We are committed to protecting your privacy. We will only use the information that we collect about you lawfully in accordance with the current data protection legislation, including but not limited to the Data Protection Act 1998 and the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), unless and until the GDPR is no longer directly applicable in the UK and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then any successor legislation to the GDPR or the Data Protection Act 1998.
WHO THIS NOTICE APPLIES TO
This Privacy Notice tells you what to expect when Crossover Technologies collects personal information from you as a data subject. It applies to information we collect about:
- OUR RETAIL CUSTOMERS
- CUSTOMERS OF OUR WEB AND DATA SERVICES
- CUSTOMERS IN CONJUNCTION WITH OUR PARTNERS
- DATA ON OUR CUSTOMERS' CUSTOMERS
- OUR PARTNERS
- VISITORS TO OUR WEBSITE
- CUSTOMERS OR OTHER INDIVIDUALS WHO COMPLAIN ABOUT OUR PRODUCTS OR SERVICES
WHO WE ARE
We are a company that specialises in providing a variety of software products and services to sports retailers worldwide including electronic point of sale software, product database, stock taking applications, driving range management systems, support package, bespoke retail consultancy services and expert independent stocktake services.
Our contact details are:
- Company: Crossover Technologies Ltd (company number 04722854)
- Website: https://www.crossovertec.co.uk/
- Email: email@example.com
- Tel: 01454 418395
- Address: Ground Floor, Elm House 11 Fountain Court, New Leaze, Bradley Stoke, Bristol, England, BS32 4LA
DATA WE COLLECT AND OUR BASIS FOR PROCESSING
We may require information identified below primarily to allow us to perform our contract with the customer and to enable us to comply with legal obligations. In some cases we may use personal information to pursue legitimate interests of our own or those of third parties, provided the data subject’s interests and fundamental rights do not override those interests. The situations in which we will process personal information are identified below.
1. OUR RETAIL CUSTOMERS
Crossover Technologies holds the contact details of our retail customers around the world, so that we can provide support on the products and services that we sell to our customers, as well as being able to manage the relationship with our customers, such as billing and other management information. Where appropriate, we share these with our partners who are sales or support associates who operate in other geographical locations.
The legal basis for this processing is the performance of a contract between the customer and us and/or taking steps, at a customer’s request, to enter into such a contract.
We do not store any bank or credit card details for our customers.
2. CUSTOMERS OF OUR WEB AND DATA SERVICES
Crossover Technologies holds the contact details of our customers who buy and use our web and data services so that we may provide support on these services, as well as being able to manage the relationship with our customers, such as billing and other management information. We may also hold log-in information for these services so that we are able to manage and support these services for our customers.
The legal basis for this processing is the performance of a contract between the customer and us and that it is in our legitimate interests to do so for the purposes of communications and customer satisfaction.
3. CUSTOMERS IN CONJUNCTION WITH OUR PARTNERS
Crossover Technologies partners with 3rd party providers worldwide to provide additional services to our customer base. These partners may provide products and services directly to our customers or indirectly through Crossover Technologies in conjunction with some of our products and services. In these cases, our partners (3rd party provider) will have access to the contact details for the customer and to any data that they process or store on their behalf.
The legal basis for this processing is the performance of a contract between the customer and us or the 3rd party provider and that it is in our legitimate interests to do so for the purposes of communications and customer satisfaction.
4.DATA ON OUR CUSTOMERS' CUSTOMERS
Where our customer has Support from us, Crossover Technologies retains a back-up of our customers’ system data which will contain data on our customers’ customers. This data is held securely on our servers as part of a back-up solution we provide for our customers. The legal basis for this processing is the performance of a contract between the customer and us.
Where we have permission, we capture sales data from our retail customers. This can then be provided to a Buying Group or 3rd party subject to the required consents. The legal basis for this processing is consent.
5. OUR PARTNERS
Crossover Technologies works with a number of partners, who are usually sales or support associates who operate in other geographical locations. We hold contact details on these partners. The legal basis for this processing is the performance of a contract between the customer and us and/or our legitimate interests, namely our interest in the proper administration of our website and business.
6. VISITORS TO OUR WEBSITE
Cookies are small text files that are placed on your computer when you visit a website. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Such data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
7. CUSTOMERS OR OTHER INDIVIDUALS WHO COMPLAIN ABOUT OUR PRODUCTS OR SERVICES
When we receive a complaint in a phone call, we record the complaint in our ticketing tool and customer management tool including the details of the complaint, and where appropriate the details of any other individuals involved in the complaint. Where a complaint is received via an email or letter, it is passed onto the management team.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. The legal basis for this processing is our legitimate interests, namely monitoring and improving our services and dealing with customer complaints.
CONSEQUENCES OF FAILING TO SUPPLY YOUR PERSONAL DATA
If the provision of personal data is part of the contractual requirement between us and our customer there may be possible consequences of failing to provide the personal data. For example, we will be unable to perform the contract if we do not have the personal data requested from you or we may be unable to provide you with the products, services and support services that you have ordered.
From time to time we would like to contact our customers via email, phone or post with XPOS, or retail-related, news, updates or information that, we believe, would enable them to get the most out of their service. In order to do so customers are asked to specifically opt-in. If they chose to opt-in to our marketing, their information will not be shared with any third parties and they can unsubscribe at any time via phone, email or our website. Marketing opt-in permissions are offered as follows:-
Both customers and enquirers who contact us via our website, are also given an opportunity to either amend, or select, their marketing permissions.
Service messages about our products and services are provided to all our customers where relevant, regardless of marketing permissions. This enables us to communicate when a product or service may be out of service, when an update to our products or services may be available, or when, for instance, we are doing maintenance work and a product or service may be unavailable for a period of time. Service messages are usually sent via email and/or via the XPOS system itself.
Existing customers who have bought (or negotiated to buy) a product or service from us in the past may be offered similar products or services unless they have specifically opted-out when we originally obtained their personal data. Customers will always be given an option to unsubscribe within any marketing emails they receive from us.
DISCLOSURE OF PERSONAL INFORMATION
In the cases below, we may share your information with another party:
- Retail buying groups where we share customer contact and sales data with these buying groups so that they can manage their retail accounts and market to the consumer.
- We may share customer contact and sales data with a third party to produce market level reports and analysis.
- We may share end customer contact data and/or sales and/or product data with a third party at your request.
- Our customers are occasionally contacted and asked for feedback on our products and services by an external firm as part of our customer survey.
- We may share some of our customer’s and prospective customer’s contact details with our sales and support partners. Our sales and support partners may provide support to our customers on our behalf in order to satisfy our contract with the customer. These partners will also have access to the customer’s backup data. This information is held securely by our partners.
- We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes of satisfying our contract with the customer.
- Financial transactions relating to our website and services may be handled by our payment services providers, Global Payments. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
- In addition to the specific disclosures of personal data set out in this Notice, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- For the purposes of IT hosting and maintenance our customers’ personal data is located on servers within the EU (Microsoft Azure).
TRANSFERS TO THIRD COUNTRIES AND SAFEGUARDS
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. If our customer is outside of the EU their data may be shared with our support and sales partners which are local to them. For example, our Australian customers’ data may be shared with our support and sales partners in Australia. Our Australian support partners will then have access to backup data of our customers that region. Where our European or Australian support partners are unable to resolve an issue for a customer, the data may be passed back to us in UK for further investigation and resolution.
LINKS TO OTHER WEBSITES
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit as we will not be responsible for any data obtained through third party websites.
Our data retention procedure is designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
We shall not keep any personal for longer than is necessary for its purpose or purposes.
We will retain and delete your personal data as follows:
- We may retain personal data following the termination of a contract or negotiations over a prospective contract for administrative purposes or to deal with any post-termination enquiries from you but we will not hold this information for more than 12 months after the last contact we have had with the customer.
- When a software user no longer requires our support services, we will retain the back-up data for a period of 12 months from the end of the support contract (to avoid administrative error and in case the Controller requires the data), at the end of which period we will delete the back-up data from our systems.
Notwithstanding the above, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you
YOUR RIGHTS AS A DATA SUBJECT
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
1. Right of access – You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. You have the right to request a copy of the information that we hold about you and providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data within one month of your request.
2. Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. The information we hold will be accurate and up to date. You can check the information that we hold about you by e-mailing us. If you find any inaccuracies we will delete or correct it promptly.
3. Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
4. Right to restriction of processing – where certain conditions apply to have a right to restrict the processing. Those conditions are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
5. Right of portability – you have the right to have the data we hold about you transferred to another organisation. This right only applies to personal data that you have provided to us, where the processing is based on your consent or for the performance of the contract and when processing is carried out by automated means.
6. Right to object – you have the right to object to certain types of processing only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims. If you object to direct marketing we will cease to process your personal data for this purpose.
If you wish to enforce any of your rights listed above please email us or write to us.
All of the above requests will also be forwarded on to any relevant third parties who are involved in the processing of your personal data.
COMPLAINTS AND QUERIES
In the event that you wish to make a complaint about how your personal data is being processed by us (or third parties as identified above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and us using the contact details below or above as identified under ‘Who we are’. We request that you contact us in the first instance.
UK's SUPERVISORY AUTHORITY:
Information Commissioner's Office
If you have any questions about your privacy on this site, you should e-mail our customer service team on firstname.lastname@example.org.
We reserve the right to update this privacy notice at any time. You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by providing you with a new privacy notice when we make any substantial updates.
We may also notify you in other ways from time to time about the processing of your personal information.