Menu
Talk to us 
XMLdation respects your privacy and is committed to protecting personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”). In this privacy policy (“Privacy Policy”) we describe the collection, usage, storage and sharing practices of personal data.

The Privacy Policy covers the following:

  1. Controllers
  2. Contact information
  3. Name of register
  4. What is the legal basis for and purpose of the processing of personal data?
  5. What data do we process?
  6. From where do we receive data?
  7. To whom do we disclose data and do we transfer data outside EU or EEA?
  8. How do we protect the data and how long do we store them?
  9. How do we use cookies and for what purposes?
  10. What are your rights as a data subject?
  11. Who can you be in contact with?
  12. Changes in the Privacy Policy

1. Controllers

XMLdation Oy

Peltokatu 26

33100 TAMPERE

Finland

(hereafter ”we” or ”XMLdation”)

and its following group companies:

XMLdation Ireland

2. Contact information for register matters

Any User having any question or request on this Privacy Policy or our privacy practices, can contact us

  • by mail at:

XMLdation Oy

Peltokatu 26

33100 TAMPERE

Finland

  • by email at:

privacy(at)xmldation.com

3. Name of register

CUSTOMER AND MARKETING REGISTER

4. What is the legal basis for and purpose of the processing of personal data?

The basis of processing personal data is the performance of a contract and XMLdation’s legitimate interest (e.g. customer relationship management, invoicing, direct marketing).

The purposes of processing the personal data are:

  • the delivery and development of our products and services,
  • fulfilling our contractual and other rights, promises and obligations,
  • taking care of the customer relationship and communications with the customers,
  • organizing marketing events,
  • analyzing and profiling behaviour of a customer or other data subject such as a potential customer,
  • electronic and direct marketing,
  • targeting advertising in our and others’ online services.

We use automated decision-making (inc. profiling) to identify the data subjects’ online behavior and purchase habits and create profiles based on the information. We use this information to target marketing and develop our services.

Personal data of the following categories of data subjects are processed:

  • Customer contact persons
  • Newsletter subscribers
  • Potential customer contact customer

5. What data do we process?

We process the following personal data of our customers, their employees or other data subjects (like individuals participating in our trainings and events) in connection with the customer and marketing register:

  • Information of company and company’s contact persons such as name and Business ID of the company and names, contact details,  country of residence, language of use, role/title and professional interests of the contact persons;
  • Information related to the account and licenses of the data subject such as account identities, software license information, access rights data;
  • Information related to event participation and trainings such as the name, date and location of the event, dietary or allergy information (only collected with the consent of the data subject);
  • Information supplied by the data subject him-/herself to XMLdation such as web form submissions, online discussion forum posts and profile information, feedback;
  • Information related to the behavior of the data subject in the services and website, which is used for profiling purposes such us the sites and services visited, the duration of visits/use, actions taken on the sites and in services;
  • Technical information about the data subject’s end devices such as IP address, MAC address and operating system;
  • Other possible information supplied by the data subject him-/herself.

6. From where do we receive data?

We receive personal data concerning customers primarily from the following sources: from the data subject him-/herself, the customer company the data subject works for and our group companies.

We receive personal data concerning potential customers primarily from the following sources: from the data subject him-/herself, our group companies, search engines, newspapers and other news sources, professional social media networks, contact information providers and company websites.

For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

7. To whom do we disclose data and do we transfer data outside EU or EEA?

We process information ourselves and use subcontractors that process personal data on behalf of and for us e.g. providing support and maintenance to our customers, maintaining and hosting our cloud services, marketing services and IT environment as well as providing the hardware and network connections for our products and services.

We disclose personal data to group companies. Data may be disclosed to authorities under compelling provisions.

We transfer and disclose personal data related to customers outside EU/EEA, including but not limited to United States of America. We have implemented suitable safeguards for the transfers and disclosures in accordance with EU–US Data Privacy Framework.

8. How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their working duties are required to process customer data, have access to the systems containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are stored in locked premises and can be accessed only by certain pre-designated persons.

We store the personal data for as long as is necessary considering the purpose of the processing. Personal data about customers is processed and retained during the customer relationship and as long as we deliver services, and after the relationship or service provision has ended for three (3) years. Personal data about potential customers is deleted or updated when it is discovered to be outdated or the data subject is deemed unresponsive to the marketing.

We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

9. How do we use cookies and for what purposes?

We use cookies and similar technologies to:

  • ensure website functionality;
  • maintain security;
  • analyze website usage;
  • improve user experience;
  • measure marketing effectiveness.

Non-essential analytics and marketing cookies are used only with your consent where required by applicable law. You may modify or withdraw cookie preferences at any time through the cookie settings functionality available on our website. Additional information regarding cookies and tracking technologies may be provided in a separate Cookie Policy.

10. What are your rights as a data subject?

Under applicable data protection regulations (including GDPR), You retain the following rights:

  • Access & Rectification: Request a copy of your data or correct inaccurate information.

  • Erasure & Restriction: Request the deletion of your personal data or limit its processing under certain conditions.  

  • Data Portability: Obtain your data in a structured, commonly used format.

  • Object to Marketing: Opt-out of newsletters or direct promotional communications at any time via the provided "unsubscribe" links.  

To exercise your rights, please contact: privacy [at] xmldation-dot-com

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman or another competent supervisory authority within the EU/EEA.

11. Changes in the Privacy Policy

Should we make amendments to this privacy notice, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this privacy notice from time to time to ensure you are aware of any amendments made.

Last updated: 25/05/2026