As part of doing business, companies are required to have certain policies and statements in place. The legal requirements vary depending on the size of a business and the nations where it does business, however, even where there is no legal requirement, it is good business practice to consider each area of concern and have a policy or statement detailing how a business intends to conduct its operations.
Use the links below to jump to the section you would like to read.
- Data Protection
- Environmental Policy
- Quality Policy
- Modern Slavery Statement
- XBM Limited Social Media Christmas 2022 Competition Rules
Last update September 2022
XBM Limited (XBM) cares about your privacy and by this statement gives information about your personal data, as customer, held in XBM’s marketing database, our customer database and associated systems related to our website.
(You do not have to register or give any personal information to make use of XBM’s main websites.)
What Personal Data XBM Collects and Holds
(Personal data is any information relating to an identified or identifiable living person)
XBM holds (and will hold in the future) personal data that you choose to provide to XBM, including data when you use contact forms, register to XBM website (s), and about XBM’s interactions with you. It also includes personal data gathered through cookies and other similar tools.
Those personal data may be:
- Identity and Contact Data: first name, last name, postal address, phone number, e-mail address and payment method.
- Purchase Data: information gathered from XBM’s own systems about purchases (including uncompleted purchases) made by you.
- Marketing and Communications Data: your preferences in receiving marketing from us and your communication preferences.
- Technical Data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data: information about how you use our website.
XBM Limited is the controller of your personal data.
XBM Ltd (Head Office) Axis Court, Nepshaw Lane South. Leeds, United Kingdom LS27 7UY
Purpose for XBM Processing Your Personal Data
(‘Processing’ means any activity XBM and/or its subsidiary companies perform with the personal data about you)
A) For marketing activities
The primary purpose for which XBM will process your personal data, as customer, is for the marketing of its products, including direct marketing communications (normally by e-mail, telephone, SMS, push message) to you which includes:
- Identifying you when you contact us
- Monitoring your preferences so that you can save time when searching our website
- Processing your requests to participate in marketing promotions
- Monitoring and recording phone and written communications with you for quality assurance and compliance purposes and for dealing with your complaints and queries
- Understanding which parts of XBM’s website, and which products and services, most interest you.
B) Financial Transactions with XBM
The primary purpose for which XBM will process your personal data is the performance, and recording, of transactions (including uncompleted transactions) with you through the exercise of XBM sales and marketing.
The secondary purpose includes:
- Storing your particulars, preferences and interests so that you can save time when making further use of our websites, to enable us to understand which parts of XBM’s website, and which products and services, most interest you and to tailor our offerings to you.
- Analysing the use made of XBM’s websites by you and others
- Monitoring and recording any forms of communication with you for quality assurance and compliance purposes and for dealing with any issues raised in these communications.
Legal Basis for Holding Your Personal Data
A) Legitimate interests for marketing activities
The legal basis for this is that it is necessary for the legitimate interests of XBM or companies within the XBM group in carrying out marketing activities.
B) Performance of a contract with XBM
The legal basis for this primary purpose is that it is necessary for the performance of a contract with you. The basis for the secondary purpose is that it is necessary for the legitimate interests of XBM or companies within the XBM group in understanding its markets and customers.
C) Specific consent given by you in other cases
If you choose to give information beyond that which XBM requires you to provide, the basis for processing that information is your consent as demonstrated by your voluntarily providing it. You have the right to withdraw that consent at any time. You can do this by writing to XBM at the address shown above, or Contact Us About Your Data.
As part of its processing, XBM will perform some automated profiling and decision-making based on the information it holds about you in order to make information presented to you more relevant to your interests.
If, in the future, XBM wishes to process your data for some other purpose it will first provide you with information about that other purpose.
Where you have given your consent to this, XBM will also use your personal data for the purpose of electronic marketing communications to you (normally by e-mail, telephone, SMS, push message) which may include:
- Conducting surveys and asking your opinion on our products and services
- Notifying you of products or offers that may be of interest to you
- Notifying you of promotions such as free gifts, contests and prize draws.
- Marketing analysis and customer profiling
- Invitations to events
The legal basis for this is your specific consent. You may withdraw your consent to this additional purpose (independently of your right to object to XBM processing data for the general purposes described above) at any time by writing to XBM at the address shown above, or Contact Us About Your Data.
How Long XBM Will Hold My Data for Marketing Activities
XBM will hold your personal data for a period of 2 years after the last contact from you. After that time, some information may be held but only in an anonymised form or as part of archived records.
Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend XBM’s legal rights.
For XBM Customers
XBM will hold your personal data for a period of 10 years. After that time some information may be held but only in an anonymised form or as part of archived records.
Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend XBM’s legal rights.
What Personal Information XBM Shares with Third Parties and Transfers Outside the EEA
XBM uses third parties to perform some processing activities on its behalf. Some or all of your personal data may be disclosed to them, but they are only permitted to use the disclosed data for the purposes for which XBM holds your data and in accordance with XBM’s directions.
Some of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
XBM shares your personal data within XBM’s companies. At present, this means your personal data will still be held in the United Kingdom
If you are located in a country outside the EEA, your personal data will be held in the United Kingdom.
Whenever XBM transfers your personal data outside the EEA, XBM ensures that a similar degree of protection is afforded to it by the implementation of at least one of the following safeguards:
- XBM will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- When XBM shares your personal data within XBM’s companies or uses certain third parties, XBM uses the Model contracts for the transfer of personal data to third countries approved by the European Commission, which give personal data the same protection it has in Europe.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside the EEA.
Last update September 2022
XBM has security measures in place to protect your information and prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, XBM gives access to your personal data to those employees, agents, contractors, and other third parties based on “need to know” principle. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
XBM has procedures in place to deal with any suspected personal data breach and will notify you and any applicable authority of a breach where we are legally required to do so.
Your Rights as a Data Subject
- The right to be informed- this means we must inform you how we are going to use your personal data. We do this through the terms and conditions of service and by informing you how your data will used each time we collect it.
- The right of access- you have the right to access your personal data (e.g. data that is about you) that we hold. This is called a subject access request. We must respond to your request withing one month. To request access to your data please email firstname.lastname@example.org
- The right to rectification- if you think the data we hold on you is incorrect, tells us so we can put it right. You can do this by emailing email@example.com
- The right to erasure – you have the right to request that we delete your data. We will do so, provided that we do not have a compelling reason for keeping it. To request this, please email firstname.lastname@example.org
- The right to restrict processing- you can change your communication preferences (therefore restricting how we communicate with you). You can do this by emailing email@example.com
- The right to data portability- you can obtain and reuse your personal for your own purposes across difference services, to request this please email firstname.lastname@example.org
- The right to object- you have the right to object direct marketing from XBM Limited or from third parties we have shared your data with for direct marketing purposes. You can opt out of direct marketing any time by emailing email@example.com
Suspected Personal Data Breach
In the event of a suspected personal data breach the data controller shall without[A1] undue delay notify the personal data breach to the data protection officer at firstname.lastname@example.org . The notification shall at least:
- Describe the nature of the personal data breach including the approximate number of data subjects concerned and approximate number of personal data records concerned.
- Communicate the name and contact details to the data protection officer.
- Describe the likely consequences of the personal data breach
- Describe the measures taken or proposed to be taken by the controller to address the personal data breach including measures to mitigate its possible adverse effects.
Duties Data Protection Officer (DPO)
- The DPO will have professional standing, independence, expert knowledge of data protection and, to quote the GDPR, be ‘involved properly and in a timely manner’ in all issues relating to the protection of personal data.
- The DPO will be pivotal importance to an organisation’s GDPR and meeting the accountability obligations.
- The DPO is to inform the organisation and its employees about their obligations to comply with GDPR.
- The DPO will monitor compliance, including managing data protection activities, security and risk assessment.
- The DPO will need to document and review all GDPR related policies and data workflows with legal and IT.
- The DPO will be the point of contact for supervisory authorities and for individuals whose data is processed (employees, customers).
- A DPO may be a member of staff at the appropriate level with the appropriate training. XBM’s current DPO is Hannah Brownlee.
- The DPO is not personally responsible where an organisation does not comply with GDPR. GDPR makes it clear that it is the controller or processer who is required to ensure and to be able to demonstrate that the processing is in accordance with GDPR. Data protection compliance is ultimately the responsibility of the controller or the processor.
Role of a Data Controller
Implement effective measure to be to demonstrate the compliance of processing activities and determine the mean of processing personal data:
- Notify the data subject how data will be used and deleted on the network
- Inform the client how personal information is used and who is will be shared with if a third party is involved
- Minimise personal data collected
- Provide appropriate technical and organisation measures to secure the personal data.
Role of a Data Processor
Processes the data on behalf of the data controller. Processing means obtaining, recording or holding the information. Ensuring data can be aligned, blocked, erased, destructed.
- Inform the data controller of any sub-processors used to process consumer data
- Processing personal data protection instructed by controller
- Delete personal data upon instruction from controller
- Notify the data controller or DPO od any breaches without undue delay.
If you require further information regarding this policy or GDPR please email email@example.com.
Last update 23 August 2022
XBM Limited recognises that its business activities interact with the environment in a variety of ways. These activities have a significant impact in the key areas of:
- Generation of waste materials & energy use
The organisation recognises that it has a responsibility to help protect the environment wherever it has an opportunity to do so, to be a responsible neighbour, and to provide a comfortable environment for its employees to work in.
As such, the Directors of XBM Limited are committed to the following:
- Continual improvement in the environmental impact of its business activities;
- Improving the environmental benefits provided by its products/services by offering more sustainable products and refurbishing used machines;<
- Preventing pollution;
- Complying with all relevant legal, customer, and other third party requirements;
- Establishing measurable environmental and business objectives that are consistent with the context and strategic direction of the organisation and addressing risks and opportunities associated with them;
- Achieving objectives to help minimise its environmental impact;
- Adopting best practices applicable to its activities wherever practicable.
The organisation will achieve these commitments by:
- Implementing and maintaining an Environmental Management System that is independently certified as compliant with ISO 14001:2015;
- Employing processes that identify the aspects of the organisation’s business that have an environmental impact and quantifying the significance of each aspect;
- Maintaining an environmental performance improvement programme to enable the organisation’s objectives to be achieved;
- Ensuring that its employees, suppliers and customers are aware of their role in supporting the organisation’s commitments and environmental objectives;
- Training its employees in good environmental protection practices and encouraging employee involvement in environmental improvement initiatives;
- Administering a customer tree planting scheme for all sustainable Epson products sold
- Refurbishing used machines so workable again
- Promoting sustainable products to customers
- Ensuring the vehicle fleet is electrics by 2030
- When replaceable workshop machinery looking for the most environmentally friendly products
- Continually monitoring the environmental impact of its business activities.
The implementation of this policy is fundamental to the success of the organisation’s business and must be supported by all employees as an integral part of their daily work.
Last update 5th November 2021
The objective of XBM is to provide an expensive range of equipment, services and solutions to help businesses become more productive, more efficient and more sustainable at much lower cost.
To achieve this objective, the organisation will maintain an effective and efficient Quality Management System based upon the requirements of ISO 9001:2015.
As such, the Directors of XBM are committed to the following:
- Establish measurable quality and business objectives that are consistent with the context and strategic direction of the organisation and address risks and opportunities associated with them;
- Ensure quality objectives help the organisation achieve customer requirements by:
- Experienced support team focused to deliver customer satisfaction
- Flexible service models
- Extensive range of equipment to support documents
- Providing high standard of customer service
- Monitor and measure the effectiveness of its business processes and objectives through management reviews and the internal audit process;
- Proactively seek feedback from customers on how well its products/services meet their requirements and set objectives for continual improvement;
- Analyse the causes of any complaint or problem, and take appropriate action to prevent recurrence;
- Select and work closely with suppliers who enable the organisation to create and deliver a reliable performance;
- Recruit employees who are customer-focused and support them with appropriate training and systems to ensure their competence always meets the organisation’s requirements;
- Provide a work environment that promotes the wellbeing of its employees and encourages positive teamwork;
- Encourage all employees to identify problems and make suggestions to improve all aspects of the organisation’s products/services and business processes;
- Ensure that all employees are aware of the Quality Policy and are committed to the effective implementation of the Quality Management System;
- Ensure that the organisation complies with all necessary regulatory and legal requirements.
The continual improvement of the organisation’s Quality Management System is fundamental to the success of its business, and must be supported by all employees as an integral part of their daily work.
Last update September 2022
This Statement is made pursuant to Section 54 of the UK Modern Slavery Act 2015 and sets out the steps that XBM Limited and its subsidiaries (hereinafter collectively referred to as "XBM") have taken during the financial year 2021 to prevent slavery and human trafficking in our supply chains or in any part of our business.
Our Business and Operation
XBM is a private limited company, operating within the United Kingdom. Our Head office is located in Leeds, West Yorkshire, as is our National Service Centre. We also have regional sales and service centres in Newcastle and Birmingham, and sales offices in Manchester and London.
XBM sells office printing technology, print management solutions, and associated services and consumables, as well as document management solutions, and audio visual, IT, and telecommunications products.
We obtain products and services from a number of different suppliers depending on the requirements of our customers and our business. Some products and services are procured on a global basis using international suppliers. However, they are mainly sourced from local UK entities.
The following companies supply significant portions of the products sold by XBM:
XBM Values and Policies
XBM conducts its business inaccordance with its core values:
- Customer first
- Deliver with integrity
- Develop our people
- Invest for growth
XBM seeks to operate in accordance with the 10 principles of the UN Global Compact on Human Rights, as their code of conduct for business activities throughout XBM, which includes commitments to respect the human rights of employees and to eliminate slavery and human trafficking. XBM has a zero tolerance policy on trafficked, bonded, child, forced or compulsory labour or servitude.
Activities related to prevention of slavery and human trafficking
We are committed to ensuring that there is no modern slavery or human trafficking in our supply chains or in any part of our business. The greatest risk of slavery and human trafficking lies in the raw material stage, where XBM relies on third party suppliers of the materials, components, and finished products.
In response to the associated risks, XBM provides "Supply-Chain Corporate and Social Responsibilities (CSR) Deployment Guidelines" to first-tier suppliers, and requests them to comply with our guidelines and values.
Our relationships with suppliers are based on lawful, socially responsible and fair practices. We expect our suppliers to obey the laws and regulations that require them to treat workers fairly and provide a safe and healthy work environment and we contract on this basis.
Our procurement activities are aligned to our CSR policies, ensuring, where possible (amongst other things), we:
- select suppliers that have a like-minded approach to CSR; and
- avoid suppliers that exploit child labour, disregard basic health and safety legislation, human rights, basic social legislation, and companies that exploit third party intellectual property rights without having obtained the owners’ consent.
We also have in place a Whistleblowing Policy which sets out the process for our employees to raise any concerns they may have in relation to compliance with our legal obligations, including in relation to modern slavery and human trafficking, and to ensure that there is adequate protection for employees who make protected disclosures or "blow the whistle".
The XBM Limited Social Media Christmas 2022 Competition is open to anyone resident within the United Kingdom of Great Britain and Northern Ireland on the date of the draw.
- People resident outside of the United Kingdom are explicitly excluded from participation.
- People visiting the United Kingdom but not resident on the date of the draw are also excluded.
- The competition launch is on Wednesday 7th December 2022 and it closes at noon on 21st December 2022.
- Competition entrants must like and share one or more of the following social media pages:
- Entrants can like the competition post on each platform once, but may share it to as many people as they choose.
- They will be allocated one entry ticket for each platform they where they like a post to a maximum of three (3).
- There is one prize of Love-2-Shop vouchers totalling one hundred and fifty Pounds Stirling (£150.00).
- The competition draw will take place on Wednesday 21st December 2022 at XBM Head Office, Leeds, West Yorkshire.
- One winning entry will be drawn.
- The winner will be contacted via a Direct Message (DM) to arrange transfer or delivery of the vouchers.
- Any additional costs incurred in collecting or receiving delivery of the prize as a result of the entrants circumstances beyond the cost of registered post will be at the entrant’s own expense.
- XBM may require photo confirmation that the winning entrant has received the prize.
- The name and general location (e.g. the county or city) may be used by XBM in further social media communications.
- People who like a post or follow an XBM social media page are consenting to XBM contacting them through social media and or DMs in the future.
- None of the platforms, Facebook, Instagram, or LinkedIn, have any part in the creation or running of the competition and are not promoting it. Neither will they be involved in the draw, nor in the delivery of the prize.
- None of the Social Media Platforms where the competition is posted is liable in any way for any aspect of this competition.
- Questions regarding the competition should be addressed to the XBM Marketing Department: firstname.lastname@example.org