Xoxoday makes its privacy notice accessible through its official website, product registration pages, and in-platform user interfaces, ensuring every data subject receives clear, timely information about how their personal data is collected, used, stored, shared, and protected.
Privacy Notice Accessibility at Every Stage
Xoxoday delivers its privacy notice at multiple touchpoints so that data subjects are never left uninformed. Whether a user is visiting the Xoxoday website for the first time, completing a product registration, or actively using the platform, the privacy notice is surfaced at each relevant interaction point. This approach reflects Xoxoday’s commitment to informed consent as a foundational principle—not an afterthought. The privacy notice is published on Xoxoday’s official website and is accessible to anyone, including prospective customers, current users, administrators, and employees of client organizations. This ensures that individuals whose data may be processed by Xoxoday can review the notice independently, without requiring active platform access.What the Privacy Notice Covers
Xoxoday’s privacy notice addresses the full data lifecycle: the nature and purpose of personal data collection, how data is used within the platform, retention timelines, third-party sharing practices, and the technical and organizational safeguards in place to protect personal data. This level of detail supports compliance with GDPR’s transparency requirements and CCPA’s right-to-know provisions. For organizations that integrate Xoxoday with HRMS platforms such as Workday, SAP SuccessFactors, or Darwinbox, the privacy notice explicitly accounts for the categories of data that may be synchronized—such as employee identity, role, and recognition activity. This ensures that employees onboarded through automated directory syncs are not excluded from privacy disclosures.In-Platform Transparency
Within the Xoxoday product, privacy notices are embedded directly in the user interface, particularly during registration and account creation flows. Users interacting with Xoxoday through integrated channels—such as Slack or Microsoft Teams—are directed to the privacy notice as part of the onboarding experience. This multi-channel approach ensures that no user bypasses the disclosure, regardless of how they access Xoxoday. Xoxoday’s privacy practices are validated by independent certifications including ISO 27001 and SOC 2 Type II, which audit how access to personal data is governed and how privacy controls are implemented across the platform. These certifications provide enterprise buyers and data subjects with an additional layer of assurance beyond the privacy notice itself.Alignment with GDPR and CCPA
Xoxoday structures its privacy notices to meet the specific disclosure requirements of both GDPR (Articles 13 and 14) and CCPA. Data subjects receive information about the legal basis for processing, their rights to access, correction, deletion, and portability, and the channels through which they can exercise those rights. The notice is written in plain language, avoiding technical or legal jargon that could obscure a user’s understanding of their privacy rights or how to act on them. Learn more: Xoxoday Help Centre — General Data Protection Regulation (GDPR)How does Xoxoday handle data subject rights under GDPR?
Learn how Xoxoday processes requests for data access, correction, deletion, and portability from individuals whose personal data is held on the platform.
How does Xoxoday ensure GDPR-compliant data processing?
Understand the legal bases Xoxoday relies on for processing personal data, including consent, legitimate interest, and contractual necessity.