dated of March 07, 2020
Last updated on March 07, 2020
1. General Provisions
1.3. The Operator has implemented the following requirements under the GDPR, including but not limited to:
- prepared a record of Personal Data processing activities;
- verified Personal Data of the Customers and analyzed it;
- took organizational and technical Personal Data protection measures;
- informed the Customers about the GDPR;
- reviewed privacy notices;
- reviewed rights that the Customer has over their Personal Data (Data Subject Rights like the Right to be Forgotten and other rights);
- enabled the Customer’s Personal Data transfers;
- prepared for Data Breaches;
1.5. The Operator of the Website does not verify the accuracy of the received information (the collected information) about the Customers, except for cases when such a check is necessary in order to fulfill the Operator’s obligations to the Customer.
2. Terms and purpose of Personal Data processing
2.1. The Operator of the Website performs processing of the Customer’s Personal Data in connection with the conclusion of the Agreement to which the Customer is a party. The use of the Customer’s Personal Data may be necessary to perform the contract that the Customer has with the Operator. For example, if the Customer uses the Operator’s Information services, the Operator will use the Customer’s information to carry out the Operator’s obligation to complete and administer that Information Service under the Agreement that the Operator has with the Customer.
2.2. The Customer is free to decide whether or not to share certain Personal Data (if any) with the Operator. However, if the Customer decides not to provide certain Personal Data; or if the Customer withdraws their consent thereto at a latter moment, this may have affect how the Customer experience the Operator’s services and, in some cases, whether the Operator can provide these services to the Customer.
2.3. The Operator may rely on the Customer’s consent to use the Customer’s Personal Data for certain direct marketing purposes. Whenever the Operator relies on the Customer’s consent for processing the Customer’s Personal Data, the Customer is free to withdraw their consent at any time.
2.5. The Customer’s Personal Data is not distributed or disclosed to third parties without the Customer’s consent and used by the Operator solely to conclude the Agreement with the Customer and fulfill the obligations under this Agreement.
2.6. The purposes of Personal Data processing include:
- receipt by the Customer of documents and materials, other information about the Operator’s Information Services, in connection with the fulfilment the Operator’s obligations under the Agreement;
- processing of orders, rendering of the Information Services to the Customer and provision of consulting and technical support to the Customer;
- verification of Personal Data required for the conclusion and performance of the Agreement;
- risk management, detection, prevention and/or offsetting of fraud or other potentially prohibited or illegal activities, investigating and processing suspected violations of the Operator’s acceptable use policy;
- communication with the Customer via the telephone by using a voice call or through text (SMS) or e-mail messaging or Live Chat on the Website in connection with the performance of the obligations under the Agreement. This includes communicating with the Customer to provide information about services of the Operator, to provide information about offers, orders, provision of services, order status and payment, to provide support and maintenance services, to handle complaints, and to answer questions from the (potential) Customers;
- performing financial processes, including calculating, invoicing and collecting of service charges, processing financial transactions regarding the acceptance of orders, and granting debt collection rights to third parties;
- improving the quality of services by means of conducting market research, conducting retention and customer satisfaction surveys, conducting marketing activities (including through email newsletters and social media and onsite/offsite and online/offline advertisement), conducting sales activities including analyzing the Customer’s data and the Customer’s use of the Website’s services for making (personalized) offers and quotes with the aim of entering into the Customer’s relationship, and/or maintaining, renewing or expanding the Customer’s relationship with the Operator;
- conducting legal processes, including conducting legal proceedings, and collecting evidence for civil legal proceedings relating to the Customer;
- complying with statutory obligations, including provision of data to authorized authorities in the context of criminal investigations, complying with (applicable) data retention obligations, and the provision to third parties of Data concerning customers in connection with an infringement of these third parties’ rights;
- establishing the identity of the Customer or third parties, in relation to the provision of access to the Operator’s Information services.
3.4. The Operator advises you to check this page regularly to see if any changes have been implemented. If the Operator implements a change in how the Operator deals with Personal Data with respect to which the Operator requires the Customer’s consent, the Operator will re-request the Customer consent.
4. The scope of Personal Data
4.1. Personal Data is provided by the Customer voluntarily, meaning the Customer’s consent to the Personal Data processing. The Personal Data includes:
4.1.1. the minimum Customer’s Personal Data required for communication: surname, name, patronymic, address, telephone number, e-mail address, and other similar information.
4.1.2. other Personal Data (including gender, age, date of birth, address, etc.) is provided by the Customer at will and if necessary at the Operator’s request for communication with the Customer and the implementation of actions related to the performance of the Operator’s obligations to the Customer.
4.1.3. the Customer’s account information with the Website – such as the Operator’s Information services the Customer ordered, domain name registration information, the IP addresses assigned to the Customer, the Customer’s IDs, service charges owed and received, the use of the Operator’s Information services or any other information related to the Customer’s account.
4.1.4. the Customer’s contact with the Operator – such as a note or recording of a call the Customer makes to the Operator, a chat record when the Customer engages in a chat session with the Operator, an email or letter the Customer sends to the Operator or other records of any contact the Customer has with the Operator.
4.1.5. information about the Customer’s payment method, such as credit card number, bank account number, online payment processor’s data or other payment information.
4.1.6. information provided by the Customer to the Operator when the Customer notifies the Operator of a (suspected) breach of the Operator’s acceptable use policies.
4.1.7. documents and information that certify the Customer’s identity.
4.2. Other information about the Customers processed by the Operator of the Website.
The Operator of the Website also processes other information about the Customers, which includes:
4.2.1. standard data automatically received by the server when the Customer accessing the Website and subsequent actions of the Customer. This includes data such as, the website features the Customer uses, the services the Customer purchases from the Website, the web pages the Customer visits, the time the Customer spends on these pages, and the search terms the Customer enters. This also includes data about the Customer’s devices, including IP addresses, devices identifiers, regional and language settings, and data about the networks, operating systems, browsers or other software the Customer uses to connect to the Website.
4.2.2. data automatically obtained by means of cookies when the Customer accesses the Website. Cookies is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies help the Operator to provide the Customer with a good browsing experience and also allow the Operator to improve its Website.
- Essential Cookies. Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Performance cookies. The Website also places cookies on your device to make navigating the Website easier. These cookies are used to allow the website to remember choices you made and provide for enhanced, more personal features. For instance, these cookies can be used to remember the status of your shopping cart, or to allow you to return to a previous page or it stores your preferred language or the region that you are in.
- Social Media Cookies. Social media can place cookies through the Website to integrate social media (i.e. LinkedIn, Twitter, Google+ and Facebook). You agree to place these cookies on your device by clicking on the social media buttons to activate them. These social media have their own privacy and cookie policies, which Operator does not control. Please check the social media websites for more information about their cookies and how to manage them.
4.2.3. data obtained as a result of actions of the Customer on the Website.
4.2.4. data obtained as a result of actions of other users on the Website.
4.2.5. data which is required to identify the Customer to access the services of the Website.
5. Processing of the Customers’ information
5.1. The processing of Personal Data is based on the following principles:
- Lawfulness, fairness and transparency – the Operator will process Personal Data lawfully, fairly and in a transparent manner in relation to the data subject.
- Purpose limitation – the Operator will only collect Personal Data for a specific, explicit and legitimate purpose. The Operator will clearly state what this purpose is, and only will collect data for as long as necessary to complete that purpose.
- Data minimisation – the Operator will ensure that personal data which will be processed will be adequate, relevant and limited to what is necessary in relation to the processing purpose.
- Accuracy – the Operator will take every reasonable step to update or remove data that is inaccurate or incomplete. The Customers have the right to request that the Operator erase or rectify erroneous data that relates to them.
- Storage limitation – the Operator will delete Personal Data when it is no longer needed.
- Integrity and confidentiality – the Operator will keep Personal Data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
5.2. Collection of Personal Data.
5.2.1.The Operator may collect your Personal Data when:
- you browse or use the Website https://www.xmserver.fr;
- you order Information Services on the Website https://www.xmserver.fr;
- you use the Website’s Client Area section at https://xmserver.fr/mon-compte;
- you use the Website’s Live Chat https://xmserver/ticket;
- you enter a promotional codes on the Website;
- you participate in the Operator’s survey;
- you subscribe to the Website’s newsletter;
- you subscribe to the Website’s push messages;
- you ask the Operator for more information about a service, or contact the Operator with a question, comment or complaint;
- you submit an abuse notification to the Operator;
- you use the Operator’s network and equipment, the Operator’s infrastructure and/or other Operator’s services.
5.2.2. The Customer’s Personal Data is collected on the Website upon the Customer enters data on its own initiative at the time of communicating with the Operator or the Website.
5.2.3. The Customer provides their last name, first name, patronymic, e-mail address and phone number for feedback.
5.2.4. Other personal information is provided by the Customer on its own initiative or the request of the Operator by means of the relevant sections and resources of the Website, for example, for ordering, and required only for the conclusion and performance of the Agreement by the Operator to which the Customer is a party.
5.3. Transfer of Personal Data
5.3.2. The Operator may share Data about the Customer with:
- partners or agents involved in delivering the Information services the Customer has ordered with the Operator;
- fraud prevention agencies and services;
- domain name registries when the Operator registers a domain name on the Customer’s behalf;
- debt collection agencies or other debt recovery organisations;
- law enforcement agencies, regulatory organisations, courts or other public authorities to the extent required by law;
- the Operator’s customer, if you notify the Operator that this customer use of the Operator’s services violates the applicable law;
- a third party that has claimed that use of the Operator’s services by the Customer violates the applicable law (to the extent such sharing is required by law).
5.3.3. Applications used by the Customers on the Website are maintained by third parties (developers) who operate independently of the Operator and do not act on behalf of or at the request of the Operator. Customers are required to familiarize themselves with the rules for the provision of Information services and the policy of protecting Personal Data of such third parties (developers) prior to the use of the relevant applications.
5.4. Retention and destruction of Personal Data
5.4.1. Personal information of the Customers is stored solely on electronic media and is processed by the use of automated systems except where the manual processing of the Customers’ Personal Data is required in order to comply with the requirements of the legislation.
5.4.3. The Operator is obligated to produce taxation reporting and keep financial records for a period of time therefore the Operator needs to keep Customer’s Personal Data such as contact details, order history, invoices and other other important information connected with the Customer’s orders, if any. The minimum required list of the Customer’s Personal Data that the Operator is legally obliged to store will include at least:
- Customer’s first name and last name;
- Customer’s Email;
- Customer’s invoice mailing address;
- The content of the invoice’s.
5.4.4. Upon termination of the applicable purpose of the processing of Personal Data, or upon Customer’s written request, the Operator will either destroy the Customers Personal Data unless otherwise required by law. The request must contain identification data which expressly indicates the Customer’s ownership of Personal Data.
6. The Operator’s role as data processor.
6.1. Personal Data hosted, transmitted or processed on infrastructure controlled by the Customer is governed by this paragraph. The Customer of the Operator that has ordered the Operator’s Information services, will be responsible for determining the purposes and means of the processing of Personal Data, and this Operator’s Customer (or its customers) will be the data controller in regards to such processing. If at any time the Operator has access to personal data stored on infrastructure controlled by the Customer, then the Operator shall be a data processor, and any actions performed by the Operator in relation to such data shall be solely governed by the agreement concluded between the Operator and the Customer.
7. Measures to protect Personal Data.
7.1. The Operator takes technical, organizational and legal measures in order to protect Personal Data of the Customer against unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as other illegal actions.
7.2. In accordance with international data protection laws, in particular the GDPR, the Operator observe adequate procedures to prevent unauthorized access to, and the misuse of, Personal Data. The Operator uses appropriate business systems and procedures to protect and safeguard the Customer’s Personal Data. The Operator also uses security procedures and technical and physical restrictions for accessing and using the Customer’s Personal Data.
8. Customer’s rights regarding Personal Data
8.1. In accordance with data protection laws, you have a number of rights regarding your Personal Data and the processing thereof:
- to view and, if necessary, change Personal Data in the Client area at any time;
- to know what information the Operator has collected about the Customer;
- to make changes to the Personal Data the Customer has seen the Customer cannot change in the Client area;
- to obtain from the Operator the erasure of the Customer’s Personal Data (right to be forgotten);
- in addition, the Customer, under certain circumstances, has the right to restriction of the processing of their Personal Data;
- to object, on grounds relating to a particular situation, at any time to processing of Personal Data;
- to receive Personal Data, which the Customer has provided to the Operator, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller when the processing is based on the Customer’s consent or is necessary for the performance of a contract;
- to lodge a complaint with the competent supervisory authority.
9.2. The Operator is not responsible for the actions of third parties who get access to information about the Customer and the consequences of using of this information, which, due to the nature of the Website is available to any Internet user as a result of using the Internet or the services of the Website.
9.3. The Operator recommends that Customers take a responsible approach to deciding how much information about themselves will be transmitted through the Website the Operator.