Privacy Policy

Your privacy is important to Xceedance, and we are committed to protecting your online privacy and respecting your need for appropriate protection and management of any personal data you share with us based on applicable data protection laws and regulations. Xceedance believes it is important for you to know what personal data we at Xceedance Consulting Limited (“Xceedance” or “we”) collect from you, why we collect it, how we use it and what rights you might be entitled to as a data subject or consumer.

It is important that you read this policy, together with our cookie policy which tells you how we use cookies and other similar tracking technologies. We would also provide information about different higher jurisdiction-specific standards that apply in those locations. Your use of our sites or products or services indicates you agree to our collection, usage, and disclosure of your information as described in this Privacy Policy.

Information we collect

For the purposes of this privacy statement, ‘‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.

We collect only the information needed for legitimate business purpose. You may need to provide some personal data when you sign up for an account, register for an event, ask for customer support, wish to buy our product or services.

The information we collect about you may include the following:

  • Contact details: such as your name, email, postal address, and phone number
  • Demographic details: such as your date of birth, age, gender, race, photo, marital status, lifestyle, and insurance requirements
  • Employment information: such as job title, employee number, employment status, salary, employment benefits, and employment history, qualifications and affiliations
  • Health information: such as medical records
  • Benefits information: such as benefit elections, pension entitlement information, date of retirement and any relevant matters impacting your benefits e.g. voluntary contributions, pension sharing orders, tax protections or other adjustments
  • Financial information: such as credit history and bankruptcy status, salary, tax code, third-party deductions, bonus payments, benefits and entitlement data, national insurance contributions details
  • Claims details: such as information about any claims concerning your or your employer’s insurance policy
  • Marketing and communications preferences: such as interests and preferred language
  • Background checking information: such as inclusion on a sanctions list or a public list of disqualified directors, the existence of previous or alleged criminal offences, or confirmation of clean criminal records, information in relation to politically exposed persons (“PEPs”)
  • Payment information: such as debit card number and bank account details

We collect your personal data to manage, administer and fulfil the obligations under valid contracts. We require your personal data also to promote the Xceedance brand, products, initiatives, and values with marketing communications. We may collect personal data directly from publicly available databases, social media sites or in collaboration with our partners from time to time. You may also need to provide some personal data if you wish to explore employment opportunities with us.

What we do with your Personal Data

We do not share or sell your personal data to anyone. We use personal data solely for the purpose of interacting with you and to enable you to avail our product or services. We use personal data only for the specific reason for which it is provided.

We use appropriate security controls to protect the information you provide and, where applicable, will take reasonable steps to permit you to correct, amend, or delete inaccurate or incomplete information. The data collected will be deleted when no longer required under the applicable laws.

We may send you marketing communications through various channels, such as email or phone; to do so, we might use your name, email id, and contact details. You can opt-out of receiving such communications at the time of first contact by reach out to Xceedance via the contact information available on our website.

We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose and applicable local law. Any exceptions will be brought to your notice and legal basis for the same will be explained.

Lawful basis of processing personal data

Xceedance utilises or processes the personal data it has acquired from you based on any of the below mentioned legal bases:

  • Consent: We rely on your consent to collect and use personal data concerning any criminal convictions or alleged offences, specifically for the purpose of assessing risks relating to your prospective or existing insurance policy. Where we process personal data based on consent, you are not obliged to provide your consent and you may choose to subsequently withdraw your consent at any stage once provided. However, where you refuse to provide information that we reasonably require to provide the services, we may be unable to offer you the services and/or we may terminate the services provided with immediate effect.
  • Contract:  When we need to carry out a contract with you that we are about to enter or have already entered, we will collect and use your personal data where necessary to enable us to take steps to offer you the services, process your acceptance of the offer and fulfil our obligations in the contract with you. If you do not provide the personal data that we need for providing our services, we may not be able to offer our services to you.
  • Legal or regulatory obligation:  The collection and use of some aspects of your personal data is necessary to enable us to meet our legal and regulatory obligations. It incorporates records keeping and performing compliance reviews (e.g., anti-money laundering, financial checks). This includes performing automatic checks on the personal data you provide for your identification against appropriate databases, as well as contacting you to confirm your identity for our compliance purposes.
  • Legitimate interests: The collection and use of some aspects of your personal data is necessary to enable us to pursue our legitimate interests. For example, we have legitimate interests in:

– Providing professional Services across our global solution lines;

– Operating our business, and managing and developing our relationships with clients, suppliers and with you;

– Meeting and anticipating the requirements of our current and prospective customers;

– Understanding and responding to inquiries;

– Receiving information from third parties and Xceedance affiliates to provide services;

– Sharing data in connection with mergers and acquisitions and transfers of business; and

– Implementing appropriate controls to ensure our website, processes, and procedures are running effectively, for the prevention and detention of fraud, for Information Technology (IT) security purposes.

Where we rely on this legal basis to collect and use your personal data, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable data protection laws.

Consequences of not providing Personal Data

If you choose not to provide your Personal data that is mandatory to process your request, we may not be able to provide the corresponding service.

We will not share your Personal Data

We typically share your personal information with the following categories of recipients when necessary to provide, administer, and manage the services offered to you: within Xceedance, companies within the same group, insurance market participants such as insurers and insurance underwriters, reinsurers, brokers, third party suppliers, legal advisors, internal and external auditors.

We do not share your personal data with anyone else and we will never sell personal data. However, exemptions to the above are where Xceedance is asked to provide information because of any legal or regulatory requirements. We will make every effort that such mandated disclosures from the regulatory authorities are communicated to you.

Do we collect information from children?

Our websites are not directed to children, and we do not knowingly collect personal data from children on our websites. Children are prohibited from using our websites.

Certain Xceedance solutions may handle data pertaining to children, including their date of birth, address, and other identifiable details. This information is not collected directly from the children but is obtained from other sources such as our clients, the carriers, or directly from you as the parent or guardian with your consent (e.g., to name the child as a beneficiary on an insurance policy or pension plan).

How long will we keep your personal information?

We will retain appropriate records of your personal data for as long as necessary to operate our business, including for the purposes of satisfying any legal, accounting, reporting requirements and to comply with our legal and regulatory obligations.

These records are retained for predefined retention periods that may extend beyond the period for which we provide the services to you. In some circumstances we may anonymize your personal data and retain for no longer than is required under the applicable laws.  We have implemented appropriate measures to ensure your personal data is securely destroyed in a timely and consistent manner when no longer required.

How will we keep your information safe?

We are fully committed to information security and compliance with applicable data protection laws. We have implemented strong appropriate security measures and controls to protect confidentiality, integrity, and availability for the protection of data.  We have designed and implemented information security program in line with International Organization for Standardization (ISO) 27001:2013 standard and Service Organization Controls 2 (SOC). We have put in place appropriate measures to comply with the European Union (EU) General Data Protection Regulation (GDPR), UK GDPR, Digital Personal Data Protection (DPDP) Act, certain United state (federal and state laws), Australia privacy principal and other laws.

While we work towards and strive to protect your personal data/privacy, we would like you to take note of inherent risks associated with data transfer and processing. You also need to ensure that your User ID, Password, etc., are not disclosed with anyone and your systems are safe for usage.  

At any point, if you suspect any security issues or incidents, or you receive any suspicious mail from someone holding themselves out to be a Xceedance employee or from a fake website claiming to be affiliated with Xceedance, you may reach out to us via the contact information available on our website.

How are cookies used?

Cookie is a small piece of data stored on the user’s computer by the web browser while browsing a website. We use cookies to improve the quality of our site and service, and to try and make your browsing experience meaningful.  Cookies may be used to track how you interact with our sites and to analyse trends. The types of data collected may include IP addresses, cookies identifiers, site activities, etc.

We use first-party and third-party cookies for several purposes. The first-party cookies are mostly necessary for the website to function the right way.

The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing information that is relevant to you, and all in all providing you with a better and improved user experience.

You can control the use of cookies, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service. For additional details kindly refer to our Cookie Policy.

How to contact us?

If you have a privacy concern, complaint, or a question regarding this privacy statement, please contact our Data Protection Officer at 

DPO@Xceedance.com. We value your trust and will take the appropriate measures to ensure that we fulfil your request.

You have the right to review the personal data we keep about anytime and request access to or deletion of your personal data by submitting this form.

Data Subject Access Request (DSAR) Form

To find out more about your rights to control your personal data, read on.

You have certain choices

YoYou may have certain rights in relation to your personal data pursuant to data protection laws in your jurisdiction. You may contact us on various matters pertaining to your personal data. The rights for certain jurisdictions are explained in further detail below.

We recognize that individuals must have the option to not identify themselves, or to use a pseudonym when liaising with us. We seek to provide this option to the extent possible. However, due to the nature of our business operations, it is impracticable in most cases for us to deal with individuals who have not identified themselves or who use a pseudonym.

Residents of Poland:

  • The right to request access to your personal data and request details of the processing activities conducted by us.
  • The right to erasure of your personal data under certain circumstances.
  • The right to request for rectification of your personal data if it is inaccurate or incomplete.
  • The right to request restriction of the processing of your personal data in certain circumstances.
  • The right to object to the processing, including the sale or commercial use, of your personal data in certain cases.
  • You may opt-out of receiving non-essential (promotional, marketing-related) communications from us. If you want to opt-out from any such communication, then you may send an email to DPO@Xceedance.com
  • The right to object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.
  • The right to withdraw your consent provided at any time by contacting us.

Residents of United Kingdom:

  • The right under certain circumstances to access and inspect personal data which Xceedance holds about you.
  • The right to rectification on the request to us to correct your personal data where it is inaccurate or out of date.
  • The right to be forgotten (to be erased) of your personal data under certain circumstances can only be possible if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data.
  • The right under certain circumstances to request the restriction of your personal data from further use, e.g., where the accuracy of the information is disputed, and you request that the information not be used until its accuracy is confirmed.
  • The right under certain circumstances to data portability, which requires us to provide personal data to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.
  • The right to object the processing of your personal data at any time, but only where that processing is based our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
  • The right to object to decisions involving the use of your personal data, which have been taken solely by automated means.
  • The right to withdraw consent at any time, whenever we have asked for your consent for processing your personal data without affecting the lawfulness of processing based on consent before its withdrawal.

Residents of India:

  • The right under certain circumstances to access and inspect personal data which Xceedance holds about you.
  • The right to rectification on the request to us to correct your personal data where it is inaccurate or out of date.
  • The right to correction and erasure of  your personal data under certain circumstances can only be done   if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data. 
  • The right to request the restriction of your personal data under certain circumstances from further use, e.g., where the accuracy of the information is disputed, and you request that the information not be used until its accuracy is confirmed.
  • The right to data portability under certain circumstances to data portability, which requires us to provide personal data to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.
  • The right to object the processing of your personal data at any time. Where that processing is based our legitimate interests as its legal basis, if you raise an objection, we will have an opportunity to demonstrate that we may have compelling legitimate interests which override your rights and freedoms.
  • You have the right to object to decisions involving the use of your personal data, which have been taken solely by automated means.
  • The right to nominate an individual to handle all your data privacy and exercise rights in the event of death or incapacity of data subject.
  • The right to have readily available means of grievance redressal provided by a Data Fiduciary or Consent Manager regarding the performance of its obligations in relation to the personal data.

Residents of USA (Federal and State Laws):

  • The right to access or the rights to know under certain circumstances the personal data which Xceedance processes about you. You also have the right to know what information, if any, Xceedance discloses to third parties and the identities of those third parties.
  • The right to rectification on the request to us to correct your personal data where it is inaccurate or out of date.
  • The right under certain circumstances to have your personal data erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data.
  • The right to opt-out of sale is for information Xceedance shares for cross-context behavioural advertising purposes.
  •  The right to opt-out of or limit use of sensitive personal data is applicable where Xceedance uses sensitive personal data for certain purposes.
  • The right to restrict processing under certain circumstances of your personal data from further use, e.g., where the accuracy of the information is disputed, and you request that the information not be used until its accuracy is confirmed.
  •  The right to data portability under certain circumstances, which requires us to provide personal data to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.
  • The right to object the processing of your personal data at any time, but only where that processing is based our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
  •  The right to decline automated decision making involving the use of your personal data, which have been taken solely by automated means.
  • The right to request deletion of personal data that has been collected about you, subject to certain exceptions.
  • The right to non-discrimination against you for exercising any of the rights listed above.

We do not sell personal data as defined in section 1798.140(t) of the CCPA. We also do not sell the personal data of children under age 16 without affirmative authorization.

Residents of Australia:

  • The right to access and inspect your personal data or be provided with a permanent copy of the information being held about you.
  • The right to have your personal data de-identified and/or destroyed.
  • The right to request the correction of your personal data or in cases where the accuracy of information is disputed, to supplement the information to give notice that you dispute its accuracy. If the information is inaccurate, incomplete and/or out-of-date, you have the right to request that it is corrected.
  • The right to be informed regarding when and how your personal data is collected, used, and disclosed.
  • The right to object to the use of your personal data, particularly where you feel there are no longer sufficient legitimate grounds for us to continue processing the information. If you raise an objection, and we could demonstrate that we have compelling legitimate interests to the use of your information (e.g., it is required by Law), then it will override your objection.
  • The right to “opt out” of your personal data being used for direct marketing purposes.
  • The right to request Data Holders and accredited bodies to share information relating to yourself, with consent, in a standardized machine-readable format.

Upon receiving your request, we will make every effort to fulfil your request, if it is not otherwise required to be treated differently by law or for legitimate business purposes. You must identify yourself prior to making a request; we may not be able to process your request if it is deemed unreasonable or inappropriate.

We will respond to your queries within a reasonable timeframe. Please note that we may need to maintain residual copies even after your information gets deleted from the active environment (e.g., backup copies or to ensure we don’t contact you if you have opted out).

Automated Decisions

Where you apply or register to receive a Service, Xceedance may carry out a real-time automated assessment to determine whether you are eligible to receive the Service. An automated assessment is an assessment carried out automatically using technological means (e.g., computer systems) without human involvement. This assessment will analyse your personal data and comprise several checks, e.g., credit history and bankruptcy check, validation of your driving licence and motoring convictions, validation of your previous claims history and other fraud prevention checks. Where your application to receive, the service does not appear to meet the eligible criteria, it may be automatically refused, and you will receive notification of this during the application process. However, where a decision is taken solely by automated means involving the use of your personal data, you have the right to challenge the decision and ask us to reconsider the matter, with human intervention.

Legal notice

Xceedance may need to disclose personal data to legal authorities in response to any notification, order, inquiry, demand, request, or other communication from a law enforcement agency for compliance, fraud investigation, statutory purposes or for other legal activities that requires or mandates the disclosure of such personal data, or in accordance with applicable laws.

Changes to this privacy statement

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.

Your privacy is our priority, and we are committed to addressing any questions you may have regarding handling your data. For any data privacy queries, please get in touch with our Data Protection Officer at DPO@xceedance.com.