XMA uses cookies to improve your experience on our site. By continuing to use the site, you are agreeing to our use of cookies.
Our policy We are committed to protecting your privacy. We will only use the data which we collect about you lawfully in accordance with the Data Protection Act 1998.

We own and control the data collected on our site, which we may use for our internal marketing and to improve our site. We do not disclose this data to third parties, unless required by law or court order or to enable third parties to provide certain services to us, for example web hosting. However, we will at all times control and be responsible for that use of your data.

We collect your personal data, which you voluntarily submit to us, for example when you complete a form on our site. We may use this data to provide you with newsletters and other information which you may have requested. We will only send you information using the data collected on our site when you request it.

We take appropriate steps to protect your data both online and off-line. We use firewalls to protect the information on our servers.

IP Addresses We use IP addresses to analyse trends, administer our site and track your movements whilst on our site. IP addresses do not supply us with personally identifiable data.

Links Our site may contain links to other sites. Please note that we are not responsible for their privacy practices.

Changes to this privacy statement We may change this statement at any time by posting revisions on our site. Each time you enter this site, you agree that the privacy statement current at that time shall apply to all data which we hold about you.

Consent By using our site, you consent to our use of your personal data in the manner set out in this privacy statement.

To contact us directly, please go to our contact page..

General Data Protection Regulation (GDPR)

What is GDPR?

The GDPR, General Data Protection Regulation, is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union.

XMA's Commitment

All of XMA’s policies and procedures adhere to the current data protection act (1998), but will align to the GDPR when it takes effect on May 25th 2018.

XMA are committed to high standards of information security, privacy and transparency. XMA will comply with applicable GDPR regulations when they take effect in 2018 and our ongoing preparations for this includes:

AWARENESS: Briefing our board and staff so they are aware of the risks to the business and what needs to happen over the next 6 months to get GDPR effective

SPONSORSHIP: Appointed a Board sponsor who supports and oversees all internal GDPR work programs

STAFFING: Appointed a working group responsible for GDPR who meet weekly to discuss progress on agreed actions

LEGAL OPINION: Translated the GDPR into deliverables & functionalities so that Westcoast can align their compliance objectives, and mark progress against tasks as they are completed.

PERSONAL DATA DISCOVERY: Conducting a Personally Identifiable Information (PII) location / format / security assessment across all data using departmental representatives

PROGRAMME PREPAREDNESS: Assessment of exposure & potential mitigations (Risk Based Approach)

POLICY GAP ANALYSIS: Review and update of existing data protection policies, training, privacy notices etc. to be ready in time for the May 2018 deadline

TECHNICAL GAP ANALYSIS: Where IT solutions can accelerate GDPR “effectiveness” acquiring & installing these IT solutions and services

SECURITY CERTIFICATIONS & IMPROVEMENTS: Continued commitment to security, tools and data protection across the business (XMA already have ISO:27001 and CyberEssentials PLUS certifications which emphasise our existing data security controls)

CUSTOMERS: Aligning to our commitments as a Data Processor and adhering to all mandatory requirements set out under the GDPR

Get insights from the XMA experts by connecting with us today.