Responsible for data processing in accordance with the provisions of the DPA and GDPR is:
Bradley James King (Sole Trader)
Halifax, West Yorkshire, United Kingdom
E-Mail: [email protected]
(hereinafter “sourceXchange”, “we”, “us” or “our”)
As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional platform and our content and services, e.g., when you register on our website or log in to an existing account.
We process users' personal data only in compliance with the relevant data protection regulations. User data is only processed if the following legal permissions exist:
The above legal bases are set out as follows:
In connection with our processing of your data, you have the following rights:
If you believe that the processing of your personal data is not lawful, you can lodge a complaint with a data protection supervisory authority. The UK's Information Commissioner's Office (ICO) is the for us relevant data protection supervisory authority. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
Please direct all requests for information, requests for information or objections to data processing to us using [email protected].
Automated decision-making is not used.
No special categories of data are processed.
In the course of our business and website operations, we not only process data but may also need to disclose or transmit it to third parties and, where applicable, to so-called third countries outside the UK and the EEA. Where we transfer data outside the UK or EEA, we have highlighted this accordingly below.
We may collect and process the following data which may contain Personal Data:
To provide our Platform, we use a web hosting service, who process the data mentioned below and all other data that is processed in connection with the operation of our Platform on our behalf. Our Platform is hosted using the services of OVH. The legal basis for the data processing is our legitimate interest in providing our platform and services (Art. 6 (1) f) GDPR).
We may also collect and process access data that your internet browser automatically transmits to us for technical reasons in order to provide the Platform. Depending on the access protocol used, the protocol data record contains general information with the following contents: Your session data (usage behaviour, length of stay, which links were clicked on, etc.), your abbreviated and unabbreviated IP address, your browser version, your operating system, your website-specific settings, your cookie IDs, your pixel IDs. This data does not allow any direct inference to your person and is processed to improve our Platform offer and to defend against attempted attacks on our web server. The legal basis for the data processing is our legitimate interest in providing our platform and services (Art. 6 (1) f) GDPR).
If you register on our Platform, we will request personal data (Name and E-mail address) and, where applicable, non-mandatory data for example your password in accordance with our registration form for the purposes stated. The entry of your data is encrypted so that third parties cannot read your data when it is entered. The legal basis for the data processing is the provision and performance of a contract or pre-contractual measure (Art. 6 (1) b) GDPR) as well as your consent (Art. 6 (1) a) GDPR).
As a registered user, you can create a user profile with just a few clicks and details including a Profile Picture. If you make use of the option, the relevant profile data you provide will be transferred to your profile. Of course, you can change the information or delete your account at any time via the settings in your profile. When creating a profile, you can submit personal data. You have choices about the information on your profile. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the processing of your personal data is the establishment and implementation of the user contract for the use of the service (Art. 6 (1) b) GDPR) as well as your consent (Art. 6 (1) a) GDPR).
To make a purchase or get Paid, you may need to provide a valid payment method (e.g., credit card). Your payment information will be collected and processed by our payment service provider PayPal, or Stripe as selected. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions.
If you contact us per e-mail or social media, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details -if provided by you- and your message. The legal basis for the data processing is your consent and the preparation or initiation of a contract, insofar as it is necessary to answer your questions (Art. 6 (1) a) GDPR) and (Art. 6 (1) b) GDPR).
We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services (Art. 6 (1) b) GDPR), (Art. 6 (1) c) GDPR) and (Art. 6 (1) f) GDPR). The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.
We only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.
We use information held, including Personal Data, in the following manner:
Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us.
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us in writing. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements or interactions with us. Prior to you exercising your choice to withdraw your consent, we will inform you of the consequences of the withdrawal of your consent. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
sourceXchange will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services, you have consented to the disclosure, or the disclosure of data is permitted by relevant legal provisions.
sourceXchange is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for us within the framework of the DPA and GDPR. External service providers support us, for example, in the technical operation and support of the Platform, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by us process your data exclusively in accordance with our instructions. Nonetheless, we remain responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.
Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.
We endeavour to ensure that all decisions involving your Personal Data are based upon accurate and timely information. However, we rely on you to disclose all relevant information to us and to inform us of any changes in your Personal Data. As such, please disclose all relevant information necessary for us to provide services to you and ensure all information submitted to us is up-to-date, complete, and accurate. Kindly inform us promptly if there are any changes in your Personal Data.
State-of-the-art internet technologies are used to ensure the security of your data. During the online enquiry process, your details are secured with SSL encryption. For secure storage of your data, the systems are protected by firewalls that prevent unauthorised access from outside. In addition, technical and organisational security measures are used to protect the personal data you have provided against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons.
Databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.
We maintain online presences on Discord and GitHub on the basis of our legitimate interests (Art. 6 (1) f) GDPR) to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.
If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or by contacting us.
For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer any Data Subject Access Requests. Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.
Our platform contains links to the online services of other providers. We hereby point out that we have no influence on the content of the linked online services and the compliance with data protection regulations by their providers.
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Bradley James King (Sole Trader)
Halifax, West Yorkshire, United Kingdom
E-Mail: [email protected]