GDPR Compliance Notice
NOTICE TO RESIDENTS OF THE EUROPEAN UNION AND THE UNITED KINGDOM
This notice is intended to provide you with information about how Xstreamforce (the “Company”) collects, uses, and distributes information that we collect from you. Nothing in this notice should be construed as amending, modifying, replacing, or otherwise affecting the terms and conditions of any transactions between you and the Company, except that to the extent any such terms and conditions are inconsistent with the General Data Privacy Regulations of the European Union and the equivalent rules of the United Kingdom and any other applicable jurisdiction (altogether, the “GDPR”) those terms and conditions are VOID.
The Company collects certain information from and about you. This notice will explain what this information is, how it is used, what third parties receive it, and how you may instruct the Company not to collect, retain, or use certain of that information, and how to instruct us to delete this information from the Company’s own records. Please see below for: What Personal Information We Collect from You, What Non-Personal Information We Collect About You, a List of Third Parties Who Receive Information You Provide Us with Their Contact Information, and Instructions for Exercising Your Right to Instruct Us to Forget Your Information.
What Personal Information We Collect from You
Any information that you enter into any text field on any webpage on the domain https://xstreamforce.com/ (the “Website”) will be collected by the Company for internal use except where noted otherwise in this notice.
Information that you enter into the Website at the point of account creation will be used to create a customer profile for you, except for your password. This will include any information that you provide when creating your account, including an email address and other contact information, your name, your username, and address information. The Company maintains records of its customer profiles to facilitate checkout, enable for quick or automatic logins by customers, for purposes of counting the number of its customer profiles, and so that the Website and the Company can remember this information for future orders and visits to the website. You may change this information through your account settings at any time. If you delete your account, the company may retain certain of this information for future use, including for counting the number of customer accounts that have been deactivated, unless you instruct us otherwise. The Company uses customer relationship management tools (collectively the “CRMs”) so that its internal staff can rapidly communicate order information to other internal Company personnel, for example a salesperson forwarding your shipping address to a fulfillment specialist in order to complete your order. The CRMs do not receive a copy of your customer profile except insofar as the CRM’s software is used by the Company to manage and rapidly access customer profiles. The CRMs are third parties for purposes of the GDPR.
The password that you create for your account is not known to the Company or anyone else. The Website uses digital security tools (collectively the “Security Services”) which provides a system for recognizing, rejecting, and remembering your password. Your password is not stored by the Company. This Security Services do not receive any of your information other than your password in an encrypted form, and the email address you provided at the point of account creation or to which you have changed your account settings. You may change your password or this email address through your account settings at any time. If you delete your account, your password will be lost. The Company cannot provide you with your password, though the Security Service provides tools for changing and retrieving your password. The Security Services are a third party for purposes of the GDPR.
Information that you enter into the website at the point of creating an order is retained by the Company and is distributed for certain purposes. The shipping information that you enter will be communicated to the shipping service that is selected for delivery (collectively the “Shipping Services”) for purposes of fulfilling your order. This may include use by the Company and the Shipping Services for creating a shipping label, for packaging items for shipment, and for actual delivery. The Company may work with several different Shipping Services, including the Bulgarian Postal Services and GLS Services. The information collected at the point of checkout includes a name, address, and payment information. The Shipping Services are third parties for purposes of the GDPR.
Your payment information is collected by the Website in an encrypted form and is passed on to the Company’s merchant services (collectively the “Merchant Services Providers”), for purposes of securing payment between yourself and the Company. The Merchant Services Providers only receive information necessary to verify that any payments between yourself and the Company are authorized. The Merchant Services Providers will use encrypted tools to communicate with your bank, your credit card provider or whatever other accounts you use to pay for orders to the Company. Your credit card information or other payment information is not retained by the Company except as provided below. The Company does not maintain records of your credit card number or other payment information per se, except that if your billing address is the same as your shipping address and you instruct the Website to enter the same billing address as your payment address, the Website will use your stored shipping address as your billing address.
The Merchant Services Providers may receive requests from your bank, credit card provider or other payment providers in order to verify your transactions. The Merchant Services Providers may therefore periodically ask the Company to confirm certain of your order information, which the Company will provide if the Company believes that an order has been placed by you. The Merchant Services Providers are third parties for purposes of the GDPR.
The Company uses “cookies.” Cookies are small files that are you communicated to your web browser so that the Website can remember the selections and inputs you have made from one webpage to another within the Website. For example, if you select products for an order and then proceed to checkout, the Website will use a cookie to ensure that information from catalog webpages is accurately received by the checkout webpage. If you do not wish to receive cookies from the Website, please contact us at the information below and discontinue using the Website. Cookies are provided by our web hosts (collectively the “Web Hosts”). The Web Hosts are third parties for purposes of the GDPR.
What Non-Personal Information We Collect About You
The Company collects certain non-personal information about you. By “non-personal information,” we mean information about you that cannot be used, and is not stored, in a way that can identify you.
The Website will collect information about your location based on your IP address. An IP address is a non-static identifier that allows the Company to know, in general terms, where its users are located. An IP address is not the same as a physical address, and is not the same as either your shipping address or your billing address. The Company uses your IP address for internal purposes such as knowing which countries provide certain percentages of its users. The Company does not distribute your IP address to any other person. The Company does not verify your IP address or connect it to your shipping or billing address for purposes of checkout. Your IP is not and cannot be used by the Company to identify you personally. The Web Host will also know your IP address for purposes of logging visits to the Website from your IP address and for preventing distributed denial-of-service attacks, which are disruptive attacks on websites caused by very large numbers (hundreds of thousands or more) of near-simultaneous visits to the Website.
The Company collects information such as the number of users visiting the website at any given time, the times during which visitors visit the Website, the length of time that users use the website, which pages they visit, which products they order, and what other actions they take while on the website. This information is collected by the Website and is provided in an anonymized form to the Company’s data analytics providers (collectively the “Data Analytics Providers”). This information is used by the Company to track the engagement, general geographic origin, and headcount of its users. This information is combined together to provide general demographic information on the Website’s users. This information is not and cannot be used to identify you specifically. The Data Analytics Providers are third parties for purposes of the GDPR.
Instructions for Exercising Your Right to Instruct Us to Forget Your Information
The GDPR provides a generalized “right to be forgotten,” meaning that you have the right to instruct us to delete any and all information that the Company, the Website, or any of the third parties collects about you. Please contact us by email at admin@xstreamforce.com in order to instruct us to forget any or all of the information that the Company, the Website, or any of the third parties collects about you.