The privacy of your Personal Data is important to Xolo. This Policy describes the rules according to which Xolo processes the Personal Data of individuals using Xolo Community.
Xolo informs the Data Subjects that they may freely and voluntarily determine whether they wish to provide the Personal Data requested for the in Xolo Community. The Data Subject is neither legally nor contractually obliged to provide Xolo with the Personal Data specified in this Policy. The refusal to provide Xolo with certain Personal Data may imply the impossibility of establishing an agreement with the Data Subject and he/she may not be able to use Xolo Community, or only to a limited extent.
1. General Definitions
| Xolo | Xolo OÜ (registry code 12844111, address Paju street 1a, Tartu 50603, Estonia) who operates Xolo Community |
| Data Subject or you | Natural person who has accepted the Terms of Service of Xolo Community |
| GDPR | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data |
| Policy | This Xolo Community privacy policy |
| Personal Data | Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data processed by Xolo via Xolo Community is described under Section 3 |
| Processing | Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction |
| Controller | Xolo OÜ |
| Xolo Community | The Xolo Community Internet forum made available on the website https://community.xolo.io |
| Terms of Service | The Xolo Community Terms of Service available on the website Terms of Service - Xolo Community |
Capitalized terms used but not defined in this Policy shall have the meaning as defined in Xolo Community Terms of Service.
2. The Controller of Personal Data
Xolo as the operator of Xolo Community is considered as a Controller in relation to any Data Subject’s Personal Data collected and processed via Xolo Community.
3. Personal Data Processing
Xolo may Process the Data Subject’s Personal Data via Xolo Community on the following legal grounds:
- Processing is necessary for the performance of the agreement with the Data Subject (the Terms of Service) (GDPR Article 6 (1)-(b));
- Processing is necessary for the purposes of legitimate interests pursued by us (GDPR Article 6 (1)-(f));
- Data Subject has granted a consent for the Processing (GDPR Article 6 (1)-a))
Processing purposes and legal grounds are described more specifically in the schedule below.
| Categories of Personal Data | Purpose of Processing | Legal Ground |
|---|---|---|
| Personal Details – full name (surname and given name), gender, date of birth | - to enter into the Terms of Service with the Data Subject, incl to process Xolo Community profile registration application; | Processing is necessary for the performance of the agreement (Terms of Service) with the Data Subject (GDPR Article 6 (1)-b)) |
| Contact Information - contact e-mail address, mobile phone number | - to contact the Data Subject with administrative communications; | Processing is necessary for the performance of the agreement (Terms of Service) with the Data Subject (GDPR Article 6 (1)-b)) |
| Account Information – personal details, contact information, professional data disclosed on the Data Subject’s Xolo account | - to sync the Data Subject’s Xolo account with their Xolo Community profile; - to enable the Data Subject to access the functionalities available only to registered users of Xolo Community; |
Processing is necessary for the performance of the agreement (Terms of Service) with the Data Subject (GDPR Article 6 (1)-b)) |
| Forum Data – data regarding the posts, comments, replies, likes, and similar activity of the Data Subject on Xolo Community | - to enable the Data Subject to use Xolo Community and engage in discussions on Xolo Community; - to allow the Data Subject to use all Xolo Community functionalities, including discussions, posts, likes, comments, replies, drafts, etc; |
Processing is necessary for the performance of the agreement (Terms of Service) with the Data Subject (GDPR Article 6 (1)-b)) |
| Usage Data – data about the Data Subject’s interaction in Xolo Community | - to carry out monitoring to ensure that the Xolo Community discussions are in order with the Terms of Service; - to manage, analyze and improve Xolo Community; |
Processing is necessary for the purposes of Xolo’s legitimate interest (GDPR Article 6 (1)-f)) |
| Device Data – model, name or any other identifier and the IP address of the device using Xolo Community | - to carry out monitoring to ensure that the Xolo Community discussions are in order with the Terms of Service; - to manage, analyze and improve Xolo Community; |
Processing is necessary for the purposes of Xolo’s legitimate interest (GDPR Article 6 (1)-f)) |
| Preference Data –Data Subject’s preferences in Xolo Community | - to personalize Xolo Community and the content provided to the Data Subject; | Processing is necessary for the purposes of Xolo’s legitimate interest (GDPR Article 6 (1)-f)) |
| Support Data – communication between Xolo and the Data Subject (inquiries submitted via Xolo Community or email) | - to address technical or legal issues related to Xolo Community, or share updates and notifications about Xolo Community; | Processing is necessary for the purposes of Xolo’s legitimate interest (GDPR Article 6 (1)-f)) |
| Contact Information – email address | - to send promotional information related to Xolo’s services. | Processing is only allowed with the Data Subject’s consent (GDPR Article 6 (1)-a)) |
Xolo shall not use the Data Subject’s Personal Data for any other purpose incompatible with the purposes outlined above or required, permitted or authorized by law. The Data Subject is not subject to statutory obligation to provide Personal Data described herein to Xolo, however, the collection or disclosure of certain Personal Data referred herein may be required under the law and/or inevitably necessary for enabling the Data Subject to use Xolo Community.
4. Sources of Personal Data collection
The Personal Data Processed by Xolo via Xolo Community is collected directly from the Data Subject.
5. Transfer of the Personal Data
Xolo may transfer the Data Subject’s Personal Data to third parties, such as:
- software as a service provider providing support services and features on Xolo Community;
- communication service providers who facilitate e-mails, calls, SMS messages and other communication between Xolo and the Data Subject;
- customer support and customer management service providers;
- marketing service provider;
- Xolo’s affiliate. i.e. any company that directly or indirectly controls Xolo; any company that is directly or indirectly controlled by Xolo; or any company that is controlled, directly or indirectly, by the ultimate parent company of Xolo. Control shall mean owning more than fifty percent of the voting rights in a company or otherwise having the power to govern the financial and the operating policies or to appoint the management of a company;
- other parties involved with operating Xolo Community (accountants, auditors, lawyers, IT systems suppliers and support, or any other outsourcing providers).
Xolo has taken steps to ensure that these data recipients protect the confidentiality and security of Personal Data, and to ensure that Personal Data is Processed only for the purpose of enabling the Data Subject to use Xolo Community and in compliance with applicable law.
Such third parties may be located in countries outside of the European Economic Area (“EEA”) whose privacy regulations may differ and which are not subject to adequacy decisions of the European Commission. In those countries the security of the Personal Data (inc. protection against misuse, unauthorized access, disclosure, alteration or destruction) may not be ensured as it is secured in the European Union, due to the lack of adequate data protection level. When transferring collected Personal Data outside of the EEA, Xolo shall ensure the application of the appropriate safeguards.
6. Security
Xolo will take appropriate legal, organizational, and technical measures to protect Personal Data consistent with applicable privacy and data security laws. Security measures shall be applied in order to protect Personal Data from involuntary or unauthorized Processing, disclosure or destruction.
Upon transferring Personal Data to third parties, Xolo will make sure that (a) the third party is established in a jurisdiction which the European Commission has recognized as ensuring an adequate level of personal data protection, or (b) the Processing of Personal Data is subject to other appropriate safeguards stipulated in the GDPR.
7. Integrity and retention of the Personal Data
Xolo will retain Personal Data for the period required or permitted by applicable law, but no longer than it is reasonably necessary to achieve the purposes for which the Personal Data was collected.
Xolo takes reasonable steps to ensure that the Personal Data we Process is reliable for its intended use, accurate, and complete as necessary to carry out the purposes described herein.
8. Data Subject’s rights in regarding to the collection of Personal Data
The Data Subject has the following rights in relation to the Processing of his Personal Data:
- Request information – Xolo has provided all information which the Data Subject has the right to receive in this Policy. The valid version of the Policy is available on Xolo Community any time.
- Right to access – Data Subject has the right to ask Xolo to provide a copy of his/her Personal Data which Xolo Processes.
- Right to Rectification – Data Subject has the right to ask Xolo to rectify Personal Data in case the data is incorrect or incomplete.
- Right to Erasure – Data Subject has the right to ask Xolo to erase Personal Data, unless Xolo is obliged to continue Processing the Personal Data under law or under a contract between the Data Subject and Xolo, or in case Xolo has other lawful grounds for the continued Processing of Personal Data.
- Right to Restriction – Data Subject has the right to ask Xolo to restrict the Processing of his/her Personal Data in case the data is incorrect or incomplete or in case his Personal Data is Processed unlawfully.
- Right to Data Portability – Data Subject has the right to ask Xolo to provide him/her or, in case it is technically feasible, a third party, his/her Personal Data, which the Data Subject has provided to Xolo and which is Processed in accordance with the Data Subject’s consent or a contract between the Data Subject and Xolo.
- Right to Object – Data Subject has the right to object to Processing his Personal Data in case there is a reason to believe that Xolo has no lawful grounds for Processing the Personal Data.
- Right to withdraw Consent for the Processing of Personal Data – Data Subject is entitled to withdraw the consent granted for the Processing of Personal Data at any time. Withdrawal does not affect the lawfulness of the Processing conducted before the withdrawal.
- Right to File Complaints – Data Subject has the right to file complaints regarding Processing of his/her Personal Data.
In order to exercise any rights referred herein the Data Subject is required to submit a written application to Xolo (Xolo’s contact details can be find under Section 11). Xolo has the right to decline this application by justifying the reasons for the refusal.
According to article 12(3) of GDPR, Xolo is obligated to respond to the application within 1 month. However, Xolo will make its best efforts to respond to the Data Subject’s request within 1 week.
9. Cookies and tracking technologies
Xolo is using automatically collected information and other information collected within Xolo Community through cookies and similar technologies.
Cookies are small text files that a website or its service provider transfers to the Data Subject’s computer hard drive through his website browser (if the Data Subject allows) that enables the website’s or service provider’s systems to recognize the Data Subject’s browser and capture and remember certain information. For example, cookies may help a website remember certain preferences the Data Subject has selected on the website, such as language preferences.
Within Xolo Community, Xolo is using the following types of cookies:
- first-party cookies, which are stored to the Data Subject’s device by Xolo. These cookies allow website owners to collect analytics data, remember language settings, and perform other useful functions that provide a good user experience;
- third-party cookies, which are stored to the Data Subject’s device by other service providers on Xolo’s website. Xolo may use third-party analytics tools (such as Google Analytics), to help us measure traffic and usage trends for Xolo Community. Web analytic service providers analyse the usage of Xolo Community so that Xolo could improve and amend Xolo Community and functions thereof.
Cookies are being used to serve the following purposes:
- to store authentication information and protect Personal Data from third parties;
- to personalize Xolo Community, help remember the Data Subject’s choices within Xolo Community, understand and save preferences for future visits;
- to provide customized advertisements, content and information;
- to track the Data Subject’s entries, submissions, and status in any promotional or other activities on Xolo Community;
- to monitor and analyse the effectiveness of Xolo Community;
- to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
The Data Subject can delete or block cookies through his browser settings at any time. However, some cookies might be necessary for the functionality and usage of Xolo Community. Therefore, the Data Subject understands that when blocking or deleting the cookies some features within the website might not function correctly. For more general information about cookies please see www.allaboutcookies.org.
10. Right to amend this Policy
Xolo is entitled to unilaterally amend this Policy from time to time. Upon amending the Policy, Xolo will publish the updated Policy on the Xolo Community and notify the Data Subject about the terms by e-mail. In case the new terms refer to Processing of Personal Data for any new purpose, which requires the Data Subject’s consent, then Xolo will not Process Personal Data for such new purpose, before it has received respective consent.
11. Contact Information
Should the Data Subject have any questions regarding this Policy or Processing of Personal Data, they are welcome to contact Xolo with requests, inquiries or any complaints via email: info@xolo.io.
12. Confirmation
By accepting this Policy, the Data Subject confirms that he has familiarized himself with this Policy, understood it and agrees to its terms.
Last updated: April 2024