- What information we collect from you and why we need this information to provide services to you.
- How we use this information.
- How to access the information we hold about you.
The Agreement replaces all previous data protection provisions set out in previous versions of our contracts and, for the avoidance of doubt, where there are any inconsistencies between any existing data protection provisions contained within our agreements with you, the provisions in the Agreement will prevail.
We collect information about you when you signed up for our service and when you use our service. We will not share this information with any other agencies or organisations, except where disclosure is required by law by Ofcom, or by any other relevant regulatory or governmental authority.
We would remind you that you are responsible for ensuring that, once any data is passed to you from within our network, it is handled in a way that is fully compliant with the terms of the GDPR. You must have in place organisational and technical controls to ensure that you comply with all of your obligations under the GDPR and, if you use any third party supplier or subcontractor, you must ensure that they are subject to and compliant with their obligations under the GDPR.
We are committed to protecting all information on our network through appropriate controls, and to being transparent about what data we hold and how we use it. We set out below privacy information in relation to the services we provide to you.
The data we collect from you includes but is not limited to the following:
- When you set up an account with us, we will request information such as your name, private/business email or postal address, telephone or mobile number, financial or credit card information, company registration number, VAT number, IP address/es to help us identify you and to provide a service to you.
- When you contact us to discuss your services, we will ask for certain information to be able to confirm your identity, check our records and answer your questions quickly and accurately.
- When you visit our website, we may collect and process information about your usage of these by using “cookies” and other similar technologies to help us make improvements to the websites and to the services we make available. Please see the Cookies section below for more information.
- Where wholesale call origination services are provided under the terms of Schedule 1 to our standard telecommunications services agreement (Services Agreement), call record data, including the CLI passed, the call date and time, the IP the call originated from, the number dialled and the duration of the call.
- Where wholesale call termination services are provided under the terms of Schedules 2 and 3 to our Services Agreement, call record data including the CLI (as defined in the Services Agreement) passed, the call date and time, the destination number or IP of the VoIP enable device the call is delivered to, and the duration of the call.
- Where 999 services are provided as set out in Schedule 5 to our Services Agreement, the name and installation address (including post code) of the End User (as defined in the Services Agreement).
- Where directory enquiry services are provided, the End User’s name, address and postcode.
- Where wholesale line rental services are provided as set out in Schedule 10 to our Services Agreement, the End User’s name, installation address, postcode and any contact details supplied to aid service delivery.
- Where number portability services are provided, the End User’s name, address, postcode and any associated telephone numbers.
- Where service issues are reported, personal data may be requested in order to investigate these issues such as call date and time, number dialled, CLI passed, call traces and call recordings.
- Where PRS and 08 numbers are supplied under the terms of Schedule 2 to our Services Agreement and additional registration forms are required for Phone Pay Plus registration, the End User’s name, address and postcode.
We will use the information for purposes that include but are not limited to:
- Verify your identity when you use our services or contact us.
- Process any enquiries you have about the service.
- Monitor, record, store and use any telephone, e-mail or other electronic communications with you for training purposes, so that we can check any instructions given to us and to improve the quality of our customer service, and in order to meet our legal and regulatory obligations.
- Provide CDRs for billing verification via our FTP download site.
- Provide access to the emergency services including passing the End User name and location data to the emergency operator.
- Provide Portability under Ofcom’s General Conditions.
- Provide the facility to make entries to BT Directory Enquiries.
- Tell you about changes to our websites, services or terms and conditions.
- Recover any monies you may owe to us for using our services.
- Analyse our services with the aim of improving them.
- Prevent or detect a crime, fraud or misuse of, or damage to our network, and investigate where we believe any of these have occurred.
- Monitor network traffic from time to time for the purposes of network optimisation, backup and problem solving.
- If you have agreed, we will provide you with information about our other services, offers or products that you may be interested in.
- Your personal data will be kept secure, accurate and up to date with appropriate technical and organisational methods used to ensure the integrity of the data we hold and to prevent it being accidently lost, accessed or used in an unauthorised way, altered or disclosed. All personal data you provide to us is stored on our secure servers located in the United Kingdom. No information you provide to us is transferred to, or stored at, a destination outside the European Economic Area.
We may share information with organisations outside of Magrathea Telecommunications Limited:
- In response to properly made requests from law enforcement agencies for the prevention and detection of a crime, for the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation.
- In response to properly made requests from regulatory bodies such as the Information Commissioners Office and Ofcom.
- As part of the process of selling our business.
- As part of current or future legal proceedings.
- With a company who is assisting in providing services to you for us, e.g. customer support, portability, directory enquiry services, the provision of 999 access or other telecommunications services. Where we share information with other parties who help us provide the services, they are required to follow our express instructions in respect of the use of your personal information and they must comply with the requirements of the GDPR and any other relevant legislation to protect your information and keep it secure.
Some of the organisations with whom we may share information may be outside the European Economic Area, in countries that do not always have the same data protection laws as the UK. However, we will have contracts in place with them to ensure that your information is adequately protected and we will remain bound by our obligations even when your personal information is processed outside the European Economic Area.
How long will we hold information?
The time period that we will keep information will vary depending on what the information is used for. Unless there is a specific legal requirement to the contrary, we will keep information in a form which permits identification of data subjects only for as long as it is necessary for the purposes for which we process it. Once the requirement to hold the data is complete, appropriate measures will be taken to delete the data in line with the terms of the GDPR.
The law requires us to keep certain information about how you use our services for a period of 12 months – this will include, but is not limited to, records of the dates and times of the calls made via your account and the numbers dialled. This information may be used by certain law enforcement agencies to prevent and detect crime and to protect national security. We will only disclose this information to them when we are legally required to.
When you contact us we may monitor and record your communications with us to use this information for training and quality purposes, and to meet our legal and regulatory requirements. Where we store emails, these are only held for a limited period of time before we delete them permanently. Typically this will be 6 years for contract – related emails and 1 year for all other emails. We will continue to hold information about you if you terminate our services. This information will only be held for such periods as is necessary for the purpose of dealing with enquiries, complying with any legal obligation and for crime and fraud prevention and detection.
Data subject access request
Under the GDPR, a data subject has a right to be request a record of the data held about him/her. To do this a request should be submitted in writing to The Data Controller, Magrathea Telecommunications Limited, 5 Commerce Park, Brunel Road, Theale, Berkshire, RG7 4AB. We may ask the data subject to provide us with proof of identity to make sure we are giving information to the right person.
To help us process requests we will need the following information:
- Account number/s.
- Telephone number/s.
- Date and time (if requesting information about a call).
Other rights of data subject
The GDPR gives data subjects a number of other rights including the right to request the correction or erasure of personal data, the right to request the restriction of processing of personal data and the right to request the transfer of personal data (to the data subject or a third party). Further information about these rights can be found on our website www.magrathea-telecom.co.uk.
If you have agreed to us contacting you, we will contact you with details of products, services and special offers that we believe you may be interested in. If you change your mind and do not want to us to send you marketing messages you can do this by emailing email@example.com and your details will be removed from our mailing list.
If you notify us we will stop sending you the marketing messages, but we will send you service – related messages pursuant to our contract with you. These may include service announcements and changes to services or terms and conditions.
Most browsers automatically accept cookies. You can set your browser options so that you will not receive cookies and you can also delete existing cookies from your browser. However, you may find that some parts of the website will not function properly if you disable cookies.
We take protecting data seriously, and through appropriate organisational and technical security measures we will do our utmost to protect against unauthorised disclosure or processing. Unfortunately we cannot guarantee the security of transmitting information via the internet. We have tried to create a secure and reliable service but we have no responsibility or liability for the security of personal information transmitted via the internet.
Where any data breach is identified that affects the information that we hold about or have processed from you, we will notify you in writing immediately and provide full information about the personal data affected by this breach. We will take all appropriate steps to restore any personal data which is lost or corrupted as a result of a data breach where we are at fault.
If you identify any data breach on your network that affects data we have passed to you, you must notify us in writing immediately and provide full information about the data affected by this breach. You have an obligation to take all appropriate steps, at the fastest possible speed, to restore all personal data which is lost or corrupted due to a data breach on your network.
If you have any questions about privacy issues, want us to update your marketing preferences, or amend information, please contact us either by email on firstname.lastname@example.org or by post at Magrathea Telecommunications Limited, 5 Commerce Park, Brunel Road, Theale, Berkshire, RG7 4AB.
You have the right to complain to the Information Commissioner about the way in which we collect and use your personal data: www.ico.org.uk/concerns or telephone 0303 123 1113.