Data Protection Policy

How we plan to support compliance for
customers and partners in the EU

The protection of personal data is very important to us - both in terms of data protection of our clients (as an administrator)
and data stored by customers as part of backups (as a processor).

To provide our clients with the highest level of protection, we have implemented a number of tools to protect personal data, fully compliant with the high requirements of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - i.e. "GDPR".

Xopero as a controller or processor

XOPERO as a service provider acts both as a controller of personal data and as a processor.

According to the provisions of the GDPR:

  • a controller is a body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  • a processor is a body which processes personal data on behalf of the controller.

Put simply, if you transfer your own personal data to XOPERO, we act as controller for you. If, however, you provide us with personal details of other people, we act as the processor.

Regardless of our role - in both aspects we protect personal data with the utmost care.

What personal data is being processed

Our principle is to collect personal data and then to process it only to the extent necessary to achieve the purposes for which it was collected (in particular, fulfillment of the contract) and resulting from the law.

The scope of the data will vary depending on whether the data will be processed to provide services in our offer, whether in connection with employment or other - specific purposes.

For what purpose personal data is being processed

We will process personal data primarily for the purposes of:

  • conclusion and execution of the contract,
  • performance of legal obligations binding on us,
  • detecting and preventing fraud,
  • determination, defense and redress,
  • direct marketing,
  • creating statements, analyzes, statistics,
  • service support.

If personal data were to be processed for other purposes - this will be determined in an appropriate manner in each case.

Consent for personal data processing

The fundamental basis for the processing of personal data by us is the consent given by our clients.

The data subject shall have the right to withdraw his or her consent at any time.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Categories of processed personal data

We will process, in particular, the following categories of personal data:

  • customers who are subscribers or users of our services
  • employees and co-workers performing activities for the controller and the entire supporting environment,
  • people connected with us with lease agreements, purchase or sale of real estate,
  • people ordering the XOPERO Newsletter service,
  • people participation in the cycle of webinars made by XOPERO.

We also process personal data of other controllers that have been entrusted to us to provide services provided by us.

The data is processed in accordance with the requirements of applicable law and contractually agreed terms.

Personal data protection policy

In order to maintain the highest standards of personal data protection, XOPERO implemented the XOPERO Personal Data Protection Policy as an integral part of its internal organization.

Everyone can read it here.

The XOPERO Personal Data Protection Policy defines in detail the duties of XOPERO as a controller and a processor, and also indicates the exact means by which each person concerned can exercise their rights in connection with the protection of personal data.

Rights related to the protection of personal data

In connection with the protection of personal data, every interested party has the right to:

  • access the personal data (including information about data processed by us and a copy of data),
  • rectify your data,
  • erasure of data ("the right to be forgotten"),
  • restriction of data processing,
  • portability of data to another controller.


You can object at any time:

  • to data processing (including profiling) for marketing purposes,
  • to the processing of personal data (including profiling), if the basis for the use of the data is our legitimate interest.

Data protection officer

XOPERO appointed the Data Protection Officer, whose task is to deal with personal data protection matters on an ongoing basis.

Everyone can contact our Data Protection Officer using the e-mail address:

Territorial scope

XOPERO does not transfer any personal data outside of the European Economic Area (including the European Union, Norway, Liechtenstein and Iceland).

All data processed in electronic form are stored on servers located in Poland.