Privacy Policy

xRM 365 Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website, use our services, or otherwise interact with us.

We are registered in England and Wales. For the purposes of applicable data protection legislation (including the UK General Data Protection Regulation and the Data Protection Act 2018), xRM 365 Ltd is the data controller.

What information we collect

We may collect and process the following categories of personal information:

Information you provide to us

• Name, email address, telephone number, and organisation name when you submit a contact form or enquiry
• Any additional information you choose to include in messages or correspondence with us
• Information provided during the course of a consultancy engagement, including project-related communications

Information collected automatically

• Technical data such as your IP address, browser type and version, operating system, and device information
• Usage data including pages visited, time spent on pages, navigation paths, and referral sources
• Cookie data as described in our Cookie Policy

How we use your information

We use your personal information for the following purposes:

• To respond to your enquiries and provide the information or services you have requested
• To deliver and manage our consultancy services, including project communications and deliverables
• To send you relevant updates about our services, where you have consented to receive such communications
• To improve our website, services, and the overall user experience
• To comply with our legal and regulatory obligations
• To protect our legitimate business interests, including fraud prevention and security

Legal basis for processing

We process your personal data on the following legal grounds under the UK GDPR:

• Consent — Where you have given us clear consent to process your personal data for a specific purpose, such as subscribing to communications.
• Contractual necessity — Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
• Legitimate interests — Where processing is necessary for our legitimate business interests (such as improving our services, website analytics, and business development), provided these interests are not overridden by your rights and freedoms.
• Legal obligation — Where processing is necessary for us to comply with a legal obligation.

Who we share your data with

We do not sell your personal data. We may share your information with:

• Service providers who assist us in operating our website and delivering our services (e.g., hosting providers, analytics tools, email platforms)
• Professional advisers such as accountants, auditors, and legal counsel where necessary
• Regulatory authorities or law enforcement agencies where required by law

All third-party service providers are required to process your data in accordance with applicable data protection legislation and our instructions.

Data retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Contact form submissions are retained for up to 24 months following our last interaction, unless a longer retention period is required for contractual or legal purposes.

When personal data is no longer required, we will securely delete or anonymise it.

Your rights under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data:

• Right of access — You may request a copy of the personal data we hold about you.
• Right to rectification — You may request that we correct any inaccurate or incomplete personal data.
• Right to erasure — You may request that we delete your personal data in certain circumstances.
• Right to restrict processing — You may request that we restrict the processing of your personal data.
• Right to data portability — You may request a copy of your data in a structured, commonly used, and machine-readable format.
• Right to object — You may object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making — You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, please contact us at hello@xrm365.co.uk. We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached. You can contact the ICO at ico.org.uk.

Cookies

Our website uses cookies to enhance your browsing experience and to help us understand how visitors use our site. For full details on the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

International data transfers

Some of the third-party services we use may process data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Government, to protect your personal data in accordance with applicable legislation.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

Contact us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: