PRIVACY POLICY.

Definitions
  • Account means a unique account created for You to access our platform or parts of our platform.
  • Platform is our (‘Xi’) technology platform used for all services or most of our services.
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to We Are Xi Limited, Unit 25, Riverside Business Park, Lyon Road, SW19 2RL.
  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to: United Kingdom
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to We Are Xi Limited , accessible from https://www.wearexi.com/
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
The pages on the website ("the website") are published by We Are Xi Limited ("us" or "we"). We Are Xi Limited ("us" or "we") will not collect any information about individuals, except where it is specifically and knowingly provided by them.

Examples of such information are:
- Your name
- Your mobile telephone number
- Your email address

The information collected will be used to send you the information you have requested and to provide information that may be useful to you. We may share non-personal aggregate statistics (group) data about our site visitors' traffic patterns with partners or other parties. However, we do not sell or share any information about individual users.
By using our sites you consent to the use of cookies in accordance with our Cookies Policy. You will have seen a pop up to this effect on your first visit to this website; although it will not usually appear on subsequent visits you may withdraw your consent at any time by following the instructions on this page. See our cookie page for more information on the types of Cookies we use.
In addition to the company's safeguards, your personal data is protected in the EU by GDPR (‘Data Protection and Compliance’). This provides amongst other things that the data we hold about you should be processed lawfully and fairly. It should be accurate, relevant and not excessive. The information should be kept up to date, where necessary, and not retained for longer than is necessary. It should be kept securely to prevent unauthorised access by other people. You have the right to see what is held about you and correct any inaccuracies online. You can do this by using the "contact us" link on any page located in the navigation bar or footer of the website.
Yes. And we can help you with getting consent to use user-generated content in your marketing materials. Just get in touch.
Any changes to this policy will be posted here. Any changes to this policy will be at the end of this policy page.If we need to change our privacy policy, we’ll make it clear. This can be found at the end of this policy page.
We Are Xi Limited treats all the data held with the utmost care and security. Any details you give will remain completely confidential.
Whilst our Privacy/ Terms covers all aspects of GDPR we wanted to provide a clear document detailing the 12 points of GDPR. For the purposes of this document SERVICE means We Are Xi Limited. WE means the company providing the SERVICE as per point 12. We Are Interact Limited’s data is stored in the United States, in situations where it is transferred and stored in the EU sub-processors are on the certified EU-US Privacy Shield framework.
We use a number of sub-processors all of which have confirmed their GDPR compliance. Each sub-processor is listed in our privacy policy, but for clarity we have included the current list of sub-processors.

Sub-processor: SendGrid | Office Location: USA | Purpose: Email Notifications
Sub-processor: Twilio | Location: USA | Purpose: SMS/MMS Notifications
Sub-processor: Azure | Office Location: USA | Purpose: Hosting Provider
Sub-processor: Xero | Office Location: USA | Purpose: Accounting Software
Sub-processor: Zoho | Office Location: USA | Purpose: Newsletter Marketing
Sub-processor: Google Analytics | Office Location: USA | Purpose: Website usage tracking
Our employees, responsible for infrastructure, software development and support are fully aware of the concepts and principles of GDPR.
2.1 Customer data (our users)

Email address and name
Event Details
Payment details - held by our payment processor: Xero

2.1 User data (the users of our products)

This can change on a case-by-case basis but our basic product collects the following information:
- Email address
- Phone number

This data is kept for the minimum amount of time possible before being deleted from our system (mostly within 8 weeks, depending on needs). It is only used for the purposes for which the user has given consent. We cannot use the data or pass it on to anyone without the explicit consent from the user.
Our privacy and terms are clearly communicated on our website.
- The right to be informed; we clearly inform our customers how we use their data via our clear Privacy Policy and messaging on our products.

- The right of access; our customers can access all of their data through our web application.

- The right to rectification; our customers may Contact Us with any rectification queries.

- The right to erasure; our customers may Contact Us with any erasure queries.

- The right to restrict processing; our customers have the right, under certain circumstances, to restrict the processing of their data. In this case, we will not process their data for any purpose other than storing it.

- The right to data portability; our customers may Contact Us to request a copy of their data in a common format.

- The right to object; our customers may Contact Us with any objections.

- The right not to be subject to automated decision-making including profiling; we don't do this and have no plans to do this.
We reply to all access requests within 4 weeks (the legal limit from GDPR is 1 month).
All access requests are free of charge.
User consent is the lawful basis for any processing.
7.1 Our customers
Consent is provided by our customers when signing up for the service and logged by us.

7.2 Users of our products
Consent is provided by our users when using the products.
8.1 Our customers
This service is not available to Children (under the age of 16).
Our product is strictly B2B (business-to-business)

8.2 Our users
Photos and data of under 16s will only be processed with the express consent of their parent or guardian. In cases of B2C (business-to-consumer) data and content is only processed with the appropriate consent provided.
You can read more on our security here.
We will notify customers and the relevant supervisory authority within 24 hours of a breach.
Security and Data Privacy always comes first when implementing new features, our Data Protection Officer is involved at every stage of development.
For the purposes of We Are Xi Limited and related services our Data Protection Officer is:
- Dan Strang / CEO
- privacy@wearexi.com
We operate and are established in the UK (England), our supervisory authority is the ICO (Information Commissioner's Office) based in the UK. 

Company address:
Unit 25,
Riverside Business Park,
Lyon Road,
SW19 2RL,
United Kingdom
Company No: 13055716 (registered in England & Wales) 

Companies using the ‘Platform’, Xi's technology platform and handling European user data may need to sign a Data Processing Agreement (DPA). If we need this from you then we notify you via email or phone.
This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. Your consent applies to the following domains: www.wearexi.com

Cookie declaration last updated on 08/09/2020 by Cookiebot.
We know you have questions about how we're protecting the information of our customers and users of our products so we have written some frequently requested details about WeAreXi's information security below.
Primarily hosted in North Europe in the Ireland region, as well as some hosting in the East U.S Virginia region. They provide physical security protection measures and adhere to high quality standards.
Security in our software is very important, we are frequently scanning for vulnerabilities using Azure Application Inspector. We also do the following:

- Encrypt all your data in transit using TLS. Use transparent data encryption for SQL Database and backups.
- Rate limit IPs abusing the service. Strong password rules for username and password accounts (2FA coming soon).
Our services are provided by Azure based in Ireland & Virginia U.S with a near 100% up time. We can also scale resources automatically based on demand to avoid any performance issues.
Security is the responsibility of each and every one of our employees, we provide training so that they can identify security risks.

- Our systems and your data is restricted to only employees who need access, to provide you with first class support.
- Use of 2-Factor-Authentication on all our 3rd party accounts (eg. Azure, Google, Sendgrid, etc & more).
- We do not sell your data or your user's data.
- Security and Data Privacy always comes first when implementing new features.
Q1. How long do we keep your data? 
We keep customer data for 13 months. We keep users of our product's data for 12 weeks. 

Q2. How can I report a security issue?
Contact our DPO at privacy@wearexi.com

Q3. Have you had an incident that resulted in a data breach?
No, however if such an incident ever occurs we will post a full incident report (in public) and notify all customers.

Q4. How to find Changes to this Privacy Policy?
- We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

- We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, You can contact us:
By email: hello@wearexi.co.uk