GDPR Fair Processing Note & Privacy Policy

  • Please note, you can request a copy of our full GDPR policy and Data Protection Policy from [email protected]
  • Under the definitions in the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), Hatch Apps Ltd (trading as Xavier Analytics) is the Data Controller. ‘The Application’ refers to Xavier Analytics, accessed at https://app.xavier-analytics.com.


    Maintaining your privacy is incredibly important to us. We are are entrusted with your sensitive business information, and we take our responsibility seriously.


    This policy explains how we collect, store and use personal data about you when you browse xavier-analytics.com (the "Xavier website"), use the Xavier Analytics application accessed at https://app.xavier-analytics.com ("The Application") or otherwise provide your personal data to us.


    By visiting, logging into, registering or using Xavier and the Xavier website, you agree that it's okay for us to collect, use and transfer your information, including your personal data, under the terms of this policy. If you're not happy with this or don't want to be bound by this policy any longer, please do not continue to use or enter your details on the Xavier website, or use Xavier, by free trial or by subscription.


    By actively signing up to the app you agree to these Terms which will bind you. If you do not agree to these Terms, then we are unwilling to allow you access to the Website and/or the Service. Please do not access and/or use our Website and/or Service.

  • Your Data

    ‘Personal data’ is defined in the GDPR as:


    “personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.


    This means personal data has to be information that relates to an individual. That individual must be identified or identifiable either directly or indirectly from one or more identifiers or from factors specific to the individual.


    The financial data that you enter into Xavier, or that is provided to Xavier from your bank, isn't part of the "personal data" discussed here, unless it identifies a person – for more information about your financial data, jump ahead to the next section. When it comes to your personal data, we comply with our respective obligations under the Data Protection Act 1998 (the "Act").


    All information in your Xavier account is yours and yours alone.

  • Information We May Collect From You

    We may collect and process the following data about you:


    • Information that you provide by filling in forms or providing information online to register an interest in the application;
    • If you contact us by telephone, email, web form or letter, information that forms a record of that correspondence and your contact details;
    • Information collected by cookies used on our site;
    • Information you provide by responding to questionnaires, surveys and competitions and attending events.
    • Information you provide as part of your use of the application services.
  • Where We Store Your Personal Data

    The data we collect is stored on information technology systems owned and run by or on behalf of Xavier Analytics or on systems run by those businesses processing it on our behalf. All information you provide to us is stored on secure servers. Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the Internet to our site; any transmission is at your own risk. Once we have received your information, we will use all necessary procedures and security measures to try to prevent unauthorised access, loss, disclosure or amendment.

  • How Your Personal Data Will Be Processed

    Xavier Analytics does not hold or process special category or criminal offence data.


    We use information about you in the following ways:


    • To provide you with information on products, services offers and events provided by the Application that you request or which we feel may interest you where you have consented to be contacted for such purposes;
    • To notify you about changes to our service;
    • To carry out obligations arising from contracts or agreements entered into between you and the Application;
    • To perform surveys and analysis with the aim of improving the services we provide;
    • To ensure that your visit to our site is safe and secure.
    • To manage your account on the Application.

    We may give your personal data to third parties where:


    • It is necessary for them to provide you with services on our behalf;
    • We are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce agreements or contracts or to protect our rights, our property, or the safety of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction.

    We will not share your personal data with a third party for the purposes of direct marketing.

  • Your Rights

    You have the right of access to your information. This includes a description of the data being processed, the purposes of processing and any recipients to whom the data is disclosed. To exercise this right, you must make a Subject Access Request in writing to the Data Protection Officer at Xavier Analytics, 14 Greenway Farm, Bristol, BS30 5RL, stating the information you require. We do not charge a fee. We may contact you to verify your identity or to clarify the precise information you require before processing your request, and will answer your request within one month.


    • You have the right to ask us not to process your personal data for direct marketing purposes. You will be given an opportunity to opt in to processing for direct marketing purposes when you first engage with us. However, you can withdraw your consent to receive marketing material at any time by contacting us at the address above.
    • You have the right to rectify your personal data at any time.
    • You have the right to have your personal data erased under certain conditions.
    • You have a right to restrict or object to some forms of data processing.
    • You have the right to prevent any unwarranted processing likely to cause damage or distress.

    If you feel that a situation has arisen or may arise and you wish to learn more about these rights or to exercise those rights, please contact us at the address above. Please note that this will not include processing where it is necessary to fulfil a contract or where a legal obligation for us to process the information exists.

  • Transfer of Personal Data Outside the European Economic Area

    We will not transfer your personal data out of the European Economic Area.

    The third parties may, in some cases, process Personal data outside the EU in order to operate or improve our services to our users. We perform extensive due diligence to ensure GDPR compliance and data security including international transfer of EU data. We do not engage a third party unless our quality standards are met. Our third parties are all subject to contract terms that enforce compliance with applicable data protection laws.

  • Security

    Xavier takes reasonable steps to protect information you provide to us as part of your use of the Xavier service from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store and the current state of technology. When you enter sensitive information (such as sign-in credentials) we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it. However, no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure due to the nature of the distributed network that is the Internet. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at [email protected].

  • Communications

    We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

  • Cookies

    Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and transferred to your device. We use cookies to collect information in order to improve our services for you.

    You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie.

    If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them turned on. You acknowledge that the Company provides no warranty that all or any bugs or errors in the Service will be corrected.


    Read more about the cookies we use in our Cookie Notice.

  • Children's Privacy

    Only persons age 16 or older have permission to access our Service. Our Service does not address anyone under the age of 16 (“Children”).

    We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a children under age 16 without verification of parental consent, we take steps to remove that information from our servers.

  • Contact Us

    If you have any questions, please contact us. Our Security documentation and GDPR and Data Protection Policy are available on request.