1. General Information
1.3. If our information practices change significantly at some time in the future, we will notify you of the policy changes before we use your data for these new purposes and we will provide you the ability to opt out of these new uses.
i) Only authorised persons use authorised data for authorised purposes;
ii) We understand that the security of your data is a priority which we review periodically in line with technological innovation;
iii) We are aware that personal data is not ours but belongs to its owners.
iv) We promote good practices in the area of Privacy, Data Protection and Information Security, and we continually review them from a standpoint of continuous improvement.
Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Websites: All Xpand IT websites under the master domains: xpand-it.com and writeback4t.com.
Cookies: Small data files stored on your hard drive or in device memory.
4. Information We Collect
4.1. What information do we collect?
We can collect the following information about you:
- Contact information such as name, email address, phone number, country, city
- Profile information such as job title, company or other business information
- Pictures: photos
- Billing information such as tax ID
- Software preferences, including software use and interests
- User web behavior
- IP addresses, URLs visited, and related information
- Cookies (see our Cookies policy)
- Education and work experience
- Usage data and information about the systems running our products
4.2. The personal data we collect is subject to computerised processing and stored in databases in strict compliance with the legislation in force on Data Protection and the rules on Information Security.
4.3. We shall only process your personal data in accordance with a specific and legitimate purpose or purposes, determined at the time of collection, and such data shall not be further processed in a manner incompatible with those purposes, except for archiving in the public interest, scientific or historical research, or for statistical purposes, in which cases, under the terms of the GDPR, the aforementioned incompatibility does not exist.
4.4. In the event of collection of special categories of personal data (“sensitive data”), they will only be processed in accordance with the exceptions set out in Article 9, paragraph 2 of GDPR.
5. Where do we collect information?
5.1. These are the activities where you will be asked to give us personal information:
|Activity where we ask for Personal Data||Data we ask|
|Webinars application forms||Contact and profile information|
|Training application forms||Contact, profile and billing information|
|Events application forms||Contact, profile, event pictures|
|Newsletter subscription||Contact information|
|Download content (e-books, case studies or others)||Contact and profile information|
|Access online support||Contact information|
|Product Sandboxes||Contact information, user web behavior|
|Job application form||Contact information, CV|
|Contact requests||Contact information|
|Digital surveys||Contact information, software preferences|
|Paper surveys||Contact information, software preferences|
|Events attendance||Contact information, software preferences|
|Recruitment activities (when you submit a spontaneous application or directly for an advertised position via our website; in job fairs, events, via a third-party; when applying through referrals provided by our employees and interviews)||Contact and profile information, education and work experience or other relevant information|
6. How do we use the information collected?
6.1. The information we collect about you is processed for the following purposes:
|Activity where we ask for Personal Data||Data we ask|
|Marketing and communication campaigns||Contact information, pictures, software preferences|
|Sales and to explore new marketing opportunities||Contact information, profile information, software preferences|
|Manage contractual relationship (if one exists)||Contact information|
|Send important notices, regarding changes to our terms, conditions, and policies.||Contact information|
|Explore new market opportunities||Profile information|
|Process and complete transactions and send related information, including purchase confirmations and invoices||Contact information, Billing information|
|Improve our products||User web behavior|
|Improve your browsing experience||Cookies|
|Recruitment||Education and work experience|
|Improve user experience||Anonymized product usage data and metrics|
|Resolve technical problems||Anonymized product usage data and metrics|
7. Personal Data of minors
7.1. Xpand IT products and services are not directed to minors.
7.2. If we become aware that a child under has provided us Personal Information, we will delete that information.
7.3. If you become aware a child has provided us with their Personal Information, please contact us immediately.
8. Security of your Personal Data
8.1. We use a variety of security technologies and procedures to help to protect your Personal Data from its dissemination, loss, misuse, alteration unauthorized access or disclosure as well as against any other form of illicit treatment.
8.2. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.
8.3. We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(i) the pseudonymisation and encryption of personal data;
(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(iv) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
9. Information Sharing and Disclosure
9.1. We will not share or disclose any of your Personal Data with third-parties except as described in this policy.
9.2. We do not sell Personal Data. We will not provide Personal Data to any third-party, without previous consent, that don’t have, at least, the same level of security as the one we have. We ensure that the necessary procedures are in place to preserve your legal rights over Personal Data.
9.6. Testimonials: We may display personal testimonials of satisfied customers. With your previous consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at any time.
9.7. With your previous consent: We will share your Personal Data with third-parties only when we have your consent to do so.
9.8. We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights or to comply with a law, court order, or legal process, but as far as is legally possible, we will inform you about such disclosure terms.
10. Your Rights
10.1. Under the provisions of the GDPR we guarantee you the exercise of your following rights as a data subject:
i) Right to Access – you have the right to request from us, among others, information regarding whether or not your data is being processed, what data we process and for what purposes.
You may also request a copy of your personal data processed by us. Further copies may be subject to payment of a reasonable fee, considering the administrative costs. If the request is submitted in an electronic format, and unless you indicate otherwise, the information will be provided by us in a commonly used electronic format.
ii) Right to Rectification – you have the right to have inaccurate personal data concerning you rectified and incomplete data completed, without undue delay.
iii) Right to Erasure – also referred to as right to be forgotten – you may request, under certain circumstances, that your personal data be deleted from our records, without undue delay, where any of the reasons set out in the GDPR apply.
iv) Right to Object – you have the right to object, on grounds relating to your situation, to certain types of data processing determined in the GDPR, such as processing for the purposes of direct marketing, in which case we shall cease processing for that purpose.
v) Right to Portability – you have the right to transfer your personal data that we keep to another organization or to receive it in a structured, commonly used, and machine-readable format.
vi) Right to Restriction of Processing – the right to obtain the restriction of the processing of your personal data where you wish, for example, to contest the accuracy of your personal data for a period of time that enables us to verify its accuracy, where the processing is unlawful or where you have exercised your right to object.
vii) Complaint –the data subject also has the right to lodge a complaint with a supervisory authority. The Portuguese supervisory authority is CNPD (Comissão Nacional da Proteção de Dados.
10.3 Within 30 (thirty) days you will receive a duly substantiated communication from us.
11. Retention of Personal Data
11.1. The period for which your data is stored varies according to the purpose for which the information is processed and in general Xpand IT will maintain your Personal Data records for the time needed to accomplish the purposes of processing and for legal reasons.
11.2. Subject to the rules stated at 11.1., above, in general terms, Xpand IT will maintain your Personal Data records for no more than 6 civil years, since the last contact with the data subject, unless special reasons may determine that Xpand IT maintains your Personal Data for a longer period, as authorized by law. The retention period, regarding recruitment purposes, is 10 years.
11.3. The Personal Data included at any agreement, invoice or other legal document or statement will be retained for the period that is legally necessary.
11.4. In any case, Xpand IT will always notify you of the deletion of your Personal Data.
12. Do we transfer your personal data internationally?
12.1. We may need to communicate personal data to third countries or international organizations. In this case, we will strictly comply with the applicable legal provisions and determine the suitability of the country or organisation in question with regard to the requirements applicable to such transfers.
12.2. In particular, we will take care that the data is securely transmitted, that the third parties are contractually bound to respect the confidentiality of the data received, and that they do not use the data for any purpose other than the purpose for which it was transmitted.
14. Contact us about privacy questions
Email – [email protected]
Phone Number: +351 21 896 7150
Address – Rua do Mar Vermelho nº 2, Fracção 2.3, 1990 – 152 Lisboa
15.3. After such publication, you are bound by the new terms when you browse our website and whenever you interact with us.