General Data Protection Regulation



SiPalto has always, and continues to strongly adhere to UK and EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which becomes enforceable on May 25, 2018.


SiPalto takes the security of your data and our infrastructure very seriously. We are committed to protecting all information on our network through appropriate controls, we have a strong commitment to privacy, security, and compliance in regards to what data we hold and how we use it.


We have set out the below privacy information in relation to the services we provide to you.


The data we collect from you includes but is not limited to the following:

-When you set up an account with us, we will request information such as your name, private/business email or postal address, telephone or mobile number, financial or credit card information, company registration number, VAT number, IP address/es to help us identify you and to provide a service to you.


-When you contact us to discuss your services, we will ask for certain information to be able to confirm your identity, check our records and answer your questions quickly and accurately.


-When you visit our website, we may collect and process information about your usage of these by using “cookies” and other similar technologies to help us make improvements to the websites and to the services we make available. Please see the Cookies section below for more information.


-Where call origination services are provided, call record data, including the CLI passed, the call date and time, the IP the call originated from, the number dialled and the duration of the call.


-Where call termination services are provided, call record data including the CLI passed, the call date and time, the destination number or IP of the VoIP enable device the call is delivered to, and the duration of the call.


-Where 999 services are provided, the name and installation address (including post code) of the End User.


-Where Directory Enquiry services are provided, the End User’s name, address and postcode.


-Where Analogue Line Rental services are provide. The End User’s name, installation address, postcode and any contact details supplied to aid service delivery.


-Where Number Portability services are provided, the End User’s name, address, postcode and any associated telephone numbers.


-Where Broadband services are provided, the End User’s name, address, postcode and any associated telephone numbers.


-Where Mobile services are provided, the End User’s name, address, postcode and any associated telephone numbers.


-Where service issues are reported, personal data may be requested in order to investigate these issues such as call date and time, number dialled, CLI passed, call traces and call recordings.


-Where PRS and 08 numbers are supplied and additional registration forms are required, the End User’s name, address and postcode.


We will use the information for purposes that include but are not limited to:

-Verify your identity when you use our services or contact us.


-Process any enquiries you have about the service.


-Monitor, record, store and use any telephone, e-mail or other electronic communications with you for training purposes, so that we can check any instructions given to us and to improve the quality of our customer service, and in order to meet our legal and regulatory obligations.


-Provide access to the emergency services including passing the End User name and location data to the emergency operator.


-Provide Portability under Ofcom’s General Conditions.


-Tell you about changes to our websites, services or terms and conditions.


-Recover any monies you may owe to us for using our services.


-Analyse our services with the aim of improving them.


-Prevent or detect a crime, fraud or misuse of, or damage to our network, and investigate where we believe any of these have occurred.


-Monitor network traffic from time to time for the purposes of network optimisation, backup and problem solving.


-If you have agreed, we will provide you with information about our other services, offers or products that you may be interested in.


-Your personal data will be kept secure, accurate and up to date with appropriate technical and organisational methods used to ensure the integrity of the data we hold and to prevent it being accidently lost, accessed or used in an unauthorised way, altered or disclosed. All personal data you provide to us is stored on our secure servers located in the United Kingdom. No information you provide to us is transferred to, or stored at, a destination outside the European Economic Area


We would remind you that you are responsible for ensuring that, once any data is passed to you from within our network, it is handled in a way that is fully compliant with the terms of the GDPR.


You must have in place organisational and technical controls to ensure that you comply with all of your obligations under the GDPR and, if you use any third party supplier or subcontractor, you must ensure that they are subject to and compliant with their obligations under the GDPR.


We may share information with organisations outside of SiPalto Ltd:

-In response to properly made requests from law enforcement agencies for the prevention and detection of a crime, for the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation.


-In response to properly made requests from regulatory bodies such as the Information Commissioners Office and Ofcom.


-As part of the process of selling our business.


-As part of current or future legal proceedings.


-With a company who is assisting in providing services to you for us, e.g. customer support, portability, directory enquiry services, the provision of 999 access or other telecommunications services. Where we share information with other parties who help us provide the services, they are required to follow our express instructions in respect of the use of your personal information and they must comply with the requirements of the GDPR and any other relevant legislation to protect your information and keep it secure.


Some of the organisations with whom we may share information may be outside the European Economic Area, in countries that do not always have the same data protection laws as the UK.


However, we will have contracts in place with them to ensure that your information is adequately protected and we will remain bound by our obligations even when your personal information is processed outside the European Economic Area.


How long will we hold information?

The time period that we will keep information will vary depending on what the information is used for. Unless there is a specific legal requirement to the contrary, we will keep information in a form which permits identification of data subjects only for as long as it is necessary for the purposes for which we process it. Once the requirement to hold the data is complete, appropriate measures will be taken to delete the data in line with the terms of the GDPR.


The law requires us to keep certain information about how you use our services for a period of 12 months – this will include, but is not limited to, records of the dates and times of the calls made via your account and the numbers dialled. This information may be used by certain law enforcement agencies to prevent and detect crime and to protect national security. We will only disclose this information to them when we are legally required to.


When you contact us we may monitor and record your communications with us to use this information for training and quality purposes, and to meet our legal and regulatory requirements. Where we store emails, these are only held for a limited period of time before we delete them permanently. Typically this will be 6 years for contract-related emails and 1 year for all other emails.


We will continue to hold information about you if you terminate our services. This information will only be held for such periods as is necessary for the purpose of dealing with enquiries, complying with any legal obligation and for crime and fraud prevention and detection.


Data Subject Access Request.

Under the GDPR, a data subject has a right to be request a record of the data held about him/her. To do this a request should be submitted in writing to The Data Controller, SiPalto Ltd, Studio 7 Excel Building, 6-16 Arbutus Street, London, E8 4DT.


We may ask the data subject to provide us with proof of identity to make sure we are giving information to the right person.


To help us process requests we will need the following information:

-Account number/s.

-Telephone number/s.

-Username/s.

-Address.

-Date and time (if requesting information about a call).


Other Rights of Data Subject.

The GDPR gives data subjects a number of other rights including the right to request the correction or erasure of personal data, the right to request the restriction of processing of personal data and the right to request the transfer of personal data (to the data subject or a third party).


Marketing Preferences.

If you have agreed to us contacting you, we will contact you with details of products, services and special offers that we believe you may be interested in. If you change your mind and do not want to us to send you marketing messages you can do this by emailing support@sipalto.com and your details will be removed from our mailing list.


If you notify us we will stop sending you the marketing messages, but we will send you service-related messages pursuant to our contract with you. These may include service announcements and changes to services or terms and conditions.


Cookies.

Our website uses cookies. Cookies collect information about the use of our website, including but not limited to: details of the operating system, browser and IP address of the device used to visit the website, the time and duration of the visit and which parts of our website were visited. The information collected by cookies enables us to understand the use of our website, including the number of visitors we have, the pages viewed per session, time exposed to particular pages, etc.


This in turn helps us to provide a better experience, since we can evaluate the level of interest in the content of our website and tailor it accordingly. We will not attempt to personally identify visitors from their IP addresses unless required to as a matter of law or regulation or in order to protect our, or our other customers' rights.


Most browsers automatically accept cookies. You can set your browser options so that you will not receive cookies and you can also delete existing cookies from your browser. However, you may find that some parts of the website will not function properly if you disable cookies.


Protecting Information.

We take protecting data seriously, and through appropriate organisational and technical security measures we will do our utmost to protect against unauthorised disclosure or processing.


We cannot guarantee the security of transmitting information via the internet. We have tried to create a secure and reliable service but we have no responsibility or liability for the security of personal information transmitted via the internet.


Where any data breach is identified that affects the information that we hold about or have processed from you, we will notify you in writing immediately and provide full information about the personal data affected by this breach. We will take all appropriate steps to restore any personal data which is lost or corrupted as a result of a data breach where we are at fault.


If you identify any data breach on your network that affects data we have passed to you, you must notify us in writing immediately and provide full information about the data affected by this breach.


You have an obligation to take all appropriate steps, at the fastest possible speed, to restore all personal data which is lost or corrupted due to a data breach on your network.


Changes.

Please note that the ways in which we protect personal data will be reviewed periodically and may change from time to time. Up to date information can be found in the privacy policy on our website www.sipalto.com


Contact Us.

If you have any questions about privacy issues, want us to update your marketing preferences, or amend information, please contact us either by email on support@sipalto.com or by post at: SiPalto Ltd, Studio 7 Excel Building, 6-16 Arbutus Street, London, E8 4DT.


Complaints.

You have the right to complain to the Information Commissioner about the way in which we collect and use your personal data: www.ico.org.uk/concerns or telephone 0303 123 1113.



SiPalto

© SiPalto 2018 All rights reserved. Site Map.