How X-Seed Technologies Ltd collects, uses, and protects your personal data. We are committed to transparency and to safeguarding your privacy in accordance with UK GDPR and the Data Protection Act 2018.
X-Seed Technologies Ltd (“we”, “us”, or “our”) is the data controller responsible for your personal data. We are a technology services company registered in England & Wales under Company Number 12847593.
Registered Address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
Data Protection Officer: If you have any questions about this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer at privacy@xseedtechnologies.com.
2. What Data We Collect
We may collect and process the following categories of personal data depending on how you interact with us:
2.1 Information You Provide Directly
Identity data: first name, last name, job title, company name
Contact data: email address, telephone number, postal address
Enquiry data: information contained in contact forms, emails, or correspondence you send to us
Contractual data: information necessary to deliver our services to you, including project details, technical requirements, and billing information
Marketing preferences: your choices regarding receiving marketing communications from us
2.2 Information Collected Automatically
Technical data: IP address, browser type and version, operating system, time zone setting, device type
Usage data: pages visited, time spent on pages, navigation paths, referring URLs, and interaction patterns on our website
Cookie data: information collected through cookies and similar technologies (see Section 7)
2.3 Information From Third Parties
Business referrals: your name and contact details may be shared with us by a mutual business contact or partner with your knowledge
Publicly available data: professional information from public sources such as LinkedIn, Companies House, or your company website
3. How We Use Your Data
We use your personal data for the following purposes:
Service delivery: to provide, manage, and support the technology services you have contracted us to deliver
Communication: to respond to your enquiries, provide support, and communicate about our services
Business development: to send you relevant information about our services, events, and insights where you have opted in or where we have a legitimate interest
Website improvement: to analyse how our website is used and to improve its functionality, content, and user experience
Legal compliance: to comply with our legal and regulatory obligations, including accounting, tax, and audit requirements
Security: to protect our systems, networks, and data from unauthorised access, fraud, and other threats
Recruitment: to process job applications and manage the recruitment process if you apply for a role with us
4. Legal Basis for Processing
Under UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following bases depending on the context:
Contract: processing is necessary for the performance of a contract we have with you or to take steps at your request before entering into a contract (e.g., delivering our managed IT, AI, or cyber defence services)
Legitimate interests: processing is necessary for our legitimate business interests, provided these are not overridden by your rights. This includes business development, direct marketing to existing clients, improving our services, and maintaining network security
Consent: where you have given clear, affirmative consent for us to process your personal data for a specific purpose, such as subscribing to our newsletter or opting in to marketing communications. You may withdraw consent at any time
Legal obligation: processing is necessary for us to comply with a legal obligation, such as retaining financial records for tax purposes or responding to lawful requests from authorities
5. Data Sharing & Third Parties
We do not sell your personal data to any third party. We may share your data with the following categories of recipients where necessary:
Service providers: trusted third-party suppliers who assist us in delivering our services, including cloud hosting providers, email platforms, analytics tools, and payment processors. These providers are contractually bound to process your data only on our instructions and in compliance with UK GDPR
Professional advisers: our legal, accounting, and insurance advisers where necessary for the conduct of our business
Group companies: our affiliated office in Casablanca, Morocco, which supports service delivery under appropriate data transfer safeguards (see Section 6)
Regulatory and law enforcement: public authorities, regulators, or law enforcement agencies where we are legally required or permitted to do so
Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to continued data protection obligations
6. International Data Transfers
X-Seed Technologies operates from offices in both the United Kingdom and Casablanca, Morocco. As a result, your personal data may be transferred to, stored in, or processed in Morocco by members of our team based there.
Morocco is not currently covered by a UK adequacy decision. To ensure your data receives an equivalent level of protection when transferred outside the UK, we implement the following safeguards:
Standard Contractual Clauses (SCCs): we use UK-approved International Data Transfer Agreement (IDTA) clauses or the UK Addendum to the EU SCCs as the legal mechanism for transfers to our Casablanca office
Transfer Impact Assessments: we conduct assessments to evaluate the data protection landscape in Morocco and ensure supplementary measures are in place where needed
Technical safeguards: data transferred internationally is encrypted in transit and at rest, and access is restricted to authorised personnel only
Organisational measures: staff in all locations are trained on data protection responsibilities, and internal policies ensure consistent standards across both offices
Our website uses cookies and similar technologies to enhance your browsing experience, analyse site usage, and support our marketing efforts.
7.1 Types of Cookies We Use
Strictly necessary cookies: essential for the website to function correctly. These cannot be disabled. They include session cookies and security cookies
Analytics cookies: help us understand how visitors use our website by collecting anonymised data on page visits, traffic sources, and navigation patterns. We use tools such as Google Analytics for this purpose
Functional cookies: allow the website to remember your preferences and provide enhanced features, such as language selection or region-specific content
Marketing cookies: used to deliver relevant advertisements and to measure the effectiveness of our marketing campaigns. These cookies may track your browsing activity across websites
7.2 Managing Cookies
When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your preferences at any time through your browser settings or by contacting us.
Most web browsers allow you to control cookies through their settings. Please note that disabling certain cookies may affect the functionality of our website.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are as follows:
Client and contract data: for the duration of the contractual relationship plus 6 years thereafter, in line with UK limitation periods and accounting requirements
Enquiry and correspondence data: for up to 2 years from the date of your last communication with us, unless a contractual relationship is established
Marketing data: until you unsubscribe or withdraw consent, after which we will suppress your contact details to ensure we do not contact you again
Website analytics data: anonymised analytics data is retained for up to 26 months
Recruitment data: for up to 12 months after the conclusion of the recruitment process, unless you consent to longer retention for future opportunities
When personal data is no longer required, we securely delete or anonymise it in accordance with our data retention policies.
9. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at privacy@xseedtechnologies.com.
Right of access: you have the right to request a copy of the personal data we hold about you (a “subject access request”). We will respond within one calendar month
Right to rectification: you have the right to ask us to correct any inaccurate or incomplete personal data we hold about you
Right to erasure: you have the right to ask us to delete your personal data where there is no compelling reason for us to continue processing it. This right is not absolute and may be subject to legal obligations that require us to retain certain data
Right to restrict processing: you have the right to ask us to suspend the processing of your personal data in certain circumstances, such as while we verify the accuracy of your data or assess the grounds of an objection
Right to data portability: where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible
Right to object: you have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis. You also have the absolute right to object to processing for direct marketing purposes at any time
Rights related to automated decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. We do not currently carry out any solely automated decision-making
We will respond to all legitimate requests within one month. In some cases, where requests are complex or numerous, we may extend this period by a further two months, in which case we will notify you and explain the reason for the delay.
There is no fee for exercising your rights unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.
10. Children's Privacy
Our services are designed for businesses and professional users. We do not knowingly collect or process personal data from children under the age of 16. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@xseedtechnologies.com and we will take steps to delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will update the “Last Updated” date at the top of this page.
We encourage you to review this policy periodically. Where changes are significant, we will endeavour to notify you directly, for example by email or through a notice on our website.
12. Complaints
If you are unhappy with how we have handled your personal data, we encourage you to contact us first so that we can try to resolve your concern. You can reach our Data Protection Officer at privacy@xseedtechnologies.com.
You also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO):
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
13. Contact Us
If you have any questions about this Privacy Policy, wish to exercise any of your rights, or want to discuss how we handle your data, please contact us:
Our team is committed to transparency and protecting your privacy. If you have any questions or concerns about how we handle your personal data, we're here to help.