Every time personal information is gathered, stored and/or processed by the Administrator, it is done strictly according to the GDPR regulations.

The most common cases for which the Administrator gathers, stores and processes personal data are:

• Recruitment
• Business Development
• After-sales Management
• Marketing
• Event Management
• Accounting

In case personal data is planned to be collected for other purposes, a special consent from customers and/or users for each specific purpose will be requested.

All personal data collected is strictly for internal use only, and won't be shared with any other external parties.

After the proper consent has been granted, the Administrator can collect, process and store the following data:

• Name and Surname
• E-mail address
• Phone number
• Physical address
• URL addresses linking to personal data
• Previous Employment and Education details
• Bank account number (for customers only)
• Any other invoicing data (for customers only)
• Company details (for customers only)
• Contact person details (for customers only)

Customers and users have the right to request access to their personal data and request its edition at any time.

Customers and users have the right to re-define the scope in which their personal data can be processed and stored.

Customers and users have the right to request the deletion of their personal data from the Administrator's database at any time.

Customers and users have the right to request to be forgotten according to the GDPR's Art. 17.

For security and tracking purposes, customers and users must request to perform any of the changes mentioned above or to request the deletion of their personal data by sending the request in a written form to info@xsoftware.com.

All requests sent directly to the administrator in a written form will be treated within 72 hours.

The Administrator makes sure all necessary technical means are implemented in order to keep all stored Customers and Users data safe from external agents. Especially to avoid:

• Data disclosure to non-authorized persons
• Data leaks out of the Administrator's business tools
• Data theft

The Administrator makes sure all necessary technical means are implemented to avoid data edition or deletion by non-authorized persons.

The security measures include:

• HTTPS Protocols
• Data Encryption
• Password Policy

The website makes reference to external websites or third party services. The Administrator strongly recommends to get familiar with the privacy policy and terms of use of each one of those external sites and/or third party services since they are in no way under the administrator's scope of liability.

The Administrator reserves the right to perform any changes in the Policy, which can be necessary (but not limited) due to legal changes, especially in the frame of the GDPR requirements, having impact in our obligations and/or customers and users rights.

If any change in the Policy is performed, a clear announcement informing about the changes implemented will be published.

The current Policy should be treated as a general reference document, for general information purposes only. It is not a legal document or a contract. In case any doubts, concerns or questions emerge after reading it, please contact the Administrator.