1Scope & Controller Information

This Ireland Notice applies when we process personal data subject to the GDPR (for example, because you are located in Ireland/EEA). Unless otherwise stated in our main Privacy Policy, Xaysi Inc. (or the relevant Xaysi entity identified in the main Privacy Policy) acts as the data controller for this processing.

2Personal Data We Collect

We collect personal data to provide and improve our Services. Depending on how you interact with Xaysi Marketplace, this may include:

• Account & profile data: name, email address, login credentials, preferences.
• Seller/business data: business name, business contact details, tax/registration info (where required), storefront content.
• Transaction data: order details, purchase history, refunds/returns, delivery details.
• Payment data: payment method tokens and limited payment details (typically processed by payment providers; we may receive confirmations and partial identifiers).
• Customer support communications: messages, emails, chat logs, and related metadata.
• Device & usage data: IP address, device identifiers, browser type, pages viewed, approximate location derived from IP, cookies and similar technologies.

3How We Use Personal Data

We use personal data for purposes such as:

• Providing, operating, and maintaining the Services (including account creation and order fulfilment)
• Processing payments, preventing fraud, and securing accounts
• Customer support, dispute handling, and service communications
• Improving our Services, analytics, and product development
• Marketing and advertising (where permitted), including measuring campaign performance
• Complying with legal obligations and enforcing our terms

4Legal Bases for Processing (GDPR)

Under the GDPR, we rely on one or more legal bases depending on the context:

• Contract: to provide the Services you request (e.g., fulfil orders, manage accounts).
• Legal obligation: to meet legal requirements (e.g., accounting, compliance, responding to lawful requests).
• Legitimate interests: to secure and improve our Services, prevent fraud, and understand usage—balanced against your rights.
• Consent: for certain marketing communications and some cookie/technology uses where required. You can withdraw consent at any time.
• Vital interests: in rare cases, to protect someone’s life.

5Cookies, Analytics & ePrivacy

We use cookies and similar technologies to operate the Services, remember preferences, understand performance, and (where permitted) personalize advertising. Some technologies may require your consent depending on local law and configuration.

• Strictly necessary: required for core site functionality and security.
• Performance/analytics: help us measure and improve how the site works.
• Functional: remember choices (e.g., language, region).
• Marketing: help deliver and measure relevant ads where enabled.

Where a consent banner or preference tool is available, you can manage your choices there and change them later.

6Sharing & Disclosure

We may share personal data with:

• Service providers/processors: hosting, analytics, payment processing, customer support, security, and communications providers.
• Business partners: where needed to provide marketplace features you use (e.g., shipping integrations).
• Legal and compliance: when required by law, court order, or to protect rights, safety, and security.
• Corporate transactions: in connection with a merger, acquisition, reorganization, or sale of assets (subject to applicable safeguards).

7International Transfers

Your personal data may be processed in countries outside Ireland/EEA (for example, where our service providers operate). When we transfer personal data internationally, we use recognized safeguards as required by the GDPR, such as:

• Adequacy decisions (where applicable)
• Standard Contractual Clauses (SCCs) and, where needed, supplementary measures
• Other lawful transfer mechanisms permitted under GDPR

You may request more information about the safeguards we use by contacting us (see Section 10).

8Your Rights (GDPR)

Subject to conditions and exceptions under the GDPR, you may have the right to:

• Access: obtain confirmation and a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of personal data in certain cases.
• Restriction: limit processing in certain cases.
• Portability: receive data in a structured, commonly used format and transmit it to another controller.
• Object: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where we rely on consent, at any time (does not affect prior processing).

9Data Retention & Security

We retain personal data only as long as necessary for the purposes described in this Ireland Notice and our main Privacy Policy, including to meet legal, accounting, or reporting obligations. We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

10Contact Us & Complaints

To exercise your rights, ask questions about this Ireland Notice, or request information about international transfer safeguards, please contact us using the contact details in our main Privacy Policy.

You also have the right to lodge a complaint with a supervisory authority. In Ireland, this is the Data Protection Commission (DPC).