sources such as public databases, social media platforms, our business partners. We take steps to ensure that such parties are legally permitted to disclose such personal data to us.
We may use this personal data in combination with other information (including personal data collected directly from you) to know more about you, to provide you the Services, or to inform you about new products/services that may be of interest to you.
6. 4X PROCESSES YOUR PERSONAL DATA FOR SPECIFIC PURPOSES OF PROCESSING AND ONLY ON LEGAL GROUNDS
We process your personal data only for specific purposes: to give you access to and to perform our Services, for client administration, to communicate with you about new products/services in the portfolio of the Company that may be of
interest for you, to deliver other benefits or opportunities associated with your client status, to inform you about legal and regulatory changes having an impact on our relationship, and to comply with our legal obligations.
Depending on the relationship you have with us, we will process your personal data if you consent to the processing, if necessary for us to comply with legal obligations that we are subject to, if necessary for the performance of any contract we entered with you, or in order to take steps at your request prior to entering into a contract with you, or for the purposes of our legitimate interests that do not override your interests and fundamental rights and freedoms.
More specifically, we use your personal data for the following purposes:
- to provide you products, offers, and services;
- to help us create, develop, operate new products/services and send you, from time to time, information and promotional content about such new products/services or new features of existing products/services in our portfolio or offered by our carefully selected business partners, in accordance with your marketing preferences;
- to send you alert messages from time to time: we may inform you of temporary or permanent changes to our Services, our terms, conditions, policies, new features, updates or changes to the Privacy Notice, etc.
- to communicate with you about your client account and provide customer support, and to answer your questions or respond to your requests;
- to meet legal requirements, including complying with court orders or regulatory investigations, subpoenas, or other lawful legal actions and request of public authorities;
- to provide information to representatives and advisors, including attorneys, accountants, and business consultants, to assists us in complying with the applicable legal and regulatory requirements;
- to manage our Website;
- to improve the Services offered to you: for example, we may use your personal data for internal purposes such as data analysis and research;
- to enforce an agreement we have with you, or in case of need to protect our rights, property or safety, or to protect the rights, property or safety of our personnel or others, or to otherwise manage our business;
- to address disputes and claims, or to prosecute and defend in the court or similar proceedings;
- to protect against or identify possible fraudulent actions;
- to transfer your personal data in case of a sale, merger, consolidation, liquidation, reorganization, or acquisition; in such case, the relevant acquirer will have the same obligations as in this Privacy Notice in relation to your personal data; we will send you information of the change either by email or on the Website.
In case we would intend to further process your personal data for an incompatible purpose to the ones mentioned above, we will provide you information on such other purposes and any relevant information prior to such further processing.
If the processing carried out by us is necessary for the performance of the contract or to take steps at your request prior to entering into a contract with us, and you wish to not provide us with your personal data, you understand and accept that we will not be able to provide you the Services.
7. DIRECT MARKETING
We will contact you only by electronic means (email or SMS) to inform you about other products and services that are similar to those previously engaged in a contract with you or negotiated as a sale to you. Such marketing communication may be sent in relation to products and services in the portfolio of the Company or supplied by our subsidiaries, affiliates, and sister companies, associates, or carefully selected business partners. Direct marketing shall include any communications to you based only on advertising or promotion of products and services.
Your consent for the use of your personal data for marketing purposes will be retained in the contract you enter with us when enrolling as a client of the Company. You can also choose not to receive marketing communications when signing the contract with us. You can also change your mind (opt-out) at any time and free of charge. If you want to not receive
promotional emails from us further on, you may send an email at email@example.com with the title “no marketing” or you may “unsubscribe” directly in the marketing communication received.
In case you choose not to receive any marketing information, you understand and agree that no-fault will be retained for us in not-informing you of products and services that could potentially be of interest to you.
If you are not our client yet, we will contact you for marketing purposes only if we have your consent for such communications.
8. 4X MAY SHARE PERSONAL DATA WITH OTHERS
Our relationship is built on trust and we do not sell your personal data to any company. Your personal data is collected stored by us in association with your client agreement and your account on the Client Portal.
We may share your personal data with third-parties as follows:
- if you request or authorise such sharing;
- to third-party service providers performing business operations on our behalf, including for fraud prevention and monitoring; we will provide them only the information they need to perform the services requested by us, and we require them to enter into an agreement with us and to ensure a high level of security for your personal data and to not use it for any other purpose (for example, we may share your personal data to a provider hosting our Website and/or email or deliver communications to our clients);
- to carefully selected partners for joint promotions or other programs that we believe may be of interest for you; to courts and/or public authorities to comply with our legal obligations;
- to advisors, auditors, attorneys, accountants and other business consultants to assists us in complying with the applicable legal and regulatory requirements.
We may share aggregated and/or anonymous information that does not identify you for business purposes of the Company.
9. COOKIES AND OTHER TECHNOLOGIES
We and our third-party service providers may use various cookies to collect and store information when you use the Client Portal to manage the portal, to personalise your experience, to verify your account, etc. Cookies are essential for the functionality of the Client Portal and it is used to identify you as a client. You may choose not to agree to the use by us of cookies and in such case, you agree that you will not be able to use the Client Portal (you will be redirected).
The Website/Client Portal does not track users when they cross to third-party websites, does not provide targeted advertising to them, and therefore does not respond to Do Not Track (DNT) signals.
In case we may use other technologies such as pixels and web beacons, you will be informed accordingly. For more information, please see our Cookies Policy.
10. 4X DOES NOT TRANSFER PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
We do not transfer your personal data to entities outside the EEA. In case such transfer would be necessary so that you benefit from our Services, you will be adequately informed of such transfer and suitable safeguards will be applied to protect the privacy and security of your personal data and its use in accordance with the practices described in this Privacy Notice.
11. 4X ENSURES THE PROTECTION OF YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
4X ensures that your rights in respect of personal data are well observed. We encourage you to submit any individual rights requests through your account in the Client Portal that ensures your authentication as a client. Otherwise, we may take steps to verify your identity when receiving an individual rights request before complying with your request regarding your privacy rights.
- Right to access your personal data. You have the right to obtain from us confirmation as to whether or not your personal data are being processed and where is the case, to request information such as the purposes of the processing, the categories of personal data processed by us, the persons/entities outside 4X having access to your data, the source of the information (if we received your data differently than directly from you), duration of the storage, the existence of automated decision-making, including profiling.
- Right to rectification. You have the right to obtain from us without undue delay the rectification of your inaccurate personal data.
- Right to erasure. You have the right to obtain from us the erasure of your personal data without undue delay if your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed if it was collected based on your consent and you withdrew your consent later on if it was collected in relation to processing activities to which you object and there are no overriding legitimate grounds for our processing. If we have made your personal data public and we are obliged to erase the personal data, we will take reasonable steps, including technical measures, to inform other parties that are processing your personal data that you have requested the erasure of any links to, or copy or replication of your personal data, taking account of available technology and the cost of implementation.
- Right to withdraw consent. You have the right to withdraw your consent for the processing of your personal data collected on the basis of your consent, at any time. Such withdrawal will have no effect on the lawfulness of our processing based on your consent before your withdrawal.
- Right to restriction of the processing. You have the right to restrict or object to us processing your personal data if you contest the accuracy of your personal data (for a period enabling us to verify the accuracy of your personal data) if the processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead if we longer need your personal data for the purposes of the processing, but they are required by you to establish, exercise or defense of legal claims, if you have objected to processing, pending the verification whether our legitimate grounds of processing override your rights.
- Notifications. We will communicate to you any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed unless this proves impossible or involves disproportionate effort. We will inform you about such recipients if you request us this information.
- Right to data portability. You have the right to receive from us your personal data in a structured, commonly used, and machine-readable format or have us transfer your personal data to another controller (where technically feasible). This shall apply in relation to the personal data we processed based on your consent or on a contract with you, or when the processing is carried out by automated means. The controller shall mean a natural or legal person, public authority, agency, or other body that, individually or jointly with other parties, determines the proposes and means of the processing of your personal data.
- Right to object to processing. You have the right to object at any time to the processing of your personal data where the processing is based on your consent, contract with us, or our legitimate interest. We may continue to process such data is necessary for the defense of legal claims, for complying with our legal and regulatory obligations, or for any other cases permitted by the applicable law.
- Automated individual decision-making, including profiling. You have the right to obtain human intervention on our part and to express your point of view and/or to contest the decision where you are the subject based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you. You have the right not to be subject to such automated-decision, save for the exceptions applicable under relevant data protection laws.
- Right to lodge a complaint. If you consider we have infringed your rights, we encourage you to contact us at firstname.lastname@example.org so that we have the opportunity to solve the issue informally and in a prompt manner. In any case, you may file a complaint with the supervisory authority.
12. 4X HAS IN PLACE ADEQUATE SAFEGUARDS FOR SECURING AND STORING YOUR PERSONAL DATA
We are using generally accepted standards to store and protect your personal data, both during collection and after for storage, including using encryption where appropriate. Your personal data is collected and stored on our behalf by a third-party provider (processor) and on the servers of the cloud-based database management services engaged by such provider, located in the United Kingdom while the backup (encrypted) is stored in Ireland.
The third-party service provider is required by us by means of a written agreement to comply with relevant data protection legislation and security requirements in relation to your personal data.
We take reasonable and appropriate measures to protect your data from loss, misuse, or alteration. We use technical, administrative, and psychical procedures designed to ensure the security of your personal data. We are constantly working on improving our security measures, including by:
- implementing data privacy compliance procedures;
- verifying and updating the security technology from time to time;
- restricting the access to your personal data to only those employees and third-party service providers that need to know your information; our personnel are being constantly trained about the importance of the privacy and security of your personal data and disciplinary measures will be applied in case of violation; in our agreements with our third-party service providers we are requiring provisions to oblige them to ensure a high level of protection for your data;
- minimizing the personal data that we are collecting;
- regular backups and encryption of your data.
Your account on the Client Portal requires an email address and password to log in. You must keep such information secure and never disclose it to third parties. Your account password is encrypted, and we cannot see such a password, we cannot resend the forgotten password and we are able only to reset the password to your account.
In case of a security breach, we will notify you as soon as possible, we will act immediately to remedy and minimize its consequences and we will send you a report of the actions we took in response.
The Company retains your personal data for the duration of the client’s business relationship with the Company and thereafter for a minimum period of six (6) months after our last interaction for legitimate legal or business purposes including:
- if required by law/regulations, contract, or similar obligations applicable to our business operations;
- if necessary, to preserve, resolve, defend or enforce our legal/contractual rights; or
- if needed to maintain adequate and accurate business and financial records.
13. 4X DOES NOT PROCESS PERSONAL DATA OF CHILDREN
Our products and services are available only for individuals over the age of 18 and are not targeted to, intended to be used by, or designed to entice individuals under the age of 18. If you know of or have reason to believe that an individual under the age of 18 provided us with any personal data, please contact us.
14. 4X HAS IN PLACE A CONTACT POINT
If you have any questions or comments, or if you want us to update, delete or change any personal data we hold about you, or you may have concerns about the way in which we have handled/are handling your personal data, please use our “Contact Us” form available in your account on the Client Portal, send us an email at email@example.com, or you can contact us by postal mail at Sterling House, Fulbourne Road, Walthamstow, London, E17 4EE, England
You may also contact us using the contact form available directly on the Website which will be transmitted to firstname.lastname@example.org as a guest inquiry.