Thank you for your interest in this Privacy Policy. You are about to read more about the processing of your Personal Data by us and the rights to which you are entitled.

This Privacy Policy applies to www.x-errion.com operated by Xerrion of Cottage Close, Harrow, HA2 0HA (hereinafter "us" or "we") acting as the data controller in accordance with the UK`s Data Protection Act (“DPA”). As well as the EU`s General Data Protection Act (“GDPR”).
 
If you have any questions about how we handle your Personal Data or about data protection in general, you can reach us at info@x-errion.com.

Handling of Personal Data
In the following, we would like to inform you about our handling of Personal Data when you use this website. 

Unless otherwise described in the following sections, the legal basis for handling your Personal Data follows from the necessity of such handling for the provision of the functionalities requested by you on this website (Art. 6(1)(b) of the GDPR).

Accessing the website
When you call up our website, your browser transmits certain data to our web server for technical reasons in order to provide you with the information you have called up. To enable you to visit the website, the following data is collected, stored for a short time and used:

IP address
Date and time of the request
Time sone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Operating system and its interface
Access status / HTTP status code
Amount of data transferred
Website from which the request came
Browser, language, and version of the browser software

In addition, we store this data for a limited period of time to protect our legitimate interests, in order to be able to trace Personal Data in the event of unauthorised access or attempted access to our servers (Art. 6(1)(f) of the GDPR).

Use of cookies
Cookies" are small files that are stored on your device. Different information can be stored within the cookies. We may use temporary and permanent cookies and will explain this in our Cookie Policy. The legal basis for the use of cookies is either your consent or our legitimate interest (Art. 6(1)(f) of the GDPR).

Hosting 
To provide our website, we use the services of Wix.com Ltd of 40 Namal Tel Aviv Street Tel Aviv, 6350671 Israel who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website (Art. 6(1)(f) of the GDPR).

Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. 

For the Chat, we use Ascend by Wix.com Ltd. We have no influence on the processing of data by Wix and no possibility to influence it. 

The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your request (Art. 6(1)(b) and (f) of the GDPR).

When using our services
We process the data of our service users in order to be able to provide our services as well as to ensure the security of our services and to be able to develop them further. The legal basis for the processing of your Personal Data is the establishment and implementation of the service contract (Art. 6(1)(b) of the GDPR) for the use of the service as well as consent (Art. 6(1)(a) of the GDPR). 
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data by submitting your request to us in writing. 
Some of the data you choose to provide may be considered non-personal data and/or “special” or “sensitive” in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data (Art. 6(1)(a) of the GDPR). 
Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us. 

Unless otherwise specified the purposes of processing are contractual performance and service, contact requests and communication, office and organisational procedures, administration, and response to requests, visit action evaluation. The legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations as well as your Consent.
You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us in writing to info@x-errion.com. 

Administration, financial accounting, office organisation, contact management
We process data provided during the provision of our services in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. 

In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services (Art. 6(1)(c), (b) and (f) of the GDPR).

Furthermore, based on our business interests, we store information on tutors, and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently (Art. 6(1) (f) of the GDPR).

Tutorials, lessons and Online Meetings
We use Zoom, Skype or Google meets or other similar services to conduct online meetings and various types of data are processed when using an online platform for meetings. The scope of the data depends on the information you provide before or during the online meeting. The legal basis for this is our legitimate interest in effective customer communication and, insofar as it concerns an enquiry to enter into or fulfil a contract, also contract(Art. 6(1)(b) and (f) of the GDPR).

Testimonials
Within your testimonial you may be able to display certain information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. Content and data is publicly viewable. You have choices about the information on your testimonial. You don’t have to provide additional information on your testimonial. It’s your choice whether to include sensitive information on your testimonial and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the storage is our legitimate interest and your consent (Art. 6(1)(f) and (c) of the GDPR).

Work at Xerrion
If you apply to join our team, we process the information we receive from you as part of the application process. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us. 

Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process. 

The legal basis for processing data during the application process contract and, and your consent, for example by sending us information that is not necessary for the application process (Art. 6(1)(b)and (a) of the GDPR). The legal basis for data processing after a rejection is our legitimate interest (Art. 6(1)(f) of the GDPR). 

As a rule, we do not require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data. Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties. Your data will be processed by us or on our behalf.

You are not obliged to provide us with personal data. However, we can only assess your suitability for the respective position under consideration if we receive information in particular about your education, work experience and skills, and we cannot include you in the application process without providing your contact details.

Marketing
Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to (Art. 6(1)(a) of the GDPR).

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission, or sometimes your consent is implied from your interactions or contractual relationship. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.

Our Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.

Social media
We are present on social media on the basis of our legitimate interest. If you contact us via social media platforms, you should note that the chat history can neither be deleted by us nor by you. And that, in accordance with the DPA and GDPR, the relevant social media platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. 

A Joint Controller Agreement itself is very legalistic and lengthy, but in a nutshell, it clarifies how the jointly responsible parties will fulfil the obligations arising from data protection laws that are applicable to them. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service, if any (Art. 6(1)(f) and (a) and (b) of the GDPR).

Transfer of data for processing on our behalf
We sometimes use specialised service providers to process your data. Our service providers are carefully selected and regularly monitored by us. They process Personal Data only on our behalf and strictly in accordance with our instructions on the basis of corresponding contracts for commissioned processing.

Information about your rights
The following rights are available to you under applicable data protection laws:

Right to obtain information about the data we hold about you;
Right to rectify, erase or restrict the processing of your Personal Data;
Right to object to processing which serves our legitimate interest;
Right to data portability;
Right to complain to a supervisory authority;
You can revoke your consent to the collection, processing and use of your Personal Data at any time with effect for the future. 

If you wish to exercise your rights, please contact us.

The Supervisory Authority
The competent data protection authority in the UK is:

The Information Commissioner`s Office (ICO) 
Wycliffe House, Water Ln, 
Wilmslow SK9 5AF, UK 
www.ico.org.uk

Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us using info@x-errion.com. 

Access Request 
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same using info@x-errion.com. 

We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).

Data Security
Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.

All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.

We also use technical and organisational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. 

Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Personal Data and children 
We will not knowingly collect, use, or disclose Personal Data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. 

Changes and Updates 
We may update this privacy policy from time to time. Updates to this privacy policy will be published on our website. Changes will apply from the time of their publication on our website. We therefore recommend that you visit this page regularly to find out about any updates that may have been made. This Privacy Policy was last updated on Monday, 09 January 2023.

Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your Personal Data on our part, or any other questions or comments, or wish to exercise your rights under applicable laws, please contact us.