Xabeta’s Privacy Policy

In this Privacy Statement, the terms “Controller”, “Data Subject”, “Personal Data”, “Processor”, and “Process/Processing” shall have the meanings assigned to them by the EU General Data Protection Regulation (Regulation (EU) 2016/679) (referred to as “GDPR”).

This Privacy Statement outlines how Xabeta, as the data Controller, Processes your Personal Data in relation to the data Processing activities detailed herein. We encourage you to thoroughly review this Privacy Statement to gain a clear understanding of our data Processing practices.

Xabeta gathers information about individuals, including Personal Data, through its websites (such as when you submit your data via our online forms or use xabeta.com as a registered user), during interactions with us (such as phone calls, emails, mail correspondence, or use of our applications), or through our customers, vendors, and partners.

Xabeta Processes Personal Data in accordance with the GDPR and other relevant data protection laws (collectively referred to as “Data Protection Laws”). This Privacy Statement may be supplemented by additional privacy statements specific to the visited website.

Xabeta may Process various types of Personal Data collected from the following sources:

1. Information Directly Collected from Data Subjects: Data Subjects may submit their Personal Data online, register for events, or use paper forms. They may also provide Personal Data when contacting Xabeta through other means. The Personal Data collected includes, depending on the communication channel, website, activity, or form used: IP address, identification and contact information (such as name, job title, company name, industry, phone number, email, or postal address), login details, browsing activity, history of interactions with Xabeta (such as event attendance, photographs, downloads, connection logs), communication content, dates and times, attachments, marketing preferences, and any other information directly provided by the Data Subjects.
2. Information Collected through Customer, Vendor, and Partner Relationships: Xabeta may receive professional contact details of employees and other individuals associated with Xabeta’s customers, partners, and vendors. This includes names, email addresses, phone numbers, titles, departments, and other information relevant to the business relationship. Customers, vendors, and partners submitting Personal Data of a Data Subject to Xabeta must ensure compliance with all applicable laws and regulations, provide notice to the Data Subject about the Xabeta Purposes, and obtain appropriate consent where required.
3. Information Collected Automatically: Xabeta may automatically collect information about a Data Subject’s use of Xabeta websites, products, and services through logs, cookies, web beacons, and similar technologies. Data Subjects are informed of such Processing through this Privacy Policy available on the Xabeta website.

Xabeta Processes Personal Data for the following purposes (collectively referred to as “Xabeta Purposes”):

1. Customer Management:
• Providing Xabeta services and products.
• Managing Xabeta governance.
• Handling contacts and relationships with our customers and prospects.
• Organizing and managing Xabeta advisory and working groups.
• Managing the admission and ongoing relationships of Xabeta customers or shareholders.

2. Third Party Management:
• Managing vendors and partners.
• Conducting accounting, record-keeping, security, fraud detection, claim management, and audits.

3. Website Operations:
• Managing IP addresses, cookies, web acceleration, data security, and anonymizing data for reporting and statistics, as well as for customer retention.
• Enhancing and maintaining our websites and infrastructure.
• Exercising Xabeta’s obligations, rights, and remedies as outlined in this Privacy Policy and the Terms of Use related to specific websites (e.g., xabeta.com terms of use).

More details about the collection, use, and Processing of your Personal Data for these specific purposes are provided in the following sections. Where applicable, we indicate whether, and why, you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide your data when requested, and if that data is necessary to provide you with Xabeta services and products or if we are legally required to collect it, you may not be able to fully benefit from our services.

Xabeta may Process Personal Data of employees or representatives of our customers (including prospects) for various purposes including the development, subscription, deployment, provision, support, evaluation, and invoicing of Xabeta services and products. This includes services and products offered to Xabeta partners or service bureaus, and online services and products via its websites.

Typically, Xabeta needs to Process Personal Data for the admission of a customer or shareholder, including due diligence purposes and the ongoing management of such customer or shareholder relationships.

Additionally, Xabeta may request specific Personal Data to register and manage customers’ security officers, who handle security matters for Xabeta users, as required to use Xabeta products and services.

Legal Grounds for Processing:

• Contractual Necessity: Processing Personal Data to provide Xabeta services and products you have subscribed to, or to enable participation in a working group.
• Legitimate Interest: Processing Personal Data to operate quality services and products, establish and maintain good and ethical relationships with customers and shareholders, ensure proper implementation of contracts, and maintain good internal governance.

Xabeta Processes Personal Data (primarily professional contact details of contacts at vendors and partners) to manage and maintain commercial relationships, including due diligence, contract management, and invoicing.

Additionally, Xabeta Processes Personal Data for broader purposes such as accounting, record-keeping, customer information management, security investigations, fraud detection, claim management, and audits.

Legal Grounds for Processing:

• Legal Obligation: Processing Personal Data to comply with legal obligations, such as those related to fraud prevention, accounting, or tax requirements.
• Legitimate Interest: Processing Personal Data to ensure the safety, security, and performance of its business, and to maintain good and ethical relationships with vendors and partners.

We use Google reCAPTCHA on our website to enhance security by preventing spam and abuse. reCAPTCHA is a service provided by Google Inc. ("Google").

Data Collection by reCAPTCHA: reCAPTCHA collects personal data from users to determine whether they are human and not automated bots. This data includes:

• IP address
• information about the user's browser and operating system
• mouse movements and keyboard strokes
• date and time of access
• cookie data

Purpose of Data Collection: The data collected through reCAPTCHA is used for the following purposes:

• to protect our website from spam and abuse
• to improve the security of our website
• to ensure the proper functioning of our website

Data Sharing with Google: The data collected through reCAPTCHA is shared with Google. Google's use of the data is governed by its own privacy policy, which you can review here: Google Privacy Policy

How We Use Your Information: We use the information we collect in the following ways:

• to protect the security and integrity of our website
• to prevent fraudulent activity
• to comply with legal obligations
• to analyze and improve our website

Xabeta has a legitimate interest in Processing your Personal Data for the operation of its websites and infrastructure, as detailed below:

IP Addresses: For internal purposes, Xabeta may use IP addresses (the Internet address of your computer) stored in web logs to generate aggregate statistics on website usage, such as volume, traffic patterns, and time spent on pages.

Cookies: Our websites use cookies, which are small pieces of information stored by your browser on your computer's hard drive or in your browser memory. Information stored in cookies may include your name, registration number on https://www.xabeta.com/, language preference, navigation settings, login ID, and IP addresses. Where required under applicable Data Protection Laws, Xabeta will seek your consent to use cookies and similar technologies. For detailed information on the use and purposes of cookies, please refer to the related Cookie Policy.

Search Relevance: Xabeta websites and applications use user tracking and usage analytics (profile and actions performed, such as keywords searched and results selected) to enhance the relevance of web content for users. We use a third-party supplier to achieve this, aiming to improve the end-user web experience. This supplier Processes data strictly according to our instructions for search optimization and provides sufficient guarantees regarding technical and organizational data security measures. The supplier also commits to notifying us in the event of a security breach compromising your Personal Data (see also the 'Sharing Data' section below).

Hyperlinks to Other Websites: Our websites may contain links to other websites not owned or operated by Xabeta. Xabeta is not responsible for the privacy practices of these external websites.

Data Anonymization for Reporting and Statistics: Xabeta has a legitimate interest in producing reports and statistics about the usage of its websites (e.g., number of visitors per day, geographical reach). These reports will be fully anonymized to ensure privacy.

We are committed to protecting your Personal Data against accidental or unlawful destruction, accidental loss, alteration, and unauthorized disclosure or access. To ensure this, we monitor and record data exchanges (IP address, timestamp, volumes), both incoming and outgoing, to maintain the security, integrity, and availability of our infrastructure and information/data. In case of suspicious activity, Xabeta may collect data (including Personal Data) from various sources (e.g., public sources, threat intelligence providers) to initiate and manage its own investigation.

Any Personal Data collected during this process may be shared with relevant authorities.

Please note that we cannot guarantee the security of your data on your computer or during transmission over the Internet. We advise you to take all necessary precautions to protect Personal Data stored on your computer and while it is transmitted over the Internet.

As a general rule, Xabeta ensures that your Personal Data is only accessible or shared on a need-to-know basis with authorized individuals who have a legitimate business need to Process this data.

For example, Xabeta may share your Personal Data (such as your identification and contact details, as well as your function and role profile) with people within your own organization, on a need-to-know basis, when this sharing is required for the administration of the Xabeta membership or for fulfilling the contract between Xabeta and your organization.

In the event of a security investigation, Xabeta only discloses Personal Data to customers impacted by the security incident.

Additionally, Xabeta may disclose Personal Data to third parties under exceptional circumstances when:

• Disclosure is required by law or regulation;
• Non-disclosure would expose Xabeta or its staff to civil or criminal liability;
• Disclosure is necessary to cooperate with competent authorities;
• Disclosure is necessary for individuals involved in further investigations or subsequent judicial proceedings initiated as a result of an inquiry by Xabeta (e.g., external counsel) or at a customer’s request.

Before sharing your Personal Data, we require third parties acting as Data Processors to process your Personal Data only according to our instructions and to provide sufficient guarantees regarding the technical and organizational security measures protecting the data processing activities.