Last Updated: Friday 25th May 2018
To summarise, our intentions are to collect as little personal data on you as possible, store the collected personal data for as short as legally possible and then delete it as soon as possible when it is no longer required.
What personal data is being collected with your consent?
The following personal data is collected on Xestia Gelforn:
What personal data is being collected without your consent?
- When signing up an account: potentially a name (if a real name is used), email address and IP address as personal data is collected.
- Project management: Project management functions which makes changes to a project will record your IP address.
The personal data that is being collected without your consent is for the purposes that is to ensure network security, preventing malicious code distribution, stopping denial of service attacks and potential damage to the server our services are running on.
The following personal data is collected on xestia.co.uk and Xestia Gelforn and stored within our website logs without consent is:
IP Address, browser version and operating system version (which is dependant on the browser).
On Xestia Gelforn only:
Failed login: An IP address is collected each time a failed login occurs.
Where is my personal data stored?
The collected personal data is stored on a server based in the United Kingdom of Great Britain and Northern Ireland within the nations of England & Wales.
The collected personal data will not be transferred or processed outside the European Economic Area (EEA).
How is my personal data being used?
Your personal data is used in the following ways:
- For verifying that you are user that has privileges to manage a project.
- If the account is locked out, then the email can be used to recover access to the account and set a new password.
- Detect malicious IP addresses that could cause and have caused damage to xestia.co.uk and Xestia Gelforn.
Cookies are not used anywhere on xestia.co.uk.
No tracking cookies and analytic software (either external or internal) is used on xestia.co.uk and Xestia Gelforn.
How long is my personal data stored?
Your personal data will be stored and deleted automatically in the following circumstances:
For both xestia.co.uk and Xestia Gelforn:
- Older website logs for xestia.co.uk and Xestia Gelforn are deleted after 180 days.
- Regular backups which contain your personal data older than 28 days are deleted.
For Xestia Gelforn in relation to the logs stored within it’s database:
The IP address for a user when creating an account on Xestia Gelforn will be removed and set to “0.0.0.0/0” or “::/0” after 180 days from the moment of registration.
The IP address within a log record in the database will be set to “0.0.0.0/0” or “::/0” after 180 days from the moment of the project management function being used.
Will my personal data be shared with third parties?
Your personal data will not be shared with third parties.
We do not knowingly collect data from unsupervised children from the age of 18. If you are under the age of 18, you cannot create or use an account on Xestia Gelforn unless your parent/guardian have provided us with consent to allow this.
If you are a parent and would like to give us consent, please send an email to email@example.com
Responding to court orders and notices from law enforcement, regulators and other public agencies
If we are served with a court order or a notice from a law enforcement, regulator or another public agency, we are required to process your personal data in order to comply with that court order or notice.
Right of access
You have the right to ask us for access to any of your personal information that we have stored on our server. You can ask us for the following:
- Confirmation if we have any of your personal information stored on our server
- A copy of your personal information stored on our server
- Details about how and why we use your personal information
For nearly all circumstance there is no fee is charged for this. Requests for your personal information that is regarded as manifestly unfounded or excessive we may charge a reasonable fee.
To ask us for access to any of your personal information, please send an email to firstname.lastname@example.org
Right to rectification
If any of the personal data we hold is inaccurate, you have the right to ask us to make any required changes.
To ask us to correct any of your inaccurate personal information, please send an email to email@example.com
Right to erasure
If you are no longer happy for us to hold your personal data, you have the right to ask us to erase (delete) the personal data we hold on you (partially or completely).
To ask us to erase your personal information, please send an email to firstname.lastname@example.org
Right to restrict processing
If you wish for us to restrict processing of your data, you have the right to ask us to restricting the processing of your data.
To ask us to restrict processing of your data, please send an email to email@example.com
Right to data portability
If you want your data in a portable format (text document, XML, etc), you have the right to ask us to provide your personal information in a portable format so that it can be used elsewhere.
To ask us to send your personal information to you in a portable format, please send an email to firstname.lastname@example.org
Right to object
If you feel that the way we collect your personal data is not valid then you have the right to ask us to consider any valid objections which you have to the use of your personal information.
To ask us to consider your valid objection, please send an email to email@example.com
Right not to be subject to automated decision-making including profiling
You have the right to ask us to not be subject to automated decision-making including profiling.
We do not do any automated decision-making including profiling at present.
To ask us to not be subject to automated decision-making including profiling, please send an email to firstname.lastname@example.org
The GDPR was adopted on Thursday 14th May 2016 by member states of the European Union and the Data Protection Act 2018 received Royal Assent (a bill is made into law) on Wednesday 23rd May 2018.
The GDPR was implemented (and became active) across the member states on Friday 25th May 2018.