Ensuring the best service for small business
We take your privacy seriously
1 Who are we?
This notice sets out how personal data is used within the XLN group of businesses, including website users, prospects, customer and job applicants. Personal data is information about an identifiable individual.
The XLN group includes the following data controllers:
Personal data will be shared within the XLN group for the provision of product services, business operations and for marketing purposes, subject to an appropriate lawful basis, under the Intra-Group Data Sharing Agreement.
XLN group engages an independent group Data Protection Officer (DPO), who can be contacted for any queries or concerns about our processing of your data at:
2 How do we use personal data?
2.1 When you visit our website or read our emails
We will retain information about your computer or device (such as your IP address and browser type) and your usage of our websites (such as which pages were visited and when) and your reading of emails from us, as a legitimate interest for reasons of system security and performance.
We will use pseudonymised device data to assess the effectiveness of marketing campaigns.
If you provide other data via the website, such as filling in forms, that data will be used in accordance with the purpose stated on the form.
2.2 When marketing
You have the right to opt-in or opt-out of marketing at any time, by informing us using the contact details given below, or by selecting unsubscribe from our messages to you.
We will contact you for business to business marketing purposes, as our legitimate interest for business development, where you have requested further information about our services, where we have received your contact details as a corporate subscriber and believe our services are relevant to your company and your role, or where you have previously engaged in contractual negotiations (soft-opt in) with us. This may include calling you by phone (subject to TPS checks) and use of email, SMS, post or social media channels.
We will use third party data providers to obtain business contact details for marketing purpose as well as information collected by our sales agents.
Where your business is a sole trader or partnership that has yet to enter contractual discussions, we will require your consent, before sending you email or SMS marketing.
We engage third party service providers under contract to support our telephone marketing operations. Some of these processors are based outside of the EU and for these we use EU Standard Contractual Clauses to safeguard the data.
2.3 When you contact us with a general question or comment
We will use the personal data you provide in order to appropriately respond, as a legitimate interest.
Phone calls with XLN will be recorded for quality assurance and training purposes.
2.4 When your business becomes a customer
We will use your professional personal details, details of your business and details of your use of our services, to enter into and fulfil our contractual arrangements with your business. If adequate details are not provided, we will not be able to accept your business as a customer.
Our use of data will include:
When you sign up for our services, we will carry out a credit check against our own data and public data available at Companies House, as our legitimate interest to mitigate risk.
We may also carry out further credit checks on our ‘high usage' customers during the course of the contract using a Credit Reference Agency, as our legitimate interest to mitigate on-going risk, to assess credit worthiness and affordability when people apply for credit and for fraud prevention. This means that your credit records will be searched, along with those of anyone who is financially associated with you such as your spouse or partner. The CRA will keep a record of this search and place a "footprint" on your credit file. Credit Reference Agencies (CRAs) collect and maintain information about consumers' and businesses' credit behaviour. This includes data sourced from the Electoral Register, fraud prevention, and credit information - including details of previous applications and the conduct of your accounts - and public information such as County Court Judgements, decrees, and bankruptcies.
We also work with third party data controllers for the provision of services to you, such as telecommunication, energy, and merchant services. Those third parties process personal data entirely independently from XLN group. Where third party data controllers are engaged, data subjects will be notified in advanced of data being shared, including the identity of the providers and the services they provide.
For details about how third-party data controllers use personal data, please visit their privacy notices on their websites.
2.5 When you apply for a job
We will process relevant information, including contact details, competencies, qualifications, employment history and references, in our legitimate interests of assessing a candidate's suitability for the role applied for with the shared intention of entering into a contract. This processing does not guarantee employment. If your application is not accepted, we will retain your data for 6 months, unless we believe future opportunities may be relevant.
2.6 When complying with legislation and regulation
We will process data where we are under a legal or regulatory requirement to do so, including sharing of data with third parties, such as regulators (e.g. Ofcom, Ofgem and the ICO), Ombudsman Services (the alternative dispute resolution scheme), courts or law enforcement agencies and where we need to for other legal purposes, for example, to share data with our advisers in order to pursue or to defend against a claim.
2.7 When any part of the business is being bought or sold
Data will be shared with the buyer or seller, as a legitimate interest, in order to provide on-going services.
2.8 When preventing or detecting crime
Data will be processed and shared with relevant third parties, including law enforcement agencies, credit bureaus and partner organisations, if we reasonably believe this will prevent or detect crime.
2.9 When handling a data subject request
Data will be processed in order to assess, respond and maintain records of data subject requests, as a legal obligation.
3 Retaining and Protecting your data
We will only use and store personal information for as long as it is required for the purposes it was collected, or for associated legal purposes.
Where you become our customer, we will hold your personal information for as long as you are a customer plus a period of six years afterwards, to enable us to deal with any complaints or claims, after which time data will be deleted or anonymised. We may hold some personal data it for longer where we deem it necessary for crime detection and prevention purposes, or for our legitimate interest when marketing.
The law requires us to keep certain 'communications data' relevant to how you use our services for a period of 12 months. This information may be used by certain law enforcement agencies to prevent and detect crime and to protect national security. We will only disclose this information to them when we are legally required to.
If you require any further information about how long we will store your personal data, please contact us using the details provided below.
4 Your rights
Your communications preferences can be updated via our marketing preferences centre (https://www.xln.co.uk/preference-centre) or by clicking unsubscribe from emails or SMS that we have sent you.
If we are processing your personal data, you also have the right to ask that we:
Before responding, we may need to take steps to verify your identity for reasons of data security.
Responses will typically be completed within 28 days and at no cost.
We will endeavour to fulfil your request, but may be subject to limitations in our responses, for legal or contractual reasons. We will provide details of these limitations, if applied.
To exercise any of these rights, please contact our Data Protection Officer, highlighting that you are raising a Data Subject Request.
If you are not happy with the way we have handled your data, you have the right to escalate the matter to our independent Data Protection Officer or the UK Information Commissioner's Office. If you do have any problems, we would welcome the opportunity to try to resolve your concern and so please contact our customer services teams on 0344 880 7777.
This Privacy Notice was designed to be concise, transparent, intelligible, easily accessible and easy to read. If you have any questions, please contact us:
We reserve the right to update this Privacy Notice at any time. If those updates significantly change how personal data is processed, we will notify affected data subjects directly by email.
If you follow an internet link from our website to a partners' website, their privacy policies will apply. We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their websites.
This notice was last updated in July 2020.