Privacy Statement GDPR

Who we are

Xilion B.V., having the registered office on De Vlei 24, 1852KE Heiloo, The Netherlands, is responsible for the processing of personal data as shown in this privacy statement.
Scope of the privacy statement are the websites ,, and the Microsoft Azure cloud platform.

Personal data that we process

Xilion does not process personal data because no personal data can be left on our websites and applications. Your information on contact form is only intended to contact Xilion.
We also do not use social media plugins, cookies, pixels and trackers.

Special and / or sensitive personal data that we process

IP addresses are registered for all website visits to determine whether the website is effective.
The websites do not collect data about website visitors who are younger than 16 years. Unless they have permission from parents or guardians. However, we cannot check if a visitor is older than 16.
We encourage parents to be involved in the online activities of their children, in order to prevent data about children being collected without parental consent.
If you are convinced that we have collected personal information about a minor without this permission, please contact us at
Then we delete this information.

For what purpose and on what basis we process personal data

Xilion processes your personal data for the following purposes:

  • Taking a subscription to the Xilion software;
  • Handling your payment;
  • Inform you about changes to our services and products;
  • Offer you the possibility to access the Xilion software;
  • Possibly identification data by means of SMS confirmation or credit card identification or copy of identity card or other identification techniques;
  • Xilion also processes personal data if we are legally obliged to do so, such as information that we need for our tax return.
Automated decision-making

Xilion does not make decisions based on automated processing on cases that can have (significant) personal consequences.
These are decisions taken by computer programs or systems, without personal (for example, an employee of Xilion) intervention.

Xilion uses the following computer programs or systems:

  • Microsoft Azure Cloud as host platform;
  • RDS client apps to operate Xilion’s software on your own device;
  • Xilions B2B B2C Market Explorer software, which does not contain cookies or trackers that register what you are doing;
  • MS Office 365 ProPlus for self processing and processing of the B2B and B2C Market Explorer results;
  • Security software against hacking, phishing and other threads.
How long we store personal data

Xilion does not store your personal data longer than is strictly necessary to achieve the purposes for which your data is collected. We use the following retention periods for the following (categories) of personal data:

  • Personal and address data on administration and bank statements, 7 years due to legal obligation for tax authorities;
  • Identification data, 7 years due to accountability to the tax authorities and governmental agencies;
  • IP addresses of website visits, 28 days, because the data has lost its value for the purpose for which it was registered.
Sharing personal data with third parties

Xilion only provides to third parties and only if this is necessary for the execution of our agreement with you, or to comply with a legal obligation.

Cookies, or similar techniques, that we use

Xilion does not use cookies or similar techniques. Xilion can request prior identification.

View, modify or delete data

You have the right to view, correct or delete your personal data.
In addition, you have the right to withdraw your consent to the data processing or to object the processing of your personal data by Xilion, and you have the right on data portability. This means that you can submit a request to us to send the personal information we have in your computer files to you or another organization mentioned by you.
You can send a request for access, correction, deletion, data transfer of your personal data or request for cancellation of your consent or objection to the processing of your personal data to

To ensure that the request for access has been made by you, we ask you to send a copy of your ID with the request. Make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) unreadable in this copy.
This is to protect your privacy. We respond as quickly as possible, but within four weeks, at your request.

Xilion would like to point out that you have the opportunity to file a complaint at the Dutch Data Protection Authority. This can be done via the following link:

How we protect personal data

Xilion takes the protection of data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification.
If you have the impression that your data is not secure or that there are indications of abuse, please contact our customer service or via .