Privacy Policy

Dated: April 19th, 2024          

PLEASE READ THIS POLICY CAREFULLY BEFORE USING AVANTRA’S WEBSITE

This privacy policy applies to Syslink Xandria Ltd (Co No 10864553 and whose registered office is at Parkshot House, 5 Kew Road, Richmond, London, United Kingdom, TW9 2PR) and each member of its Group (“Avantra”, “us”, “our” or “we”). The Syslink Xandria Ltd Group incorporates: Syslink Xandria Inc, Syslink Software AG, SL Xandria GmbH. 

Protecting your data, privacy and personal information is very important to us.  It is vitally important to us that our customers feel secure when using:  https://www.avantra.com (the “Website”) and/or our support services.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by Avantra. Please read this privacy policy carefully to understand the types of information we collect from you, how we use that information, the circumstances under which we will share it with third parties, and your rights in relation to the personal data you provide to us.

Our Website contains links to third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.

Information we may collect

We may collect and process the following data about you:

• Information that you provide to us. Your will be asked to provide us with your information when you:

  • fill in forms on our Website, or correspond with us by phone, email or otherwise;

  • report a problem with the Website; or

  • complete any surveys we ask you to fill in that we use for research purposes (although you do not have to respond to these if you do not want to).

The information you will be asked to provide to us for these purposes may include your name, email address, mobile number, landline number, company name, address, time zone or further information required to verify your identity.

With regard to each of your visits to our Website we may automatically collect the following information; however, this information cannot be used to identify you:

• device-specific information, such as your hardware model, operating system version, unique device identifiers, and mobile network information;
• details of your visits to our Website, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time), length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs).

If you are using our Website on behalf of a third party, you must have obtained clear permission from the individuals whose data you provide us with before sharing that data with us.

For the avoidance of any doubt, any reference in this privacy policy to your data shall include data about other individuals that you have provided us with.

How we use your information and justification of use.

Use of personal information under UK and EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:

• Consent: where you have consented to our use of your information (you are providing explicit, informed, freely given consent, in relation to any such use and may withdraw your consent in the circumstance detailed below by notifying us);
• Contract performance: where your information is necessary to enter into or perform our contract with you;
• Legal obligation: where we need to use your information to comply with our legal obligations;
• Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights; and
• Legal claims: where your information if necessary for us to defend, prosecute or make a claim against you or a third party.

Swiss data protection law does not generally require a legal basis for processing, but where processing must be justified, the grounds for justification are usually similar to the legal basis under UK and EU data protection laws.  

We use information held about you (and information about others that you have provided us with) in the following ways: 

Types of Information Collected	Uses of that Information	Use Justification
Name, email address, job role, company sector and name, mobile number, landline number, fax number, address, time zone, user id, IP address	To register you as a new customer and/or for a free demo and provide you with the services	Contract performance; Legitimate interest (provision of demo).
Name, email address, mobile number, company, landline number, fax number, address, time zone, IP address	For marketing products and services that we believe will be of interest to you.	Legitimate interest (for marketing our own similar products and services and any re-engagement campaigns). Consent (for marketing unrelated products or services or products or services of third parties).
Address, time zone, IP address	To identify more appropriate products and services to market to you.	Legitimate interests (to administer and improve our Website).
Name, email address, IP country, IP address	To administer the Website and for internal operations, including research, data analysis and data statistics, and to create derived, anonymised and aggregated data to improve our Website.	Legitimate interests (to administer and improve our Website).
Email address	To notify you about changes to our Website.	Legitimate interests (to update our Website from time to time).
Name, email address, phone, job title	To provide support services for customers and to permit individual users to raise support tickets.	Contract performance (to provide the requested support services).
Name, email address	To raise invoices for services rendered.	Contract performance (to issue invoices).

  

Whilst we will share personal data with other members of our Group, will not sell your personal data (or any other data you provide us with) to third parties. We reserve the right to share any data, as set forth herein, and to process, share, or transfer data without restriction provided always that it has been anonymised and/or aggregated in compliance with applicable law.  You acknowledge and accept that we own all right, title and interest in and to any derived data or aggregated and/or anonymised data collected or created by us.

Where we store your personal information

Personal data may be processed by organisations operating outside of the UK, EU or Switzerland, potentially globally, as applicable who work for us or for one of our business partners or service providers. A full list of our third party processors and details of their privacy policies can be provided upon request, where applicable data protection law permits such a request. 

Countries outside the UK, EU or Switzerland as applicable may not provide the same level of adequate protection for the rights and freedoms of data subjects in relation to the processing of personal data. In countries which do not provide appropriate safeguards, we shall transfer your data subject only to your consent except for transfers to and from: (i) any country with a valid adequacy decision from the UK Government or European Commission as applicable; (ii) any organisation which ensures an adequate level of protection in accordance with applicable data protection laws, including by contractual means approved by the UK ICO or other relevant supervisory authorities; or (iii) organisations that participate in the EU-U.S. Data Privacy Framework ("DPF") and Swiss-U.S. Data Privacy Framework Principles.

In certain cases, we may transfer data without such safeguards or consent, for example if it is necessary in relation with a contract or to defend, exercise or enforce legal claims.

It is your responsibility to keep your password secure. Unfortunately, the transmission of information via the internet is not completely secure. Although Avantra will do its best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorised access.

Please contact us if you would like further details on the specific safeguards applied to the export of your personal information outside the UK, EU and Switzerland.

Disclosure of your information

We may also disclose your personal information to third parties in the following circumstances:

Purpose of disclosure and third party(s) to which disclosure might be made	Use Justification
We may disclose your personal information to our system service providers and business partners, including contractors, agents, third party software providers (to assist us in performing any contract we enter into with them or you, including providing our Website it enables), analytics providers,  (to assist us in the improvement and optimisation of the Website) and/or a member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 or similar provisions of applicable laws.	Contract performance, legitimate interest, (to allow our Service providers to provide the necessary services).
If we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets	Legitimate interest (to sell our business or assets); Consent (for sensitive personal data)
If Avantra or substantially all of its assets are acquired by a third party, personal information about our customers will be one of the transferred assets	Legitimate interest (to sell our Company or assets), Consent (for sensitive personal data)
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of Avantra, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection	Legal obligation
Fraud Prevention and other checks. We and other organisations may also access and use your personal information to conduct credit checks and checks to prevent fraud. If false or accurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies.	Legitimate interest (to assist with the prevention of fraud and to assess your risk profile)
We may disclose your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with proceedings or investigations anywhere in the world where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.	Legal obligation (to cooperate with law enforcement and regulatory authorities)

 

How long we retain your personal data

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We will hold the above information as long as is necessary in order to deal with request including those received via the Website, deal with any specific issues that may arise, or otherwise as is required by law or any relevant regulatory body.

If information is used for two purposes, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period when that period expires.

We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.

Your rights

Under the UK Data Protection 2018 and the UK implementation of the General Data Protection Regulation (EU) 2017/676, as well as under Swiss data protection laws, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at legal@avantra.com.  

In certain circumstances you have the following rights in relation to your personal data:

Rights	Details
Right of Access	You have the right to obtain from us information as to whether your personal data is being processed, and, where that is the case, access to such personal data.
Right to Rectification	We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.
Right to erasure / ‘Right to be forgotten’	Asking us to delete all of your personal data will result in Avantra deleting your personal data without undue delay (unless there is a legitimate and legal reason why Avantra is unable to delete certain of your personal data, in which case we will inform you of this in writing).
Right to restriction of processing	You have the right to ask us to stop processing your personal data at any time.
Right to data portability	You have the right to request that Avantra provides you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so.
Right to complain	You have the right to lodge a complaint to a supervisory authority such as the Information Commissioner’s Office in the UK (see www.ico.org.uk) or another applicable supervisory authority (e.g., the Swiss Federal Data Protection and Information Commissioner, see https://www.edoeb.admin.ch/edoeb/en/home.html).  Although we encourage our customers to engage with us in the event they have any concerns or complaints.

 

Please note that asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use Avantra’s Website, or at least those aspects of our Website which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use our Website.

Avantra will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs. 

Where you request Avantra to rectify or erase your personal data or restrict any processing of such personal data, Syslink may notify third parties to whom such personal data has been disclosed of such request.

 

 

CALIFORNIA PRIVACY RIGHTS 

If you are a California resident, California law may provide you with certain rights regarding our use of your personal information. 

1. “Do Not Track” under the California Online Privacy Protection Act. We are not aware of any processes for others collecting personal information about your activities on our websites over time and across third party websites, apps, or other online services, nor do we knowingly collect information about your activities over time across third party sites and services.
2. California's "Shine the Light" law (Civil Code Section § 1798.83). This law permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at legal@avantra.com.
3. California Consumer Privacy Act (CCPA). 

This part (C) serves as a privacy notice for California residents and applies solely to all visitors, users, and others who reside in the State of California. This part is effective upon the effective date of enforcement of the CCPA. We adopt this policy to comply with the CCPA as of the effective date of this policy, and any terms defined in the CCPA have the same meaning when used in this notice. Note that provision of this CCPA notice is not an admission on our part that Avantra is a “business” within the meaning of the CCPA, and nothing in this policy may be construed as such an admission. 

Personal information we collect 

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person (“personal information”) that falls within the following categories of personal information, and have done so within the last (12) months: 

 

Category	Information Collected
Identifiers	A real name, postal address, unique identifier, online identifier, Internet Protocol address, email address, and account name.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	A name, physical characteristics or description, address, telephone number, financial and business information.
Commercial information	Records of personal property, products or services purchased, obtained, or considered, or other transaction histories.
Internet or other similar network activity	A consumer’s interaction with a website.
Professional information	Job title, position, description; identity of employer

 

Personal information does not include: (a) publicly available information from government records; (b) deidentified information or aggregate consumer information; (c) information excluded from the CCPA’s scope; and (d) personal information covered by certain sector-specific privacy laws. 

We obtain the categories of personal information listed above from the following categories of sources: 

• directly from you or publicly available sources. For example, from forms you complete or products and services you purchase or sell, or from information you choose to display in publicly accessible social media accounts. 
• indirectly when you use our services (eg cookies when using our website). 

Our use of personal information 

We may use or disclose the personal information we collect for the purposes set forth in this Policy, and one or more of the following business purposes: 

• to fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. 
• to provide, support, personalize, and develop our website, products, and services. 
• to create, maintain, customize, and secure your account with us. to process your requests, purchases, transactions, and payments and prevent transactional fraud. 
• to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses. 
• to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our sites, third-party sites, and via email or text message (with your consent, where required by law). to help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business. 
• for testing, research, analysis, and product development. 
• to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. 
• as described to you when collecting your personal information or as otherwise set forth in the CCPA. 
• auditing related to a current interactions and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards. 
• detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity. 
• debugging to identify and repair errors that impair existing intended functionality. 
• to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred. 

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. 

Sharing personal information 

We may disclose any or all of the categories above of your personal information to a third party for a business purpose, as set forth in section 11 above (External Third Parties), and we have done so in the last 12 months. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales. 

We disclose your personal information for a business purpose to the following categories of third parties: 

• delivery and fulfillment service providers (eg UPS) 
• third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy. 
• any other third parties you have permitted us to disclose your personal information to as set forth in this Policy 

Your rights and choices 

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you: 

• the categories of personal information we collected about you. 
• the categories of sources for the personal information we collected about you. 
• our business or commercial purpose for collecting or selling that personal information. 
• the categories of third parties with whom we share that personal information. 
• the specific pieces of personal information we collected about you (also called a data portability request). 
• if we sold or disclosed your personal information for a business purpose, two separate lists disclosing: (a) sales, identifying the personal information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained. 

Deletion request rights 

California residents have the right under the CCPA to request that we delete any of their personal information that we have collected and retained, subject to certain exceptions. Once we receive and confirm a verifiable consumer request (see below), we will delete (and direct our service providers to delete) relevant personal information from our records, unless an exception applies. 

We may deny California residents’ deletion request if retaining the information is necessary for us or our service provider(s) to: 

• complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with the requesting individual, or otherwise perform our contract with a requesting individual. 
• detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities. 
• debug products to identify and repair errors that impair existing intended functionality. 
• exercise free speech, ensure the right of another to exercise their free speech rights, or exercise another right provided for by law. 
• enable solely internal uses that are reasonably aligned with consumer expectations. 
• comply with a legal obligation. 
• make other internal and lawful uses of that information that are compatible with the context in which you provided it. 

Verifiable consumer request 

To exercise the access, data portability, and deletion rights under the CCPA described above, please submit to us a verifiable consumer request by contacting us at legal@avantra.com. 

Only a California resident, or a person registered with the California Secretary of State that a California resident has authorized to act on their behalf, may make a verifiable consumer request related to their personal information. A California resident may also make a verifiable consumer request on behalf of their minor child. 

A verifiable consumer request for access or data portability can only be made twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify the California resident about whom we collected personal information or an authorized representative, and contain sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. 

Making a verifiable consumer request does not require you to create an account on our website. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. 

We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically. 

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

Non-discrimination 

We will not discriminate against you for exercising any of your CCPA rights. Except as permitted by the CCPA, we will not: 

• deny you goods or services. 
• charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. 
• provide you a different level or quality of goods or services. 
• suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. 

Changes to this policy

Any changes we make to our privacy policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the Website.  We therefore encourage you to review it from time to time to stay informed of how we are processing your information. 

Contact

The entity ultimately responsible for the processing of your personal data, as data controller, will depend on which Syslink Xandria Ltd group company you are interacting with and for what purpose. Syslink Xandria Ltd  acts as the primary point of contact on behalf of each of the Group companies in respect of the personal data which is processed about you in relation to marketing and sales activity. Syslink Software AG acts as the primary point of contact on behalf of each of the Group companies in respect of the personal data which is processed about you in relation to support services.

All questions, comments and requests regarding this privacy policy are welcome and should be addressed to legal@avantra.com.

For the purpose of the relevant data protection legislation, the data controller is Syslink Xandria Ltd (company no. 10864553) with registered office address 5 Kew Road, Richmond, Greater London, United Kingdom. 

Cookies

Avantra uses cookies to distinguish you from other users. This helps us provide you with a good experience when you use our Website. Please note that it is possible to disable cookies being stored on your computer by changing your browser settings. However, our Website may not perform properly or some features may not be available to you if you disable cookies.

For detailed information on the cookies we use and the purposes for which we use them see our Cookies Policy.