Privacy Policy - Smartxpo

Privacy Notice & Cookies Policy

Smartxpo Solutions Limited, a private limited company registered in England and Wales with company number 10660982 (“Smartxpo”, “we”, “our”, or “us”) is the ‘data controller’ of your personal information and is subject to the EU General Data Protection Regulation (the “GDPR”) and the UK Data Protection Act 2018.

This website privacy notice and cookies policy sets out how Smartxpo will use the personal information of visitors to and users of (“Users”, “your”, or “your”) our website hosted at (the “Site”), including how we use cookies on the Site. This policy also applies to our product-specific websites (e.g. and any customer-specific websites in the format “[customername]”.

Please note that, if you are a Smartxpo customer, this policy is complemented and may be superseded by the terms and conditions of the Smartxpo Services Agreement including the SmartXpo Contractual Security and Privacy Policy that forms part of that agreement.

Smartxpo reserves the right to alter and update this policy from time to time. We urge visitors to our Site to review the current version of the policy each time they return to the Site. The date of the most recent update is stated at the bottom of this policy.

What information do we collect about you and how do we collect it?

We may collect and process data about you (“your information”) when:

  • you submit information online via our Site or send us any correspondence;
  • you request information from Smartxpo or ask us to contact you;
  • you submit information to us in connection with an employment application (in which case, our separate Privacy Notice for Staff (including Job Applicants) shall apply to our use of your information, rather than this policy);
  • you opt-in to receive emails from us, or you agree to participate in surveys; and
  • you register and use our software.

The information we collect may include:

  • your name and contact details, including e-mail address, title, occupation, company, address, telephone number, industry, region;
  • other information that Users provide through the Site, e.g. your relationship to Smartxpo, reason for contacting Smartxpo and personal information included in any message you submit to us; and
  • your and other information about your use of the Site, including information about Users’ browsing activity collected through the use of cookies including details of your domain name, location and internet protocol (IP) address, operating system, browser version, the content viewed during a particular browsing session, and how long a User stayed on a particular page. Please see the Cookies Policy below.

Lawful bases and purposes for processing your information

We may process your information because it is necessary for our or a third party’s legitimate interests. Our “legitimate interests” include our interests in operating our business and the Site in a customer focused, efficient and sustainable manner.

In this respect, we may use your information for the following:

  • to ensure that our Site’s content is presented as effectively as possible for you;
  • for our internal purposes, such as quality control, Site performance, system administration and to evaluate use of our Site, so that we can provide you with enhanced services;
  • to notify you about changes to our products and services;
  • to provide you with information, products or services that you request from us, or which we feel may interest you (provided that you agree to receive emails from us); and
  • to create reports to assist with future marketing.

We may also process your information where we have your specific or, where necessary, explicit consent to do so.

Who has access to your information?

Our operations team and senior management have access to your information.

As appropriate our marketing, support and accounts teams will access people’s information appropriate to their functions and role.  We may provide your information to our professional advisors as appropriate. We may also disclose your personal information if required to do so by law, or if we believe that such action is necessary to:

  1. comply with legal requirements;
  2. protect and defend our rights or property or those of our Users; or
  3. protect the personal safety of our Users or the public.

This may involve exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may also share your information with other organisations:

  • if we sell or buy any business or assets, (as we may share your information with the prospective seller or buyer);
  • if all or substantially all of our company assets are acquired by another party, in which case your information will be one of the transferred assets; or
  • if we have to enforce or apply the terms and conditions of any agreements.


We may collect the e-mail addresses of those who send us e-mail messages; however, we will not send unsolicited e-mail to any of the addresses we collect or share those addresses with any unaffiliated third party, except in the limited circumstances set forth below.

Provided that you agree, we may use your information to provide you with marketing information that you request or that we feel may interest you by post and email.

Where do we process your information?

We will not transfer your information to or store it at a location outside the European Economic Area (“EEA”) to countries which do not have as developed data protection laws.

How do we keep your information secure?

Smartxpo has implemented measures meeting generally accepted standards of technology and operational security in order to protect your personally identifiable information from loss, misuse, alteration, or destruction. All your information is stored on our secure servers and we will protect your information in line with legal requirements.

Despite these precautions, however, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your information transmitted to our Site or that unauthorised persons will not obtain access to your information.

Our Site may from time to time contain links to other websites. Please check the privacy policies on those sites before you submit your information to those sites. We do not accept any responsibility or liability for those sites or their privacy policies.

You should keep in mind that whenever you publicly disclose information about yourself online — e.g. via message boards or chat rooms — that information could be collected and used by people whom you do not know. In addition, certain message boards and similar user forums may display IP addresses along with the message poster’s name and message. Smartxpo bears no responsibility for any action or policies of any third parties who collect any information users may disclose on the message boards, chat areas or other user forums, if any, on the Site.

How long is your information kept for?

We only keep your information for as long as is necessary for the purposes we initially obtained it.

In the event a client cancels their business with us, we are able to provide a copy of the “Client Data” (as defined in the Smartxpo Services Agreement) we hold to them. This data can be provided using a secure link, and upon confirmation that the data has been received, and in response to a request from the client, it will be anonymised or deleted permanently from our systems within one year. In doing so all centrally held personal data is removed.

We retain your information if you were a client for up to a year after termination of your agreement with us.

Despite our reasonable efforts to remove your information, the nature of certain systems makes it unfeasible or practically impossible to remove every trace of personal data. As such there may be personal data that remains on our systems which may include:

  • Historic invoices and billing statements, which may display the name of the person they were sent to and must be retained for audit and tax purposes.
  • Internal chat logs or message boards may reference a person’s name, which cannot be redacted from these logs or message boards.
  • Copies of deleted data may still exist on backups. Backups are maintained of our entire system: these are encrypted and stored as single files. Removing one person’s data from such archive files is not practically possible.

Your Rights

Under the GDPR, you have the following rights in relation to our processing of your personal information.  Please note that these rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

  • to obtain access to, and copies of, the personal information that we hold about you;
  • to require us to correct the personal information we hold about you if it is incorrect;
  • to require us to erase your personal information in certain circumstances;
  • to require us to restrict our data processing activities in certain circumstances;
  • to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;
  • to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
  • where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.

You have the right to ask us not to process your information (or pass your information to other companies or organisations) for marketing purposes. You can tick the appropriate box on the forms when we collect your information or amend your choice at any time by contacting us at

If you have any complaint about how we have used your information please do contacting us at, and you always have the right to complain to the Information Commissioner’s Office.

How to Contact Us

Questions, comments or requests concerning this policy and your information should be addressed to us at Alternatively, you can use the “Contact Us” page on our Site.

Cookies Policy

The Site uses cookies. A “cookie” is a small text file which is sent by our Site’s server and stored on your computer or other device when you access the Site. These cookies are used for the purpose of improving your experience of the Site by remembering your preferences, the places you have visited, and other information that you have provided to us. When you use the Site, you will be asked to confirm whether you agree to the Site using cookies and, if you accept, we will store cookies on your device. You can if you wish change the cookies settings on your device to refuse cookies. However, if you do this, or if you reject our request to use cookies when you visit our Site, you may be unable to access certain parts of the Site and/or you may not be able to benefit from the full functionality of the Site.

To find out more about cookies, including how to see what cookies have been set on your device and how to manage and delete them, please visit

We use the following cookies for the following purposes:

  • Essential Cookies: these are essential in order to enable you to move around the Site and use its features, for example to remember which page of the Site you have previously visited during the same session, so that you can quickly move backwards and forwards between those pages.
  • Performance and Analytics Cookies, including Google Analytics and Hotjar (see below): these keep track of the pages of the Site that you visit and the content you access, so that we can determine which content is most popular and improve the performance of the Site. These cookies record only anonymous statistical data and do not collect any personal data that could identify an individual User.
  • Functionality Cookies: these remember the choices you make, such as language options or the region you are in. These cookies help to make your visit to the Site more personal and are deleted automatically when you close your browser or when your browsing session expires.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our Users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our Site. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support website.

Last updated: June 2020