GENERAL INFORMATION

This document defines the rules of the Privacy Policy on the: rigi.io, support.rigi.io, .rigi.io, henkboxma.com Internet Service (hereinafter referred to as the “Internet Service”or “Internet Services”). The Administrator of the Internet Services is Boxma IT B.V. Burgemeester Prinslaan 3, 6711 KA Ede  The Netherlands, also acting under the name RIGI Localization and/or the companies in the same group (‘BOXMA’) member of XTM Group.

Personal data collected by the Administrator of the Internet Service are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1), (hereinafter: the GDPR) and with UK General Data Protection ( hereinafter: the GDPR:UK GDPR) and with Data Protection Act 2018 (hereinafter: DPA) and with and with California Consumer Privacy Act of 2018 (sections 1798.100 through 1798.199), (herein: after CCPA)

The Administrator of the Internet Services takes the utmost care to protect the privacy and the information provided thereto and related to users of the Internet Services. The Administrator selects and applies appropriate technical measures, including programming and organizational measures, to ensure the protection of personal data being processed, in particular, to secure the data against access by unauthorized entities, disclosure, loss and destruction, unauthorized modification, as well as illegal processing.

The Services available on the web pages are not addressed to children under 16 years of age. The Personal Data Controller does not plan to intentionally collect data on children under 16 years of age.

PERSONAL DATA

Personal Data Controller

Your Personal Data Controller is: 

 Boxma IT B.V. Burgemeester Prinslaan 3, 6711 KA Ede  The Netherlands

You may contact the Personal Data Controller in matters related to your personal data by:

electronic mail: privacy@xtm-intl.com
traditional mail: Boxma IT BV
Burgemeester Prinslaan 3
6711 KA
Ede
The Netherlands

Categories, the Purpose, the Legal Basis for Personal Data Processing and Data Processing Time

Below you will find information about the categories of data, the purposes of data processing, the legal basis for data processing and the time of data processing by the Personal Data Controller in connection with the use of the Internet Service and initiated remote contact with the Personal Data Controller: 

1. identification data, that is data provided in the registration form on the Internet Service, i.e. e-mail address, name and family name, telephone number; to provide Services which require the creation of the Account, we process your data specified in the Account, including data on implemented services and paid services  – the legal basis for data processing is Article 6(1) letter b of the GDPR and UK GDPR (processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before concluding the contract – create an account); and also Article 6(1) letter f of the GDPR and UK GDPR ( processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is the possibility of determining, pursuing and enforcing claims and defending against claims at the pre-litigation stage, in court proceedings and before other enforcement authorities). The data will be processed for the duration of the contract and for the period of limitation of claims arising from the contract.
2. data provided in connection with the provision of services which do not require that you create the Account, that is to use chat or other Services and to contact in relation with the use of the contact form – the legal basis for data processing is Article 6(1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is the possibility of answering in connection with initiated contact). Such data will be processed for the duration of the response or other notification process.
3. data provided in connection with browsing the website of the Internet Service, related to your activity in the Internet Service, the amount of time spent on the website of the Internet Service on each subpages, your search history, i.e. information about the content you are viewing, data on the session of your device, system operating, browser, location, unique identifier, IP address – the legal basis for data processing is Article 6(1) letter f. of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is keeping statistics on the use of individual functionalities of the Internet Service, facilitating the use of the Internet Service and ensuring IT security of the Internet Service). The data will be processed for the period indicated in the General Information about the Cookies (below) or until an objection to data processing is raised. Data on users not logged in are stored for a period of time corresponding to the life cycle of Cookies stored on devices or until they are deleted on the user’s device by the user.
4. data provided in connection with the performance of the provision of Services Contract and allow to use functionalities that require the creation of an account, i.e. translation projects management, customers and translator base management, ordering a translation, payment information management, users communications, we process personal data provided by you and forms as well as data regarding your activity on the Internet Service, i.e. data concerning the Services you are viewing, as well as session data, your device, and operating system, browser, location, and a unique ID. The provision of some data is a prerequisite for using certain Services and account functionality (mandatory data). Our system automatically marks mandatory data. As a consequence of your failure to provide such data, we will not be able to provide certain services and functionalities of the Account. Contrary to data marked as mandatory, providing other personal data is voluntary – the legal basis for data processing is Article 6(1) letter b of the GDPR and UK GDPR (processing is necessary for the performance of a contract to which the data subject is a party), Article 6(1) letter c  of the GDPR and UK GDPR (processing is necessary for compliance with a legal obligation to which the Personal Data Controller is subject) and Article 6(1) letter f of the GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is the possibility of establishing, pursuing and enforcing claims and defending against claims at the pre-litigation stage, in court proceedings and before other enforcement authorities). The data will be processed for the duration of the contract for the period of limitation of claims arising from the contract and for 5 years from the end of the calendar year in which the tax payment deadline expired (which applies to paid services).
5. data provided by you in complaints, claims and requests or in order to answer questions in a form other than via the contact form, and data contained in documents attached to complaints, claims and requests – pursuant to Article 6(1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is the consideration of complaints, claims and requests, and responding to user requests). The data will be processed for the period of handling complaints, requests, complaints or providing a response and for the period of limitation of claims in connection with a complaint.
6. data provided by you in forms, in order to market research and opinion polling by us. We do not use data collected as part of market research and opinion polls for advertising purposes – the legal basis for the processing of personal data is Article 6(1) letter f of the GDPR and UK GDPR (processing is necessary for purposes arising from legitimate interests pursued by the Personal Data Controller or by a third party, which is market and opinion research about the Personal Data Controller). The data will be processed until an objection to data processing is raised pursuant to art. 6 sec. 1 letter f. GDPR and UK GDPR. An objection may be made at any time.
7. data provided by you in connection with the marketing of our Services, including the newsletter service and remarketing we process personal data provided by you on the creation of your Account and its updates, data about your activity on the Internet Service including activity recorded and stored via cookies, in particular the history of activity, ordered services, search history, clicks on the Internet Service, history and your activity related to our communication with you. For remarketing, we use data about your activity in order to reach you with our marketing messages outside of the Internet Service, and for this purpose, we use the services of external suppliers. These are based on displaying our messages on web pages other than within the Internet Service. Further details are available in provisions regarding Cookies. The legal basis for the processing of personal data is Article 6(1) letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is marketing products and services). The data will be processed until an objection to data processing is raised pursuant to art. 6 sec. 1 letter f. GDPR and UK GDPR. An objection may be made at any time.
8. data provided by you in connection with Personal Data Controller social media profiles, such as: Facebook, Linkedin, X.com (former Twitter),Vimeo, Instagram and YouTube – such data is co-administered by Boxma IT B.V.  and a social networking site. The legal basis for data processing is Art. 6 sec. 1 letter f of the GDPR and UK GDPR (processing is necessary for the purposes of legitimate interests pursued by the Personal Data Controller or by a third party, which is correspondence on or through social networking sites and marketing activities). The data will be processed until an objection to data processing is raised pursuant to art. 6 sec. 1 letter f. GDPR and UK GDPR. An objection may be made at any time.

Your personal data regarding preferences, behaviors, and selection of marketing content may be used as a basis for making automatic decisions to determine the sales possibilities of the Internet Service.

Voluntary Personal Data

Providing the required personal data is voluntary and is a necessary condition
for the provision of services by the Personal Data Controller via the Internet Service.

Personal Data Recipients and transferring your personal data policy out of the UK and EEA

We transfer your personal data to the following categories of recipients:

• state authorities, e.g. prosecutor’s office, Police, President of the Office of Personal Data Protection, President of the Office of Competition and Consumer Protection, if they request so, service providers that we use to run the Internet Service and entities supporting the business activities of the Personal Data Controller. Depending on contractual arrangements and circumstances, these entities act on our behalf or define the purposes and methods of data processing by themselves. 

If, as part of the provision of services by the Administrator, data will be transferred outside the European Economic Area (EEA) or UK, the Personal Data Controller will ensure an appropriate level of data protection, in particular in the form of standard contractual clauses in concluded contracts.

Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:

• in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the GDPR and UK GDPR. 
• in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR.
• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you, or
• a specific exception applies under relevant data protection law

You can request information on the security measures applied and a copy thereof by sending a request to privacy@xtm.cloud.

Rights of the Data Subject

Based on the GDPR and UK GDPR, you have the right to:

• request access to your personal data;
• request rectification of your personal data;
• request erasure of your personal data;
• request restriction of personal data processing;
• object to the processing of personal data;
• request portability of personal data;
• lodge a complaint with the supervisory authority.

Personal Data Controller will provide you, without undue delay
– and in any case within one month of receiving the request, with information about actions taken in connection with your request.

Before mentioned one month period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

In any event, the Personal Data Controller will inform you of such an extension within one month of receiving the request, giving the reasons for the delay.

If you wish to submit a data subject access request, please click here.

The Right of Access to Personal Data (Article 15 of the GDPR and UK GDPR)

You have the right to obtain from the Personal Data Controller confirmation as to whether your personal data are being processed.

If the Controller is processing your personal data, you have the right to:

• acquire access to personal data;
• obtain information about the purposes of the processing, categories of personal data being processed, data recipients or categories of recipients, the envisaged period for which the personal data will
• be stored or the criteria used to determine that period, information about your rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the data source,
• automated decision-making, including profiling, and security measures used in connection with the transfer of these data outside the European Union;
• obtain a copy of your personal data.

If you want to request access to your personal data, please submit your request to privacy@xtm.cloud.

The Right to rectification of your personal data

(Article 16 of the GDPR and UK GDPR,  Data protection Act)

You have the right to request the Personal Data Controller to immediately rectify your personal data that is incorrect, including to supplement it
(if the data is incomplete).

If you want to correct your personal data, please submit your request to privacy@xtm.cloud.

The Right to Erasure of Personal Data, So-called “Right to Be Forgotten”(Article 17 of the GDPR and UK GDPR)

You have the right to request the Personal Data Controller to erase your personal data when:

• your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• you have withdrawn your specific consent to the extent to which personal data were processed based on your consent;
• your personal data have been unlawfully processed;
• you have objected to the processing of your personal data for the purpose of direct marketing, including profiling, to the extent to which the processing of personal data is related to direct marketing;
• you have objected to the processing of your personal data in connection with the processing necessary to perform the task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Personal Data Controller or a third party.
• your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Personal Data Controller is subject;

If you want to request the erasure of your personal data, please submit your request to privacy@xtm.cloud.

The Right to Submit a Request to Restrict the Processing of Personal Data(Article 18 of the GDPR and UK GDPR)

You have the right to request the restriction of your personal data processing when:

• you contest the accuracy of your personal data – the Personal Data Controller will restrict the processing of your personal data for a period allowing to verify data accuracy;
• the processing of your personal data is unlawful, but you oppose their erasure and request the restriction of their use instead;
• your personal data are no longer needed for the purposes of the processing, but they are required for the establishment, exercise or defense of your legal claims;
• you have objected to the processing of your personal data – pending the verification whether the legitimate grounds of the Controller override your grounds mentioned in your objection.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing shall be informed by the Personal Data Controller before the restriction of processing is lifted.

If you want to request the restriction of your personal data processing, please submit your request to privacy@xtm.cloud.

The Right to Object to Personal Data Processing(Article 21 of the GDPR and UK GDPR)

You have the right to object at any time to the processing of your personal data, including profiling, in connection with:

• the processing necessary to perform the task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Personal Data Controller or a third party;
• processing for direct marketing purposes.

If you want to object to the processing of your personal data, please submit your objection to privacy@xtm.cloud.

The Right to Request the Personal Data Portability

(Article 20 of the GDPR and UK GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit them to another personal data controller.

You may also request the Personal Data Controller to transmit your personal data directly to another controller (where technically possible).

If you want to request the personal Boxma/Rigi data portability, please submit your request to privacy@xtm.cloud.

The Right to Withdraw Consent

If the Personal Data Controller processes your data on the basis of consent (Article 6 (1) letter a of the GDPR) you may withdraw your consent to the processing of your personal data at any time.

Withdrawal of consent to the processing of personal data does not affect the legality of the processing based on your consent before its withdrawal.

If you want to withdraw your consent to the processing of your personal data, please submit your request to privacy@xtm.cloud or use appropriate functionalities in the Account.

Complaint to the Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, your place of work, or place of the alleged infringement

Dutch Personal Data Authority 

Hoge Nieuwstraat 8 P.O. Box 93374 2509 AJ Den Haag/The Hague NETHERLANDS.

The [UK’s] Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 111.

Submit a data subject access request.

Cookies

GENERAL INFORMATION

While browsing the pages in the Internet Service, cookie-files are used, hereinafter referred to as the Cookies, i.e. small text files stored in your terminal device in connection with the use of the Internet Service. Their use is aimed to ensure the correct operation of pages in the Internet Service.

These files allow to identify the software that you use and tailor the Internet Service to your individual needs.

Cookies usually contain the name of the domain from which they originate, their storage time on the device, and the assigned value.

COOKIES

While browsing the pages in the Internet Service, cookie-files are used, hereinafter referred to as the Cookies, i.e. small text files stored in your terminal device in connection with the use of the Internet Service. Their use is aimed to ensure the correct operation of pages in the Internet Service.

These files allow to identify the software that you use and tailor the Internet Service to your individual needs.

Cookies usually contain the name of the domain from which they originate, their storage time on the device, and the assigned value.

Security

The cookies we use are safe for your devices. In particular, it is not possible for viruses or other unwanted or malicious software to get into your devices through cookies.

Types of Cookies

We use two types of cookies:

• Session cookies: which are stored on your device and remain there until the end of a given browser session. The saved information is then permanently deleted from the memory of your device. The mechanism of session cookies does not allow you to download any personal data or any confidential information from your device.
• Persistent cookies: which are stored on your device and remain there until they are deleted. They are not deleted from your device upon ending the session of a given browser or turning off the device. The mechanism of persistent cookies does not allow you to download any personal data or any confidential information from your device.

Objectives

We also use third-party cookies for the following purposes:

• to compile statistics – that helps to understand how the users use the Internet Service, which allows improving its structure and content through analytical tools of Google Analytics – by Google Ireland Ltd. based in Ireland. Google’s Privacy policy is available here: https://policies.google.com/privacy, https://policies.google.com/technologies/partner-sites;
• to support our customers by Zoho Utrecht Zoho Corporation B.V.
  Beneluxlaan 4B 3527 HT UTRECHT Privacy policy is available here: https://www.zoho.com/privacy.html
• to promote the Internet Service using the Youtube Internet Services – by Youtube LLC. based in the USA YouTube’s Privacy policy is available here: https://policies.google.com/privacy, https://policies.google.com/technologies/partner-sites

To learn the rules of using Cookies, we recommend reading the privacy policies of the aforementioned companies.

Cookies may be used by advertising networks, in particular by Google network, to display advertisements tailored to your preferences. For this purpose, information about your web trends or time of using the web page can be saved.

To view and edit information about your preferences collected by Google’s advertising network, you can use the tool available at https://www.google.com/ads/preferences/.

By using the web browser settings or by using the service configuration, you can change your Cookie settings by yourself and at any time, by specifying the terms of their storage and access to your device via Cookies. These settings can be changed, so as to block the automatic processing of Cookies in the web browser settings or to inform you each time when they are placed on your device. Detailed information on the options and ways of supporting Cookies is available in your software settings (web browser).

Changes to this privacy policy and cookies policy 

We may change this privacy policy from time to time. The updated privacy policy will be made available on our website, https://rigi.io

When we make significant changes, we will take steps to inform you, e.g. via pop-up display mechanism or an outstanding message placed on the top of the homepage.