XD Design (Xindao) complies with all applicable laws and regulations, including the General Data Protection Regulation (GDPR).
Personal data is data that can be used to identify your identity. We collect the following information from you in the following way:
When you place an order on our website, we ask you for your name, address, contact details and invoicing details in order to process the order and deliver your order.
If you create an account on our website, we ask you for your name, e-mail address and password so that you can log in and use our services. We request your billing information and delivery address so that you do not have to enter it again for your next order.
If you write a review, we will ask for your e-mail address to contact you if you are not satisfied with your purchase.
If you contact our customer service by means of the chat function, filling in the web form, or sending us an e-mail, we ask you for your name and e-mail address in order to be able to answer your question.
If you wish to receive our newsletter, we ask you for your e-mail address in order to be able to send you this newsletter.
When you visit our website, we will request you if you want to fill in a survey. The main purpose of this inquiry is to improve our services in general. It is not mandatory to fill in this survey to be able to order products from our webshop.
When you visit our website, we collect information about your visit and click behaviour on our website in order to bring our products to your attention and to personalise your website visit. This concerns the IP address of your computer, your username, the time of retrieval, and any other data your browser sends to us. We try to anonymise this data as much as possible.
We only process your personal data for the purposes described above.
We shall ask you for your consent before we use your personal data for other purposes, unless the further processing of the personal data is compatible with the purposes for which this data was originally processed. If we wish to process your personal data for other purposes, we shall inform you in advance.
We may have to share your personal data with authorities or other third parties, for example when there are legal obligations.
We shall not use your personal data to take a decision based solely on automated processing, including profiling.
4.Legal bases for processing
When you place an order, you enter into a contract with us, which means we require certain information from you, such as your name, e-mail address and billing information.
We may process your data if we have certain legitimate interests in processing your personal data, except if your interest in not having the data processed is greater.
Optimising our marketing campaign, personalising our website, and answering your questions is part of our regular business activities. In addition, we would like to keep you informed about our products via the newsletter as part of our regular business activities. Xindao also has an interest in a website with good functionality that is tailored to the wishes of the visitors of the website.
You have the right to object to these processing operations. If you wish to object, please contact us. You can reach us via e-mail: firstname.lastname@example.org or call :+31 (0) 70 319 99 85. In that case, we shall cease processing your personal data unless there are compelling, justifiable reasons why our interest in the processing is greater than your interest in stopping the processing. You may not be able to make the best use of our services if you request us to cease processing.
In certain cases, we ask you for permission before we process your data. This concerns the following processing:
Before you create an account on our website
Before you write a review or contact our customer service
Before we send you a newsletter
You have the right to withdraw your consent at any time. In that case your personal data shall be deleted unless there are compelling reasons why we cannot delete your personal data.
You can withdraw your consent in the following way:
Newsletter: each newsletter contains a link that allows you to unsubscribe with one click.
Account: you can unsubscribe by sending an e-mail to email@example.com
Contact customer service: you can contact us to withdraw your consent via tel. no.: +31 (0) 70 319 99 00.
5.Personal data of minors
We only process the personal data of minors if written permission is given by the parent, caregiver or legal representative.
We use so-called “cookies”. Cookies are small text files that are stored on a computer or other device such as a tablet or telephone when a visitor views or uses our website. Because some cookies can be traced to personal preferences, they fall under personal data.
To allow the website to function properly or better by, for example, recognising the visitor and thus providing a better service.
Traffic analysis on a website with the aim of identifying potential improvements.
Recording visitor surfing behaviour with the aim of being able to make more targeted offers.
We do not keep unique personal data. Visitors to our website remain anonymous. Therefore, no information is included in our cookies that can be traced back to individual persons. We deal with the data collected by means of cookies confidentially.
We use Facebook pixels for gathering information that allows us to identify specific target groups. For more information about what Facebook is doing with your personal data we refer to the Facebook privacypolicy which can be found at:https://www.facebook.com/about/privacy
We use Google analytics for gathering statistic information about our website-use with the purpose of creating targeted marketing campaigns.
9.How long we store your data
We do not store your personal data longer than is necessary for the purpose for which we process the data.
Newsletter: your name and contact details will be kept for as long as you are interested in receiving our newsletter.
Answering your questions: your name and contact details are kept for as long as necessary for us to answer your questions.
Delivery of our products: we do not store your data longer than is necessary to deliver the product, to collect the invoice and for other administrative purposes. We shall not store the data we need to collect the invoice for more than two years, unless there are other (legal) reasons for retaining the data.
Technical reasons, such as website optimisation: technical data is stored in an anonymous form as far as possible and used as long as necessary to optimise the website, but not longer than six months.
Survey’s : we keep this information no longer than necessary to monitor our quality of service.
10.How we secure your data
We have taken technical and organisational measures to protect your personal data against unlawful processing or loss.
The security measures we have taken include, but are not limited to, the following measures:
All persons working with us are bound to maintain confidentiality of your personal data.
We ensure third parties who have access to your personal data comply with the requirements we set for security. We have entered into contracts with these third parties to protect your data.
We have created a secure backup environment in order to be able to restore personal data in the event of physical or technical incidents.
We test and evaluate the set measures regularly.
We cannot completely prevent third parties from accessing your data or prevent a loss of your data through a breach of our security measures, but we shall take all appropriate measures to ensure your personal data is not accessible to unauthorised persons.
11.Where your personal data is processed
We process your personal data in the European Union. Your personal data will not be processed or transmitted to other countries.
12.Who has access to your data
We shall not provide your personal data to third parties, except to the parties described below or if you have given permission for this.
We work with the following external parties who have access to your personal data:
Maintaining our financial administration via our ERP system (Microsoft Dynamics)
Facebook, for creating user profiles with the purpose of target marketing.
Copernica for direct mailings
Active Ants, for executing all order activities
Channel Advisor, as a Sales management system
We have entered into a processing agreement with those parties that process your personal data in order to protect your personal data.
We reserve the right to share your personal data with third parties when this is required by law or when this is necessary to protect the interests of you, us or third parties.
13.Changes to our policy
14.How can you exercise your rights?
You have a number of rights under the privacy legislation (including the GDPR). These rights are described in articles 12 - 23 of the GDPR and in related legislation. In any case, you have the following rights with regard to your personal data:
Right to request access to your personal data
Right to request the correction of your personal data if it is incorrect (rectification)
Right to request the removal of your personal data
Right to request restriction of your personal data
If we have processed your personal data on the basis of our legitimate interests: the right to object to the (further) processing of your personal data (opposition)
If we have processed your data on the basis of your permission: right to request the transfer of personal data (data portability)
If you want to receive more information about this or if you want to use one or more of these rights, you can contact us via firstname.lastname@example.org
Objection and right of complaint
We process certain personal data about you based on our justified interests. You have the right to object to the processing of your personal data on this basis at all times. In that case, we shall cease processing your personal data unless there are compelling, justified reasons why our processing interest is greater than your interest to stop the processing.
What should you do if you disagree with a decision by us, for example when we decide not to delete your personal data? You can use one or more of the following options: