Privacy Policy

1. Introduction

Welcome to the privacy policy of Xerini Limited ("we", "us", "our").

We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when you:

• Visit our website; or
• Engage with us as a client, partner, or supplier.

It also explains your rights and how the law protects you.

This policy applies in addition to any other privacy notices or agreements we may provide for specific products or services.

2. Who We Are

Xerini Limited is the controller responsible for your personal data.

We are registered in England and Wales under company number 10639218.

We have appointed a Data Protection Officer (DPO) who oversees data protection matters. If you have any questions about this policy or wish to exercise your rights, please contact:

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

3. The Data We Collect

"Personal data" means any information that can identify an individual.

We may collect and process the following categories:

• Identity Data: name, title, date of birth, gender.
• Contact Data: address, email, telephone number.
• Financial Data: bank details, payment information.
• Transaction Data: details about payments or services provided.
• Technical Data: IP address, browser type, device information (for website users).
• Profile Data: feedback, preferences, communication history.
• Usage Data: how you use our website, services, or communications.
• Marketing Data: preferences for receiving information from us.

We do not collect sensitive data (e.g. ethnicity, health, political or religious beliefs) unless legally required and with your consent.

4. How We Collect Personal Data

We collect data through:

• Direct interactions: when you contact us, request a service, attend a meeting, or sign up to communications.
• Automated technologies: cookies and analytics on our website.
• Third parties: such as payment processors, analytics providers (e.g. Google), and public data sources (e.g. Companies House).

5. How We Use Personal Data

We will only use your data when permitted by law. Most commonly, we process personal data to:

• Provide and manage our services.
• Communicate with you regarding proposals, projects, or contracts.
• Manage payments, fees, and invoices.
• Maintain our business records and comply with legal obligations.
• Improve our services and client experience.
• Send relevant updates or marketing, if you have not opted out.

We will not sell or rent your personal data to third parties.

Lawful Bases for Processing

We may process your personal data under one or more of the following bases:

• Contract: to perform a contract with you or take steps before entering one.
• Legitimate Interests: to run our business effectively, maintain security, and develop our services.
• Legal Obligation: to comply with laws or regulations.
• Consent: where you have specifically agreed (e.g. for marketing).

You can withdraw consent at any time by contacting us.

6. Marketing

We may send information about our services that we think may interest you.

You can opt out at any time by following the unsubscribe link in our emails or contacting us directly.

We will never share your details with third parties for their own marketing purposes without your consent.

7. Disclosures of Your Personal Data

We may share your data with:

• Internal parties: Xerini group companies or staff who require access.
• Service providers: IT, hosting, accounting, and professional advisers under strict confidentiality.
• Regulators: HMRC or other authorities when required by law.
• Business transfers: if Xerini undergoes a merger or acquisition.

All third parties are required to keep your data secure and process it only as instructed by us.

8. International Transfers

We generally store and process data in the UK.

If we need to transfer your data outside the UK, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).

9. Data Security

We use appropriate security, technical, and organisational measures to prevent unauthorised access, disclosure, alteration, or loss of your data.

Access is limited to employees and partners who have a legitimate business need.

We also have procedures to manage any suspected data breach and will notify you and regulators where legally required.

10. Data Retention

We keep personal data only as long as necessary to fulfil the purposes it was collected for, including legal, tax, or accounting requirements.

We may anonymise data for research or statistical purposes, in which case it will no longer be considered personal data.

You can request details of our retention periods or ask for deletion of your data (see section 12).

11. Cookies and Website Tracking

Our website uses cookies to enhance user experience and improve performance.

You can control cookie settings in your browser or through our on-site cookie preferences.

For details, see our separate Cookie Policy on xerini.co.uk (or available on request).

12. Your Rights

Under UK data protection law, you have the right to:

• Access your personal data.
• Request correction of inaccurate data.
• Request erasure ("right to be forgotten").
• Object to processing or marketing.
• Restrict processing in certain cases.
• Request data portability.
• Withdraw consent at any time.

We aim to respond to all requests within one month.

You will not normally be charged unless the request is excessive or unfounded.

13. Changes to This Policy

We may update this privacy policy from time to time.

The latest version will always be available on our website or upon request.

14. Contact Us

If you have questions, concerns, or wish to exercise any of your rights, please contact: