Privacy notice

This privacy notice explains the personal data we collect, what we do with it, who we share it with, how long we keep it for and what legal rights you have.

XYB Limited is part of the Monese Group. For all website visitors, XYB Limited is what is known as the data controller of your personal data. This means they're responsible for deciding how your personal information is used.

When we refer to "XYB", "we", "us" or "our" in this notice, it's a reference to the company mentioned above.

What data do we collect?

Your identity and contact data

This includes information about you (for example your name and company name) and your contact details. When you express an interest in obtaining information about us or our products and services or when you contact us, we collect the information that you voluntarily give us.

Analytics

This includes information about how you interact with our services. We collect this information automatically when you visit our website. Our use of cookies to help us achieve this is explained in our cookie policy.

What we do with your data

We only use your personal data in order to give updates on XYB and where there is a lawful basis to do so.

To fulfil our legal obligations, we may use your personal data to:

• Comply with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

With your consent, we will use your personal data to:

• Give you information about XYB products and services and other similar information and to market our services.

If we ask you for permission to process your personal data, you can refuse, or withdraw your permission at any time by contacting dpo@xyb.co . To withdraw your consent to receive marketing messages, you can do so by following the opt-out link contained in marketing emails.

Who we share your personal data with

We may share your data with organisations and partners that enable and improve the XYB services you use. This includes:

• Group companies.
• Any third party after a restructure, sale or acquisition of any XYB company or debt, as long as that person uses your information for the same purposes you originally gave it to us for.
• The providers of our IT services.
• Data analytics services.
• Any organisation that we are legally required to do so.
• Any organisations that enable the XYB services that you use.

How long we keep your personal data

We hold your personal data for only as long as necessary to fulfil the purposes we collected it. When we have no legitimate reason to keep your data, we will either delete or anonymise it.

Your rights

You have certain rights relating to your personal data:

The right to access personal data we hold about you

You may request access to all the personal data we hold about you. This is known as a 'subject access request'.

The right to have your personal data erased from our systems

You may request that we delete some or all of the personal data that we hold about you. This may not always be possible, as we are required by law to keep some information.

The right to have your personal data rectified

If you believe that any of the personal data we hold about you is inaccurate, you have the right to have it updated (for example, you may wish to update your personal or contact details).

The right to object to our processing of your personal data

You may object to, or request that we restrict the processing of your personal data (for example, you may withdraw your consent for marketing at any time).

The right to data portability

You may ask that we provide a copy of your personal data in a structured, commonly used and machine-readable format. You can request that we provide this to you directly, or that we transfer the data to a third party of your choosing.

To exercise any of these rights, simply submit a request to us by emailing dpo@xyb.co . We will aim to fulfil all requests within one calendar month.

Making a complaint

If you're unhappy about our management or use of your personal data, you may register your complaint by emailing dpo@xyb.co .

If we fail to resolve your complaint to your satisfaction, you may pursue your complaint via the relevant Data Protection Authority. For the UK this is the Information Commissioner's Office. Outside of the UK, you can contact the Belgian Data Protection Authority or your local Data Protection Authority.

If you have any questions or would like to know more, don't hesitate to contact our Data Protection Officer at dpo@xyb.co , or write to us at Eagle House, 163 City Road, London EC1V 1NR.

Changes to this policy

This policy was published on 01.05.2023. We may change this policy from time to time, when we do we will inform you via the privacy page on our website.