GDPR Privacy

Last Updated: 01.06.2024

Xtracover Technologies Private Limited : ("our") respects your privacy and is committed to protecting personal data. This GDPR Privacy Policy explains how we collect, process, and protect your personal data when you visit our website, https://www.xtracover.com in compliance with the General Data Protection Regulation (GDPR) and applicable Indian data protection laws. Following a clear mandate from our Partners and our Customers Xtracover Technologies Private Limited in 2020, constituted a dedicated cross-functional compliance team and defined the roadmap to GDPR compliance.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) in 2018. It was designed to give EU citizens greater control over their personal data and to harmonize data privacy laws across Europe.

Here are some of its key principles:

      1. Data Processing Lawfulness, Fairness, and Transparency: Organizations must process personal data in a way that's legal, fair, and transparent to the data subject (the individual whose data is being collected).

      2. Purpose Limitation: Data must be collected for specified, legitimate purposes and not used in a way that's incompatible with those purposes.

      3. Data Minimization: Only the necessary amount of data should be collected.

      4. Accuracy: Organizations must keep personal data accurate and up-to-date.

      5. Storage Limitation: Data should be stored only as long as necessary.

      6. Integrity and Confidentiality: Security measures must protect data against unauthorized access, accidental loss, or destruction.

      7. Accountability: Companies must be able to demonstrate compliance with GDPR principles.

Rights for Individuals 

GDPR grants EU citizens specific rights over their data, including:

      . Right to Access: Individuals can request access to their personal data.

      . Right to Erasure("Right to be Forgotten"): People can request that their data be deleted.

      . Right to Rectification: Individuals can correct inaccurate or incomplete data.

      . Right to Data Portability: People can request their data be transferred to another service.

      . Right to Restrict Processing: Individuals can limit how their data is used.

      . Right to Object: They can object to data processing in certain situations, like direct marketing.

1- Data Management

For the purposes of the GDPR, Xtracover Technologies Private Limited  located at  A-1, 3rd Floor,FIEE Complex Okhla Industrial Area , Phase-2 New Delhi South Delhi DL 110020 acts as the "Data Controller" for the personal data we collect and process through this website. You can contact us at contactus@xtracover.com

A- Data Storage and Security:  XtraCover is hosted on AWS and has put in place industry standard practices for managing the data in transit and data at rest.

B- Data retention: XtraCover maintains data from the transactions enabled on its own platform and the ones enabled on Widgets/Apps enabled for partners. The retention period is defined in accordance with the business and legal needs. We however understand and appreciate the needs to provide flexibility to Data controllers to define data retention period for their own customers. Such provisions are agreed and defined in the contract between the Partners (Data Controller) and XtraCover (Data Processor).

The time-frames can be specified in the contract based on the partner’s specific requirements. The partner can choose to have the data deleted from our cloud-based servers as desired. After the termination or expiry of the contract, the partner can place a request to remove all data by writing to us at “contactus@xtracover.com”. We validate the request and, if needed, seek confirmation from the partner before processing the request. XtraCover Customers can also request for deletion of their credentials by writing to us at “contactus@xtracover.com”. After validating the request, the details are deleted within 15 days of receiving customer request.

C- Data Breach Management:  We continually monitor and upgrade our systems and processes to maintain the highest standards of data management and privacy practices. In an unlikely event of a data breach, we intend to notify our partner (Data Controllers) and Data subject (where XtraCover is Data controller) immediately and no later than 24 hours after becoming aware of such a breach.

2- What Personal Data We Collect

We may collect the following categories of personal data:

          . Identity Information: Full name, username, and other identifiers.

          . Contact Information: Email address, phone number, and postal address.

          . Transaction Information: Purchase history and payment details (processed securely).

          . Technical Data: IP address, browser type, operating system, and browsing patterns.

          . Usage Data: Information about how you use our website, including page views, session data, and preferences.

 3- Legal Basis for Processing Data

 We process personal data under the following legal grounds:

          . Consent: With your consent, for marketing communications and cookie usage.

          . Contractual Necessity: To perform our contract with you, including order processing, delivery, and customer support.

          . Legitimate Interests: For improving our services, securing our website, and understanding user behavior.

          . Legal Compliance: To comply with applicable laws and regulations.

4- How We Use Your Personal Data

We use your personal data to:

         . Process your orders and manage your account

         . Provide customer service and respond to inquiries

         . Improve our website functionality and user experience

         . Communicate promotional offers and updates (with your consent)

         . Ensure website security and compliance with legal obligations

5- How We Share Your Data

We may share your data with third parties in limited circumstances:

         . Service Providers: For payment processing, delivery, and marketing support.

         . Compliance with Law: To comply with legal obligations or respond to lawful requests from public authorities.

         . Business Transfers: In case of a merger, acquisition, or sale of assets, your data may be transferred to the new entity (if needed)

We ensure that any third parties with whom we share your data are compliant with GDPR and applicable Indian data protection regulations.

 

6- Data Protection Rights

Under the GDPR, you have the following rights:

           . Right to Access: Request a copy of the personal data we hold about you.

           . Right to Rectification: Request correction of any inaccurate data.

           . Right to Erasure: Request deletion of your personal data, under certain conditions.

           . Right to Restrict Processing: Request limited processing of your data.

           . Right to Data Portability: Request transfer of your data to another service provider.

           . Right to Object: Object to processing based on legitimate interests, including profiling.

           . Right to Withdraw Consent: You may withdraw consent for data processing at any time.

To exercise any of these rights, please contact us at [contact email].

7- Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements. We will delete or anonymize your data when it is no longer needed.

8- Data Security

We implement appropriate technical and organizational security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. However, please note that no method of transmission over the internet or method of electronic storage is 100% secure.

9- Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience, analyze website usage, and deliver targeted ads. For more information on our use of cookies, please refer to our [Cookie Policy].

10- Changes to This GDPR Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with the updated "Last Updated " 01.12.2024. We encourage you to review this policy periodically. And

Our commitment to world-class standards, In order to meet the world class standards for Data Privacy and Data Security, XtraCover has taken steps to be General Data Protection Regulation (GDPR) compliant. XtraCover is applying to be registered on ISO 27001 certification . XtraCover is committed to aligning itself with global best practices in data compliance and is dedicated to data privacy. To that end, the company has a dedicated team working on these requirements.

11- Contact Us

For questions or concerns about our GDPR Privacy Policy or to exercise your data protection rights, please contact us at:

           . Email: contactus@xtracover.com

           . Contact : 8860396039

           . Address:

              Xtracover Technologies Private Limited

              A-1, 3rd Floor,FIEE Complex Okhla Industrial Area    

              Phase-2 New Delhi South Delhi DL 110020

Copyright © 2024 XtraCover All rights reserved