Who we are
Xibo Signage Ltd’s registered office is at Curtis House, 34 Third Avenue, Hove, BN3 2PD. We are registered in England and Wales under company number 07811749.
We are registered on the Information Commissioner's Office (ICO) Register registration number Z3615050.
Xibo Signage Netherlands BV is a wholly owned subsidiary of Xibo Signage Ltd, incorporated and registered in The Netherlands with Kvk 80891101 whose registered office is at Blaak 520, 3011TA, Rotterdam, Netherlands. Customers contracting with Xibo Signage Netherlands BV do so under the same terms as Xibo Signage Ltd.
What we need
Xibo Signage Ltd will be what’s known as the ‘Controller’ of the personal data you provide to us for the purposes of enabling you to purchase products and services from us, and as a ‘Processor’ of personal data for customers choosing to host their CMS instances with us.
As a Controller, we only collect basic personal data about you which does not include any ‘special category’ types of information. This includes name, address, email, IP address and device hardware identifiers.
As a Processor, we host the Xibo application on your behalf. The instance of the Xibo CMS we host is for your sole use, and you have complete control over the data contained within it, and the persons authorised to access it. Our terms of service limit the personal data that you may hold in your CMS to those which fall outside the scope of ‘special category’ types (defined as race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life, or sexual orientation).
Why we need it
We need to know your basic personal data in order to provide you with the products and services you order from us, and to provide support to you for those products and services. We will not collect any personal data from you we do not need in order to provide and oversee these products and services to you.
What we do with it
As a Controller, all the personal data we process is processed by our staff in the UK, however for the purposes of IT hosting and maintenance, this information is located on servers within the European Union. We do use third party services to provide specific services to you, for example to provide payment processing (in respect of which we will need to share personal data relating to specific and recurring transactions) and accounting functions, IT hosting services and email gateways. In all cases, third parties are compliant with GDPR legislation and have been vetted as suitable for the uses we put their services to. Details can be provided upon request. We never share your data with third parties for the purposes of marketing or automatic analysis or processing.
Where you make a purchase of hardware from us, then we will share your personal data with the appropriate hardware fulfilment partner in order for them to dispatch the device to you. These partners are currently EV4 Ltd, based in the United Kingdom, or Hexspoor E-fulfilment, based in the Netherlands. We will share details of your hardware order with EV4 Ltd for the purposes of registering your device under their warranty scheme, and providing hardware support to you in the future.
We will also share your details with our delivery partners (currently DHL, UPS and GLS) who will use that information to deliver your hardware to you, and optionally to process your hardware through your local customs process, and/or provide you with insurance cover while your hardware is in transit to you. Delivery partners may need to contact you to collect any fees you have opted to pay directly to them for clearing customs.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data.
As a Processor, we use the personal data you input in to your CMS instance for the purposes of validating user access, sending alerts, and delivering the service for your users. Our staff do have access to your CMS instances for the purposes of providing support to you, however we never harvest personal data from your account. Your personal data will remain within the same region as you requested that we host your CMS instance. So for example, if you ask us to host your CMS instance in Sydney Australia, then CMS instance data will be held in Australia.
We do use some third party services to provide our services as a Processor to you, for example to provide IT hosting services and email gateways. In all cases, third parties are compliant with GDPR legislation and have been vetted as suitable for the uses we put their services to. We never share your data with third parties for the purposes of marketing or automatic analysis or processing.
We may be required to pass your data on to law enforcement or other similar third parties where there is a legal requirement for us to do so.
How long we keep it
We are required under UK tax law to keep your basic personal data (name, address, contact details) for each order you place for a minimum of 6 years after which time it will be destroyed. Where you have given consent for us to send you welcome emails, tips and tricks, product information and marketing messages, your information will be kept with us until you notify us that you no longer wish to receive these messages.
Where your account still holds active products or services regardless of how long ago they were originally purchased, we will continue to hold your data for the purposes of providing those products and services to you.
Where you opt to host your CMS with us, as a Processor, we will hold your CMS data on our systems for as long as you continue to maintain a contract for that with us. You are free to cancel your contract at any time, and can request that we delete your CMS instance directly from Customer Portal. If you do not renew your contract, your CMS instance will be automatically deleted 2 calendar months after its renewal date, and all information that was stored in it will be purged from our systems no later than 3 calendar months after that date.
Where you take a trial of our Cloud CMS service, demo accounts will be deleted 1 calendar month after they expire, and purged from our systems no later than 3 calendar months after that date.
Where hardware is shipped to you via Hexspoor E-fulfilment, they will retain that information for a period of 3 years before it is anonymised. It is then destroyed after 5 years.
A cookie is a small data file that is sent to your computer when you visit our website. When you visit again, the cookie allows us to recognise that its the same web browser coming back.
Some cookies are required to enable our website to work, for example to remember that you are logged in (a "session cookie") and so that we can remember the items you have put in your basket. Similarly, our Cloud hosted CMS instances rely on cookies to remember that you are logged in.
Other cookies are used for analytics purposes to understand things like how long you stay on our website, which pages you find useful, and how you arrived at our website. For this we use Google Analytics. To find out more about Google Analytics, please visit https://support.google.com/analytics/answer/6004245.
You can control which cookies you allow your browser to accept in your web browser settings. For more information, please visit http://www.aboutcookies.org.uk/managing-cookies.
We sometimes use other identifiers (such as pixels - small graphic images embedded in email) to track messages that we send to you to understand if they have been delivered and opened.
Xibo Signage Ltd takes your privacy very seriously and takes every reasonable precaution to protect and secure your personal data at all times. We do everything we can to protect you and your information from unauthorised access and utilise industry standard security measures including SSL, encryption, and strong authentication.
What are your rights?
You have the right to access, and to request information about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has or will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If at any point you believe the information we process on you is incorrect you may request to see this information and even have it corrected or deleted.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Points of contact (Article 27 Representative)
For customers in the United Kingdom, if you wish to raise a complaint about how we have handled your personal data, you can contact our support team (firstname.lastname@example.org) who will investigate the matter.
Alternatively you can write to: The Data Officer Xibo Signage Ltd Curtis House 34 Third Avenue Hove BN3 2PD
For customers inside the European Union, if you wish to raise a complaint about how we have handled your personal data, you can contact our support team (email@example.com) who will investigate the matter.
Alternatively you can write to: The Data Officer Xibo Signage Netherlands BV Blaak 520 3011TA Rotterdam The Netherlands