Summary 

Xalient respects your privacy and is committed to protecting personal information that we hold about you. We are a global organisation with a presence in many countries. When we refer to “Xalient” or “we”, “us”, or “our”, this includes any of our group companies that provide you with the Xalient websites, products, or services in your country.

This policy describes how we collect, use, store, disclose, and protect personal data in our operations, services, and on our website. It applies to employees, contractors, customers, suppliers, partners, and visitors to our site. We process all personal data in compliance with applicable privacy and data protection laws, including the UK GDPR, EU GDPR, any relevant US privacy laws, and India’s Digital Personal Data Protection Act 2023.

This policy aligns with our ISO27001:2022-based Information Security Management System (ISMS).

Why It Matters 

Protecting personal information is essential for maintaining trust with our stakeholders, ensuring legal compliance, reducing security and reputational risk, and meeting the confidentiality, integrity, and availability goals of our ISMS.

Scope 

This policy applies to all personal data processed by Xalient globally, including data collected directly from individuals or through our services, systems, and websites. It applies equally to all Xalient employees, contractors, customers, and third parties handling personal data on our behalf.

Principles

1. Lawfulness, Fairness & Transparency
We process personal data on lawful bases (contract, consent, legitimate interest, legal obligation) and in a transparent manner, providing clear notices of how data is used.

2. Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes and not processed in ways incompatible with those purposes.

3. Data Minimisation
We collect only the personal data necessary for fulfilling our stated purposes.

4. Accuracy
We take reasonable steps to ensure that data is accurate, up to date, and correct, and to erase it when necessary.

5. Storage Limitation
Personal data is retained only for as long as necessary for legal, contractual, or legitimate business reasons (or as required by law). Afterwards, data is securely deleted or anonymised.

6. Integrity & Confidentiality (Security)
We protect personal data via appropriate technical and organisational measures: encryption (in transit and at rest), access controls, audit logs, network security, regular ISMS audits, and ISO27001-aligned controls.

7. Accountability
We maintain records of processing activities, conduct regular privacy reviews, provide training to our staff, and remain responsible for ensuring compliance with this policy.

8. International Transfers
When transferring personal data outside the UK or the EEA, we ensure adequate safeguards (e.g., adequacy decisions, standard contractual clauses (SCCs), including, as appropriate, any addenda thereto for transfers to third countries, or other lawful mechanisms).

9. Individual Rights
Data subjects have rights, including:

• Accessing copies of their data
• Rectification. Correcting inaccuracies or incomplete data
• Deletion/erasure (where lawful and under certain conditions)
• Objecting to processing (mainly where it is based on legitimate interest)
• Requesting restriction/suspension of processing
• Data portability (where applicable)
  Withdrawing consent (where processing is based on consent)
  
  

Under specific US State laws, data subjects may have the right to:

• The right to know what personal data is collected, used, shared, or sold
• The right to opt out of the sale of personal data
  
  

To exercise these rights, contact: securityteam@xalient.com. We may require identity verification to process your request.

10. Marketing & Communications
We send marketing or promotional communications only with consent or under legitimate interest, subject to opt-out rights.

11. Cookies & Tracking
Our website uses cookies and similar technologies for functional, preference, statistical, and marketing purposes. Users can manage their preferences or block cookies via their browser settings, although some site functionality may be impaired. We anonymise IP addresses where collected.

What Information We Collect

We collect personal data when you:

• Engage with us (e.g. become a customer, register interest, contact us)
• Use our website (e.g. visit pages, request downloads, submit forms)
• Interact in marketing or social media (e.g. via webinars, newsletters)
• Enter contractual relationships or supply arrangements
• Become a member of our staff
• Provide feedback or complete surveys
  
  

Typical categories include: name, title, email, phone, address, IP/MAC addresses, job role, company, billing/payment information (for customers or contractors), bank account information (for staff) and other business-relevant data. We do not collect special category data (e.g. health, racial origin) except where required for staff (for safety, disability adjustments, etc.). For clarity, the website, products or services we provide are directed at businesses only.

How We Use Your Information

We use personal data to:

• Deliver products, services, and contractual obligations
• Communicate updates, notifications, support or changes
• Tailor and improve the user experience on our website
• Conduct internal analysis, process optimisation, security, and fraud detection
• Send marketing (where permitted)
• Fulfil legal, tax, audit, or regulatory obligations
  
  

We only process your data for the purpose for which it was collected or as otherwise permitted by law (e.g. legitimate interest, consent).

How We Share Information

We never sell personal data. We may share it with:

• Affiliated Xalient entities (on a need-to-know basis)
• Service providers (e.g. mailing, payment processing, auditing, administrative, security, insurance)
• Distributors or partners (where you consent or to fulfil services)
• Regulators or law enforcement, if legally required
• Debt recovery/collections, if necessary, to secure owed amounts
  
  

When we share or transfer data outside the UK/EEA, we impose contractual safeguards (such as standard data protection clauses and adequacy) and ensure continued governance in accordance with this policy.

Data Retention

We only keep your personal data:

• for as long as we need to, to be able to use it
• for the reasons given in this policy, and
  for as long as we are required to keep it by law.
  
  

Security Measures

• Data in transit is protected via TLS/SSL
• Stored data is encrypted or access-restricted
• Access control by role and need-to-know
• Periodic audits, vulnerability assessments, and ISO27001 conformity checks
• Internal incident response and breach escalation procedures
  
  
•  

Changes to this Policy

We may update this policy periodically. Material changes will be communicated (e.g. via website notice or direct communication). The current version was last updated on our site on 15th October 2025.

Contact & Complaints

If you have questions, concerns, or wish to make a complaint about our handling of personal data, contact securityteam@xalient.com or:

The Compliance Team
Xalient
1 East Parade
Leeds, LS1 2AA

If you remain dissatisfied, you may contact your local supervisory authority in the country where we provided you with the Xalient websites, products or services.