XDMA – BEST PROVIDER

Privacy Policy

XDMA Privacy Policy

Effective Date: 25 May 2025

1. Overview and Data Controller Information

XDMA operates as a digital marketplace specializing in the resale of legitimate software license keys for Field-Programmable Gate Array (FPGA) development and research applications. We act solely as a reseller and intermediary, facilitating transactions between customers and software publishers for lawful computing and development purposes.
Contact: admin@xdma.net
Data Protection Officer: admin@xdma.net

This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and other applicable privacy laws.

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: Processing necessary to fulfill our sales contracts and deliver services
  • Legitimate Interests: Fraud prevention, business security, and service improvement
  • Legal Compliance: Meeting regulatory requirements and responding to legal requests
  • Consent: Where explicitly provided for marketing communications

3. Information We Collect

3.1 Personal Data Collected Directly

  • Account Information: Name, email address, username, password
  • Transaction Data: Billing address, purchase history, order details
  • Communication Records: Customer support emails, inquiries, feedback
  • Identity Verification: Business registration details (for commercial customers)

3.2 Payment Information

Payment data is processed by our payment processors (including Stripe). We do not store complete payment card details on our servers. We may retain transaction IDs and payment status for record-keeping.

3.3 Technical Data (Collected Automatically)

  • Device Information: IP address, browser type, operating system
  • Usage Data: Pages visited, time spent, click patterns
  • Security Data: Login attempts, security events, fraud detection signals
  • Cookies: As detailed in our Cookie Policy below

4. How We Use Your Information

4.1 Primary Purposes

  • Order Processing: Fulfilling purchases and delivering digital license keys
  • Customer Service: Responding to inquiries and resolving issues
  • Account Management: Maintaining user accounts and purchase history
  • Legal Compliance: Meeting regulatory requirements and tax obligations

4.2 Secondary Purposes (Legitimate Interests)

  • Fraud Prevention: Detecting and preventing fraudulent transactions
  • Business Security: Protecting against chargebacks and policy violations
  • Service Improvement: Analyzing usage patterns to enhance our platform
  • Business Analytics: Understanding customer preferences and market trends

4.3 Marketing (Consent-Based)

We only send marketing communications with your explicit consent. You may withdraw consent at any time by:

  • Clicking unsubscribe links in emails
  • Contacting admin@xdma.net
  • Updating your account preferences

5. Information Sharing and Disclosure

5.1 Service Providers

We share data with trusted third parties who provide essential services:

  • Payment Processors: Stripe and other authorized payment companies
  • Email Services: For transactional and support communications
  • Hosting Providers: For website and data hosting services
  • Security Services: For fraud detection and prevention

All service providers are bound by strict data protection agreements.

5.2 Legal Disclosure

We may disclose information when:

  • Required by law, court order, or regulatory authority
  • Necessary to protect our legal rights or prevent fraud
  • Required for law enforcement cooperation
  • Part of a legitimate business transfer or acquisition

5.3 No Commercial Sharing

We do not sell, rent, or share personal data with third parties for their marketing purposes.

6. International Data Transfers

Your data may be processed in countries outside the UK/EU by our service providers. We ensure adequate protection through:

  • Adequacy Decisions: Transferring only to countries with adequate protection
  • Standard Contractual Clauses: Using EU-approved transfer mechanisms
  • Certification Programs: Working with certified service providers

7. Data Security

We implement appropriate technical and organizational measures including:

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Restricted access on a need-to-know basis
  • Regular Audits: Security assessments and vulnerability testing
  • Staff Training: Regular data protection training for all personnel

However, no online system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

8. Data Retention

We retain personal data for the following periods:

  • Account Data: Until account closure plus 7 years for tax/legal purposes
  • Transaction Records: 7 years after purchase for accounting and dispute resolution
  • Communication Records: 3 years after last contact
  • Marketing Data: Until consent is withdrawn
  • Security Logs: 12 months unless needed for ongoing investigations

Data is securely deleted or anonymized when no longer needed.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Access Rights

  • Request a copy of personal data we hold about you
  • Receive information about how your data is processed

9.2 Correction and Completion

  • Correct inaccurate personal data
  • Complete incomplete personal data

9.3 Erasure (“Right to be Forgotten”)

  • Request deletion of personal data (subject to legal retention requirements)
  • Automatic deletion when data is no longer necessary

9.4 Restriction of Processing

  • Limit how we process your data in certain circumstances
  • Object to processing based on legitimate interests

9.5 Data Portability

  • Receive your data in a structured, machine-readable format
  • Transfer data to another service provider

9.6 Objection Rights

  • Object to direct marketing (always honored)
  • Object to processing for legitimate interests (assessed case-by-case)

9.7 Automated Decision-Making

We use automated fraud detection systems. You have the right to:

  • Request human review of automated decisions
  • Challenge automated decision outcomes

10. Exercising Your Rights

To exercise your rights, contact us at:

  • Email: admin@xdma.net
  • Subject Line: “Data Protection Request”
  • Include: Your name, email address, and specific request

We respond within one month of receiving valid requests. Complex requests may take up to three months with notification.

11. Complaints and Supervisory Authority

If you’re unhappy with our data handling, you may:

  1. Contact us directly at admin@xdma.net
  2. File a complaint with the relevant supervisory authority:
    • UK: Information Commissioner’s Office (ICO) – ico.org.uk
    • EU: Your local data protection authority

12. Cookies and Tracking Technologies

12.1 Essential Cookies

  • Session Management: Maintaining login sessions
  • Security: Preventing fraud and unauthorized access
  • Functionality: Remembering user preferences

12.2 Analytics and Performance Cookies (Optional)

We use these cookies only with your consent to:

  • Usage Analysis: Understanding website performance and popular content
  • User Experience: Improving navigation and site functionality
  • Service Optimization: Identifying areas for improvement

Your Choice: You can accept or decline these cookies through our cookie banner. Essential cookies cannot be disabled as they’re necessary for basic website functionality.

12.3 Managing Your Cookie Preferences

Cookie Banner: When you first visit our website, you’ll see a cookie banner allowing you to:

  • Accept all cookies (essential + analytics)
  • Accept only essential cookies
  • Customize your preferences

Browser Controls: You can also manage cookies through your browser settings:

  • Block all cookies (may affect website functionality)
  • Delete existing cookies
  • Set preferences for future cookies

Updating Preferences: You can change your cookie choices at any time by:

  • Clearing your browser cookies and revisiting our site
  • Contacting admin@xdma.net to reset your preferences
  • Using browser developer tools to modify cookie settings

13. Third-Party Software and Disclaimer

XDMA acts exclusively as a reseller of digital license keys. We do not create, develop, or officially distribute the software applications. Your use of purchased software is subject to the respective software publisher’s privacy policies and terms.

We are not responsible for the privacy practices of software publishers or how they handle data collected through their applications.

14. Children’s Privacy

Our services are intended for users 18 years and older. We do not knowingly collect personal data from children under 16 (or 13 in some jurisdictions). If we discover we have collected such data, we will delete it immediately.

Parents or guardians who believe their child has provided personal data should contact us at admin@xdma.net.

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • Changes in applicable laws
  • New business practices
  • Enhanced security measures
  • Service improvements

Notification of Changes:

  • Major changes: 30 days advance notice via email
  • Minor changes: Updated policy posted on website
  • Continued use indicates acceptance of changes

16. Business Transfers

In the event of a merger, acquisition, or business sale, personal data may be transferred to the acquiring entity. We will:

  • Notify affected users in advance
  • Ensure the new entity maintains equivalent data protection
  • Provide opt-out options where legally required

17. Contact Information

For all privacy-related matters:

Primary Contact: admin@xdma.net
General Inquiries: admin@xdma.net
Website: https://xdma.net

Response Times:

  • Privacy requests: Within 30 days
  • General inquiries: Within 48 hours
  • Urgent security matters: Within 24 hours

18. Governing Law

This Privacy Policy is governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of English courts, except where EU consumer protection laws provide otherwise.

Document Version: 2.0
Last Updated: 25 May 2025
Next Review: 25 May 2026

21. Data Protection Training and Compliance

Staff Responsibilities: All personnel with access to customer data receive regular training on:

  • Data protection principles and legal requirements
  • Secure data handling procedures
  • Incident response and breach notification
  • Customer rights and request handling
  • Privacy by design in business processes

Ongoing Compliance: We maintain data protection compliance through:

  • Annual privacy policy reviews
  • Regular security assessments
  • Staff certification updates
  • Vendor due diligence
  • Incident response planning

Privacy by Design: We integrate data protection considerations into:

Marketing and communication strategies

New service development

System design and architecture

Business process improvements

Third-party vendor selection