Privacy Policy

Privacy Policy

Effective Date: Last Updated:

XI Division ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information, including when you interact with us or receive communications from us (such as SMS/text messages, emails, voice calls, or other electronic messages).

This policy applies particularly if you are in the United Kingdom, where we comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). Even though we are not based in the UK, these laws apply to our processing of UK individuals' personal data and sending of electronic marketing messages to UK numbers/addresses.

By providing us with your information or using our services, you agree to the practices described here.

1. Information We Collect

We collect:

Directly from you: Name, email address, mobile phone number, postal address (if provided), preferences, and any details you submit via forms or communications.

Automatically: IP address, device information, browser details, access times, and interaction data.

From third parties: Limited data from partners or service providers (e.g., messaging platforms like ClickSend) only as necessary and with appropriate safeguards.

We do not collect special category data (e.g., health, ethnicity) unless you voluntarily provide it for a specific requested service.

2. How We Use Your Information

We use personal information to:

Provide and improve our services.

Send transactional or service-related messages (e.g., order confirmations, account updates).

Send marketing messages (SMS/texts, emails) only where we have your explicit consent or another valid basis under UK GDPR/PECR.

Prevent fraud, comply with legal obligations, enforce agreements, and protect rights/safety.

For UK individuals: Marketing electronic messages (including SMS/texts) are only sent with your prior explicit consent (freely given, specific, informed, and via clear affirmative action, such as ticking a dedicated opt-in box). We do not rely on pre-ticked boxes, silence, or bundled consents. Consent is granular (e.g., separate for SMS vs. email where relevant).

We do not sell, rent, lease, share for monetary gain, or otherwise monetize your personal information or consent data.

3. Lawful Basis for Processing (UK GDPR)

For UK individuals, processing is based on:

Consent — for marketing electronic messages (withdrawable anytime).

Contract — for delivering requested services.

Legitimate interests — for fraud prevention, service improvement (balanced against your rights).

Legal obligation — for compliance.

Marketing texts/emails to individuals require consent under PECR (or limited soft opt-in where you sold a product, gave opt-out chance at collection, and messages are about similar products — we will specify if relying on this).

4. Sharing Your Information

We share data only:

With service providers (e.g., ClickSend for messaging, hosting, analytics) bound by strict contracts and used only per our instructions.

To comply with laws, legal requests, or protect rights/safety.

In corporate transactions (e.g., merger).

We do not share for third-party marketing.

5. International Transfers

Data may be transferred outside the UK (e.g., to Australia or other countries where we/our providers operate). We use UK-approved mechanisms (e.g., adequacy decisions, standard contractual clauses, or international data transfer agreements) to ensure protection equivalent to UK GDPR.

6. Your Rights (UK GDPR)

You have rights including:

Access, rectification, erasure, restriction, objection.

Withdraw consent (affects future marketing only).

Data portability.

Complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

Contact us to exercise rights — we respond within statutory timeframes (usually one month).

7. Opting Out / Unsubscribing

Marketing messages include clear opt-out (e.g., reply STOP to SMS; unsubscribe link in emails).

You can also email us at or use any provided dashboard.

We process opt-outs promptly and honor them.

8. Data Security and Retention

We use reasonable safeguards against unauthorized access/loss. Data is kept only as needed for purposes or legal requirements, then securely deleted/anonymized.

9. Children's Privacy

Services not directed at children under 16 (or applicable age). We do not knowingly collect from children.

10. Changes to This Policy

Updates posted here with new "Last Updated" date. Continued use signals acceptance.

11. Contact Us

XI Division 1, RCBC Plaza, 30F Yuchengco Tower, 6819 Ayala Ave, Makati City, Metro Manila, Philippines Email: Phone: +63 2 1234 5678

For UK privacy queries, reference this policy and UK GDPR/PECR rights.

For platform-specific info (e.g., ClickSend), see their Privacy Policy: .

Thank you for your trust.