Available for new projects
Xylexthord logo
Xylexthord
Data migration & integration specialists

GDPR Privacy Policy

Last updated: March 24, 2025

This Privacy Policy describes how Xylexthord ("we", "us", or "our") collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable data protection legislation. By using our services available at xylexthord.com, you acknowledge the practices described in this policy.


1. Data Controller

Xylexthord acts as the data controller for personal data collected through this website and related services. If you have questions regarding the processing of your personal data, you may contact us at:

  • Email: contact@xylexthord.com
  • Phone: +380462231383
  • Address: Bazova St, 17, Odesa, Odessa Oblast, Ukraine, 65033
  • Website: xylexthord.com

2. Definitions

For the purposes of this policy, the following terms apply:

  • Personal Data — any information relating to an identified or identifiable natural person ("data subject").
  • Processing — any operation performed on personal data, including collection, recording, storage, use, disclosure, or deletion.
  • Data Controller — the entity that determines the purposes and means of processing personal data.
  • Data Processor — an entity that processes personal data on behalf of the controller.
  • Data Subject — any natural person whose personal data is being processed.
  • Consent — freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.
  • Third Party — any natural or legal person other than the data subject, controller, processor, or persons authorized to process personal data.

3. Data We Collect

3.1 Information You Provide Directly

We may collect personal data that you voluntarily provide when interacting with our services, including but not limited to:

  • Full name and contact details (email address, phone number)
  • Account credentials and authentication information
  • Communications sent to us via contact forms or email
  • Billing and payment information where applicable
  • Professional information relevant to the services requested
  • Any other information you choose to submit to us

3.2 Information Collected Automatically

When you access our website or services, certain data may be collected automatically through technical means:

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Device identifiers and screen resolution
  • Pages visited, time spent, and navigation paths
  • Referring URLs and exit pages
  • Date and time of access
  • Cookies and similar tracking technologies (see Section 9)

3.3 Data from Third Parties

We may receive personal data about you from third-party sources, such as business partners, analytics providers, or publicly available sources, where permitted by applicable law.


4. Legal Bases for Processing

We process your personal data only where we have a valid legal basis under Article 6 of the GDPR. The applicable legal bases are:

Legal Basis Description Examples of Use
Consent (Art. 6(1)(a)) You have given clear consent for processing for a specific purpose. Marketing communications, non-essential cookies
Contract (Art. 6(1)(b)) Processing is necessary to perform a contract with you or take pre-contractual steps. Service delivery, account management, billing
Legal Obligation (Art. 6(1)(c)) Processing is required to comply with a legal obligation. Tax records, regulatory compliance
Legitimate Interests (Art. 6(1)(f)) Processing is necessary for our legitimate interests, provided they are not overridden by your rights. Fraud prevention, service security, analytics

5. Purposes of Processing

We use collected personal data for the following purposes:

  • Providing, operating, and improving our data migration and integration services
  • Creating and managing user accounts
  • Processing transactions and managing billing
  • Responding to inquiries, support requests, and communications
  • Sending service-related notifications and updates
  • Sending marketing communications where you have given consent or where permitted by law
  • Analyzing usage patterns to improve service functionality and user experience
  • Detecting, preventing, and addressing technical issues, fraud, and security threats
  • Complying with legal and regulatory obligations
  • Enforcing our terms of service and other agreements

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable legal obligations. The criteria used to determine retention periods include:

  • The duration of the contractual relationship with you
  • Legal obligations requiring retention of records for a minimum period
  • Applicable statutes of limitation for potential legal claims
  • Whether you have exercised your right to erasure and no overriding legal basis exists

Once personal data is no longer required, it is securely deleted or anonymized in accordance with our internal data management procedures.


7. Data Sharing and Disclosure

7.1 Service Providers and Processors

We may share personal data with trusted third-party service providers who process data on our behalf under written data processing agreements. These providers are permitted to use your data only as instructed by us and in accordance with this policy. Categories of such providers include:

  • Cloud hosting and infrastructure providers
  • Payment processing services
  • Customer support and communication platforms
  • Analytics and performance monitoring tools
  • Security and fraud prevention services

7.2 Legal Requirements

We may disclose personal data when required to do so by law, court order, or governmental authority, or where we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.

7.4 No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes.


8. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place as required by Chapter V of the GDPR. Such safeguards may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions issued by the European Commission
  • Binding Corporate Rules where applicable
  • Other lawful transfer mechanisms recognized under the GDPR

You may request further information about the safeguards applied to international transfers by contacting us at contact@xylexthord.com.


9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They enable the website to recognize your device and store certain information about your preferences or past actions.

9.2 Types of Cookies We Use

Category Purpose Legal Basis
Strictly Necessary Essential for the website to function correctly. Cannot be disabled. Legitimate Interests / Contract
Functional Remember your preferences and settings to enhance your experience. Consent
Analytical Collect aggregated data about how visitors use the site to improve performance. Consent
Marketing Track visits across websites to deliver relevant advertising content. Consent

9.3 Managing Cookies

You may control and manage cookies through your browser settings or our cookie preference center where available. Please note that disabling certain cookies may affect the functionality of our services. For more information about managing cookies, refer to your browser's help documentation.


10. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights with respect to your personal data:

  • Right of Access (Art. 15) — You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.
  • Right to Rectification (Art. 16) — You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17) — You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to Restriction of Processing (Art. 18) — You have the right to request that we limit the processing of your personal data in certain circumstances.
  • Right to Data Portability (Art. 20) — You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Right to Object (Art. 21) — You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Art. 7(3)) — Where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing.
  • Right Not to Be Subject to Automated Decisions (Art. 22) — You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce significant legal effects.

To exercise any of these rights, please contact us at contact@xylexthord.com. We will respond to your request within 30 days. In complex cases, this period may be extended by a further two months, of which we will notify you.

You also have the right to lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data violates the GDPR.


11. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:

  • Encryption of data in transit using TLS protocols
  • Encryption of data at rest where applicable
  • Access controls and authentication mechanisms
  • Regular security assessments and vulnerability testing
  • Staff training on data protection and security practices
  • Incident response and breach notification procedures

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and we encourage you to use strong passwords and keep your account credentials confidential.


12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by Article 34 of the GDPR.


13. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data without appropriate consent, please contact us at contact@xylexthord.com and we will take steps to delete such data promptly.


14. Third-Party Links

Our website may contain links to third-party websites or services. This Privacy Policy applies solely to data collected by Xylexthord. We are not responsible for the privacy practices of third-party websites and encourage you to review their respective privacy policies before providing any personal data.


15. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website.

Your continued use of our services after the effective date of any changes constitutes your acknowledgment of the revised policy. We encourage you to review this policy periodically.


16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

We are committed to resolving any concerns you may have regarding the handling of your personal data in a timely and transparent manner.