Privacy Policy | XES Solutions

Who we are

Our website address is: https://xes-solutions.com/.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

When you submit information through our contact forms, we collect the information you provide, including your name, email address, phone number (if provided), and message content. We use this information solely to respond to your inquiry and provide the services or information you requested. We do not use contact form submissions for marketing purposes unless you explicitly opt-in to receive marketing communications. Contact form data is retained for up to 2 years for customer service purposes.

Legal basis for processing: We process contact form data based on our legitimate interest in responding to your inquiries and providing customer service, as permitted under Article 6(1)(f) of UK GDPR.

Legal basis for processing

Under UK GDPR, we must have a legal basis for processing your personal data. The legal bases we rely on include:

Consent: Where you have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications)
Contract: Where processing is necessary for the performance of a contract with you
Legal obligation: Where processing is necessary for compliance with a legal obligation
Legitimate interests: Where processing is necessary for our legitimate interests, provided your rights and freedoms are not overridden

We will inform you of the specific legal basis for processing your data when we collect it.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use Google Analytics to understand how visitors use our website. Google Analytics collects information such as how often users visit the site, what pages they visit, and what other sites they used prior to coming to this site. We use this information to improve our website and services. Google Analytics only collects the IP address assigned to you on the date you visit this site, rather than your name or other personally identifying information. We do not combine the information collected through Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Service and the Google Privacy Policy.

Legal basis for processing: We process analytics data based on our legitimate interest in understanding website performance and improving user experience, as permitted under Article 6(1)(f) of UK GDPR.

Who we share your data with

We do not sell, trade, or otherwise transfer your personal information to third parties without your explicit consent, except as described in this privacy policy and as permitted under UK data protection law. We may share your information with:

Service providers: Third-party companies that help us operate our website and provide services to you (e.g., hosting providers, email service providers, analytics providers). These companies are contractually obligated to keep your information secure and confidential and process data only in accordance with our instructions.
Legal compliance: We may disclose your information when required by law, court order, or regulatory authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, in compliance with UK GDPR requirements.
Business transfers: In the event of a merger, acquisition, or sale of our business, your information may be transferred to the new owners, subject to appropriate data protection safeguards.

All data sharing arrangements comply with UK GDPR and Data Protection Act 2018 requirements, including appropriate data processing agreements and safeguards.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Contact form submissions are retained for 2 years. Analytics data is retained according to Google Analytics’ data retention settings (currently 26 months). Account information is retained until you request deletion or close your account.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

Right of access: Request copies of your personal data
Right to rectification: Request correction of inaccurate personal data
Right to erasure: Request deletion of your personal data
Right to restrict processing: Request restriction of processing your personal data
Right to data portability: Request transfer of your personal data to another service
Right to object: Object to our processing of your personal data
Rights related to automated decision making: Rights regarding automated processing and profiling

To exercise these rights, please contact us using the information provided below. We will respond to your request within one month of receipt.

If you are not satisfied with how we handle your request, you have the right to complain to the Information Commissioner’s Office (ICO). You can contact the ICO at: https://ico.org.uk/make-a-complaint/ or telephone: 0303 123 1113.

Where we send your data

Visitor comments may be checked through an automated spam detection service. We use Akismet for spam detection, and their privacy policy can be found at: https://automattic.com/privacy/.

Some of our service providers are located outside the UK and European Economic Area (EEA). When we transfer your personal data outside the UK/EEA, we ensure appropriate safeguards are in place, such as:

Adequacy decisions: Transfers to countries deemed adequate by the UK government
Standard contractual clauses: EU-approved standard contractual clauses
Certification schemes: Transfers under approved certification schemes

By using our website, you acknowledge and consent to such transfers where necessary for the provision of our services.

Your contact information

If you have any questions about this privacy policy or wish to exercise your data protection rights, you can contact us at:

Email: info@xes-solutions.com
Address: Booths Park, Chelford Road, Knutsford, Cheshire, WA16 8GS
Telephone: 01565 361239

We will respond to your inquiry within one month of receipt, as required under UK GDPR. In complex cases, we may extend this period by a further two months and will inform you of any such extension.

Additional information

Children’s Privacy

Our website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information from our records.

International Transfers

If you are located outside the UK, please note that your information may be transferred to and processed in the UK, where our servers are located and our central database is operated. The UK maintains data protection standards equivalent to those in the EU.

For transfers outside the UK/EEA, we ensure appropriate safeguards are in place as outlined in the “Where we send your data” section above.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new privacy policy on this page and updating the “Last Updated” date. Your continued use of our website after any changes indicates your acceptance of the updated privacy policy.

How we protect your data

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: We use SSL/TLS encryption to protect data in transit
Access controls: Limited access to personal data on a need-to-know basis
Regular updates: We keep our software and security systems up to date
Monitoring: We monitor our systems for potential security threats
Staff training: Our team is trained on data protection and security practices

However, no method of transmission over the internet or electronic storage is 100% secure, so we cannot guarantee absolute security.

What data breach procedures we have in place

In the event of a personal data breach, we will:

Immediate response: Contain the breach and assess its scope and impact
Investigation: Conduct a thorough investigation to understand the cause and extent of the breach
ICO notification: Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach is likely to result in a risk to the rights and freedoms of individuals
Individual notification: Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
Remediation: Take immediate steps to remedy the breach and prevent future occurrences
Documentation: Maintain records of all personal data breaches, including facts, effects, and remedial action taken, as required under UK GDPR

We maintain a breach register and will cooperate fully with the ICO in any investigation.

What third parties we receive data from

We may receive data about you from the following third-party sources:

Social media platforms: If you interact with our social media profiles or use social login features
Analytics providers: Demographic and interest data from Google Analytics
Marketing platforms: If you engage with our marketing campaigns through third-party platforms
Public databases: Publicly available information used for business verification purposes
Partners: Business partners who refer customers to us (with appropriate consent)

What automated decision making and/or profiling we do with user data

We may use automated systems for the following purposes:

Spam detection: Automated analysis of comments and form submissions to identify spam
Content recommendations: Automated suggestions for relevant content based on your browsing behavior
Security monitoring: Automated detection of suspicious activity or potential security threats
Analytics: Automated analysis of website usage patterns to improve user experience

We do not use automated decision-making for any decisions that would significantly affect you legally or similarly. You have the right to request human review of any automated decisions that affect you.

Industry regulatory disclosure requirements

UK GDPR and Data Protection Act 2018: This privacy policy complies with UK GDPR and the Data Protection Act 2018. As outlined above, you have specific rights under this legislation regarding your personal data.

ePrivacy Directive: We comply with the ePrivacy Directive (as implemented in UK law) regarding cookies and electronic communications.

Other Jurisdictions: For users located outside the UK, we comply with applicable data protection laws in your jurisdiction, including EU GDPR for EU residents. If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA).

Cookies Regulations: We comply with UK cookie regulations and the Privacy and Electronic Communications Regulations (PECR) regarding the use of cookies and similar technologies.

ePrivacy Directive: We comply with the ePrivacy Directive (as implemented in UK law) regarding cookies and electronic communications.

Cookies Regulations: We comply with UK cookie regulations and the Privacy and Electronic Communications Regulations (PECR) regarding the use of cookies and similar technologies.

Last Updated: 18^th August 2025

Contact Information: info@xes-solutions.com