Last Updated: 08/05/2025
────────────────────────────────────────────────────────────────────────────
INTRODUCTION
────────────────────────────────────────────────────────────────────────────
Welcome to the StreamlineXpert Ltd (“StreamlineXpert,” “we,” “us,” or “our”) Privacy Policy. We are committed to safeguarding your personal data in compliance with all applicable data protection laws, including but not limited to:
• UK General Data Protection Regulation (UK GDPR)
• EU General Data Protection Regulation (EU GDPR)
• UK Data Protection Act 2018
• Additional relevant international and local data protection statutes
Please read this Privacy Policy in its entirety to understand how we collect, process, store, and protect personal information. If you have any questions, comments, or concerns about its content, you may contact our Data Protection Officer (“DPO”) at dpo@streamlinexpert.com.
This Privacy Policy applies to personal data processed by StreamlineXpert in connection with our websites, customer portals, managed services, consulting offerings, and any related online or offline interactions. By accessing or using our services, you acknowledge that you understand the contents of this Privacy Policy. If you do not agree with any aspect of this Policy, please discontinue use of our services.
Please note that this Privacy Policy is closely aligned with our Master Terms of Service (the “Terms”), which collectively govern how we offer our services, handle data, and maintain compliance. If you have not reviewed our Master Terms of Service, we encourage you to do so.
Below is a comprehensive explanation of our privacy practices, rights and obligations under applicable laws, and how you may exercise your data protection rights.
────────────────────────────────────────────────────────────────────────────
SCOPE & PURPOSE OF THIS PRIVACY POLICY
────────────────────────────────────────────────────────────────────────────
1.1 Why We Have a Privacy Policy
We recognise the need to be transparent about how we manage your personal data. This Privacy Policy details the categories of personal data we collect, how we process it, the legal bases on which we rely, and the safeguards we put in place to protect your rights. It provides information about your data protection rights under UK GDPR/EU GDPR, as well as how you can reach us for more details or to exercise those rights.
1.2 Services & Coverage
This Privacy Policy covers data processing for the following main areas of StreamlineXpert’s services:
• Cloud-based solutions: Our portals, hosted software, and CRM services.
• Consulting engagements: Situations where we process personal data on behalf of or in collaboration with your organization.
• Website usage and online tools: Including the collection of cookies, analytics data, system logs, and user-submitted forms.
• Communications and marketing: Email campaigns, direct marketing (with consent), and other communications.
1.3 Territorial Applicability
Given our operations and partnerships, StreamlineXpert may process personal data in or transfer personal data to various jurisdictions. We conduct these activities in accordance with applicable data protection regulations, including the UK GDPR, the EU GDPR (where relevant), and local privacy laws in the countries where we or our partners operate.
────────────────────────────────────────────────────────────────────────────
2. DATA CONTROLLER VS. DATA PROCESSOR
────────────────────────────────────────────────────────────────────────────
Depending on the nature of the services we provide, StreamlineXpert may act either as a Data Controller or a Data Processor.
2.1 When We Are a Data Controller
If we directly collect personal data for our own purposes—such as through website form submissions, account creation on our portals, or direct inquiries from prospective customers or employees—we are considered a Data Controller. In this role, we:
• Determine the means and purposes of processing of your personal information.
• Comply with the obligations set out under the UK GDPR/EU GDPR, including providing appropriate transparency about our data processing activities.
• Are fully responsible for the lawful, fair, and proportional handling of personal data.
Examples of situations where we act as a Data Controller:
• You sign up for a user account on our public-facing website.
• You provide your email address to subscribe to our newsletters or marketing communications.
• Customer support inquiries where you directly share personal data for troubleshooting.
2.2 When We Are a Data Processor
In other circumstances, our role is that of a Data Processor. This arises typically when we host or process information that belongs to you or your end-users, where you (or your organization) have determined the purpose of processing. For instance, if your company uses our hosted CRM services and you upload client or employee data into that CRM, we handle that data based on your instructions and solely to provide you with the agreed-upon service.
Under these Processor scenarios, we:
• Process data strictly in line with your documented instructions.
• Follow the obligations of Article 28 of the UK GDPR/EU GDPR (or equivalent requirements under other jurisdictions).
• Maintain confidentiality and security measures as agreed in our Data Processing Agreement (“DPA”).
2.3 Data Processing Agreement (DPA)
For customers acting as Data Controllers who utilize our hosting or CRM services, we provide a robust DPA that outlines each party’s obligations. This DPA:
• Describes the roles and responsibilities of the Controller and Processor.
• Covers appropriate security measures and subprocessor engagements.
• Sets the scope for audit rights and data breach notifications.
• Contains standard contractual clauses (“SCCs”) or other lawful mechanisms for cross-border data transfers when needed.
You can access and sign our DPA at [DPA Link] or by requesting a copy at dpo@streamlinexpert.com.
────────────────────────────────────────────────────────────────────────────
3. PERSONAL DATA WE COLLECT
────────────────────────────────────────────────────────────────────────────
We may collect and process various categories of personal data, depending on your interactions with us and which services you use. Generally, these categories can include:
3.1 Contact & Account Information
• Name, including first name, middle names, and last name.
• Business and personal addresses, including billing address and shipping address.
• Email addresses, telephone numbers (mobile or landline), and other contact details.
• Job title, role, or organizational affiliation.
• Account login credentials (username, password, or equivalents for CRM/portal access).
• Preferences indicating which newsletters or marketing content you would like to receive.
3.2 Customer Content (Hosted Data)
If you use our CRM or other portal-based services, you may upload data that includes personal information about your own customers, employees, or other third parties. This “customer content” might include:
• Names, email addresses, phone numbers, and other contact details of your end-users or colleagues.
• Organizational or departmental affiliation.
• Project documents, resumes, or any files you decide to store on our platform.
• Logs or records capturing interactions with your customers.
We treat all customer content as confidential and do not access or use it beyond what is necessary to deliver our services, fulfill contractual obligations, or comply with legal requirements.
3.3 Technical & Usage Data
To ensure proper functionality of our websites and internal systems, as well as to improve our services, we automatically collect technical and usage data, including:
• IP addresses and approximate geographical locations.
• Browser type, language settings, operating system, and device type.
• Referring and exit pages (i.e., URLs that referred you to our site or where you go when leaving).
• Timestamps indicating when you accessed our pages or performed certain actions.
• Interaction data, such as clicks, scrolling, or time spent on different sections of our platform.
• Unique device or session IDs, especially for analytics or security logging.
3.4 Special Category Data or Sensitive Data
We do not generally seek to collect or process “special category data” (e.g., health information, religious beliefs, political opinions) or information about criminal convictions and offenses. If we inadvertently receive such data, we will secure and process it in line with applicable laws and only for legitimate purposes with explicit consent or other lawful basis.
3.5 Data from Third-Party Sources
Occasionally, we acquire data about prospective customers or business leads from third-party resources, such as marketing affiliates, business intelligence providers, or publicly available sources. We process these data only if we have a lawful basis (e.g., legitimate interest in promoting our services or fulfilling a pre-contractual request).
────────────────────────────────────────────────────────────────────────────
4. HOW WE USE YOUR INFORMATION
────────────────────────────────────────────────────────────────────────────
We strive to use your personal data responsibly and transparently. Our primary processing purposes include:
4.1 Providing Services
We need certain personal data to create and manage your accounts, process transactions, maintain hosted CRMs, and facilitate communication. This may involve:
• Setting up user login credentials.
• Providing security or access controls to your CRM instance.
• Troubleshooting technical issues and supporting system integrations.
• Managing your service subscriptions, including automatic renewal notifications or system updates.
4.2 Account Management & Security
To protect your data and ensure reliable service, we:
• Identify and authenticate authorized users.
• Manage service usage, including license counts or subscription tiers.
• Detect, prevent, or investigate suspicious or unauthorized activities.
• Implement multi-factor authentication or other security measures.
4.3 Communications
We use your contact details to send important functional or contractual messages, such as:
• Account confirmations or password resets.
• Security or compliance advisories.
• Notices of changes to our Terms, Privacy Policy, or Data Processing Agreement.
We also use your contact details for marketing communications, where you have explicitly consented, such as newsletters, promotional offers, or event invitations. You can opt out of marketing communications at any time.
4.4 Analytics & Service Improvements
We perform analysis using tools such as Google Analytics, Bing Ads, PostHog, or other analytics to understand usage patterns, user flows, and system performance. Data may be aggregated and anonymized to identify service trends and measure effectiveness of product improvements.
4.5 Advertising & Marketing
With your consent, we may use cookies and similar technologies to deliver personalized ads or measure the effectiveness of campaigns. This might include remarketing campaigns on platforms like Google Ads or LinkedIn, where you see ads related to StreamlineXpert based on prior website visits or expressed interests.
4.6 Legal & Regulatory Compliance
In certain circumstances, we may need to process personal data to:
• Fulfill mandatory recordkeeping, reporting, or auditing obligations (e.g., tax filings or governmental requests).
• Respond to lawful requests from public or judicial authorities.
• Protect our rights or the rights of others, for example, to enforce or defend legal claims.
────────────────────────────────────────────────────────────────────────────
5. LEGAL BASES FOR PROCESSING
────────────────────────────────────────────────────────────────────────────
Under the UK GDPR/EU GDPR, our processing of your personal data requires a lawful basis. Depending on the context, we rely on one or more of the following:
5.1 Contract Performance
When processing is necessary for the performance of a contract to which you are a party or to take pre-contractual steps at your request. Examples include setting up your user account or providing you with a hosted CRM subscription.
5.2 Legal Obligations
We may be required under certain laws to maintain records, facilitate regulatory inspections, or comply with court orders. Where such obligations exist, processing is lawful under “legal obligation.”
5.3 Legitimate Interests
We often have a legitimate interest in processing your data to operate and improve our services, including maintaining security, preventing fraud, and ensuring continuous development. If these interests are not overridden by your fundamental rights or freedoms, we rely on legitimate interest as our lawful basis.
5.4 Consent
For marketing emails, targeted advertising, or analytics that are not strictly necessary for service functionality, we may request your consent. You can withdraw consent at any time by modifying your account preferences or contacting us directly.
────────────────────────────────────────────────────────────────────────────
6. COOKIES & TRACKING TECHNOLOGIES
────────────────────────────────────────────────────────────────────────────
6.1 Overview of Cookies
Cookies are small text files stored on your device by websites you visit. We use a combination of first-party and third-party cookies to remember user preferences, enhance the user experience, and monitor usage. Our detailed Cookie Policy provides more exhaustive information on what cookies we use and how you can manage them.
6.2 Types of Cookies We Use
• Essential Cookies: Required for basic site functionality, such as maintaining session state or preventing cross-site request forgery (CSRF).
• Analytics Cookies: Employed by Google Analytics, PostHog, or other vendors. These help us track site usage, user journeys, and performance metrics.
• Advertising Cookies: Used for retargeting or measuring ad campaign efficacy, such as with Bing Ads or other platforms.
• Preference Cookies: Store settings like language preferences or user-defined interface customizations.
6.3 Managing Cookie Preferences
Most browsers allow users to accept or reject cookies, or to be notified when a cookie is being placed on their device. You may refuse or delete cookies by adjusting your browser or device settings. However, blocking essential or functional cookies may compromise certain website functionalities (like user logins or content personalization).
6.4 Third-Party Tracking Technologies
We may incorporate web beacons, pixels, or other scripts from third-party platforms (e.g., Cloudflare for security and performance enhancements). These providers may also set cookies or use similar tracking methods to deliver optimal site functionality or gather usage insights.
────────────────────────────────────────────────────────────────────────────
7. FILE UPLOADS & CUSTOMER DATA (CRM/PORTAL SERVICES)
────────────────────────────────────────────────────────────────────────────
7.1 Confidential Treatment
When you upload files or raw data into our CRM or portal, we treat it with utmost confidentiality. Our staff access it only when necessary for troubleshooting technical issues or as required for contractual performance (e.g., assisting with data imports at your request).
7.2 Data Processor Obligations
Under our role as a Data Processor, we implement:
• Technical and organizational measures to ensure data protection, such as encryption in transit and at rest.
• Access controls, logging, and audit trails to monitor data handling activities.
• Strict internal policies and staff training to prevent unauthorized access to or disclosure of personal data.
7.3 Customer Responsibilities
As the Data Controller for the content you upload, you must ensure that you have an appropriate lawful basis for processing the personal data of your end-users and that you provide them with any notices, consents, or rights as required under UK GDPR/EU GDPR or other laws. Our DPA outlines your obligations and ours in more detail.
────────────────────────────────────────────────────────────────────────────
8. INTERNATIONAL DATA TRANSFERS
────────────────────────────────────────────────────────────────────────────
8.1 Locations of Processing
StreamlineXpert is headquartered in the United Kingdom, but our cloud architecture and third-party providers may be distributed globally. Consequently, your personal data may be stored and processed in countries outside your region, especially if you or your end-users reside outside of the UK or EU.
8.2 Transfer Mechanisms
Whenever personal data is transferred beyond the UK/EEA, we ensure an adequate level of protection by employing one or more of the following mechanisms:
• Standard Contractual Clauses (SCCs) pursuant to Article 46 of the EU GDPR/UK GDPR.
• Adequacy decisions by the European Commission or the UK government, acknowledging that a particular country offers an adequate level of protection.
• Binding Corporate Rules (BCRs) or other lawful transfer frameworks recognized under global data protection laws.
8.3 Continuous Assessment
We monitor regulatory developments regarding international data transfers, particularly in light of evolving case law or guidance (e.g., Schrems II). Where required, we implement updated safeguards, conduct Transfer Impact Assessments, or suspend transfers if we cannot guarantee equivalent levels of data protection.
────────────────────────────────────────────────────────────────────────────
9. DATA RETENTION & SECURITY
────────────────────────────────────────────────────────────────────────────
9.1 Retention Periods
We store personal data only for as long as necessary to fulfill the purpose for which it was collected or as required by law. Example retention periods include:
• Customer Account Data: Retained for the duration of your contract plus an additional six (6) years, to satisfy accounting, taxation, or other legal obligations.
• CRM or Hosted Customer Content: Preserved for up to seven (7) days post-service termination to allow data retrieval. After this window, we permanently delete or anonymize your uploaded content.
• Server Logs (Technical & Usage Data): Typically maintained for up to twelve (12) months to analyze performance, troubleshoot issues, or investigate security events.
• Marketing & Analytics Data: Generally aggregated and anonymized within twenty-four (24) months, or sooner if you withdraw consent.
9.2 Security Measures
We implement a wide range of security measures to protect personal data, including:
• Encryption: We use TLS/SSL for data in transit and, where feasible, strong encryption for data at rest.
• Access Controls: Strict administrative, physical, and technical access controls limit who can access personal data.
• Intrusion Detection & Prevention: Continuous monitoring for anomalies or suspicious activities.
• Vulnerability Management: Regular patching of systems, vulnerability assessments, and penetration testing.
• Certifications & Standards: We strive to align with recognized industry standards like ISO 27001, SOC 2, or NIST Cybersecurity Framework to maintain a robust security program.
9.3 Data Breach Notification
In the unlikely event of a personal data breach, we adhere to our legal obligations. If the breach poses a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority (e.g., the UK Information Commissioner’s Office) in accordance with applicable legal deadlines. Our DPA provides additional details on breach response obligations when we act as a Data Processor.
────────────────────────────────────────────────────────────────────────────
10. CHILDREN’S PRIVACY
────────────────────────────────────────────────────────────────────────────
10.1 Intended Audience
Our services, including websites and portals, are not designed for children under 16 years old (under 13 in the UK). We do not knowingly collect or solicit personal data from minors of these ages.
10.2 Parental Responsibility
Should you believe that a minor under this age threshold has provided personal data to us, we encourage you to immediately contact our DPO at dpo@streamlinexpert.com. We will promptly take steps to delete such data from our systems or to obtain verifiable parental consent if required by law.
────────────────────────────────────────────────────────────────────────────
11. AUTOMATED DECISION-MAKING & PROFILING
────────────────────────────────────────────────────────────────────────────
11.1 General Statement
We do not generally employ fully automated decision-making processes that produce legal or similarly significant effects on individuals without human intervention, except when:
• Required to prevent payment fraud or system abuse, in which case we deploy algorithms to detect suspicious behavior.
• Enabling security features to detect or block spam, bots, or malicious requests.
11.2 Right to Human Review
If you reasonably suspect that an automated process has adversely impacted you, you may request a human review. Please contact dpo@streamlinexpert.com, and we will ensure the matter is examined by appropriate personnel.
────────────────────────────────────────────────────────────────────────────
12. YOUR DATA PROTECTION RIGHTS
────────────────────────────────────────────────────────────────────────────
Under the UK GDPR, EU GDPR, and similar regulations worldwide, you possess certain rights over your personal data. These include:
12.1 Right of Access
You may request confirmation that we process personal data about you and obtain a copy of that data, along with information about how we process it.
12.2 Right to Rectification
If any of your personal data is inaccurate or incomplete, you have the right to request correction or completion.
12.3 Right to Erasure (“Right to Be Forgotten”)
You can request that we delete your personal data under certain circumstances, for instance, if the data is no longer needed for the original purpose or if you withdraw consent where that serves as our sole lawful basis.
12.4 Right to Restriction of Processing
In situations where the accuracy of data is contested or the processing is disputed, you may request that we temporarily restrict the use of your personal data until these issues are resolved.
12.5 Right to Portability
Where processing is based on consent or contract and carried out by automated means, you can request a machine-readable copy of your personal data to transfer it to another service provider if feasible.
12.6 Right to Object
If we process your personal data based on our legitimate interests, you may object to this processing, especially for direct marketing purposes.
12.7 Right to Withdraw Consent
Where processing requires your consent, you may withdraw it at any time without affecting the lawfulness of earlier processing.
12.8 Right to Lodge a Complaint
If you believe we have infringed your data protection rights, you have the right to lodge a complaint with the relevant Supervisory Authority, such as the UK Information Commissioner’s Office (“ICO”) or another authority in the EU/EEA.
────────────────────────────────────────────────────────────────────────────
13. EXERCISING YOUR RIGHTS & CONTACT DETAILS
────────────────────────────────────────────────────────────────────────────
13.1 How to Make a Request
To exercise any of your rights, please contact our Data Protection Officer at:
• Email: dpo@streamlinexpert.com
• Postal Address: Suite A – 82 James Carter Road, Mildenhall, IP28 7DE, United Kingdom
When you submit a request, we may need additional information to confirm your identity (e.g., verifying your account email, requesting government-issued ID) to prevent unauthorized requests. We strive to respond within one (1) month of receiving a valid request, but may extend by two (2) additional months for complex or numerous requests, in line with GDPR/UK GDPR guidelines. We will notify you if we require an extension.
13.2 Potential Exemptions
Under certain conditions—such as if your request adversely affects others’ rights or if data must be retained for legal obligations—we may partially or fully refuse your request. If so, we will provide a clear explanation of our rationale and inform you of your right to escalate concerns to a supervisory authority.
13.3 Complaint Escalations
If you are dissatisfied with our response or believe we process your data in violation of applicable data protection laws, you can lodge a complaint directly with:
• UK Information Commissioner’s Office (ICO): https://ico.org.uk/
• Your local EU Data Protection Authority if you reside in the EEA.
• Other relevant supervisory authorities, depending on your country of residence.
────────────────────────────────────────────────────────────────────────────
14. THIRD-PARTY LINKS & SERVICES
────────────────────────────────────────────────────────────────────────────
14.1 Linking to External Websites
Our websites or portals may include links to third-party websites or services that operate independently. If you follow these links, any data you provide is governed by the third-party’s privacy policy. We recommend reviewing each third-party’s privacy practices before disclosing personal data.
14.2 Third-Party Integrations & APIs
When you enable or use integrations or plug-ins with our services (e.g., connecting a third-party analytics platform or Single Sign-On (SSO) provider), the personal data transmitted between our platform and those systems may be subject to the third party’s data handling policies. We require all integration partners to adhere to data protection best practices, but we are not responsible for their actions outside the scope of the direct integration.
────────────────────────────────────────────────────────────────────────────
15. DATA SHARING & SUBPROCESSORS
────────────────────────────────────────────────────────────────────────────
15.1 Sharing Within StreamlineXpert
We may share personal data internally within StreamlineXpert’s departments for operational, administrative, or support purposes. All staff are bound by confidentiality obligations and are trained in data protection best practices.
15.2 Service Providers & Subprocessors
We engage service providers (subprocessors) for tasks such as hosting, payment processing, analytics, and technical support. Subprocessors may only process personal data under our instructions and are contractually required to implement robust security measures aligned with relevant privacy laws.
Common subprocessors or service providers might include:
• Cloud Hosting Platforms (AWS, Azure, or other Infrastructure-as-a-Service providers).
• Analytics Services (Google Analytics, PostHog, or other analytics vendors).
• Communication Platforms (email providers, SMS gateways, chat support tools).
• Payment Processors (Stripe, PayPal, or banks).
15.3 Legal & Regulatory Disclosures
We may disclose your personal data to government or law enforcement officials if mandated by law, court order, or we have a good-faith belief that disclosure is necessary to protect our rights, safeguard you or others from harm, investigate fraud, or respond to a government request.
15.4 Corporate Transactions
Should StreamlineXpert be involved in a merger, acquisition, reorganization, or sale of all or some of our assets, personal data may be transferred as part of that agreement, subject to the receiving party agreeing to respect data protection requirements consistent with those outlined in this Privacy Policy.
────────────────────────────────────────────────────────────────────────────
16. BUSINESS TRANSITIONS & CHANGES OF OWNERSHIP
────────────────────────────────────────────────────────────────────────────
In the event StreamlineXpert undergoes a business transition, such as a merger, acquisition by another company, or sale of a portion of our assets, your personal data may be part of the transferred assets. We will provide notice before any personal data is transferred and becomes subject to a substantially different privacy policy, allowing you an opportunity to review the new policy or exercise your data protection rights.
────────────────────────────────────────────────────────────────────────────
17. ADDITIONAL DISCLOSURES FOR SPECIFIC REGIONAL LAWS
────────────────────────────────────────────────────────────────────────────
17.1 California Consumer Privacy Act (CCPA) [If Applicable]
Although our primary focus is on UK and EU data subjects, we recognize that some customers or website visitors may be residents of California, USA. If the CCPA applies, you may be entitled to additional rights regarding the sale of personal information and the right to opt out. Please contact dpo@streamlinexpert.com if you have any inquiries or would like to exercise your California-specific rights.
17.2 Other Jurisdictions
Where local laws or regulations provide additional or more stringent requirements than those covered by the UK GDPR/EU GDPR, StreamlineXpert is committed to following those rules. If you reside in a jurisdiction other than the UK or EU, you may have special privacy rights beyond what is described in this Policy. Contact dpo@streamlinexpert.com for more information.
────────────────────────────────────────────────────────────────────────────
18. YOUR RESPONSIBILITIES
────────────────────────────────────────────────────────────────────────────
18.1 Keeping Data Accurate
You are responsible for ensuring that the personal data you provide to us is accurate, complete, and up-to-date. If your personal information changes (e.g., change in phone number, email address, or name), please promptly update your account settings or inform us so we can maintain accurate records.
18.2 Security of Your Credentials
We urge you to keep your account credentials (e.g., passwords, tokens) confidential and avoid sharing them. Inform us immediately if you suspect any unauthorized use of your account or any other breach of security.
18.3 Respecting Third-Party Privacy
If you upload or share personal data belonging to others within our services, make sure you are authorized to do so (e.g., employees, customers, or suppliers have provided necessary consents). You must comply with relevant data protection obligations when sharing or requesting processing of third-party data.
────────────────────────────────────────────────────────────────────────────
19. CONTACT INFORMATION & COMPLAINTS
────────────────────────────────────────────────────────────────────────────
19.1 General Contact Information
We encourage you to reach out if you have any remarks or suggestions about our data handling practices. You can contact us at:
• Email: dpo@streamlinexpert.com
• Postal Address: Suite A – 82 James Carter Road, Mildenhall, IP28 7DE, United Kingdom
19.2 Complaints & Escalation
If you believe we have not adequately addressed your privacy-related concerns, you can escalate the matter by:
• Contacting a local legal advisor for guidance on your rights.
• Filing a complaint with the UK Information Commissioner’s Office (ICO).
• Approaching another Data Protection Authority (DPA) if you reside in the EU/EEA.
19.3 Response Timeframes
We aim to respond to all legitimate requests or complaints within one (1) month, though complicated matters or multiple concurrent requests may require more time. We will keep you informed regarding the status and any delays.
────────────────────────────────────────────────────────────────────────────
20. CHANGES TO THIS PRIVACY POLICY
────────────────────────────────────────────────────────────────────────────
20.1 Frequency of Updates
We periodically review this Privacy Policy to ensure it remains accurate and up to date with evolving legal frameworks, regulatory guidelines, or the introduction of new technologies. We will note any revision dates prominently at the top of this page.
20.2 Notification of Material Changes
If we make any material changes that significantly alter how we process personal data, we will provide clear notice (e.g., a pop-up on our website, an email alert, or a statement on our login page). Your continued access or use of our services after such notice signifies acceptance of the updated Policy.
20.3 Version History
We maintain a record of updates to show how this Policy has changed over time. Users can find prior versions upon request or reviewed in an archived section of our website.
────────────────────────────────────────────────────────────────────────────
21. FREQUENTLY ASKED QUESTIONS (FAQ)
────────────────────────────────────────────────────────────────────────────
Below is a selection of common queries relating to our privacy practices:
Q1: Can I use your services without providing personal data?
A1: Certain services (like browsing public pages) may not require personal data. However, to access secure areas or personalized features, some data collection (e.g., account setup) is necessary.
Q2: Do you sell personal data to third parties?
A2: No. We do not sell or rent personal data, and any data sharing is strictly for legitimate business or legal/compliance reasons in accordance with this Policy.
Q3: How can I unsubscribe from marketing communications?
A3: You can unsubscribe by clicking the “unsubscribe” link in any marketing email or by adjusting your email preferences in your account settings. You can also email dpo@streamlinexpert.com to request removal.
Q4: How do you handle “Do Not Track” (DNT) signals?
A4: Many browsers have a DNT feature that sends a signal about your DNT preference to websites. Because there is not yet a universal industry standard for recognizing DNT signals, our websites may not respond to such signals. We remain committed to respecting privacy choices via the controls outlined in this Policy.
Q5: Are your services HIPAA-compliant?
A5: While our processes are designed to meet numerous security requirements, HIPAA compliance typically requires additional measures if the data qualifies as Protected Health Information (PHI). If you require HIPAA-compliant hosting, please contact us to discuss specialized configurations and Business Associate Agreements (BAAs).
────────────────────────────────────────────────────────────────────────────
22. GLOSSARY OF KEY TERMS
────────────────────────────────────────────────────────────────────────────
• “Personal Data”: Any information relating to an identified or identifiable natural person.
• “Processing”: Any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, alignment, combination, restriction, erasure, or destruction.
• “Controller”: The legal entity or person who determines the purpose and means of processing personal data.
• “Processor”: An entity that processes personal data on behalf of a Controller pursuant to their instructions.
• “Data Protection Officer (DPO)”: An internal role tasked with overseeing data protection strategy and implementation, ensuring compliance with data protection regulations.
• “Special Category Data”: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning health or sexual orientation, afforded stricter protections under GDPR/UK GDPR.
• “Subprocessor”: A third-party entity engaged by a Processor who has or potentially will have access to or process personal data on behalf of the Controller.
────────────────────────────────────────────────────────────────────────────
CONCLUSION & YOUR ACKNOWLEDGEMENT
────────────────────────────────────────────────────────────────────────────
We appreciate you entrusting StreamlineXpert with your personal data and are committed to processing it responsibly, securely, and in compliance with the laws that protect your privacy rights. By using our services or interacting with our website, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with its content, we request that you refrain from using our services.
Your privacy matters. Should you have any further questions or concerns, please reach out to us at dpo@streamlinexpert.com. We welcome feedback to improve our practices and strive to maintain your trust in all aspects of our operations.
Copyright © 2025 StreamlineXpert.
All Rights Reserved.