We consider privacy to be of utmost importance and we are committed to providing personalized products and services that meets our Customers’, Users’ and Website Visitors’ needs in a way that safeguards privacy. This policy applies to information held about individuals (the term “Individual” means any of the following: a Customer Representative (as defined below), User, Website Visitor or Prospect Customer Representative, collectively known as “Individuals”). We maintain strict security measures in order to protect personal data. In this policy, “Customer” means a business customer of Pure IP, “User” means the user of the services that we provide to a Customer, and “Website Visitor” means a visitor to our website available at www.pure-ip.com (our “Website”).
Who We Are (Identity and Contact Details of the Controller)
Pure IP (referred to in this policy as “we”, “us” and “our”) consists of a group of companies with offices and data centers in the UK, the USA, New Zealand and Australia. We also have data centres in Singapore and Hong Kong.
The controller of personal data for UK data protection purposes is Pure IP Limited, with its registered office address at 5th Floor, 89 Albert Embankment, London, SE1 7TP. Pure IP Limited’s ICO registration number is Z3205635 and you can access our data protection register entry here.
Our Website may contain links to third-party websites, plug-ins and applications. If an individual follows a link to a third-party website, please note that this policy does not apply to those websites. We are not responsible or liable for the privacy policies or practices of those websites, so please check their policies before submitting any personal data to those websites.
The Categories of Personal Data
We process the following categories of personal data:
Customer Representative Data: A representative of a Customer (referred to in this policy as “Customer Representative,” and an example of which may include, an employee of the Customer who manages the products and services the Customer receives from us) is required to provide us with personal data when they inquire about or agree to take a product or service from us on behalf of a Customer. This may include name, title, company name, IP address, physical address, location, phone number, email address, username, password, purchase information, payment method and bank details of the Customer. We need this information to be able to provide our products and services and run our business.
User Data: We are provided with details of the Users of our products and services so that we can allocate contact numbers to those Users. We also collect call data such as calling party number, called party number, date and time of call, duration (collectively referred to as “Call Detail Records”), number of calls, quality, recipient, occasionally call recordings (if requested by our Customers, to monitor call quality or as otherwise legally permitted, which means retaining a .wav or .mp3 file of the call recording). Where we monitor calls, we may also collect personal data of call recipients. Our Customers are responsible for ensuring that appropriate notices are provided and consents obtained (where necessary) for any monitoring that we carry out on their behalf, including processing call recordings. We need this information to be able to provide our products and services.
Number Portability Verification Data: In the event a Customer requests us to port numbers of their Users from an alternative provider to us, we will be required to collect and process Users’ original identity documents to prove the User’s address. We will receive a copy of the Users’ passport or other national ID document, which will include their name, address and date of birth of the User.
Inquiry Data: When we are contacted with an enquiry or in response to a communication from us, we may be provided with certain personal data such as name, contact details and information contained in the correspondence (which could tell us something about the individual’s preferences). The individual contacting us is in control of the personal data and other information that they share with us. We need this information to be able to respond to the enquiry and to administer our business. In addition to enquiries being received from an individual (as defined above), we also receive enquiries from representatives of our partners and resellers. When we do, we may also be provided with their personal data (as described in this paragraph).
Website Visitor Data: When a Website Visitor visits our Website, we capture access data (such as date and time of the access, requests made, the amount of data transmitted and the requesting provider) in server log files. This information does not allow us to identify the Website Visitor. We may also capture other information about visits to our website such as site usage and traffic patterns. Whereas we may be able to identify an individual device and therefore the Website Visitor from this information, the purpose of collecting information is to administer, maintain and improve our site and not to analyse the Website Visitor’s visits to our Website (please see our purposes for processing below for further details).
Prospect Customer Representative Data: A representative of a prospective customer of our products and services (referred to in this policy as “Prospective Customer Representative”) is required to provide us with personal data when they inquire about our products or services on behalf of their employer. This may include company name, name, address, email address, contact number and details of the current telecommunications service of the Prospective Customer Representative’s employer.
From Which Source the Personal Data Originate, and If Applicable, Whether It Came from Publicly Accessible Sources:
The personal data we process originates from:
- Customer Representatives when they take a product or service from us on behalf of the Customer.
- Users of the product or service that the Customer receives from us.
- Website Visitors when visiting our Website.
- Prospective Customer Representatives when they enquire about our products or services on behalf of their employer.
- Individuals when they contact us with an enquiry or in response to a communication from us, such as a record of responses to inquiries (including representatives of our partners and resellers).
- Third parties where we purchase or obtain lists including personal data such as name, company and contact details for marketing purposes.
Purposes of the Processing for which the Personal Data are Intended, as well as the Legal Basis for the Processing:
Any personal data we process will be used in accordance with applicable data protection laws. We have described below our purposes for processing personal data.
To provide our products and services, administer Customer accounts, and run our business, we use Customer Representative Data to process individual service orders and to process any application for services (e.g. on a pre- or post-paid contract), to maintain guarantee records, set up and maintain Customer accounts and to provide after-sales service. This includes carrying out security checks (this may involve passing Customer Representative Data to a credit reference agency, who will check the details we give them against public and private databases and may keep a record of that check to use in future security checks – this helps to protect our Customers and us from fraudulent transactions). A Customer Representative has the ability to manage the Customer’s products and services via our online portal, and requires us to process the Customer Representative’s Data in order to provide login details (including a username and password).
We monitor call quality to improve the service which we provide and use User Data to optimize our services and our Customers’ and their Users’ experience. We may also process User Data when monitoring calls to ensure compliance with our practices and procedures and where, for example, a contract is entered into to provide evidence of the transaction. We use User Data for troubleshooting purposes to resolve faults, incidents or debugging issues with our products and services, which may be identified by the User and submitted to us via our help desk, and we may also use User Data for providing fault, fraud and maintenance notifications to Users, all of which are necessary notifications in order for us to provide the products and services required by the Customer.
We have a legitimate interest to process the Customer Representative Data and User Data in order to provide products and services to our Customers and their Users, to administer Customer accounts and run our business. This legitimate interest extends to providing Customers with the products and services requested from us (including, for example, monitoring calls when a Customer selects this option) which is govern by a formal contract for services.
We also provide Customers with the option to port numbers of their Users from an alternative provider to us. In these circumstances we are required to verify the identity of Users and this requires us to process Number Portability Verification Data. We are required to carry out these checks, and process your Number Portability Verification Data, to comply with our legal and regulatory obligations.
To inform Customers about promotions and our products and services, we may use Customer Representative Data and/or User Data to inform Customer Representatives and/or Users of information, promotions, products and services that may be of interest where we are legally permitted to do so (for example, where the contents of the communication relates to the same or similar products and services to those received by the Customer Representative and/or User) or where the Customer Representative and/or User has consented to receiving direct marketing from us (or a company similar to us). Customer Representatives and/or Users may be contacted by post, email, telephone or such other means as we regard as appropriate and as legally permitted.
We have a legitimate interest to process Customer Representative Data and/or User Data for direct marketing purposes or rely on consent as a basis for direct marketing where we are legally required to do so (this depends upon the relationship we have with the Customer Representative and/or User and the contents of our direct marketing).
To meet legal or regulatory requirements, we are required to comply with certain legal and regulatory requirements when providing our products and services and we may process personal data in order to comply with those requirements, which may include monitoring and recording communications. Occasionally, we may be asked to provide certain information to regulators or law enforcement agencies and we will comply with these requests where legally required or permitted.
This processing is necessary for compliance with a legal obligation to which we, our Customers or the regulator/law enforcement agency are subject.
To administer, maintain, and improve our Website, we use “cookies” to monitor Website Visitor traffic patterns and site usage. This helps us to understand how our Customers and potential Customers use our Website so that we can develop and improve the design, layout and functionality of the sites. A cookie is a piece of information that is stored on the Website Visitor’s computer’s hard drive and which records their navigation of our Website so that, when the Website Visitor revisits our Website, it can present tailored options to them based upon the stored information about the Website Visitor’s last visit. A Website Visitor can normally alter the settings of their browser to prevent acceptance of cookies. If a Website Visitor does not want us to deploy cookies in their browser, a Website Visitor can set their browser to reject cookies or to notify them when our Website tries to put a cookie on the Website Visitor’s computer. However, rejecting cookies may affect the Website Visitor’s ability to use some of the products and/or services at our Website.
In addition to the information provided above, the following website provides information on deleting or controlling cookies and is available at www.aboutcookies.org.
To opt out of Google Analytics cookies across all websites, please visit: Google Analytics Opt-out Browser Add-on and for other third-party cookies relating to behavioral advertising, please go to www.youronlinechoices.eu. Opting out does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver adverts tailored to your web preferences and usage patterns, so you may see a greater number of adverts that are irrelevant to you and your preferences.
Who We May Share Personal Data with (Recipients or Categories of Recipients of the Personal Data):
We do not sell personal data and mailing lists to third parties for their marketing purposes or any other purposes.
We provide call data to our Customers in relation to the products and services our Customers have purchased from us, which may include individual User call usage data for invoicing/charging purposes.
Where we have told our Customers in advance, we may disclose certain information to telecoms network service providers for purposes solely connected with the provision of our products and services via their networks. We may use other carefully selected third parties to carry out certain activities to help us provide our products and services, such as processing and sorting of data, monitoring how Customers use our Website and issuing our emails for us.
We have offices and operations in a number of international locations and we share information between our group companies to provide our products and services and for business and administrative purposes. Further information about how we transfer data between our group companies is set out below.
Where required or permitted by law, information may be provided to others, such as regulators and law enforcement agencies.
From time to time, we may consider corporate transactions such as a merger, acquisition, reorganization, asset sale, or similar. In these instances, we may transfer or allow access to information (including personal data) to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, personal data may be transferred to a third parties involved in the transaction.
Cross Border Transfers of Personal Data:
We transfer personal data all over the world as part of our business operations and in order to provide our products and services. Where we transfer personal data outside of the Europe Union, we either transfer personal data to countries that provide an adequate level of protection (known as an “adequacy decision” and determined by the European Commission, which includes our New Zealand office) or we have appropriate safeguards in place. Further information about the transfers and the basis on which those transfers are made is provided below.
We transfer personal data between our group companies and data centers in the UK, the USA, New Zealand, Australia and Singapore. Where required, we have put appropriate safeguards in place to cover these transfers in the form of standard contractual/data protection clauses adopted by the European Commission. Please click here for a link to the standard contractual/data protection clauses.
We may transfer personal data to our third-party suppliers. Where the transfers are not to countries that provide an adequate level of protection, we put appropriate safeguards in place to cover these transfers in the form of standard contractual/data protection clauses adopted by the European Commission and where our suppliers are located in the US, we may rely on the EU-US Privacy Shield Framework. Please click here for a link to the standard contractual/data protection clauses and click here for more information about the EU-US Privacy Shield Framework for US companies.
If you would like further information, please contact us at firstname.lastname@example.org.
The Period for which the Personal Data will be Stored or the Criteria used to Determine that Period:
We store personal data in line with legal, regulatory, financial and good-practice business requirements and as instructed by our Customers. We store some specific personal data as follows:
- Call monitoring records (including call recordings) are retained for no longer than 30 days or otherwise in line with legal and regulatory requirements and our Customer’s instructions.
- Customer account information and correspondence is retained for as long as the Customer account is active plus 24 months.
- Call Detail Records and Customer billing records (which contain Call Detail Records) are retained for no longer than two years (from the data such records are recorded) for legal and regulatory purposes.
- Invoices contained Customer Representative Data must be retained for seven years for legal and regulatory purposes.
Rights of Individuals:
Individuals have a right to:
- Access to personal data held about them.
- Request us to rectify their personal data if it is inaccurate or incomplete.
- Request us to erase their personal data where there is no compelling reason for its continued processing in certain circumstances.
- Obtain restriction of processing of their personal data in certain circumstances.
- Object to, or restrict, our processing of their personal data in certain circumstances, including if we use their personal data for direct marketing, they can ask us to stop and we will comply with their request.
- Object to our use of their personal data if we use their personal data on the basis of having a legitimate interest, by giving an explanation of their particular situation, and we will consider their objection;
- Receive their personal data provided to us as a controller in a structured, commonly used and machine-readable format where our processing of the data is based on consent or necessity for performance of a contract to which the individual is party or to take steps at the request of the individual prior to entering into such a contract and the processing is carried out by automated means.
- Lodge a complaint with a supervisory authority.
- Object to and not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects him or her.
To exercise the rights outlined above in respect of the personal data processed by us as a controller contact us at email@example.com.
Where we have said we process personal data based on consent, individuals have a right to withdraw their consent at any time by contacting us at firstname.lastname@example.org.
Contacting Us and Changes to Individuals’ Personal Data:
If any individual whose personal data we process (as described in this policy) has any questions or concerns about this policy or their personal data, please contact us at email@example.com.
It is important that the personal data we hold about individuals is accurate and up-to-date. We encourage individuals to notify us by email or post with any changes to their personal data.
This policy was last updated in May 2018. Any changes we may make to this policy in the future will be posted on this page and, where appropriate, notified by email. Please check back regularly to keep informed of updates or changes to this policy. Earlier versions of this policy may be obtained by contacting us.