Privacy Policy

Xama Technologies, as a provider of outsourced software services, deal with personal information daily. We do this both as:

  1. a data controller, in respect of our own customers, staff, suppliers and associates, as well as visitors to our website (www.xamatech.com);
  2. a data processor, when handling data on behalf of our customers. For more information regarding our data processing obligations, please see our Terms of Service.

This Policy is primarily intended to set out how we handle personal information as a data controller. In relation to data we handle as a data processor, this Policy is provided for general information only and will not govern the handling of your personal information – if you would like to understand how and why your personal information is being processed by us, please contact the data controller who has used our service to process your data.

Since we take privacy very seriously, we have updated our privacy policy to reflect how we deal with both categories of personal information. Please read the Policy below to help you decide how you want to share your personal data with us. You have the option to withhold or limit the use of some categories of personal information held and processed by us, but that may prevent us from being able to provide that service to you. By using our services, you consent to the terms of this Policy.

Xama Technologies collects your Personal Information
This Policy applies to individuals whose personal information we collect and process during the course of our business. 

Our software services all require us to collect and process some personal information as part of our service delivery. The personal data we require may include full name, bank account details, contact details and information of the goods and services provided. 

We may collect personal data from you when you show an interest in any of our service areas, and further data at the point when the service commences.

We may also collect personal information relating to our suppliers, service providers, agents and subcontractors in connection with goods and services we receive from them and our dealings with them. 

This Policy applies to personal information whether provided by you directly, collected during the course of the provision or receipt of goods or services, or gathered via technical measures, such as through our website and software.

Xama Technologies will use your personal information for limited purposes
We will only use personal information to the extent necessary and subject to having a lawful basis for doing so. Examples of our data processing activities include:

For customers and service users:

Provision of Service:

  • This is the primary purpose for which we process the data and to provide you with the services you have contracted with us for.
  • Providing technical support.
  • Review and feedback of service provided.

Communication with You:

  • In relation to existing services contracted.
  • To respond to a request for information from you.
  • To make you aware of related services being offered by Xama Technologies.

Related purposes such as:

  • Verifying your identity.
  • Informing you of updates or additional services related to your account.
  • Delivering training and guidance related to the services you subscribed to.
  • Compliance with relevant laws and regulations (including AML and fraud prevention).
  • Monitoring and recording communications with you (such as telephone conversations and emails) for the purpose of our internal training and quality assurance. 
  • Reviewing and retaining copies of communications and details provided to us by you, for example support requests, account queries, complaints, for internal account management and auditing purposes.

For suppliers, sub-contractors or agents to Xama Technologies:

Our receipt of your goods and/or services:

  • We process the data as necessary to receive the goods and/or services we have contracted with you for.
  • Receiving technical support and associated services.

Communication with You:

  • In relation to goods and/or services contracted with you.
  • To request information from you, including support requests, account queries, complaints, for account management and auditing purposes.

Related purposes such as:

  • Verifying your identity.
  • Compliance with relevant laws and regulations (including AML).

By entering into a contract with Xama Technologies, you agree that we may collect, hold and use your personal information in the way described in this Policy. Xama Technologies will not use your personal data for any purpose other than that described in this Policy, unless we have your express permission or instruction to do so.

Information we collect automatically

Our website and services may collect certain information about you automatically (such as your IP address, geographical location, browser type and version, operating system).

Our lawful basis for collecting your data

We may process your data for a variety of reasons, including because:

  • we are legally obliged to e.g. to confirm your identity; 
  • the processing is necessary for the performance of the contract with you to provide our Services; or
  • it is in our legitimate business interests to do so. 

In some instances, we will rely on your consent to process personal data and where we do this, it will be flagged to you at the time. 


Information regarding our role as a data processor
Our service enables customers to perform searches and checks on businesses and associated individuals. This involves providing Xama Technologies with personal data, to enable us to process it on the customer’s behalf. In most cases (Outsourcing, Consulting and Software services), we are required to collect and process information about others as part of our service delivery. This makes us a data processor in these cases and our processing obligations are governed by our Terms of Service.

We will work with our customer fully to support any GDPR compliance requirements, and where appropriate change our working practice to meet the customer’s needs.

It remains our customers’ responsibility, as data controller, to comply fully with data protection laws in relation to the data input via our services, including:

  • the customer is responsible for ensuring that it has a lawful basis on which to use the personal information and make the relevant request
  • the customer must ensure it is authorised to disclose such information and for it to be processed by Xama Technologies in the manner requested.
  • the customer must ensure that the individuals concerned are aware that their personal information is being collected and for what purpose, who the intended recipients of the information are and of their right to obtain access to that information in accordance with data protection transparency requirements.


Xama Technologies protects your data
We will use technical and organisational measures to safeguard your personal data, for example:

  • access to user accounts is controlled by a password and user name that are unique to each user; and
  • we store personal data on secure servers in accordance with good industry practices.

Storage of your information and who your information might be shared with
Xama Technologies will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Xama Technologies use trusted third-party service providers for the processing and storage of personal information. We store your personal data on third party servers with trusted hosting providers, typically based in the UK/EEA. These all have their own privacy policies to be compliant with GDPR and data transfer protocols. Some of these providers store data outside of the EU, mainly in the United States.

Information that Xama Technologies collects may be stored and processed in and transferred between any of the countries in which Xama Technologies operates to enable the use of the information in accordance with this privacy policy. Any transfer of your data will be subject to a UK approved contract that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach. You agree to such cross-border transfers of personal information.

Data Breach
In the unlikely event that a breach of data privacy occurs, Xama Technologies will inform you as soon as we become aware. Where the breach affects data that is owned by you as the data controller it will be your responsibility to notify the data subjects affected.

Sharing your data
Xama Technologies commits to only use your personal information for the intended purpose and service delivery. It might be necessary to share this information with carefully selected third parties where they facilitate this service delivery, but only in cases where this is required, and limited to that purpose. Our key processors / sub-processors are currently:

  • Capsule CRM
  • Google Workspace, including Google Drive
  • Stripe for payment processing
  • Amazon Web Services for platform service hosting (London region) and backed up within secure data centres in Germany (Hetzner)
  • Third party data providers:
  • GBG IDScan - Processing images of passports and driving licences for the purpose of verifying such documents
  • GBG ID3Global - Processing Name, DOB, address and document number information for the purpose of confirming identities and for flagging Politically Exposed Persons or Sanctioned individuals.
  • ComplyAdvantage - Processing Name, DOB and country of residence in order to check for politically exposed persons, sanctioned individuals and for instances of adverse media.

On principle, Xama Technologies will never otherwise share your information with a third party. There are a limited number of instances where we are legally required to do so (such as with HMRC) to comply with legislation and processes or there is a legitimate business interest in doing so. 

For example, we may disclose your personal data to:

  • other companies within our group to the extent that there is a legitimate interest in doing so to support our business aims;
  • our agents and service providers, to the extent that they require access to the data in order to provide goods/services to us, in which case they will be bound by a contract requiring them to process personal data in accordance with the requirements prescribed by data protection law;
  • law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
  • a third party purchaser if we sell our business, in which case, customer and user information will be a transferred asset.

Data Retention 

Any personal information we hold, will only be kept for as long as it is required to provide the requested service. In some cases, we have a legal obligation to keep your information for a specified amount of time, which might be longer than the intended purpose (e.g. due diligence information required to comply with laws relating to money laundering, the required period for retention of financial records).

Your rights
This section relates to your rights as a Data Subject of Xama Technologies. Under GDPR, you have several rights as a Data Subject. These include, but are not limited to:

  • You have the right to request access to the information that we hold about you, and to request updates to such information.
  • If you become aware of any inaccuracy in the personal data that we hold about you, you should inform us and we will correct it appropriately.
  • If you wish for any of your personal data to be removed, this will be deleted as far as is legally permitted.
  • If you wish to change our records on how we should communicate with you then you may request that.
  • obtain a copy of the personal data we process concerning you. We will take steps to verify your identity before responding to your request. Once we have verified your identity we will respond as soon as possible and in any event within one month.

Any such requests should be submitted in e-mail to info@xamatech.com, or in writing to Xama Technologies’ registered address. Where we are not the data controller, a request should be submitted to the data controller and not to Xama Technologies.

Unless we are legally prohibited from providing this information, we will process your request as soon as is practicable and in accordance with data protection laws. If we are unable to process your request, we will let you know why.

Xama Technologies will not process your data to arrive at an automated decision.

If you have a complaint about how your personal information is handled, you should provide full details either to:

  • e-mail to info@xamatech.com
  • letter to The Data Privacy Officer, Xama Technologies Ltd, Haines Watts Old Station House, Station Approach, Newport Street, Swindon, Wiltshire, England, SN1 3DU

You can also lodge a complaint with the UK supervisory body, the Information Commissioner’s Office (the ICO) here https://ico.org.uk/. If you have a concern or complaint about the way we handle your data, we ask that you contact us in the first instance to allow us to investigate and resolve the matter as appropriate.

Policy may be updated from time to time
Xama Technologies has the right to change this Policy when needed. Such changes will become effective when posted to this Website. We will make a reasonable effort to communicate any significant changes via email, but your continued use of our services will be deemed as your acceptance and agreement to our policy.

Use of cookies

For information on the cookies we use and how to control your cookie settings, please visit our Cookie Policy.