Get a quote

LeadXe UK GDPR Compliance and Data Protection Policy

LeadXe, owned and operated by HubXe Inc., is committed to safeguarding your personal data and ensuring full compliance with the UK General Data Protection Regulation (UK GDPR). This comprehensive policy outlines our approach to data protection, the scope of our data collection, and your rights under the UK GDPR.

1. Company Structure and Technology

LeadXe is a brand owned and operated by HubXe Inc. HubXe is a proprietary technology developed by HubXe Inc., which powers our analytics and data processing capabilities. All references to LeadXe in this policy also apply to HubXe Inc. as the data controller.

2. Data Collection and Processing

LeadXe collects and processes personal data through our eco-friendly smart keychains and the HubXe tracking platform. We collect data necessary for our business operations, service improvement, and B2B marketing purposes. The personal data we may collect includes:

  • Business contact information (name, email address, phone number, job title, company name)
  • Engagement data (QR code scans, NFC interactions)
  • Usage statistics of our products and services
  • Marketing preferences and interaction history
  • Business-related information gathered from public sources or B2B data providers

We do not collect sensitive personal data such as information about race, ethnicity, religious beliefs, health status, or political opinions.

3. Purpose and Legal Basis for Processing

We process your data based on one or more of the following legal grounds:

  • Legitimate Interests: This is our primary basis for processing, including B2B marketing. Our legitimate interests include:
    • Improving our products and services
    • Enhancing user experience
    • Developing new features
    • Conducting B2B marketing and sales activities
    • Market research and analysis
    • Fraud prevention and security measures
    Our legitimate interests are balanced against your fundamental rights and freedoms.
  • Contractual Necessity: We process data necessary to fulfill our contractual obligations to you when you use our products or services.
  • Consent: In specific instances where required by law, we may seek your explicit consent for certain processing activities. You have the right to withdraw this consent at any time.
  • Legal Obligation: We may process your data to comply with legal requirements.

We do not engage in automated decision-making or profiling that would produce legal effects or similarly significant impacts on you.

4. HubXe Analytics and Data Usage

LeadXe utilizes the HubXe analytics platform, developed by HubXe Inc., for data analysis and processing. Key points about HubXe:

  • HubXe is developed, maintained, and operated solely by HubXe Inc.
  • Data processed through HubXe remains within our secure infrastructure and is not shared with external third parties, except as outlined in this policy.
  • Analytics performed by HubXe are used for internal purposes, including product improvement, customer support, B2B marketing strategies, and business development.
  • Aggregated, anonymized data may be used for internal reporting, analysis, and industry benchmarking.

5. B2B Marketing and Communications

As part of our legitimate interests, we engage in B2B marketing activities, which may include:

  • Sending promotional emails, newsletters, and product updates
  • Conducting market research and surveys
  • Personalizing our communications based on your interaction history
  • Analyzing engagement with our marketing materials to improve our offerings
  • Inviting you to events, webinars, or product demonstrations

You have the right to object to processing for marketing purposes at any time. Each marketing communication will include an option to opt-out or update your preferences.

6. Data Protection Measures

We implement state-of-the-art security measures to protect your data, including but not limited to:

  • End-to-end encryption for all data in transit and at rest
  • Regular third-party security audits and penetration testing
  • Strict access controls and employee training on data protection
  • Regular software updates and patch management
  • Physical security measures at our data centers
  • Disaster recovery and business continuity plans

7. Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of your personal data that we hold.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete personal data.
  • Right to Erasure: In certain circumstances, you can request that we delete your personal data.
  • Right to Restrict Processing: You can ask us to restrict the processing of your personal data in specific scenarios.
  • Right to Data Portability: You can request a copy of your data in a machine-readable format for transfer to another service provider.
  • Right to Object: You can object to our processing of your personal data, particularly for direct marketing purposes.

To exercise any of these rights, please contact our Data Protection Officer using the contact information provided below. We will respond to your request within one month, as required by the UK GDPR.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Our retention periods are based on the following criteria:

  • The duration of your active use of our products and services
  • Legal and regulatory requirements
  • The resolution of any disputes or potential legal claims
  • The necessity for internal record-keeping and analytics

Once the retention period expires, we securely delete or anonymize your personal data.

9. Limited Third-Party Data Sharing

LeadXe and HubXe Inc. are committed to minimizing data sharing with third parties. We do not sell, rent, or trade your personal data under any circumstances. In the instances where we may need to share your data, it is strictly limited to:

  • Service providers who assist us in operating our business (e.g., cloud hosting providers, payment processors)
  • Legal and regulatory authorities, when required by law
  • Professional advisors such as lawyers, auditors, and insurers
  • Potential buyers or investors in the event of a business sale, merger, or acquisition

All third-party service providers are contractually obligated to comply with UK GDPR requirements and our strict data protection standards. They are prohibited from using your data for any purpose other than providing services to LeadXe and HubXe Inc.

10. International Data Transfers

HubXe Inc. operates globally, and as such, your data may be transferred to and processed in countries outside the UK or European Economic Area (EEA). We ensure that appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules for transfers within our corporate group
  • Adherence to approved codes of conduct or certification mechanisms
  • Transfers to countries deemed to provide adequate protection by the UK or EU authorities

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy when it is transferred internationally.

11. Cookies and Tracking Technologies

Our website and HubXe platform use a set of cookies and similar technologies that are necessary for the operation of our services and to enhance your user experience. Our use of cookies includes:

  • Essential cookies required for the functioning of our website and services
  • Analytical cookies that help us understand how our services are used (data is anonymized)
  • Functional cookies that remember your preferences and choices
  • Performance cookies that help us measure and improve the performance of our site

You can control and manage cookies through your browser settings. However, please note that disabling certain cookies may impact the functionality of our services. For more detailed information about the cookies we use, please refer to our Cookie Policy.

12. Data Protection Officer

For any questions, concerns, or requests regarding our data protection practices, please contact our Data Protection Officer at:

Email: dpo@hubxe.com

Our Data Protection Officer is committed to addressing your concerns promptly and ensuring our ongoing compliance with UK GDPR.

13. Your Right to Complain

While we strive to resolve all data protection concerns directly, if you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). The ICO can be contacted at:

Website: https://ico.org.uk
Phone: 0303 123 1113

14. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or for legal and regulatory reasons. Any material changes will be prominently posted on this page with an updated revision date. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

15. Data Protection Impact Assessments

LeadXe and HubXe Inc. conduct regular Data Protection Impact Assessments (DPIAs) for all new projects or significant changes to existing processes that involve personal data processing. This ensures that privacy and data protection are considered from the outset of any new initiative.

16. Employee Training and Awareness

All LeadXe and HubXe Inc. employees undergo regular training on data protection and UK GDPR compliance. This ensures that data protection principles are embedded in our organizational culture and day-to-day operations.

17. Breach Notification Procedure

In the unlikely event of a data breach, we have a comprehensive procedure in place to notify the relevant supervisory authority and affected individuals within 72 hours, as required by the UK GDPR. Our breach response plan includes:

  • Immediate containment and recovery measures
  • Assessment of the risks associated with the breach
  • Notification to relevant authorities and individuals
  • Evaluation and response to prevent future breaches

18. Data Minimization and Privacy by Design

We adhere to the principles of data minimization and privacy by design. This means that we:

  • Collect only the personal data that is necessary for our specified purposes
  • Keep personal data only for as long as necessary
  • Implement privacy-enhancing technologies in our products and services
  • Regularly review and update our data collection and processing practices

19. Accountability and Governance

LeadXe and HubXe Inc. maintain comprehensive records of our data processing activities as required by UK GDPR. We have implemented appropriate technical and organizational measures to demonstrate our compliance, including:

  • Appointment of a Data Protection Officer
  • Regular internal data protection audits
  • Maintenance of relevant documentation on processing activities
  • Implementation of staff data protection policies
  • Data protection agreements with third-party processors

20. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

21. Consent Management

Where we rely on consent as a legal basis for processing personal data, we ensure that consent is freely given, specific, informed, and unambiguous. We maintain records of all consents obtained and provide easy ways for you to withdraw your consent at any time.

22. Data Subject Access Requests

We have a dedicated process for handling Data Subject Access Requests (DSARs). If you submit a DSAR, we will:

  • Verify your identity to ensure we're providing data to the right person
  • Gather all relevant personal data we hold about you
  • Provide the information to you in a concise, transparent, intelligible, and easily accessible form
  • Respond to your request within one month (unless the request is complex or numerous, in which case we may extend this period by up to two additional months)

23. Continuous Improvement

We are committed to continuously improving our data protection practices. We regularly review and update our policies, procedures, and technologies to ensure ongoing compliance with UK GDPR and to enhance the protection of your personal data.

Last updated: 31/07/2024

24. Legitimate Interest Assessments

When relying on legitimate interests as a basis for processing personal data, LeadXe and HubXe Inc. conduct thorough Legitimate Interest Assessments (LIAs). These assessments:

  • Identify the legitimate interest
  • Explain why the processing is necessary to achieve it
  • Balance it against the individual's interests, rights, and freedoms
We keep records of all LIAs and review them regularly to ensure our processing remains justified.

25. Special Category Data

LeadXe and HubXe Inc. do not typically process special category data (sensitive personal data) as part of our regular business operations. However, if such processing becomes necessary, we will only do so in full compliance with UK GDPR requirements, including obtaining explicit consent where required or relying on another lawful basis for processing.

26. Data Protection in Product Development

We integrate data protection considerations into our product development lifecycle. This includes:

  • Conducting privacy impact assessments for new products or features
  • Implementing privacy-enhancing technologies
  • Ensuring data minimization in product design
  • Regular security testing and vulnerability assessments

27. Vendor Management

We have a robust vendor management process to ensure that any third parties who process personal data on our behalf adhere to high data protection standards. This includes:

  • Due diligence checks before engaging vendors
  • Data processing agreements that meet UK GDPR requirements
  • Regular audits and reviews of vendor compliance
  • Clear processes for terminating vendor relationships and ensuring data deletion

28. Data Localization

While HubXe Inc. operates globally, we strive to localize data processing where possible. For our UK and EU customers, we aim to process and store data within the UK or EU, unless international transfer is necessary for the provision of our services.

29. Anonymization and Pseudonymization

Where possible, we use techniques such as anonymization and pseudonymization to enhance data protection. This includes:

  • Anonymizing data used for analytics and research purposes
  • Pseudonymizing personal data where full identification is not necessary
  • Implementing technical measures to prevent re-identification of anonymized data

30. Data Subject Rights Management

We have implemented a comprehensive system to manage data subject rights requests efficiently and effectively. This system:

  • Provides clear instructions for individuals to submit requests
  • Ensures timely processing of requests
  • Maintains a log of all requests and our responses
  • Regularly trains staff on handling data subject rights requests

31. Cross-border Data Transfers

For any cross-border data transfers, we ensure compliance with UK GDPR requirements. This includes:

  • Implementing appropriate safeguards such as Standard Contractual Clauses
  • Conducting transfer impact assessments
  • Providing transparent information about international transfers in our privacy notices
  • Regularly monitoring changes in regulations affecting international data transfers

32. Data Protection Certifications

LeadXe and HubXe Inc. are committed to demonstrating our compliance with data protection regulations. We are actively pursuing relevant data protection certifications and adhering to approved codes of conduct in our industry.

33. Automated Decision Making and Profiling

While we do not currently engage in automated decision making or profiling that produces legal or similarly significant effects, we commit to full transparency and compliance with UK GDPR requirements should we implement such processes in the future.

34. Employee Data Protection

We apply the same high standards of data protection to our employee data as we do to our customer data. This includes:

  • Clear policies on employee data privacy
  • Regular training on handling personal data in the workplace
  • Secure systems for storing and processing employee data
  • Respect for employee privacy rights

35. Future Developments

As data protection laws and best practices continue to evolve, LeadXe and HubXe Inc. are committed to staying at the forefront of compliance and ethical data handling. We will continue to monitor developments in data protection legislation and update our practices accordingly.

Conclusion

LeadXe and HubXe Inc. are dedicated to maintaining the highest standards of data protection and privacy. We recognize the trust you place in us when sharing your personal data, and we are committed to handling that data with the utmost care and respect.

By using LeadXe's products and services, you acknowledge that you have read and understood this UK GDPR Compliance and Data Protection Policy. If you have any questions, concerns, or requests regarding your personal data or this policy, please don't hesitate to contact our Data Protection Officer.

Thank you for trusting LeadXe and HubXe Inc. with your data. We are committed to protecting your privacy and providing you with innovative, secure, and compliant services.