Privacy Policy, GDPR and Data Protection at XRelay

At XRelay Technologies, we don’t just protect your premises, we protect your information.
We, along with all other members of The X-01 Group of Companies comply with the UK GDPR and the Data Protection Act 2018, ensuring your personal data is handled securely, fairly, and transparently.

You have the following rights when it comes to your personal data:

Right of Access - Request a copy of the data we hold about you.
Right to Rectification - Ask us to correct incorrect or out-of-date information.
Right to Erasure - Ask us to erase your data, sometimes known as ‘Right to be Forgotten’.
Right to Restrict Processing - Limit how we use your data in certain circumstances.
Right to Data Portability - Obtain and reuse your data for your own purposes.
Right to Object - Stop certain types of data use, such as direct marketing.
Rights relating to Automated Decisions and Profiling - You can challenge decisions made solely by automated systems.

Your Rights under GDPR

• We only collect information necessary to provide, install and support our services.
• We never sell or trade personal data.
• We use encryption, access controls, and regular GDPR reviews to protect your data.
• We keep data as long as needed for legal, operational, or safety reasons. Once it is no longer required, it is securely deleted within one month.

How We Use Your Data

• Customer data is stored securely on encrypted servers based in the UK.
• Access is restricted to authorised personnel only, with multi-factor authentication in place.
• Physical paperwork (e.g. contracts or site notes) is kept securely, locked, and shredded after use or digitisation.
•We regularly review and test our systems to ensure data integrity and security. Our systems are also continuously monitored for intrusion 24/7.

Data Storage & Security

If you would like to access, update or delete your data:

• Email us at GDPR@xrelay.co.uk or GroupwideServices@x01group.com
• We will need to verify your identity before any requests can be processed and finalised.
• We aim to respond to all GDPR requests within 30 days.

Making a Data Request

Some services are delivered using trusted partners that comply with GDPR and Data Protection Regulations, and maintain strong security standards. XRelay and The X-01 Group continue to verify our partners and processors regularly, to ensure these standards are continuously met.

Some examples of these are:
• In-house communications and workflow is managed by Zoho Corporation.
• Some web services are hosted and managed by Squarespace UK.

Please note that subcontractors and installers working with XRelay also sign strict data agreements before handling your information.

Our Partners & Data Processors

We understand that your data is of the highest importance, hence we have made it easier than ever to get in touch.

First Contact - GDPR Officer - gdpr@xrelay.co.uk
Second Contact - Board of Directors - bod@xrelay.co.uk

If you are not satisfied with our response, you may raise your concern with the ICO (Information Commissioner’s Office) at ico.org.uk

Contact and Escalation

Your trust is at the core of what we do, at both XRelay Technologies and at The X-01 Group. By following GDPR and industry best practice, we ensure your personal data is treated with care, fairness, and respect, and is fully secured, at all times.